Ace Payroll Case Study: Unifying IT Coast-to-Coast by Replacing Active Directory®

Summary

Ace Payroll was founded in 1994 with a simple mission: to pair extraordinary service with innovative payroll, HR, and benefits solutions.

When they merged with some longtime partners, suddenly Ace Payroll had offices across the United States. This was great for business, but complicated for IT – especially when it came to managing users, systems, and resources remotely. Their three separate Microsoft® Active Directory® installations had become a major liability.

So how do three different IT infrastructures become one? That task came down to two IT managers, Andrei Hobson on the West Coast and Paul Setti on the East. Together, they came up with an innovative solution that met all of Ace Payroll’s IT needs.

Company:Ace Payroll
Location:New York, Florida, Nevada, Arizona
Problem:Decentralized IT, VPN hassle, Separate AD installations
Goal:Central Management, Multi-Factor Authentication, No on-prem infrastructure

Background

Paul and Andrei were both veterans of Microsoft infrastructure. They had long hosted their own Exchange® servers in house and knew Active Directory like the back of their hands. They were also well-familiar with the limitations:

“First of all, when you have an Active Directory infrastructure, it’s not good enough to just have one server,” Paul explained. “You’ve got to have a backup. Because when your Active Directory goes down, your primary domain controller, you’re in deep trouble.”

Authentication is a 100% uptime service – one that Ace Payroll wasn’t eager to keep in-house. Paul continued: “We’re a growing organization. A lot of what we’re doing – in the IT world – is a whole lot less hardware-centric. We had new remote offices, road warriors, and we had VPNs all over the place.

“We wanted a simple, elegant solution.”

But when the three companies merged into one, Paul and Andrei were looking at an infrastructure that was anything but simple and elegant.

The Challenge

“We really had no way to unify everything.”

“We were basically three separate entities,” Paul continued. “We had three separate Active Directory domains there. Trying to share the domain through VPN connections was becoming problematic.”

Andrei explained further: “When something would happen to their Active Directory, which was getting a little bit long in the tooth, I had no access to it. It wasn’t like I could teleport to the New York office and go to work on the issue.”

Remote workers compounded the headache. “Our sales team had been growing over the last couple of years and they were entirely outside of the loop. If you’re in the office, great. But we had no control over their systems when they were on the road.

“So we were desperate to find something that gave us central control so that it didn’t matter when it was or where it was, we’d be able to access each other’s resources and assist each other.”

The Solution

Andrei and Paul began the search for a directory that could unify their decentralized infrastructure. “We looked at just about everything. Most all of it required some sort of on-site, Active Directory presence, which we wanted no part of unless we had to,” Andrei said.

“Ideally it would be 100% cloud-based,” Paul continued. “No domain controllers, no backup domain controllers, no VPN into AWS to have it there… just none of that – please!”

They ran pricing comparisons and put contenders through a thorough vetting process. At last, the pair made a decision. Andrei summarized:

“There was only one option that gave us the level of flexibility we needed and was purely cloud-based. And that was JumpCloud.

“We took advantage of the free account for 10 users and migrated some guinea pigs over. Tested it out, moved ourselves over as the IT department, and started playing with it. What we discovered was, ‘Yeah, this is very, very straightforward.’”

Implementation

“Moving to JumpCloud really wasn’t difficult at all,” said Paul. “I mean, if you can add a machine to Active Directory, it’s probably about the same amount of time. It will depend on how big your operation is, but it wasn’t very complex.”

Andrei elaborated, “Once we got the routine down — copy the profile over, pull it off the Active Directory domain, install JumpCloud — I think it took me two or three days with my West Coast employees. I was by myself. Paul had one person helping him.

“Most of it was done in a day or two.

“Hooking the directory up and migrating all of that was as straightforward as you could possibly get. You guys provided a lot of support throughout that entire transition. When we had questions about how the commands work, or how the tags worked, stuff like that, you guys were phenomenal.”

What about the end users? “Most of them aren’t aware that we changed anything,” Andrei told us. “That’s gold right there. That’s like platinum diamond.” Paul agreed: “Other than having to change their passwords, they probably have no idea that there’s anything different going on.”

The Results

So did Andrei and Paul achieved their goal of a unified infrastructure for Ace Payroll?

“Yes,” confirms Andrei. “The East Coast / West Coast divide has almost entirely disappeared because of this. We were able to migrate one of our main Linux servers onto the system and that turned out to be an absolutely huge asset. That allowed us to integrate an entire environment that had previously required separate credentials and separate maintenance. Now, if I want to add Linux servers, I’ll just log in myself.

“We’ve also moved forward with Office 365 integration and that’s going well. For our Office licensing and our Office 365 accounts, those credentials are synced up. So that’s been good for us.”

Count it as a victory for remote workers. “Management had been non-existent for our traveling sales people when we were using Active Directory. Now we can finally manage them remotely. It doesn’t make a difference where they’re at. We have one management platform that we’re able to use to map all of our network drives and VPNs to everyone.”

Paul and Andrei also gained more direct control over users, systems, and apps: “We have the ability to manage Mac and Linux now. And the fact that we were able to easily tie Google Apps into the system so that they’re syncing passwords between them was huge.”

There have also been security benefits: “Two-factor authentication had been a request from our bosses for ages. So the ability to provide that for Linux and Mac has been a big win.”

And they’re saving time on onboarding and offboarding: “I’ve hired and fired probably five or six employees since we migrated. Providing or removing access is a simple process driven through the JumpCloud dashboard. That’s another nice benefit: the ability to go in there and yank ‘em off. That makes them suspended — not deleted — out of Google. It’s just — I love that! I can remove their general access and know that their email is simply suspended.”

When asked to sum it up, Paul said: “Things are going well.” Andrei agreed: “We wouldn’t be participating in this case study if we didn’t think that you lived up to your promise.”

About JumpCloud

The JumpCloud Directory Platform provides secure, frictionless user access from any device to any resource, regardless of location. Get started, or contact us at 855.212.3122.