Modern IT: Leverage Existing LDAP/Active Directory for IaaS
The move to Infrastructure-as-a-Service (IaaS) has turned traditional user management on its head. When everything was “local” and on-premises, it was fairly straightforward to make LDAP and AD talk to their servers. But the cloud and IaaS has changed all that.
New Opportunities, New Challenges
The cloud has made IT better than ever, but also more complicated. No longer on local servers, infrastructure now resides across web-based hosting services like Google Compute Engine, IBM SoftLayer, and Amazon Web Services (AWS). IT administrator’s options include (1) spending significant time to secure their infrastructure or (2) spend a ton of money to buy an enterprise identity management solution. Option 3 is to just ignore cloud infrastructure altogether, but that means choosing to accept a significant security risk.
Conventional IaaS Solutions
The most basic approach is to manually manage cloud server accounts. While tedious and inefficient, IT admins are successfully able to manually create, manage, and delete users on their cloud servers. They run into trouble, however, when trying to track access or implement multi-factor authentication.
Configuration management tools, such as Puppet, Salt, Chef, Ansible, or CFEngine offer the ability to add and remove user accounts across servers in bulk. These can be fast, cheap, and fairly maintainable—as long as you have simple access rules and few users. But these solutions aren’t scalable. As organizations grow, implementing complex access rules becomes extremely complex. IT admins must update code every time access roles change.
Another approach is to move their existing LDAP or AD to their publicly facing Internet. This means allowing the servers to communicate directly with the user directory. You can also stand-up a completely new LDAP or AD instance in the cloud.
Enterprise management solutions are also available for internal desktops and servers, but are cost-prohibitive.
A Modern Ops Approach to the Directory
The best all-around way to make a secure and efficient directory with secure server access is to fix a central user directory with either LDAP or AD internally. At last, the directory store is the one and only directory of record. From this directory, organizations are able to branch out to their cloud server infrastructure. That means your central directory can easily connect to any number of IaaS platforms.
Sounds good, right? But it’s a tall order. That’s why forward-thinking organizations hire SaaS-based cloud user management services like JumpCloud. These services sync your users with the internal AD directory. Then a lightweight agent is employed on each server. This gives organizations the ability to provision and manage users on each server virtually automatically.
Cloud-based solutions are able to solve the most complex problems with no network configuration required, increased security, and little to no additional administration.
Cloud-based Services Leverage Your Existing Active Directory with Ease
Yes, the cloud has made IT’s job difficult. But now it’s solving the very problems it created and making IT’s job easier than ever—while giving admins more wide-ranging power than ever before.
Looking for more information? Click here to find out more about what JumpCloud’s Directory-as-a-Service® can do for your company.