Owning various pieces of software and infrastructure is not unlike the proverbial iceberg. You have a sticker price that can sit at the top, but then when you dig into it or once you start implementing said pieces of software, directories included, everything below the surface starts to creep in. Often times the cost you had predicted when you implemented the software, ends up not covering the full cost needed over time. This makes it incredibly difficult to know how much to budget for IT investments.
So let’s start by talking about the top level pricing that is often used when modeling out the Total Cost of Ownership (TCO) of Active Directory®.
Top Level Active Directory Pricing
Above the surface, the only real obvious cost we have is the CAL (Client Access License) costs. The price range for this is widely variant and many times depends on your organization, your purchasing power, and where you’re buying these Client Access Licenses through (either direct from Microsoft or from some other volume discount oriented program).
In a perfect world, that would be it. You would have your Windows server and the licenses for it, and you would be able to connect the Windows endpoints easily with no associated costs. Unfortunately, this isn’t true. Let’s talk about the additional costs of Active Directory below the surface, so that you can really build out an accurate budget.
Let’s dive deeper into your directory infrastructure and take a look at some of the costs you may or may not be factoring in.
Here’s the quick run-down of some of the additional expenses for AD:
- Windows Server software
- Mac and Linux binding
- Identity Federation
- Maintenance & Administration
The three main factors in the infrastructure area are the servers (which may be either physical or virtual), the load balancers, and the hosting.
Often times the server infrastructure and load balancers can cost tens of thousands of dollars over time, for even small organizations. Because of all of the redundancy that each server and load balancer requires to ensure uptime, the cost adds up quickly.
Once you have all of your infrastructure and load balancers purchased and redundant, you still have to consider the hosting costs. With these servers you need allotted space for on-prem servers, off-prem backups, electricity, HVAC, employees to maintain the servers, and you also need to deal with the potential of downtime.
Windows Server Software
The main cost factor with Windows Server software is the Windows Server hardware and licenses. This server can cost thousands of dollars, and on top of that, you need the CALs to access them. Plus, if you want to be assured of uptime, then you’re going to have to make the servers redundant as well, adding to the cost.
Mac and Linux Binding
If you are a company that isn’t purely Windows machines, then binding your Mac and Linux devices is a factor that you will have to deal with. With pricing, when it comes to Mac and Linux binding the only real factor comes from which software you choose to use. Depending on which end up going with, this cost can reach up to thousands of dollars.
When looking at the Identity Federation of your company, some of the main factors here include the access management, on-prem servers for single sign-on, and directory synchronization. Access management typically runs subscription pricing, so this cost can vary depending on your organization size. However, the on-prem servers and software for SSO in addition to the directory synchronization features can cost thousands of dollars each, multiplied by redundancy to ensure uptime.
Maintenance & Administration
You can’t ignore maintenance and administration when budgeting for Active Directory. Obviously, the cost here is correlated to the value of the time of the person conducting that work. Whether that’s you or your busy IT staff, this is one of the hidden costs of Active Directory that’s felt most painfully by organizations employing the directory.
Some of the most common forms of maintenance and administration are employee password resets, onboarding and offboarding users, and provisioning access to new resources – group assignments type tasks (e.g. Group Policy Objects (GPOs)), and the server maintenance and change control tasks.
This cost is measured in time. The amount of time that needs to be dedicated to maintaining the AD servers depends on the size of the office, but the more employees at an organization the more time it takes to manage.
The final factor that we look at is security, a factor that arguably is one of the most important. With this, you have to worry about system security monitoring and multi-factor authentication (MFA) for each of your users. Typically, the system security monitoring will require an employee to dedicate time to each server, and MFA will have a cost per user model that can add up with large organizations.
So How Much do You Need to Budget for Active Directory?
Now that we’ve shined some light on some of the hidden costs of Active Directory, it is clear to see that it goes much further than just the CAL price. In fact, even in this list we don’t cover them all. There is also hosting fees, disaster recovery, storage, backups, VPNs, and more.
If you would like to learn more about the hidden costs of Active Directory, drop us a note. We would be happy to discuss modeling the TCO of Active Directory, and we can also get you access to our directory services ROI calculator.
Less Expensive Alternatives to Active Directory®
The truth about Active Directory is that it wouldn’t have to be as expensive if it didn’t have to rely on both on-premise servers and all of the other components to get everything done. Fortunately, there is a new option that benefits from the cost-savings of the cloud.
Directory-as-a-Service® (DaaS) is a cloud-based directory service that you can think of as Active Directory reimagined for the modern IT world. This unified cloud directory service is able to eliminate many of the costs listed above by offering a fully-featured directory service from the cloud.
DaaS can function as the central authentication solution for users to connect to virtually any IT resource – systems, applications, storage, or networks – regardless of protocol, provider, platform, or location. Best of all, the virtual identity provider is delivered as a cloud-based SaaS service allowing IT organizations to leverage what they need and only pay for that amount.
Try Directory-as-a-Service Before You Buy
We encourage everyone reading this to at least kick the tires on our Directory-as-a-Service platform, as it’s 100% free for the first ten users. We don’t even ask for your credit card information to get you full access to our IDaaS product. Get your free account now, no budget required.
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud