Lightweight Directory Access Protocol (LDAP) might be one of the oldest authentication technologies still actively used in enterprise IT networks today (the RADIUS protocol may be one of the others!). LDAP was first released in 1993 by Tim Howes and his colleagues at the University of Michigan to serve as a lightweight version of the X.500 directory services protocol used at the time. The goal was to create a lightweight protocol that would allow for authentication and authorization of users to servers, applications, and resources as well as provide a “directory” of user information and attributes. Although the underlying technology has certainly evolved over the years, the goal remains the same.
“I was working for the University’s information technology division. The University was mostly on a homegrown mainframe system for email and directory service throughout the campus. I was assigned this project to deploy an X.500 directory for the campus, which I completed. But I quickly learned that it was way too heavy of a protocol and too complicated for the machines that were on most people’s desktops.”
“So, LDAP came out of my desire to do something a little lighter weight to accommodate the Macs and PCs that were on everybody’s desktop. Some colleagues and I created a similar protocol called DIXIE, which people liked. Soon after that, I was approached by some people in the IETF community to create a standardized version of DIXIE, and, with the help of a couple of colleagues, that’s how LDAP was born.”Tim Howes, 2017 interview
One of the key ways LDAP is evolving to meet IT organizations’ needs is where it’s located. Historically, LDAP has been stored on-premise in a local server. As with other modern technologies, LDAP is moving to “as a service” in the cloud. With LDAP moving to the cloud, IT administrators can enjoy higher uptime, lower latency, and less human resource effort to maintain physical infrastructure.
To support today’s remote workforce, connecting to a cloud-based LDAP server is much more secure than exposing the internal LDAP server, along with all the other internal corporate resources, to the outside world. With a cloud-based LDAP solution, employees connect to a purpose-built cloud service for increased security and more reliable access. There is rarely a single point of failure with cloud solutions, so corporate resources are always available.
The Cost of Cloud LDAP
When evaluating the shift to cloud-based LDAP, cost is a key factor to consider. The following details the various bigger picture components of supporting an LDAP infrastructure and why a cloud LDAP solution might just be more cost-effective.
When considering the expense of your LDAP server, it’s important to understand and calculate the total cost of ownership (TCO). It’s not just about the price of the server (through purchase or lease), but also the hidden costs that are likely not considered by most organizations. The equation that should be used when calculating budget is adding together server cost, software hosting, backup, security, monitoring, VPNs, IT time, third-party software, logging efforts, and multi-factor authentication (MFA) implementation. What looks like a one-time purchase in addition to data center fees quickly turns into a major project implementation with ongoing management.
Outside of the hardware/equipment costs of running an LDAP server on premise, there are human resource costs to consider. Employee time must be spent installing, securing, maintaining, and troubleshooting the server and underlying application/system integrations.
Most IT teams are already overworked and understaffed. The worldwide pandemic has put even more stress on IT departments with the shift to a remote workforce. Now more than ever, IT staff bear a steep learning curve to deploy and manage all of the end-user equipment remotely while supporting employees working from home. Managing an on-site LDAP solution post-pandemic makes about as much sense as running your email server. Hosted solutions unlock IT departments from maintaining infrastructure to building out technology solutions to enable employee productivity.
Even once an LDAP server is configured and operational with proper backup and scalability solutions considered, there is the additional cost of integrating it with your applications and internal systems. If you have legacy applications, you need to consider if your internal team has the skill sets to build out the integrations or if you need to contract out development resources in order connect them to your new LDAP server. These integrations have to be maintained, so ongoing contracts are likely to be required. If your LDAP server is just one piece of the identity and access management (IAM) puzzle for your organization, then it will need to be integrated with a whole host of other solutions to ensure that user identities are centrally managed and always in sync.
While these components may not encompass all of the costs of running LDAP on-premise, it should provide a strong starting point for how to calculate your costs. There are nuances in every organization, so doing the math on your particular situation is worth it.
Overcoming Barriers to Adoption
Senior managers often look at a cloud LDAP solution as a recurring expense for something that was considered “free” before. Even today, with widespread use and adoption of open source solutions, IT leaders fall into the trap of thinking that they can save money using free software. When implemented properly, software costs often end up being a small portion of the overall TCO for any solution. Thus, it is critical for IT organizations to holistically calculate TCO for an on-premise LDAP implementation.
Just because there isn’t a recurring subscription doesn’t mean it’s not costly. With physical infrastructure, management, and integration costs combined for an on-premise solution, a cloud-based LDAP approach can often cost the company less money while providing a better employee experience.
Why JumpCloud Offers the Best Cloud LDAP Solution
For the longest time, an alternative to LDAP wasn’t available, so it didn’t make sense to consider alternatives or the total cost of ownership. JumpCloud’s LDAP solution is a turnkey approach to enable employees to access their equipment, applications, and resources through a single identity.
With JumpCloud’s LDAP solution, you gain automated load balancing, scalability, and redundancy for all of your LDAP authentication needs. LDAPs and StartTLS protect all data as it’s in transit. Users also experience low latency for connectivity as JumpCloud uses regional load balancing to help employees connect to the closest data center. Further, JumpCloud enables extended user attributes (employee ID, job title, department, location, etc.) over LDAP as well as group memberships.
JumpCloud’s cloud-based LDAP solution offers a fantastic experience for end users while maintaining security and compliance for IT. Moving to cloud-based LDAP is a crucial IT decision that unlocks end-user productivity, lowers overall costs, and is best suited to address today’s remote working environment.
Learn more about JumpCloud’s cloud LDAP solution by visiting our blog or YouTube channel, or by contacting us with questions. To see the cloud LDAP solution firsthand, you can schedule a demo or try the product out yourself completely free. A JumpCloud Free account includes 10 users and 10 systems, and requires no credit card. You also get 10 days of Premium 24×7 in-app chat support for any questions you might have. Or if you want to walk through the numbers comparing on-premise LDAP to SaaS LDAP, reach out — we’d be happy to work it through with you.