Directory Service In The Cloud
We were consulting for an Internet Service Provider (ISP) who was considering diversifying into cloud services to complement their existing connectivity services. We carried out market research by visiting their customers systems administrators to establish if they would go for cloud hosting. 87% of the systems administrators were not keen about moving their applications to the cloud because they were concerned about people and resource management beyond the corporate network. Most of them had a robust centralized directory service based on Microsoft Active Directory providing “single sign on” access to resources on their corporate network. When the subject of adopting cloud services was discussed we were not surprised with their concerns.
Adopting cloud services whilst considering identity and authentication management
- Users detest having to enter multiple usernames and passwords. Adding a layer of services from an external provider means an extra sign on for a user. It could end up being frustrating for the user because they will have to memorize multiple sign on passwords to access resources over the internet.
- They felt they would lose control. The systems administrators (sysadmins) are attached to their systems and have developed scripts over many years that integrate applications with directory services. They want to see “green lights” in their own server room for their peace and happiness.
- The “digital native” millennials exposed to computers form early childhood are dominating the workplace preferring to work from cafes or home. How do you control what these users can do on the corporate network.
- According to Pew Research, 77% of the population in America own a smartphone while 55% of the adult population own a tablet computer. A good number of people will go with their gadgets to the office and would want to use it this can be tough to control with existing directory services.
- We are in a very interesting era where you can get nearly over five apps to solve a specific problem or carry out a task. It is now natural tendency for users to go online locate an app download the app and use it to solve a problem. If they are in a corporate environment this could lead to many sorts of issues for the systems administrator.
- How much complexity is added to existing infrastructure when several internal and external domains are added? The objective of the sysadmin is to reduce complexity so they can focus more on helping the company meet their business objectives.
- Sysadmins are aware that their traditional jurisdiction of keeping the lights on is slowly becoming irrelevant. Business executives are seeking people with IT skills who know how to build IT systems that can produce relevant business information that directly goes into the business.
How do we embrace cloud services without losing centralised control of identity and authentication services.
Fortunately you can integrate your on-premise directory services with a cloud directory service. Integration is important when internal applications cannot work in the cloud. The major cloud vendors i.e. Amazon Web Services, Microsoft Azure, Google Cloud Platform will have connectors between your on-premise and cloud service. Apart from these vendors there are 3rd parties who provide tools for integration with names like JumpCloud.com coming to mind.
Microsoft Active Directory is the leading installation of directory services. There is no official estimate of where it stands compared to other services. We estimate about 90%. Microsoft Active Directory federation is inter-operable with other cloud platforms such as Amazon, Google Cloud and Salesforce.com.