By Greg Keller Posted June 22, 2015
Every sysadmin wants centralized, automated management of their users across all servers. But today, many of these servers are located at Infrastructure-as-a-Service providers such as AWS or Google Compute Engine. The problem is that often on-premises directory services don’t easily reach cloud infrastructure.
As a result, DevOps personnel end up utilizing configuration automation solutions such as Chef and Puppet. Chef and Puppet give sys admins and developers the capability to manage users.
Managing Users in Chef and Puppet
The process works as follows.
- The developers or operations personnel add recipes or manifests to their Chef or Puppet infrastructure that adds users to servers.
- Chef or Puppet then execute those scripts and add the users to the server. If the DevOps personnel want to add different users to different users that requires adding some code.
- If users need different privileges, then that is yet more code.
- As the server infrastructure grows, the IT organization ends up splitting environments.
- Soon there is a development environment, test, staging, and production. Now, the job is even more complicated. Users will need different permissions and rights in the different environments. That requires more code.
Limitations of Chef and Puppet
As long as the user and server populations are small, configuration automation tools are excellent for a variety of tasks. But as populations grow, the hours of coding required to manage users on those devices ends up outweighing the benefits.
Using Chef and Puppet for user management long-term introduces a major security challenge for the IT staff as well. Now there are effectively multiple “directories”. With multiple places for identities, the risk of a security breach increases.
Alternatives to Chef and Puppet
With Chef and Puppet, you’re force fitting tools to manage users. Directory-as-a-Service® solutions are a better option for DevOps personnel.
DaaS systems are cloud-based directory services that can connect users to devices, applications, and networks. When it comes to user management, Directory-as-a-Service can connect the right users to the right servers with the right permissions regardless of where those server may be located.
DaaS infrastructure can be integrated with on-premises directories such as Microsoft Active Directory. The benefit is users are consistently managed from one central location without having to write code.
If you are interested in user management for your server infrastructure and Chef and Puppet are getting too complicated, take a look at Directory-as-a-Service. You can also sign up today and explore the full functionality of our product. You’re first 10 users are free forever.