By Ryan Squires Posted February 22, 2019
What is Microsoft® Active Directory® or MAD / AD as it is also known? Well, Microsoft AD is one of the most critical pieces of software that has ever been created. In fact, most organizations have used Active Directory at some point or another and a significant number will continue to use it. But, as the IT landscape continues to morph, is this critical piece of software all that valuable to organizations moving further into the cloud era?
What Era Was Microsoft Active Directory Made For?
In order to really understand the benefits of Microsoft Active Directory, we need to peer back in time to get a grasp on why AD was created in the first place. In the 1980s and 1990s (eons ago in terms of IT) organizations started to put computers on their workers’ desks. These systems were almost always Windows-based PCs. Over time, the PCs were networked together into local area networks (LANs). The problem was, there was nothing unifying these machines or enabling IT admins to properly secure them. In order to control access to these PCs and other IT resources—applications, servers, and the network itself—Microsoft delivered Active Directory in 1999, an LDAP / Kerberos-based directory services platform built to manage Windows® user identities and their access to AD domain bound IT resources.
When you consider the IT environments of that time, it makes sense that AD would go on to be as popular as it was. Most organizations were Windows-centric and all of their IT resources were on-prem. These simple facts helped Microsoft dominate the directory services market—largely because it was a case of synergy between products—and Windows systems worked best when governed by Windows solutions.
Along with the domain controller, AD would be able to authenticate users to the network with one set of credentials via the user’s Windows-based machine. Users could then access whatever IT resources they needed that were connected to the domain. For the majority of organizations out there, this approach worked really well. But, as time passed, new resources introduced to IT environments would make it difficult for end users to log in to the resources they needed.
The Rise of the Web / AD Struggles
For example, web applications such as Salesforce® and Google Apps (now called G Suite™) started to materialize. Amazon Web Services®’ (AWS®) cloud infrastructure started to shift on-prem data centers to the cloud. End users wanted macOS® and Linux® machines instead of Windows systems. File storage moved to more cost-effective, on-prem storage such as NAS appliances and Samba file servers as well as cloud platforms such as G Drive™, Box™, and Dropbox. Where wired networks once ruled, WiFi usurped them due to convenience. All of these infrastructure changes put pressure on Active Directory, that frankly, it still struggles with today.
These infrastructure changes were not the only threat. The internet itself was becoming more and more popular. As a result, security challenges became apparent. Security experts started to realize that the number one attack vector was in fact the identity. This fact put more pressure on perimeter-based security approaches. As a result, new approaches to security began to crop up like Zero Trust Security. Zero Trust Security is especially notable because it displaced the concept of the domain and solutions such as Active Directory Domain Services (AD DS).
The Domain Controller and Zero Trust Security Interaction
Opposed to the traditional concept of the domain, Zero Trust asserts that nobody is trusted on the network, even if they’re already behind the firewall. Users must continually prove their trustworthiness by providing the correct answers to authentication challenges such as SSH keys, multi-factor authentication TOTP (time-based one-time password) codes, and more. The reason for Zero Trust Security is simple; according to Forbes, “58% of healthcare breaches are initiated by insiders.” And while you may not be in healthcare, the threat of a breach happening due to an internal agent is very real. So, is there a directory that eschews the domain in favor of an approach more in line with Zero Trust?
A Modern Directory Emerges
JumpCloud doesn’t work like Active Directory and make use of a domain controller. Instead, it leverages a myriad of protocols like LDAP, SAML, and RADIUS to ensure that the right people get access to the right tools. In addition, JumpCloud can securely manage SSH keys for remote AWS / GCE Linux servers. JumpCloud makes all this happen with the concept of True Single Sign-On™, that is, the ability to leverage one identity for virtually all IT resources, no matter how that identity is instantiated. It is a lot like the early days of the Windows-based network, only True Single Sign-On is available for Windows and non-Windows resources today.
Identity management isn’t the only feather in JumpCloud’s proverbial cap. With cross-platform GPO-like Policies, IT admins have the ability to automatically force OS updates, set screen lock timers, deploy full disk encryption (FDE) to both Mac and Windows machines, and much more.
Learn More about JumpCloud
When confronted with the question of “What is Microsoft Active Directory?,” consider what it is not as well. It is not built for modern security initiatives like Zero Trust Security, but JumpCloud Directory-as-a-Service is. If you’re ready to try JumpCloud today, risk free, sign up for a JumpCloud account. It’s free, requires no credit card, and you can manage up to 10 users with it forever. Additionally, our pricing page can help you figure out how you can easily and securely scale with JumpCloud. Finally, if you need technical help, visit our Knowledge Base or drop us a line.