By Rajat Bhargava Posted December 3, 2015
When organizations are assessing directory services’ options, Microsoft® Active Directory® is typically top-of-mind. Almost every IT admin knows Active Directory, as it’s been the only game in town from a commercial perspective. Microsoft has spent tremendous resources over the years to make it the monopoly in the directory services space.
An Alternative to Microsoft Active Directory
However, for organizations that leverage the cloud or have multiple platforms internally, their IT admins quickly realize that Active Directory may not be the best fit for them. As they start searching around they realize there is an alternative, JumpCloud® Directory-as-a-Service®. Relatively new on the scene, DaaS now gives IT admins a choice. The question then quickly becomes, how do the two compare? Which one is right for the organization?
Considering What’s Best for Your Organization
Below are a few points to consider when comparing AD and DaaS:
- Device authentication. If you are an all Windows shop, then authentication to AD is going to be a snap. Everything is already built in for Windows devices and AD to talk to each other. However, if you have Mac or Linux devices in your environment it gets more complicated. While Macs® and Linux® devices can authenticate, control over accounts is limited. JumpCloud Directory-as-a-Service has full user management control over Windows®, Mac, and Linux devices. In addition, DaaS manages users through the native on-board mechanisms, keeping control consistent with how the OSs have envisioned it working.
- Device management. The same process holds true for device management as it does for authentication. If you have only Windows devices, then you’ll have control over them, but as soon as you add Macs and Linux devices, AD falls short. IT admins are left to add other pieces of software in order to manage those devices. Directory-as-a-Service provides full device management capabilities for all three platforms. Device management tasks can be executed on a schedule, ad hoc, or triggered through web hooks.
- Infrastructure-as-a-Service support. With the move to cloud infrastructure, many organizations are struggling with how to connect AWS servers (for example) with on-premises Active Directory server. The challenge is that you now have remote devices that need to access your internal AD server. That means either opening ports to the Internet or adding VPNs. Add in the complexity of connecting Linux machines to AD, and you havea significant challenge for AD. With Directory-as-a-Service there are no networking gymnastics. JumpCloud Directory-as-a-Service creates a mutual TLS connection to each server ensuring secure communication and no extra work for IT admins.
- LDAP-as-a-Service. Many applications leverage LDAP as the protocol for directory services. While some applications can connect directly to Active Directory, building that connection can be tedious. It is often why IT organizations implement an OpenLDAP™ server in addition to their AD instance. JumpCloud Directory-as-a-Service platform embeds the LDAP protocol as a core function. Users’ credentials can be authenticated via native protocols for devices and through LDAP. This additional flexibility means that organizations don’t just get to replace AD, but an LDAP instance as well.
- RADIUS-as-a-Service. Increasing the security around wireless network access is an important priority for IT. The strongest way to implement WiFi security is to enforce credentialed logins through the RADIUS protocol. In order to do that with AD, a separate RADIUS server must be installed. Connections between the wireless infrastructure and AD are bridged through this extra server. JumpCloud DaaS provides a RADIUS endpoint in the cloud simplifying the implementation of RADIUS and subsequently increasing WiFi security.
- Managed versus unmanaged. Active Directory is provided as a software solution that the IT team implements. On-going management of this directory service is the responsibility of the IT admins. Directory-as-a-Service is delivered as a SaaS-based service so most of the heavy lifting is done by JumpCloud.
- On-premises versus in the cloud. For organizations that are trying to move all of their infrastructure to the cloud, having an additional Active Directory server on-premises is contrary to their IT approach. A SaaS-based service does not require any servers on-premises.
As IT organizations debate the benefits and drawbacks of each approach, this list is a great place to start. There may be other requirements that factor into the mix. If you have further questions about how AD and DaaS compare, drop us a note. We’d be happy to dive deeper into cases where DaaS makes more sense and those where AD does. Or, feel free to compare Directory-as-a-Service to AD by creating a free account.