For a long time, IT admins couldn’t help but cringe when asked the question, “Can I integrate Linux systems with Active Directory?”
It’s a fair question. After all, many IT and DevOps organizations are leveraging Linux throughout their organizations. Linux is now the most widely used OS in the data center (2017) and is a favorite among many technical professionals – developers, DevOps engineers, and infrastructure / ops personnel, to name a few.
Despite Linux’s favorability among technical professions, IT has had few options for integrating Linux Systems with Active Directory®. Up until recently, IT either had to manually manage Linux systems and manually connect them to AD or they had the option to leverage an on-prem directory extension. Recently, a third option has emerged called a cloud identity bridge. With this new contender, let’s take a look at which option might work best in your environment.
AD Linux System Management Options
The best choice for you will depend upon a number of factors including the size of the organization, number and location of the systems, and your views on the cloud. Most IT and DevOps organizations are making the shift to the cloud. However, even with shifting to the cloud, many DevOps organizations still want to leverage their existing investment and processes with onboarding and offboarding users as well as their existing identities. In an ideal DevOps world, IT would be able to continue using their current Active Directory instance, easily connect AD identities to Linux systems, and securely leverage the cloud.
In addition to your views on the cloud, the size of the organization greatly affects whether or not a legacy directory extension solution is right for you. A legacy directory extension often involves implementing more on-prem technology and enterprise grade infrastructure which is expensive and time consuming. So legacy directory extension solutions are often not the right choice.
IT also has the option to manually connect Linux systems to AD, but this only works with just a few systems in the smallest of organizations. Even with a small number of Linux systems, manual management is a huge time sink, and IT will never achieve 100% visibility over the Linux users and systems in their environment with this method. This makes offboarding an unnerving process because IT will never be certain they revoked access to all of the company assets the Linux user had access to. When effective system management is in place, IT is able to enforce security measures like password complexity and have proper visibility into what is going on in each of the systems within their environment. Plus, taking care of issues like a user forgetting their password is significantly more streamlined with proper system management. Manual Linux system management removes any possibility of achieving this level of efficiency and security.
Cloud Identity Bridge: Integrate Linux with AD
A third option, a cloud identity bridge, helps IT and DevOps organizations to shift the problem to a cloud hosted service. The idea of a cloud identity bridge is to securely connect an on-prem AD instance with a cloud hosted directory service. Once our lightweight agent is installed on all of the domain controllers, AD identities are federated to the cloud directory and further utilized on Linux systems, Mac laptops, AWS, Google Cloud Platform, and a wide variety of other systems, applications, and networks.
If you would like to find out more about the cloud identity bridge, consider watching the above whiteboard video featuring our CPO Greg Keller or drop us a note to find out how you can integrate Linux systems with Active Directory. We also encourage you to sign up for a free demo or start testing the cloud identity bridge by signing up for a free account. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud