However, it was built in an era when a network was defined by the physical office building where employees worked. Despite its strengths in physical office spaces, AD is not a fluid architecture. It requires significant investments in hardware and on-prem networking, and it wasn\u2019t designed for work outside the office. From the outset, IT admins had to retrofit it for workers on the road, like salespeople, which sparked the dawn of the VPN client.<\/p>\n\n\n\n
The past several years have brought about a sea change in how IT works. The days of centralized, locally hosted IT are over. The tools and solutions that we use should reflect that reality. AD is no longer the best way to manage users and their access to resources, because it requires identity bridges and other add-ons to be a comprehensive solution. Those add-ons generate higher IT management overhead and increase potential cyberattack surface area.<\/p>\n\n\n\n
Monopolistic Add-On Pricing<\/h3>\n\n\n\n
The current Active Directory ecosystem is best equated to a movie theater<\/a> where your ticket grants you admission, but you\u2019ll purchase more than you\u2019d normally pay for at the concession stand to get everything that you want. An array of services ranging from complicated AD FS server farms, a flood of Azure AD licensing models, or Intune (which must be Azure AD joined or hybrid AD-joined) are now available as a multitude of add-ons that can be confusing to navigate and won\u2019t support every environment, such as popular Linux distributions.<\/p>\n\n\n\n A different architecture now exists to eliminate the need for such AD add-ons, though.<\/p>\n\n\n\n Today, an organization might be all-remote all the time, or have entire departments that no longer work in-office. An organization might also face additional complexities associated with acquiring companies outside of its region or granting its partners secure access to shared IT resources. <\/p>\n\n\n\n Work from anywhere is now enshrined in how business is done, everywhere. Identity and access management (IAM), user lifecycle management, asset and device management, as well as patching and governance are the new frontier. Users work across devices and access many kinds of resources with their identity.<\/p>\n\n\n\n The current reality as seen in the news, and in our communities, demonstrates an incredible change of pace and the realization that world events<\/a> no longer occur in isolation. We rely on the internet more deeply than ever, and the cloud<\/em> is a mission-critical IT infrastructure that connects people to the resources they need to work. <\/p>\n\n\n\n This is especially pronounced in the business world where many companies are uncertain about how to respond to large-scale challenges (such as adopting a Zero Trust<\/a> strategy) with limited IT resources.<\/p>\n\n\n\n Organizations need innovative architectures to support them \u2014 architectures that ensure business continuity in the face of change. The \u201cdomainless enterprise\u201d employs IT architecture that\u2019s fluid, flexible, and responsive. The domainless enterprise begins with how new users are on-boarded and persists throughout the entire user lifecycle, over many devices and shifts in roles and responsibilities.<\/p>\n\n\n\n It supports secure work from any location or circumstance. It also supports resource access that\u2019s customized for each person based on their role and needs as well as the requisite security verifications that must be included every step along the way.<\/p>\n\n\n\n This architecture is user-centric, regardless of device, OS, or provider. IT needs to be able to secure and manage any device, whether it supports Windows, macOS, Linux, or even smart device operating systems like iOS and Android. This architecture meets individual IT resource needs while ensuring compliance for IAM and devices. <\/p>\n\n\n\n Modern IT is much more systematic than in the past: an IT admin tracks organizational assets, patches and configures systems, and continually manages access control. Some organizations also have compliance and reporting requirements, which must always be taken into account.<\/p>\n\n\n\n \n Pricing Options for Every Organization <\/p>\n \n Packages and A La Carte Pricing <\/p>\n <\/div>\n The heart of a domainless enterprise is a central cloud directory service, which serves as the hub for securely connecting users and their systems to the IT resources they need to accomplish their jobs. This may even include network devices within the IT department itself. <\/p>\n\n\n\n From a central cloud directory, IT needs only an internet connection to provision users to their devices and secure those devices, as well as provision users to all their IT resources, including SaaS apps and cloud infrastructure. This process may start by staging a new user<\/a> in the directory and now may also include zero-touch<\/a> onboarding where devices arrive ready for use.<\/p>\n\n\n\n From this same cloud directory, IT admins can control access, secure identities, manage and protect systems, and audit all access \u2014 all without the need for an on-prem domain controller.<\/p>\n\n\n\n Directory services for the domainless enterprise are entirely cloud-based and platform-agnostic. They perform as the authoritative repository for digital identities and can federate those identities everywhere they\u2019re needed via an internet connection. This is also where rules, such as conditional access<\/a> to IT resources, can be configured for even more robust access control.<\/p>\n\n\n\n The architecture has several components that are built for today\u2019s IT workflows: <\/p>\n\n\n\n This architecture relies on lightweight agent-based control of devices. A user should be able to log into their company-controlled device, secured with credentials and user-friendly Push MFA<\/a>, and access their authorized resources with minimal friction. Via the agent, IT admins can configure the devices, lock down security with policies, and monitor data such as uptime and storage capacity \u2014 as well as immediately suspend access for any security reason.<\/p>\n\n\n\n Agents have root\/sudo-level access at the OS level to push any command that IT requires to accomplish a task, or can operate as an Mobile Device Management (MDM)<\/a> provider on systems that are managed that way. MDM establishes profiles and sends commands on both company-owned and BYOD devices, so security will always follow the user. Agents also deliver telemetry for reporting.<\/p>\n\n\n\n Patch management<\/a> is an important integration to ensure that all devices remain up to date and within compliance before access is granted, without requiring additional servers to manage. Managing the devices users work from is a sensible step toward Zero Trust security.<\/p>\n\n\n\n Modern access control is built on top of user attributes. Permissions are no longer automatically granted with constructs such as nested groups; attributes deliver user-based determinations and reduce administrative overhead. For instance, an employee\u2019s department or manager may change, so the system automatically recognizes and notifies IT that permissions should change.<\/p>\n\n\n\n This is made possible by importing or establishing attributes from any Identity Provider (IdP), even Active Directory. It\u2019s also possible to utilize SCIM provisioning<\/a> from your directory to scale your IT operations and more easily onboard user access to web applications. With this architecture, a user has one authoritative identity that IT controls, manages, and monitors. <\/p>\n\n\n\n From a central cloud directory, IT can federate that identity to:<\/p>\n\n\n\n It can also sync with and manage changes between services like productivity suites (i.e., Google Workspace or Microsoft 365) that require user stores.<\/p>\n\n\n\n Learn more about the benefits of attribute-based access control<\/a>.<\/p>\n\n\n\n This new architecture allows you to redefine the domain, which was previously limited to an office-based environment. It allows the new \u201cdomain\u201d to stretch wherever employees perform their work, without the need for costly VPN connections or other networking solutions. <\/p>\n\n\n\n All an employee needs in this model is a device and an internet connection. Further, users only need to change their secure credentials in one spot \u2014 on their device \u2014 for virtually all their IT resources, which dramatically reduces the risk of an identity compromise through phishing. That\u2019s especially true if integrated MFA strategically challenges the user where it matters most.<\/p>\n\n\n\n At JumpCloud\u00ae<\/sup>, we built the world\u2019s first cloud directory service<\/a> because we wanted to enable this domainless enterprise for all organizations. You can read more about the domainless enterprise in this whitepaper<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" This article explores how IT architectures have evolved and what organizations now need to meet the demands of the modern era.<\/p>\n","protected":false},"author":150,"featured_media":45032,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23,2781],"tags":[],"collection":[2779],"platform":[],"funnel_stage":[3015],"coauthors":[2535],"acf":[],"yoast_head":"\nA Boundless Domain: Remote & Flexible Working<\/h2>\n\n\n\n
![\"JumpCloud\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/men-collaborating-with-laptop-aspect-ratio-160-110.jpg\")
\n <\/div>\n Control Your Identities<\/h3>\n\n\n\n
How to Implement the Domainless Enterprise<\/h2>\n\n\n\n
Device Security & Trust<\/h3>\n\n\n\n
User Identity Instantiation<\/h3>\n\n\n\n
\n
![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/05\/1.2-6.png\")
<\/figure>\n\n\n\nJumpCloud Helps Companies Grow<\/h2>\n\n\n\n