With today’s reality of an increasingly remote workforce, IT resources on-prem and in the cloud, and incredible security requirements, modern IT teams are looking for a path forward. How can they not only remotely control and secure their users and their IT resources, but also deliver IT services in the new market reality of a distributed workforce?
For many, the answer is to go domainless.
Yes, the domain has been a staple in IT organizations for decades. At its best, the domain provided a secure perimeter and centralized access to IT resources. But increasingly, IT admins are asking, “Do I really need a domain and a domain controller?” This question is especially common at modern organizations that leverage a variety of resources outside of the Microsoft® ecosystem, including Mac® and Linux® devices, G Suite™, and AWS®. Because the domain struggles with these resources, many are choosing to eschew it altogether. Below, we’ll explain why you may benefit from going domainless and how that’s possible using cloud-based directory services. But first, let’s take a look at the domain’s dominant past.
When Domains Ruled The World
The idea of the domain works like this: If you’re connected to the network, all you need to do is log in once to access all the resources you’ve been granted access to. This concept works great for on-prem Windows-based environments.
While Microsoft didn’t create the concept of the domain, they perfected it with Active Directory® Domain Services (AD DS). There was a golden period shortly following the release of Active Directory in 1999 where users at Windows-based IT organizations were able to use a single set of credentials to securely access virtually everything that they needed. In other words, it was SSO before the term Single Sign-On even existed.
One Foot In The Domain, One Foot Out
But those were different times. That was back when applications came on CD-ROM and Mac machines were relegated to universities and design firms. It was before the proliferation of web applications, cloud infrastructure, non-Windows file servers, and Linux machines. These times obviously predate mobile phones and WiFi. And it was also before the world was upended by pandemics creating a new era of remote workers in virtually all companies. Constant security breaches with compromised identities weren’t even a thing then. Everything doesn’t fit neatly in an on-prem, Windows-centric box anymore.
But of course, IT organizations that had an established domain didn’t ditch it overnight just because some Macs and web apps started popping up in their environment. Instead, they looked for ways to extend their domain or allow some resources to securely exist outside of it. Solutions like web application SSO, VPNs, and identity federation all helped bolster existing domains. To varying extents, these solutions worked, but also introduced additional layers of complexity and cost.
At the end of the day, admins who used to be able to say, “I know everything is secure because everything is within the walls of the domain,” no longer had such a cut-and-dry answer. Users who had been able to log in once and access everything they needed were now hopping through a variety of access portals and individual logins as part of their day-to-day workflows. The domain wasn’t dead, but it wasn’t nearly as effective as it once had been either.
Thriving in a Domainless World
Old school IT admins may argue that we should go back to the domain-based model. That may work in certain cases. But there’s no turning the clock back to the way the world was in 1999.
When forward-thinking IT pros look at the current state of IT, they see more opportunity than crisis – even facing massive health scares, recessions, and constant security incidents. Instead of building a wall around their resources, they envision an inherently secure identity. This approach is exemplified by Zero Trust Security and BeyondCorp, Google’s relatively theoretical implementation of Zero Trust.
Both of these security models advocate for moving away from the domain. There is no perimeter to defend. Instead, each person and IT resource is uniquely authorized at the point of access. The end result: more sophisticated security with streamlined access from anywhere in the world.
Here are some of the core principles at play:
- No Trust: Assume that there are attackers both within and outside of the network.
- IAM: Establish a framework of control over identities and their access to resources.
- Least-Privilege Access: Grant users only the minimum degree of privilege.
- System-level Security: Protect all work devices with antivirus, system updates, and security policies such as USB lock, screensaver timeout, and full disk encryption (FDE) among others.
- Event Logging: Ensure visibility and reporting on what is happening on your network.
- Multi-Factor Authentication: Enforce MFA wherever possible.
- Boundless Network: Enable users to securely access IT resources from anywhere.
Of course, talking about these concepts is easy. Implementing them isn’t. When you look at the list above, you can start to imagine the multitude of tools required to achieve these goals: SSO, MDM / systems management, MFA, antivirus, VPNs, network segmentation, and core identity management. While it’s possible to cobble together a domainless solution in this way, it’s better to centralize as much of this functionality as possible with a single, cloud-based platform. JumpCloud’s Directory-as-a-Service® has been designed from the ground up to do just that.
Go Domainless with Cloud Directory Services
JumpCloud is the world’s first cloud-based directory service; it reimagines Active Directory and LDAP for modern IT. JumpCloud offers a browser-based admin console from which you can manage your users and their access to systems, apps, files, and networks.
Here’s the rundown on JumpCloud’s core functionalities:
- User Directory: Import identities from existing directories (AD, Office 365®, G Suite) or create new ones from scratch. Customize users, set password requirements, and provision access to resources – either from the UI or from the command line.
- System Management: Centralize control of your Windows, Mac, and Linux systems. Enforce security policies (see full list) and execute scripts across groups of laptops, desktops, and servers — no matter the OS.
- LDAP-as-a-Service: Leverage JumpCloud’s highly available, global LDAP servers to manage access to legacy apps, file servers, and more.
- Server Management: Configure and secure your Windows and Linux servers using SSH keys, multi-factor authentication (MFA), and RESTful APIs.
- Single Sign-On: Streamline access to web apps using the SAML 2.0 protocol. See the full list of apps.
- RADIUS-as-a-Service: Secure your WiFi networks with JumpCloud’s pre-configured, scalable, and fully managed RADIUS servers. Authentication methods available include EAP-TTLS, PAP, or PEAP. It also features support for WPA2 Enterprise and RADIUS encryption modes.
JumpCloud’s domainless directory services platform ensures that end users can access what they need regardless of where they are physically, or what platform they are on. IT admins can securely and remotely manage the entire infrastructure from a web-based console, APIs, PowerShell, and more. As the IT landscape shifts to a new era in modern IT practices and requirements, JumpCloud’s domainless architecture may be the future that IT admins want and need.
Want to hear from a JumpCloud customer who has “gone domainless” with our cloud directory? Click here to read how Augeo FI replaced Active Directory with Directory-as-a-Service. Or, check out our reviews on G2 and take comfort in knowing that over 100,000 other organizations have taken the leap to go domainless.