Ooyala Case Study: Ooyala Goes Global With Cloud-Based Control of LDAP & RADIUS

Summary

Ooyala is a leading provider of software and services that support businesses with producing, streaming, and monetizing over-the-top (OTT) video. With nine global offices and a steady group of remote workers, Ooyala’s Global IT Director, Andy Halvorsen, is constantly on the hunt for better ways to manage Ooyala’s global workforce. Andy discovered JumpCloud when he was in the market for a solution that could offer centralized control over RADIUS, G Suite, and help him replace OpenLDAP.

Company:Ooyala
Size:~700 employees, 100 remote workers
Location:San Jose, CA
Problem:Inefficient LDAP, decentralized remote office management
Goal:Optimize RADIUS authentication, replace OpenLDAP

Background

The more sprawling the infrastructure, the more critical it is to streamline operations. Andy explained, “We have a number of users who travel – engineering managers as well as engineers – so one of my top priorities is to make sure that it’s a smooth process from an IT perspective. No matter which office you’re coming into, you should be able to open your computer and follow the same procedure to authenticate and log in.”

WiFI authentication RADIUS

However, a couple components in Andy’s IT environment complicated his ability to efficiently manage Ooyala’s global operation. Andy’s on-prem RADIUS and OpenLDAP implementations were creating time sinks for himself and his engineers. Andy had been looking for a cloud-based solution when an email from JumpCloud caught his attention:

“I usually open them and delete them, but this one was perfect timing because it was right when I was getting ready to cancel a contract with our previous IDaaS platform. The email was about system management, which is a nice feature but certainly wasn’t the driving force for us. So I jumped in, did an intro call, and kicked things off with JumpCloud about a year ago.”

RADIUS Authentication

“One of our biggest questions was whether or not we would be able to do RADIUS locally without having on-prem RADIUS machines globally. I have IT service machines that do DNS, DHCP, and RADIUS. RADIUS was really our big achilles heel when it came to feeling global,” Andy explained. “RADIUS can be hard to manage. RADIUS is one of those super techy authentication layers that happens in the background at every company, and it takes a Linux system administrator to understand how it works and to be able to fix it if something goes wrong.”

wifi security

“That’s where JumpCloud really shined for us – and I think that’s what also makes JumpCloud the winner in the space.”

“I was able to set up these cloud RADIUS servers and then create user groups for each office so that people could travel between the offices. I only had to manage a cloud RADIUS instead of on-prem RADIUS infrastructure at every office.”

“Being able to do that and control it from a central point was a huge selling point for me and has played out well since rolling JumpCloud out globally.”

Setting up a New Office Over a Weekend

One month into implementing JumpCloud, Ooyala moved their headquarters, and Andy was able to roll out the new office setup in just one weekend. Andy described to us, “We started moving our headquarters from Santa Clara to San Jose, and I made the decision to take advantage of the fact that we were changing offices. So, that weekend, I launched all of their accounts in JumpCloud. Then I came up with this one-pager that said, ‘Welcome to the new office. There’s a new way to authenticate,’ and listed the steps they needed to take.”

EoL Windows Server 2000

“So, they came in Monday morning, they all either had the email or they could sign on to the guest network to get it. Then the welcome JumpCloud email allowed them to set their password, and use that password to sign in to the corporate wireless as well as any of their RADIUS enabled systems.”

Andy told us, “It went off without a hitch. They were already expecting there to be hiccups and whatnot, but we had done a pretty good job of mitigating all of those.”

“The transition was super smooth, and now we have accelerated control and can effectively manage all of those users who have JumpCloud accounts in San Jose.”

G Suite Integration

Centralizing network authentication was just the beginning. Andy has integrated other IT resources into the JumpCloud platform to create optimal control over his global IT environment.

“When we ran our first test group, we had such smashing success with the RADIUS part that we ended up expanding the test group to include Google Apps (now known as G Suite). By doing that, I was able to synchronize both their WiFi usernames – as well as any RADIUS systems – with their G Apps login.”

applications

“The G Suite integration was huge. I mean, we had so many different ways to administrate G Apps, and so to be able to take the password out of the equation is huge for us. There’s still so many layers of what Google does that isn’t enterprise friendly. To be able to at least take one thing out of that equation just adds a layer of simplicity that a desktop administrator needs to get their job done.”

“From that standpoint, it’s a very big win.”

With the help of JumpCloud, Andy was able to simplify RADIUS authentication, G Suite authentication, and achieve central control over Ooyala’s global network infrastructure. But that’s only half of Ooyala’s story. Andy was also able to completely replace OpenLDAP by implementing JumpCloud.

Replacing OpenLDAP

“We have previously used OpenLDAP exclusively as the authoritative source of identity.”

“The number one issue we have with OpenLDAP is that it requires an engineer to be able to manage it.”

“If someone is an administrator, they can do some pretty heinous stuff on accident. If they use an LDAP browser to modify OpenLDAP, they can inadvertently delete an entire group of users. In fact, this happened to us. An admin was using an LDAP browser and inadvertently deleted the entire stacked users group.”

on-premises authentication

“That primarily is why I’d prefer to see all of my desktop admins using JumpCloud rather than trying to become an engineer in LDAP to make changes. I can just put an admin with any depth of experience on it, and they can change groups, and they can deactivate people.”

“The GUI for most LDAP browsers is really clunky in contrast to the clean web interface of JumpCloud. There’s a hierarchy to OpenLDAP that’s difficult to understand, whereas the JumpCloud interface has a familiar and intuitive feel to it.”

“I can entrust a lot more control to a lower level admin, and instead of building an engineer’s time into onboarding and offboarding the engineer only needs to take time for user adds and changes.”

JumpCloud – The Perfect Tool

“In order to stay within budget, it’s essential for my desktop administrators to only work their 40 hours. By giving my desktop admins the right tools, I’m ultimately able to improve their workflows. In this way, JumpCloud has allowed me to stay within my budget.”

“We’re actually going to roll London out in November and it will be similar to what I did with our new office in San Jose. I timed it with an office move, so that our 100 users in London will all move to JumpCloud over the weekend.”

directory as a service

“Most of my travel users are already JumpCloud users, which gives IT the freedom to enable them for all offices. With the seamless implementation of RADIUS and Cisco Meraki, it has just been an easy thing to roll out – even in the background. In offices that haven’t been rolled out yet, I’ve got JumpCloud listed as the second authentication authority, and so all of my traveling users can just pop up in the office, and they can authenticate to RADIUS.”

“In this day and age of the cloud, IT is moving towards a one-system view. It just makes more sense to be able to manage that from a central place – and that’s why JumpCloud became such a perfect tool for us.”

About JumpCloud

The JumpCloud Directory Platform provides secure, frictionless user access from any device to any resource, regardless of location. Get started, or contact us at 855.212.3122.