By Greg Keller Posted March 14, 2016
Wouldn’t it be nice if you could purchase Microsoft Active Directory as a SaaS-based service? Imagine this: Your organization or IT admins wouldn’t need to purchase hardware or software. You wouldn’t need to manage all that hardware or software, either. Time wouldn’t be spent on backups, replication, or security. If Microsoft Active Directory offered a SaaS-based service, you’d simply pay as you go—and for only what you needed.
Microsoft Active Directory as a SaaS-based service is a nice vision, except that it’s just that—a vision. Microsoft doesn’t offer that, nor is it easy for them to provide a SaaS-based Active Directory that connects users to all the resources they need, including cloud infrastructure and web-based applications. For several reasons, AD isn’t relevant or compatible with the modern technology era.
Market Giant: Microsoft’s Role in Directory Services
Microsoft Active Directory (AD) is the market-leading directory services solution that has become the de facto choice for directory services since AD was first introduced in 1999. Even today, AD arguably has more market share than any other Microsoft solution, likely due to how AD is integrated into the Windows Server operating system platform. Organizations need to purchase licenses for Windows Server, as well as client/server access licenses. What’s more, Microsoft Active Directory was once highly adopted by IT organizations because their networks were almost exclusively Microsoft Windows based. The desktops, laptops, and servers were Windows, along with the applications users needed. Additionally, most of the network was behind the firewall, so an on-premises user directory provided by Microsoft made sense.
Modern IT Era: Cloud Infrastructure’s Role in Directory Services
Yet, the times have changed. When organizations began to move to the cloud, IT admins soon encountered issues with AD. For example: Cloud infrastructure, such as Linux servers at Amazon Web Services (AWS), were hard to connect to the on-premise Microsoft AD. Web and on-premise applications that leveraged LDAP or other authentication protocols weren’t congruent with AD. As a result, IT admins had to purchase hardware and software in advance, without the ability to expand as needed, nor did they have the pay-as-you-go option that SaaS offers. In short, AD worked well in and for a different era of technology, but AD is not compatible with today’s modern, cloud-hosted one.
Advanced Solutions: Identity-as-a-Service as the SaaS Directory Provider
SaaS-based directory services are an important part of the next generation IT infrastructure. As more organizations move all of their on-premise equipment and hardware to the cloud, the identity provider remains the last server standing, in many cases. However, IT is challenged with securely and safely moving from a legacy directory service to a cloud-based, modern Identity-as-a-Service platform. For organizations without an identity provider, the move to a SaaS-based directory service can be a straightforward activity. For those that already have an on-premise AD instance, the approach is thankfully made easier with Directory-as-a-Service (DaaS) platform that can mimic and sync with AD. Both systems can run in parallel while the migration occurs.
The vision for a SaaS-based Active Directory is the right one, but we suggest expanding the scope based on the limits of AD. A next generation cloud directory service must connect users to whatever IT resources they need, independent of Windows, Mac, and Linux systems hosted on-premise or in the cloud. A cloud based directory service should also support WiFi networks, as well as applications that are based on LDAP, those hosted internally, and Software-as-a-Service (SaaS) applications connecting users via SAML.