Organizations have traditionally leveraged Microsoft® Active Directory® (AD) for managing access to their IT resources, including their on-prem or colocated data centers and server/container infrastructure. AD has historically been the source of truth when it comes to who has access to what IT resources, including systems, servers, applications, data, and the network. An organization’s server infrastructure was generally “local” to a domain either by sitting within the domain proper via an on-prem data center or via a VPN to a third party data center. With Active Directory, direct local access was a requirement.
As cloud infrastructure – otherwise known as Infrastructure-as-a-Service (IaaS) – has gained tremendous popularity, the dynamics of managing container and server user access have changed. No longer is server infrastructure “local” to the network structure. In fact, these days there may not be any infrastructure on-premises at all. It may be hosted at Amazon Web Services® (AWS), Google Cloud Platform®, Microsoft Azure®, or another cloud provider. This inherently creates significant problems for system administrators and DevOps engineers. They are faced with the decision of choosing to accept a significant security risk or undertaking dramatically more work. Alternatively, they can opt to spend significant money to purchase and manage a secondary enterprise identity management solution.
We’re here to offer a new way forward. The modern cloud ops approach extends Active Directory to AWS, while maintaining AD as the authoritative source of truth.
Let’s start by taking a look at some of the less than perfect solutions that have traditionally been available to sysadmins and DevOps engineers:
As more organizations shift to cloud infrastructure hosted at providers such as AWS, it is critical to understand the core problems with connecting identities and access to these off-prem, cloud resources. Some of the main focal points are:
As IT and DevOps organizations aggressively leverage AWS and other IaaS infrastructure, the previous approaches all have too many drawbacks to be viable solutions. Innovative organizations are smartly and securely extending their on-prem Active Directory identities to their IaaS platforms through integration with a cloud directory service.
In this scenario, the on-prem Active Directory instance continues to serve as the directory service of record, with all identities stored within AD and updated there. From this core, authoritative identity provider, the integration platform is leveraged to federate identities to a cloud hosted directory service. Subsequently, this cloud identity provider controls user access to the cloud infrastructure. That infrastructure may be at one or a number of different IaaS providers. Additionally, this cloud identity bridge can also control access to other non-Windows and non-AD-bound IT resources, including Mac and Linux systems, web applications, WiFi access, and cloud storage systems.
A diagram of JumpCloud’s AD Integration Import is below:
The implementation and management process of a cloud identity bridge is quite simple. The first step is to install JumpCloud AD Import agent onto the on-prem domain controllers and the cloud servers. Those agents securely communicate with the cloud hosted directory service. All changes within AD are automatically replicated to the SaaS-based user management service as well as the cloud server infrastructure. No management and maintenance work is needed. IT admins and DevOps engineers simply assign what users should have access to – and JumpCloud’s Active Directory Integration does the rest. Access can occur via username and password or SSH keys. Both access methods can also be secured with 2FA (two-factor authentication).
There are a number of benefits to this cloud identity extension model relative to the other options and approaches that IT and DevOps organizations often take.
Innovative organizations are leveraging this cloud identity bridge approach to enable their shift to the cloud. Identity management is a key part of any IT infrastructure and when thinking about leveraging cloud infrastructure such as AWS, IAM concerns abound. By leveraging JumpCloud’s Active Directory Integration, IT organizations can easily and safely unlock the cloud.
Find out what JumpCloud's AD Integration functionality can do for your company. As a comprehensive cloud directory service and identity bridge, Directory-as-a-Service can help you leap to the cloud.
JumpCloud® Directory-as-a-Service® (DaaS), is Active Directory® and LDAP reimagined. is Active Directory® and LDAP reimagined. JumpCloud securely manages and connects your users to their systems, applications, files, and networks. Try JumpCloud’s cloud-based directory free at JumpCloud.com or contact us at 855.212.3122.
For additional reading, blog updates, and the latest news, please visit our blog.