By Greg Keller Posted November 14, 2014
We are often asked, why haven’t others already built a cloud-based directory?
While we can’t answer for others, we can say that we know it’s really hard! But beyond the easy answer of technical difficulty and effort, we wanted to dive deeper into what systemically has led others to shy away from building a cloud-hosted directory service. And why JumpCloud® has focused on it.
We have to go back into history to understand why a cloud directory wasn’t on the radar. At a high-level three reasons have contributed to this:
- Cross-platform didn’t really exist.
- The cloud was in its infancy.
- SSO was good enough.
Let’s dig into each one as it relates to why a virtual identity provider hasn’t been introduced.
Microsoft Active Directory, or AD, came into vogue in the early 2000s. At that point, Unix was on the decline, Linux on the rise, and Windows was making significant strides in the enterprise. From a desktop perspective, virtually everybody was using Windows machines. Laptops were getting smaller and lighter and desktops more powerful. Developers and technical personnel might have had multiple machines—one Linux device and one Windows device. Of course, we know that virtualization allowed those two devices to be combined into one.
On the server side, organizations were still leveraging legacy Sun, IBM, and HP machines, but more and more were shifting to the open source Linux platform. Windows servers were becoming more powerful and more Unix like with more processing power, scalability, and availability features. As a result, most businesses were largely Windows operated with some “other” devices. If the organization was large enough, those “other” devices—typically Unix and Linux machines—might be connected to OpenLDAP. The rest of the organization, which in most cases was the vast majority of the devices, was all connected to AD. There really wasn’t a need to worry about other platforms, especially because Macs and Apple were struggling.
But as we know, later in the 2000s, Linux emerged as the dominant data center operating system and Apple made a huge resurgence. Of course, the effects of that would not really be felt until early this decade.
As AD was emerging, the cloud was still very much in its infancy. In fact, it wasn’t even called the cloud, in those days. It was really much more hosting, and over time it became virtual private server (VPS) hosting. While the term cloud wasn’t around, even the concepts really weren’t quite there. Application Service Providers (ASPs) existed and would host various applications out on the Internet. But, it was early days.
Generally, if you were using a third-party application, such as Salesforce, it was a point solution. If you started to leverage hosting and third-party data centers in general, the common theme was a direct point-to-point connection or VPN that extended the internal network out to the data center. Applications and servers that were hosted there in the early 2000s were painfully slow. As a result, while it was possible to have applications hosted in the cloud, there were few out there and they were largely items that could function autonomously from the rest of the network. A directory service would’ve had to authenticate each device and user, and would hardly have been a candidate to become a cloud-based service. The performance would have been too slow, the security approach at the time would also have not allowed it, and AD was really an on-premise solution, anyway.
Over still more time, though, AWS began to change the landscape with highly cost-effective, pay-as-you-go cloud servers. With great connectivity and cheap infrastructure, the third-party cloud services market exploded. Every major category would come to be delivered “as-a-service.”
Interestingly, though, the directory still hadn’t emerged as one of those cloud solutions.
Meanwhile, as cloud apps were being created, another technology was emerging, namely, single sign-on (SSO) solutions. SSO was being developed through a protocol called SAML (Security Assertion Markup Language). These solutions took AD, on-premises, as the standard and were built on top of AD in a sense. But these SSO solution providers realized that web-based applications were exploding and connecting the two together securely was a significant opportunity. And, the SSO companies were right. For the better part of a decade, SSO solutions allowed organizations to leverage web services while keeping their existing AD.
The solution seemed like a win-win situation. Nothing changed internally, with only a gain externally to web applications. There wasn’t any reason to re-think the directory service. With AD embedded into the core and Web applications included via SSO, employees could just use their existing credentials. As cloud servers started coming in the scene, those could be dealt with one-off. Only a few admins needed access to those servers anyway. Macs were still few and far between. As a result, SSO solutions solved the greatest pain – connecting users to the major web apps.
The momentum of these IT pieces ended up keeping the directory on-premise and largely as Active Directory. There just wasn’t a need to change. Even today for some organizations, there may not be a need for a cloud-based directory yet. However, the landscape has shifted dramatically. Organizations are heterogeneous and the use of Windows is declining. Add mobile and tablets to the mix and it isn’t clear that Windows is even 20% of the total device count (experts estimate that it is now 1 in 5). AWS and other infrastructure services are dominating the market for back-end hosting. There is no need for organizations to have their own data centers. As a result, the directory needs to encompass these third-party services. Topping it all off, SSO is no longer enough. Cloud-based applications – both internal and external need to be controlled and not all of them are supporting SAML.
Try Our Cloud-Based Directory
It’s been a long road to get to this point, but we think that the end of on-premises services—outside of physical network—is largely within sight. The last major component—the user directory—is making its way to the cloud now. If you want to see how, just drop us a note. Or, see it in action for yourself with JumpCloud’s Directory-as-a-Service®.