Serverless Domain Controller

By Cassa Niedringhaus Posted October 3, 2019

A serverless domain controller would be a great resource for IT admins who are looking to reduce the amount of hardware they manage and to increase their adaptability.

Rather than maintaining and servicing a primary domain controller and a backup (or several), they can move their operations to the cloud, a process that would alleviate sign-on headaches for employees and streamline IT operations.

Domain Controllers, Historically

A domain controller is a server that governs access to domain-bound resources and controls network security. Conventionally, the Active Directory® (AD) domain controller has been the IT organization’s scepter over their domain: their Windows® systems, users, applications, networks, and file servers. The domain controller ensures only allowed users can access domain-bound resources.

In years past, before the explosion of cloud-based and non-bound resources, a user would provide their credentials to be authenticated through a domain controller against a directory services database. It was, in effect, the original single sign-on (SSO) because users were then provided access to any applicable resources on the domain.

Adapting Domain Controllers

That model has now become more complex, though, as the IT landscape has become increasingly heterogeneous.

An AD domain controller is limited primarily to Windows and on-premises resources, so it needs to become more versatile and cross-platform to meet modern requirements. Resources are no longer solely domain-bound — think G Suite™, Office 365™, Salesforce®, or Dropbox, which are accessed through a browser rather than a domain — and require layers on top of AD for access. Mac® and Linux® devices also present difficulties. All of this requires additional vendors and add-ons to authenticate user identities to these resources that exist outside of the traditional domain.

Plus, the servers required to run a domain controller are expensive, hard to set up, and, ultimately, a step backward for IT organizations that are seeking to modernize by shifting to the cloud. IT admins looking to implement the next generation zero trust security model, a security concept developed in the late aughts, know that a simple perimeter around the network is no longer the best practice because of all the cloud/web infrastructure.

Going Serverless

Much of IT is shifting to the cloud via Software-as-a-Service and the like, and it’s time for the domain controller to follow. With a serverless domain controller, IT admins can not only control authentication and authorization of users without on-prem infrastructure but can also grant explicit access for each user and group to the systems, applications, networks, and file servers they need to get their jobs done. They can also employ security features like Multi-Factor Authentication (MFA), SSH key management, and more.

Going that route also eases access pains, in particular for remote and in-the-field employees seeking continuous access to company resources.

This solution is found in JumpCloud® Directory-as-a-Service®, a cloud-based directory service with centralized and secure access control.

Learn More about Directory-as-a-Service

JumpCloud Directory-as-a-Service has reimagined a serverless domain controller for the modern era. As a cloud directory service, JumpCloud isn’t limited by the resources it can manage, and it provides the True Single Sign-On™ so users need only one set of credentials to access both on-prem and cloud resources.

Regardless of the systems (Windows, Mac, or Linux), applications, networks, and files IT admins need to connect users to, JumpCloud is here to help. Learn more about Directory-as-a Service by contacting us or firing up a free account. Your first 10 users are free forever.

Cassa Niedringhaus

Cassa is a content writer at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she’s not at work, she likes to hike, ski and read.

Recent Posts