With any new technology there are bound to be questions. No matter if it’s one that either brings completely new ways of doing business or just comes as an advancements of technologies we’ve relied upon for so long.
A new category of solutions in the identity and access management realm are creating a lot of buzz and discussion. Called cloud directory services, these new IAM solutions are changing and challenging the way businesses and IT admins are thinking about their IT infrastructure. Challenging because the world of IAM has been largely in the hands of Microsoft Active Directory. AD has virtually all other IAM solutions built on top of it.
But the modern IT landscape is changing to accommodate heterogeneous platform environments. Cloud infrastructure, web apps and WiFi have diversified the environment, instead of consisting strictly on-premise workstations and systems. And with that change there comes a need for a different approach to many organizational processes, including directory services.
Value of a cloud directory
Cloud directories have come as a way to address the modern business and their infrastructure. Cloud directory services are the central identity servers that connect users to all IT resources they need to access, whether its apps, systems, or networks. With cloud directory services, it doesn’t matter where either the user or resources are located, or what type of system they are using — all major platforms are treated equally. This creates the ability for businesses to leverage the right solutions for them.
All of it sounds good and something you should get onboard with, but we know you have questions. Whenever there is a new technology around, there are questions to ask.
While working with many JumpCloud customers and prospects, we’ve noticed some questions popping up more often than others. We’ve decided to collect them, and give you the answers to your most asked cloud directory questions.
1. How is a cloud directory service different from Microsoft Active Directory?
There are a couple of distinct differences when looking at cloud directory vs Microsoft AD.
First is device authentication and control. If you are an all Windows shop, then authentication with AD is quick and efficient. After all, in AD, working with Windows devices is at its core. However, having any Mac or Linux devices in your IT environment can make things complicated. While AD can authenticate these devices, it can be limiting to try to control their accounts. IT admins need to provision other pieces of software and add ons in order to manage non-Windows devices.
Cloud directory services, on the other hand, have full user management control over all devices, whether they are Windows, Mac or Linux. In addition, cloud directories manage users through native on-board mechanisms. This keeps controls consistent with how the different OSs have envisioned it to work.
Secondly, Active Directory has some built-in assumptions that can be hard to ignore. AD was created two decades ago for an IT environment looking strikingly different than today’s. On-prem contained everything. Internal LAN had AD placed on it and users and IT resources were local to the domain controller. Having every resource to connect directly to AD was the main design. Remote working and diverse workspaces further complicated things. They started the process of creating VPN connections for users that weren’t local.
Cloud directory doesn’t care about the location of users or IT resources. Everything is virtual— it doesn’t require anything to be on-prem in order to work properly. No more additional software or technology.
With the move to cloud infrastructure, many businesses are struggling with how to connect their web services, such as servers, to an on-prem AD server. The challenge is with the remote devices that need access to the internal AD server. This means that you need to either open ports to the internet or add VPNs. With cloud directory there is a mutual TLS connection to each server. It ensures secure communication and no added work for IT admins.
Active Directory is software that your IT team implements. Continuous management of this directory service is the responsibility of your IT admins. The provider does all the heavy lifting as they deliver cloud directory services as a SaaS-based solution.
2. Is it even possible to replace Active Directory?
This often comes up as a question cloud directory prospects are asking. All organizational IAM processes with mostly on-prem Windows environments have AD deeply ingrained. Furthermore, AD had other IAM solutions often created on top of it. It’s not hard to see why anyone would be skeptical of a solution that claims that it can completely replace AD.
The short answer to this question is: Yes. With the move of IT environments from homogenous, Windows-only to heterogeneous and including all major platforms, devices and OSs, it was natural to have a solution that would work in such an environment. Cloud-forward businesses are opting for a cloud directory as it allows them to operate in a mixed environment. Central directory service in the cloud supports a wide variety of protocols innately so it treats all major platforms equally.
Many businesses are looking to switch their IT infrastructure fully to a cloud. A cloud directory service replacing AD is a logical step. Although, there are some scenarios in which a cloud directory might not be the right solution for some businesses. That’s a topic we will explore in the future in more detail.
3. How reliable is a cloud directory service?
Providers have built cloud directory services to be highly resilient and available. The infrastructure of the cloud directory platform is located globally and is highly resilient. In different areas of the directory, there are techniques of endurance in the case of a service or internet going down. As an example, authentication to a user’s system or cloud server is handled locally and for services such as LDAP, RADIUS and others in the cloud, authentication failures can happen in the case of severed connection, just as with on-prem directory.
4. Is the cloud directory secure?
Absolutely! Cloud computing in general, while having its security concerns, is considered a more secure option to traditional on-premise security architectures. Cloud directory services are the same: through their development, a great deal of time, money and resources were spent on security and having a service with security built into it from the very base.
With AD for example, the service assumes that you are connecting from within an organization. This means that it doesn’t have the same level of focus on security as a service that treats the location of users and resources equally. AD comes from a place of assuming that your business has already built needed security layers into your infrastructure. That’s why they need to don’t focus on it.
A cloud directory service doesn’t spend time on those assumptions. It builds those layers of security right into the architecture and the solution itself. Any stored credentials are one-way hashed and salted; communication between any components is encrypted based on the Zero Trust model, including any data at rest. In addition, many cloud directory services leverage a number of other security techniques. They include protecting the infrastructure through segmentation, security groups, vulnerability scanning, and penetration testing.
5. What if the cloud directory goes down?
A service going down is a common question for any cloud service, including directory services. Accounts are created locally where credentials are safely cashed. In a case of an outage, users can continue to have access to systems even with the cloud directory being offline.
6. What if I lose my Internet connection?
Again, a very reasonable and relevant question for any cloud service is what happens in the scenario of the internet going down at a business. Internet connections can often break and downtime can occur after all. Cloud directory services should be highly resilient for these critical situations. Other areas of the service are handled similar to when an authentication server fails on-prem. Many providers installs a lightweight agent on a user’s system. This ensures they can still access their device even when not connected to the Internet.
7. Who can help me set up my cloud directory?
Businesses showed they need help to better understand the business and technology impact of selecting a new cloud directory solution. We started ElephantHop as a consulting practice to aid in evaluation and testing of JumpCloud vs other IAM solutions. If you need to evaluate if JumpCloud is a right solution for you, we can help. We can also support the implementation of JumpCloud if you have already made the decision to purchase it.
Our experts have performed hundreds of JumpCloud implementations over the years. Our validated and time-tested process ensures the implementation is seamless. And if your business doesn’t have JumpCloud expertise in-house? ElephantHop offers fully managed services throughout your entire use of the service.
Learn more about what ElephantHop can do for your JumpCloud journey: contact us!