The ability to choose your IT directory is a relatively new idea. Not long ago, there was really only one game in town – Microsoft® Active Directory®. As a company, you could decide to do it yourself with an open source solution like OpenLDAP™ or Samba but those options were only available for small companies that couldn’t afford a solution, and also those companies that had the expertise to run an open source solution. For the last fifteen years, that’s been the extent of the options IT organizations have had for directory services.
Before comparing the various options, it’s important to take a step back in order to understand why a new option was necessary. With Microsoft Active Directory’s monopolistic market share, it isn’t a foregone conclusion that competition in this market was even a necessity. But now, major IT trends are creating a significant challenge for IT administrators that are reliant on Active Directory and LDAP. As organizations move their equipment off-premises, purchase Mac® and Linux® devices, leverage SaaS applications, and think about how to secure identities in modern IT environments, they face new challenges. AD and OpenLDAP has been around for almost two decades, so adjusting to this new normal is not easy for any emerging company. Recently, a new approach has emerged. This approach, called JumpCloud® Directory-as-a-Service®, is a SaaS-based and cross-platform.
When comparing the various directory services providers – Microsoft Active Directory, OpenLDAP, and JumpCloud Directory-as-a-Service – start with what your specific needs and requirements are. Each one of these solutions could be valuable in the right scenario and could be the wrong fit in a different scenario. Understanding your company’s needs, clearly, will help you make the right choice.
Homogenous Endpoint Infrastructure Versus Cross-Platform
If your infrastructure is all Windows, it makes great sense to leverage AD. The integrations are solid and you aren’t worried about other OS platforms. If you are all Linux, OpenLDAP is a reasonable solution. If you have a heterogeneous environment, the best choice will be JumpCloud’s Directory-as-a-Service.
As it pertains to the latter point, if you need to manage all of your devices then you really only have two options – AD and DaaS. If you are all Windows, then AD becomes a reasonable option as well as DaaS. If you need to manage your Macs and Linux devices as well, then DaaS is the right option. Device management has become a core part of the directory services category since Microsoft created Group Policy Objects. Centralized device management, regardless of operating system, is an important differentiator for Directory-as-a-Service.
OpenLDAP only supports the LDAP protocol, therefore if the IT resources you need in order to connect your users don’t function well with LDAP, you may find yourself in trouble. Similarly with Active Directory, the main protocol that is leveraged is Kerberos. Directory-as-a-Service takes a more protocol agnostic approach with support for LDAP, SAML, RADIUS, SSH, and others.
For those organizations that are utilizing IaaS providers such as AWS®, Azure® or Google Compute Engine, leveraging a directory service to manage user accounts can be an important function. It helps increase security, automate user management and assist with compliance. Depending on the platform, OpenLDAP can be an option as can Active Directory, if they are placed within the IaaS infrastructure. Connecting the servers back to the on-premises directory is a potentially difficult and expensive task. JumpCloud’s Directory-as-a-Service seamlessly integrates with IaaS providers in order to provide cloud-based user management functionality without creating additional networking requirements or adding VPNs.
SaaS versus Self-Managed
JumpCloud’s Directory-as-a-Service is delivered as a SaaS-based service. JumpCloud takes care of the hardware and software updates, manages the infrastructure and handles the security. Both LDAP and AD are offered as software solutions that require IT resources to implement. And with LDAP, because the solution is open source, developers and IT administrators can, if they need to, modify the code.
Directory services is a critical component of any infrastructure. There are realistically three solutions, all of which, are very different from one another. The first is an open source solution. The other is a commercial software product. The third is a software service. All three solutions can be valuable in the right environment.
If you would like to learn more about the right choice for you, we’d be happy to talk with you.