One of the more frustrating problems IT and product teams face today is how to connect their Google Apps identities to Amazon Web Services (AWS). In short, organizations haven’t been able to do that. Now, with over 6 million organizations leveraging Google Apps, many of them also leveraging Infrastructure-as-a-Service solutions from AWS, it makes sense to fill the gap and ease burdens; especially for the high-tech startup, whose standard when building a company is primarily this combination.
Why Is it so Important?
Often, the problems associated with utilizing both cloud-based solutions appear almost immediately. Developers and operations personnel want to connect their Google Apps identities to AWS, using one login for both systems. They want to provision and deprovision access in one spot for both cloud services. It makes sense – if you could control the identity in one place it increases control, decreases risk, and makes the systems more efficient.
In reality, Google Apps identities aren’t exportable to AWS servers. Additionally, user management and access control on Linux and Windows servers aren’t connected to Google Apps and AWS cloud servers aren’t connected to any user store by default. This translates to more work for IT organizations. They have to either manually manage user access or they need to build their own system to manage access. Unfortunately, Google Apps’ user store isn’t one of the options available to them.
Alleviate IT Burdens
Fortunately, there is now a way for organizations that leverage Google Apps and AWS to sync identities which alleviates all of the aforementioned IT burdens. It’s called Directory-as-a-Service (DaaS). DaaS solves this problem by storing the core user identities for an organization. How it works is that these identities are imported from Google Apps, and then federated out to AWS, other applications, internal servers, and devices among other IT resources. One identity can now be used for both Google Apps and AWS. Any changes to the user will automatically propagate through to both services. Provisioning of new users can be done in the Directory-as-a-Service and those accounts will appear in Google Apps and any Linux or Windows servers on AWS. The same username and password will be available everywhere for users.
Problem solved. Users have one set of credentials for both, IT admins have one place to provision and deprovision users and security is increased. If you would like to learn more about how Directory-as-a-Service is bringing separate clouds together, drop us a note or give DaaS a try.