By Rajat Bhargava Posted December 3, 2014
Historically, most organizations have leveraged Microsoft Active Directory (AD) or the open source Lightweight Directory Access Protocol (LDAP) for their user directories. Both of these are on-premise solutions that require heavy lifting from IT and system admins to implement and operate.
However, while both of these solutions have been stalwarts for organizations for many years, they are breaking down. In a modern enterprise, LDAP Breaks Down with the following issues:
Cloud vs. On-Premise Infrastructure
Organizations are moving more of their infrastructure to the cloud. With the reality of the modern workplace, businesses really only have laptops, mobile devices, and WiFi supported on-premise. There is little reason for organizations to put hardware infrastructure within their four walls. They can leverage cloud-based, SaaS services for everything from their document and file storage to CRM, effectively reducing a businesses need for expansive storage space, expert hardware management, and hardware upkeep. So in this scenario with no servers in the building, where does the user directory live?
The hosted Google Apps suite is a major change that Google has been driving for the last several years. As a result, Gmail services—including app-based tools like Google Documents and Presentations—are winning in the marketplace. While the shift has arguably increased some enterprise productivity, it causes significant issues with the source of identity (e.g., does AD or LDAP sync with your Google Apps infrastructure or is Google Apps authentication the authoritative source?). Unfortunately, Google Apps Directory doesn’t authenticate devices or manage them. If Google Apps is the source of user truth, then how does that hook to your backend IaaS and cloud-based server infrastructure? How do you manage devices?
Both AD and LDAP require significant time and resources. Most businesses have dedicated IT personnel focused on managing these solutions. Their tasks include ensuring that the directory is in sync, updated, and with a current roster of employees. They also need to ensure that this core user directory is connecting to all of the different Web-based SaaS-services that the business needs. Further, IT admins need to determine how this directory talks to the cloud-based server infrastructure required by developers and operations running the backend applications that the business requires.
The problem is that all of these tasks consume significant time. There are ad hoc password resets, rotation of passwords/keys, and security tasks. And, IT admins know that a user management directory is a 100% uptime service. Any outage means that users aren’t connecting to their services and that means loss of productivity and disgruntled employees. Managing an on-premise user directory is painful to say the least.
The Solution Is to Bring Your Directory to the Cloud, Too
LDAP has been a core user store for many organizations. Of course, the protocol isn’t going anywhere, but IT organizations don’t need to be saddled with the management overhead of LDAP. Ensuring that your LDAP instance connects and works with cloud infrastructure and Web apps is critical as well.
Directory-as-a-Service™ (DaaS) solutions such as JumpCloud are building on top of LDAP. They are leveraging the protocol, but taking the heavy lifting of management off of the IT admin’s plate. If you’d like to learn more about where and why LDAP struggles and how DaaS could help, drop us a line.