{"id":2743,"date":"2014-11-17T09:55:35","date_gmt":"2014-11-17T16:55:35","guid":{"rendered":"http:\/\/www.jumpcloud.com\/blog\/?p=2743"},"modified":"2024-11-05T17:58:43","modified_gmt":"2024-11-05T22:58:43","slug":"6-ways-to-manage-users-on-cloud-servers","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers","title":{"rendered":"6 Ways to Manage Users on Cloud Servers"},"content":{"rendered":"\n<p><strong>Connecting Cloud Servers to your AD or LDAP Store <\/strong>Managing users on cloud servers is a painful process. If you have more than just a few servers, ensuring that <a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\"><i>the right<\/i> people have <i>the right<\/i> access<\/a> gets complicated\u2014fast. For instance, at any given moment IT admins must ensure that every server is covered, any and all changes are logged, and all users are in sync with the core user store all at once\u2014and all this must be managed on an on-going basis.<\/p>\n\n\n\n<p>There are a number of approaches admins can take to manage users. We highlight the pros and cons of some of the most common approaches, below.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-manually-managing-cloud-server-accounts\">Manually managing cloud server accounts<\/h2>\n\n\n\n<p>Many IT admins choose to manually create, manage, and delete users on their cloud servers. IT admins are notified (generally via email) of who requires what access to the cloud servers and they will manually provision and <a href=\"https:\/\/jumpcloud.com\/platform\/cloud-directory\">manage users on the cloud servers<\/a>. This entails the following:<\/p>\n\n\n\n<ul>\n<li>Logging into the servers themselves<\/li>\n\n\n\n<li>Managing the user creation<\/li>\n\n\n\n<li>Account and user modifications<\/li>\n\n\n\n<li>Handling the termination process<\/li>\n\n\n\n<li>Communicating with the user (generally insecurely)<\/li>\n<\/ul>\n\n\n\n<p>However, as the number of servers and users grows, this tedious process presents some significant challenges around tracking access. Adding capabilities such as multi-factor authentication become problematic, and configuring those solutions on a case-by-case basis can be time consuming. Moreover, when using AWS many IT admins will leverage a simple ec2-user account for access largely because it\u2019s easier, and thereby lose any on-host auditing capability.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-leverage-configuration-management-tools\">Leverage configuration management tools<\/h2>\n\n\n\n<p>Another user management paradigm is leveraging <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-user-management\">configuration management tools, such as Chef, Puppet<\/a>, Ansible, Salt, CFEngine, or others, to add or remove user accounts. However, this can be a quick, easy, inexpensive, and reasonably maintainable method if you have just a few users and very simplistic access rules (for example, all users have access to all servers).<\/p>\n\n\n\n<p>But smart admins know this isn\u2019t a long-term solution, because it\u2019s not scalable.<\/p>\n\n\n\n<p>As organizations grow, they quickly hit a barrier and it can become maddeningly complex to manage large numbers of users with complex access rules. IT admins become burdened with the time-consuming task to update code every time access roles change, with no easy way to off-load what should be a purely administrative task to someone with less training.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-expose-ldap-or-ad-to-the-internet\">Expose LDAP or AD to the Internet<\/h2>\n\n\n\n<p>Another option is to <a href=\"https:\/\/jumpcloud.com\/blog\/ad-to-the-cloud\">expose LDAP or AD to the Internet<\/a> and let servers talk directly to user directories. Through additional <a href=\"\/blog\/centralize-cron-jobs-stop-fighting-configuration\">security and configuration,<\/a> the LDAP or AD servers can be locked to only talk to certain servers. However, depending upon the network architecture and growth of servers this may or may not be an option. If it isn\u2019t, then the user directory store is available to be queried by anybody on the Internet.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-stand-up-an-entirely-new-ldap-or-ad-instance-in-the-cloud\">Stand-up an entirely new LDAP or AD instance in the cloud<\/h2>\n\n\n\n<p>Still another option is to create <i>another<\/i> directory store. Generally this involves standing up a new instance of AD or LDAP in the cloud. This works well if the cloud setup is logically in a Virtual Local Area Network (VLAN) or equivalent enclave where the directory server can talk to each of the servers. <\/p>\n\n\n\n<p>Additionally, the cloud directory store needs to be synchronized with the main user directory or manually updated. The benefit is that this method gives IT admins the ability to manage users for their cloud servers via either LDAP or AD. The problem is it creates an extra layer of work for IT admins.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-implement-an-enterprise-identity-management-solution\">Implement an enterprise identity management solution<\/h2>\n\n\n\n<p>Larger corporations sometimes leverage an existing enterprise-class identity management solution, or purchase a new one, to manage cloud servers. Generally, this approach involves installing the solution on-premises, connecting it to the main directory store, and then installing agents on each device that needs management. Often, this is implemented with the help of the vendor\u2019s professional services. <\/p>\n\n\n\n<p>The benefits of this type of solution are that it can be leveraged for internal desktops and servers, and can sometimes include mobile device management capabilities, too. For management of cloud servers, IT admins will install agents onto servers which will talk back to the solution\u2019s main on-premise server. While an excellent solution, this approach is often too costly and cumbersome for most organizations to implement.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-directory-as-a-service\">Directory-as-a-Service<\/h2>\n\n\n\n<p>The last significant approach is to leverage a <a href=\"\/blog\/what-is-daas-directory-as-a-service\">Directory-as-a-Service\u2122(DaaS) solution<\/a>. A <a href=\"https:\/\/jumpcloud.com\/platform\/cloud-directory\">cloud-based directory<\/a> serves as a the bridge between an on-premises AD or LDAP user store, and cloud infrastructure. A lightweight agent placed on the internal user store can synchronize users to the cloud-based directory.<\/p>\n\n\n\n<p>From there, cloud servers are then able to talk to the Directory-as-a-Service and authenticate access. Because the DaaS solution lives in the cloud there is no networking to be done and servers can talk to the cloud directory either through a secured connection or via an agent that\u2019s been installed on each server. <\/p>\n\n\n\n<p>User changes are all handled in one place\u2014within the internal directory\u2014and are propagated first through the cloud directory, and then to each server. The benefits of this approach are <a href=\"https:\/\/jumpcloud.com\/blog\/what-cloud-directory\">simplicity<\/a>, availability, and <a href=\"https:\/\/jumpcloud.com\/platform\/cloud-directory\">security<\/a>. Of course, organizations need to be comfortable leveraging the cloud, otherwise this isn\u2019t an option for them.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-as-you-think-about-how-to-securely-manage-cloud-server-users-consider-the-various-pros-and-cons-of-each-approach-if-you-have-questions-or-comments-please-drop-us-a-line-we-d-be-happy-to-dig-deeper-with-you-on-each-one\">As you think about how to <a href=\"https:\/\/jumpcloud.com\/blog\/top-windows-server-roles-alternatives\">securely manage cloud server users<\/a>, consider the various pros and cons of each approach. If you have questions or comments, please drop us a line. We\u2019d be happy to dig deeper with you on each one.<\/h4>\n","protected":false},"excerpt":{"rendered":"<p>We discuss the existing ways to manage users on cloud servers, and how JumpCloud&#8217;s Directory-as-a-Service offering might be a better option.<\/p>\n","protected":false},"author":30,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23],"tags":[],"collection":[2778,2779],"platform":[],"funnel_stage":[3016],"coauthors":[2516],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>6 Different Ways to Manage Users on Cloud Servers<\/title>\n<meta name=\"description\" content=\"We discuss the existing ways to manage users on cloud servers, and how JumpCloud&#039;s Directory-as-a-Service offering might be a better option.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"6 Ways to Manage Users on Cloud Servers\" \/>\n<meta property=\"og:description\" content=\"We discuss the existing ways to manage users on cloud servers, and how JumpCloud&#039;s Directory-as-a-Service offering might be a better option.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2014-11-17T16:55:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-05T22:58:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/jumpcloud-logo-2023.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Greg Keller\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Greg Keller\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers\"},\"author\":{\"name\":\"Greg Keller\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6\"},\"headline\":\"6 Ways to Manage Users on Cloud Servers\",\"datePublished\":\"2014-11-17T16:55:35+00:00\",\"dateModified\":\"2024-11-05T22:58:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers\"},\"wordCount\":920,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"articleSection\":[\"Best Practices\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers\",\"url\":\"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers\",\"name\":\"6 Different Ways to Manage Users on Cloud Servers\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2014-11-17T16:55:35+00:00\",\"dateModified\":\"2024-11-05T22:58:43+00:00\",\"description\":\"We discuss the existing ways to manage users on cloud servers, and how JumpCloud's Directory-as-a-Service offering might be a better option.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"6 Ways to Manage Users on Cloud Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6\",\"name\":\"Greg Keller\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/bb829f9c68b309c7d66b61d4436f8afa\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g\",\"caption\":\"Greg Keller\"},\"description\":\"JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"6 Different Ways to Manage Users on Cloud Servers","description":"We discuss the existing ways to manage users on cloud servers, and how JumpCloud's Directory-as-a-Service offering might be a better option.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers","og_locale":"en_US","og_type":"article","og_title":"6 Ways to Manage Users on Cloud Servers","og_description":"We discuss the existing ways to manage users on cloud servers, and how JumpCloud's Directory-as-a-Service offering might be a better option.","og_url":"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers","og_site_name":"JumpCloud","article_published_time":"2014-11-17T16:55:35+00:00","article_modified_time":"2024-11-05T22:58:43+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/jumpcloud-logo-2023.png","type":"image\/png"}],"author":"Greg Keller","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Greg Keller","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers"},"author":{"name":"Greg Keller","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6"},"headline":"6 Ways to Manage Users on Cloud Servers","datePublished":"2014-11-17T16:55:35+00:00","dateModified":"2024-11-05T22:58:43+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers"},"wordCount":920,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"articleSection":["Best Practices"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers","url":"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers","name":"6 Different Ways to Manage Users on Cloud Servers","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2014-11-17T16:55:35+00:00","dateModified":"2024-11-05T22:58:43+00:00","description":"We discuss the existing ways to manage users on cloud servers, and how JumpCloud's Directory-as-a-Service offering might be a better option.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/6-ways-to-manage-users-on-cloud-servers#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"6 Ways to Manage Users on Cloud Servers"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6","name":"Greg Keller","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/bb829f9c68b309c7d66b61d4436f8afa","url":"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g","caption":"Greg Keller"},"description":"JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution."}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/2743"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=2743"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/2743\/revisions"}],"predecessor-version":[{"id":117157,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/2743\/revisions\/117157"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=2743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=2743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=2743"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=2743"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=2743"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=2743"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=2743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}