By Rajat Bhargava Posted February 26, 2016
An on-premises hosted LDAP server has been the norm in IT for over two decades. LDAP came on to the scene in the mid-1990s as a way to simplify existing directory services which were, at the time, quite complex. The goal of LDAP was to be a lighter weight, more flexible, and open solution. Because of this, the open source solution for directory services flourished. As a result, devices, applications, and networks all build in support for the LDAP protocol. Unfortunately, while the LDAP directory was indeed lighter weight and flexible, it was also incredibly difficult to implement and manage. As a consequence, only highly sophisticated organizations could benefit from utilizing LDAP. A new generation of virtual LDAP server technology and providers is changing the dynamic in the directory services space. LDAP-as-a-Service is an innovate approach to solving the need for an easier, friendlier LDAP.
LDAP: It’s Everywhere
LDAP has incredible support across the IT landscape. A wide variety of devices, applications, and network infrastructure equipment all support the protocol, which means that IT organizations can centrally control access to IT resources. Users are added into the LDAP directory server and the IT resources are then pointed to the LDAP server to authenticate and authorize users. If a new user joins, the person can be added to the LDAP directory and can then be added to the appropriate groups and access is provisioned. Also, any user’s access which may need to be terminated can be centrally removed. The leverage that this type of solution provides is powerful and the security control is invaluable.
The Difficulties With Implementation
The problem with this approach is that LDAP is arduous to implement, configure, and integrate. Since each device and application has its own nuances when leveraging LDAP as the core authentication and authorization platform, these complications can lead to a more expensive and time-consuming implementation. And while the software itself is open source, the rest of the infrastructure is not free. The servers and hosting can also be expensive especially when considering that an authentication provider needs to be highly available. The integration time of connecting applications can be significant and require serious LDAP expertise, which will also add to the overall cost of implementation. As a result, organizations often resort to managing user access to their IT resources individually rather than centrally.
Changing the Landscape of LDAP
Fortunately, a new generation of virtual LDAP services is emerging. Known as LDAP-as-a-Service, these solutions are a cloud-hosted virtual LDAP server. Like other SaaS-based services, multiple customers leverage the same infrastructure, in turn, decreasing the costs for the customer, standardizing the implementation, and enabling the provider to amortize costs for better security, hosting, and availability. Even more valuable is the fact that the central user database in this scenario can not only be leveraged for LDAP, but also for other protocols and systems. The broader service known as Directory-as-a-Service® is a central, cloud-based directory that supports a variety of device types including Windows, Mac, and Linux. Cloud and on-premises applications leveraging LDAP or SAML and network infrastructure equipment utilizing RADIUS are also supported. The central identity provider is broader than just a virtual LDAP server, but has the same functionality. Essentially, one set of credentials can be utilized in a wide variety of IT resources.
If you would like to learn more about how Directory-as-a-Service can be your identity management platform, drop us a note. We’d be happy to walk you through the Identity-as-a-Service landscape and how that is integrating SaaS-based LDAP service for organizations. Or, feel free to give JumpCloud’s virtual LDAP server a try for yourself. Your first 10 users are free forever.