By Megan Anderson Posted December 4, 2019
In the modern era of cloud services, many have questioned why they should build a domain controller. Of course, Microsoft® Active Directory® (AD) requires a domain controller to run AD Domain Services. That’s one reason. But why is it important?
A domain controller is important because it authenticates user identities, making sure that only trusted users are able to connect to an organization’s resources. But with more resources being accessed from the cloud, the domain controller’s efficacy is waning.
So why build a domain controller? Ten years ago, you built a domain controller because you had no other choice if you wanted to securely grant access to networked resources. But today? Organizations can achieve the same results without a domain controller when they opt for cloud-based directory services.
The Antiquation of On-Prem Domain Controllers
The IT landscape used to be virtually all on-prem and Windows®-based, making Active Directory a very attractive tool for sysadmins. It consolidated all of an enterprise’s users and resources into one database and enabled admins to manage permissions from one platform.
Now, the story is quite different. Today’s IT landscape includes macOS®, Linux® systems, cloud infrastructure from AWS®, G Suite™ and Office 365™, web applications, and much more. AD was not built to accommodate all of these resources, necessitating supplemental software to form a more complete package.
Single sign-on (SSO), Mobile Device Management (MDM), and a host of other products are needed to catch AD up to the modern day. This has led to a sort of à la carte-style network where sysadmins choose individual services and manage them separately in relation to AD, rather than having a single, cohesive solution.
It’s a bit ironic that in a time when technological innovation is pushing for automation, simplicity, and singularity, tech organizations increasingly require admins to manually manage a plethora of assets. The domain controller is part of the problem. It used to be the centralizing force. But IT evolved beyond its rigid walls. Now the domain controller is just another identity silo. As such, when considering the best approach to manage your end user access needs, it is a fair question to rethink the on-prem domain controller altogether.
Domainless Directory Services
In light of the shift to cloud infrastructure and web applications, consider a cloud-based directory service. It’s more compatible with today’s IT landscape, essentially snipping away one of the last vestiges of identity-locked, on-prem operations while giving admins all the tools they need in one centralized dashboard.
The right cloud directory is platform-agnostic, capable of managing Mac, Linux, and Windows devices. Ideally, it supports a wide variety of protocols, including LDAP, RADIUS, and SAML for web application access. That means you can eschew one-off SSO, networking, and MDM solutions in favor of a single, centralized cloud directory.
Here is where some admins are concerned that hosting their directory in the cloud could be less secure. Fortunately, that anxiety can be laid to rest. The right cloud-hosted directory helps promote greater security by including features such as multi-factor authentication (MFA), USB lock, and screensaver timeouts, among others. Plus, as opposed to the perimeter-based security model of the domain controller, the right cloud-based directory service can help organizations achieve zero trust security by hardening their infrastructure from the inside out.