Tamr Case Study: Taming DevOps: LDAP User Management, Automated

Summary

Tamr is a company focused on enterprise data. By using a combination of machine learning algorithms and expert human guidance, they help enterprises unify their data. Their patented software platform has quickly gained the attention of industry leaders like GE, HP, and Toyota. With an ever-expanding number of virtual servers and resources on AWS, Tamr’s IT and DevOps team has had to act fast to keep up. By switching to Directory-as-a-Service® they now efficiently manage authentication and the hours they once spent onboarding have been reduced to minutes.

Company:Tamr
Size:100 employees
Location:Cambridge, MA
Problem:No centralized user management
Goal:Authenticate users onto servers, ease on-boarding process

Background

Tamr gained traction immediately after being founded in 2013. Backed by investors like NEA and Google Ventures, their mission is to help companies everywhere better process their analytical data. Unfortunately, manual management of their growing user base and virtual LDAP servers on AWS meant that getting access to IT resources was incredibly difficult.

Streamlining operations fell on the shoulders of Nick Laferriere, a devops engineer. Laferriere recognized this issue right away.

“We knew we were going to have to address building up the the corporate IT infrastructure, and the first issue was centralized user management. That’s when we ran into JumpCloud.”

The Challenge

Tamr deals with big data – and they have the server traffic to match. Managing access to 200-300 servers was beginning to be a headache. Nick described their initial workflow:

“We had set up an LDAP by hand on our AWS account. This meant adding a user required someone who already had access to a server. They would have to type out the commands and then create the user, and this process was just for the servers. We also needed to have another series of this process for signing on to anything else – everything was ‘one-offs’ which was a very painful workflow.”

The system worked. But it was very manual.

Laferriere told us, “We had a series of scripts. Basically, we would ask employees to fill out a form, hope they type out everything correctly, create the user, and if there were no issues the user could access the resources. These steps had to be repeated every time the user wanted to change the password or change anything else. It was horrific. It would require spending an hour a day just to go in by hand and hope you get it right. There was zero self-service.”

Nick knew that if the company was going to continue to grow, this process needed to be addressed. User authentication was becoming a major issue, especially with the majority of users using Mac or Linux. Laferriere did his research:

“We looked at Active Directory®, we considered building LDAP ourselves, we looked at LastPass with their Single Sign-On with SAML, and we also looked at Conjur for some user management.”

But none of these user authentication methods met Tamr’s full list of needs.

The Solution

Nick Laferriere discovered JumpCloud while researching possible solutions.

“I was just searching online for a SaaS-based directory solution. My reasoning for this was that we didn’t have any physical servers. We still don’t. So the last thing that we wanted to do – especially with our software development being on top of Linux – was go out and buy an Active Directory server and have that in our office.

“What ended up attracting us to JumpCloud was the fact that it kind of had everything. So with one service, you get the SAML endpoint, you get RADIUS, LDAP, and you had the story for managing Mac devices. The fact that JumpCloud throws in the Google Apps integration, which we use for our email, is just icing on the cake.”

“When I looked down the checkboxes of the features we needed, Directory-as-a-Service was the only ones that had it all. For us, that was huge.”

Implementation

“The first thing we did was create everyone’s account. which was as simple as making a Google Apps account. We used this as our base source of truth because everyone had email access. Then, we did the syncing of the directory. Everyone got the invite to convert over, and we were able to easily track who did and who didn’t move over. Then we could pester the people who didn’t – and that gave everyone a base account inside of JumpCloud. From there we were able to start tying it into applications.

“For our servers, with the JumpCloud agent, we just wrapped that around our configuration management tool – Ansible. Ansible talks to all of our servers already, so we were able to deploy our agent via that to all of the servers. So we deployed JumpCloud’s agent, and then magically 5 minutes later all of our servers had all of the users that we’re supposed to have on them.”

“From there, as the users update themselves it all got reflected on the servers or any of the services they were tied into.”

Cloud-Controlled Networking

“Another area that we tied in almost immediately was our network. We had a shared WiFi password before, but with JumpCloud we were able to tie in RADIUS into our network equipment in about ten minutes. We used Cisco Meraki for everything. There’s a Knowledge Base article that we basically followed step by step. We just kinda copy and paste the things in and we were up and running and connected with that in a matter of around five or ten minutes.

“We also were able to tie into our VPN server within a matter of fifteen or twenty minutes. After that, it was just a matter of going piecemeal through our applications.”

“I don’t think we spent more than fifteen or twenty minutes on tying any application, which is really awesome. Just a really pleasant experience.”

The Results

“The results have been awesome. Before we had JumpCloud, it would take us almost a week to get the developers up and running with accounts and access to developer resources. Now, they come on, they fill out the paperwork, and by lunchtime on their first day they have access to everything they need to do their job permanently.”

“That turnaround is amazing and allows us to get up and running so much faster.”

“We’re a growing company. That means a lot of onboarding new hires. Now, when we’re adding a user, we can just focus on connecting them to what they need. With the rest of the day, we can focus on the other parts of our jobs that are more valuable to the company.

“We haven’t had too many people leave, but it will happen. From a regulatory and compliance perspective, it’s awesome to have the functionality that, if someone leaves, we just make one click and then we don’t have to worry about trying to find 100 different accounts. We can just disable it and we’re good to go.

“Since we switched to JumpCloud, it has been maybe an order of minutes – maybe 15 minutes a week tops. It’s just streamlined our process for user management and onboarding so much.”

Saving Time and Money

“In terms of cost savings, I don’t know the hard dollar amount, but I know that it’s cheaper than some of the alternatives we looked at. The biggest thing is the time savings.”

“Basically, since I’ve switched, the amount of time that I’ve spent managing users accounts between various services has gone down by about ten-fold.”

“The ongoing management is also so much less work than it used to be. We used to spend at least a couple hours a week just creating user accounts, managing them, and de-activating them from services. I think it has been around five minutes a week inside the JumpCloud portal actually doing management. The whole process is kind of magical. It always works, it’s always there, and you don’t have to worry about maintenance.

“We don’t have to manage a Windows server with Active Directory. We don’t have to recreate all of the schema. If we didn’t make this decision, we probably would have had to hire a part-time IT person whose job would basically be managing people’s accounts… and that would be kind of crazy.”

About JumpCloud

The JumpCloud Directory Platform provides secure, frictionless user access from any device to any resource, regardless of location. Get started, or contact us at 855.212.3122.