By Rajat Bhargava Posted September 24, 2014
With the cloud era now upon us, it is interesting to observe that very few IT professionals have thought about what a modern directory service for an organization looks like if it were a managed service. Here at JumpCloud®, we have been spending a lot of time thinking about and studying the identity management space, specifically directory services, and the legacy and current technologies that surround it. As we released our user management solution for servers late last year, we have heard consistently from our customers that we need to extend our product to become a full-fledged directory service and offer it as a managed service in the cloud. So we set out to really dig into what they meant by this — an always-on, secure and managed Directory-as-a-Service®.
If you look at history and how directories have evolved, there are two prominent and most widely known examples: Microsoft®’s Active Directory® (AD) and OpenLDAP™. They are both user stores for critical information: name, username, passwords, and access rights. So they are similar at a high-level. However, they are different in their focus. AD is not only authenticating and authorizing users, devices, and applications, but it is also managing and controlling devices. OpenLDAP doesn’t focus as much on device management. Instead, it is leveraged most as a core solution for authenticating and authorizing users, devices, and applications – primarily on the Linux® side.
But times have changed. New trends in the industry are forcing a rethink on the definition of identity and access management. Those key trends are:
Move To G Suite™ and Office 365™
There has been a mass exodus from Exchange to G Suite™ and Office 365™. With the convenience of outsourcing email and the scale with which Google and Microsoft can operate, it is just more cost effective for organizations to outsource it. As a result, it is creating a schism in the thinking around on-prem and cloud. What used to be closely tied to the directory service has now been separated. That leads to the question, why keep the identity provider on-premises?
Move To Macs®
As Apple® has seen a dramatic resurgence over the past decade, Macs® are becoming staples within corporations worldwide. As a result, management of Macs has become a fairly deep issue for IT organizations. Many leave them completely unmanaged and outside of the IT team’s purview. Traditionally, enterprises were virtually 100% Windows® shops. As a result, they leveraged the native Microsoft directory service which integrates directly with Windows. As the mix has shifted to include a healthy percentage of Macs, Active Directory has lost some of its luster due to the inefficiencies of being able to manage similarly across different OS platforms.
Cloud-based Servers And Infrastructure
What was once in a local data center is now being hosted in the cloud at AWS®, Rackspace, or SoftLayer, among others. The benefit of cloud servers is they are located out on the Internet and easily accessible. However, the challenge with that is that they aren’t on-prem with your directory service. As a result, the two need to be networked together. Many organizations resist managing their cloud infrastructure from their directory service because of the associated networking and security issues. Consequently, these organizations are at significantly greater risk. And just as important, they don’t have a consistent user store from which to manage access, creating greater overhead.
These trends are creating a new perspective on the directory. Mainly, the question is, why can’t we broaden our thinking of a directory service? A directory service in the cloud era needs to live in the cloud and connect and manage all sorts of different user types, devices, and applications. It should be complementary to an organization’s move to the cloud. And it must connect with solutions, for example, G Suite / O365 and their cloud infrastructure. Further, a modern identity provider needs to encompass and manage the most common devices being used today, including Macs. As with other major services, it should be managed as a SaaS-based solution and delivered with a modern model of pay as you go.
We Are Your Directory In The Cloud
In short, a directory service in the modern era needs to make the leap to being a cloud-based directory that can authenticate, authorize, and manage users, devices, and applications with little overhead and support required by IT admins. Let us know what you think a modern day directory service looks like. We’d love to hear your thoughts.