The world is moving to the cloud. Infrastructure has moved. Web applications have moved. Even a good number of management tools have made the leap to the cloud. However, one area that has consistently lagged behind is identity management. In fact, you could argue that in the last 15 years, that there has been little innovation in the directory services area of identity management. One concept that is starting to gain some momentum though is the idea of a virtual Active Directory®.
Why a Virtual Active Directory?
Until recently, innovation in the IAM (identity and access management) sector has mostly been about how to build interesting solutions on top of Microsoft Active Directory. The market had largely assumed that AD was the monopoly in the directory services space and as a result, there wasn’t an opportunity to innovate in that area of identity management. So, many first generation IDaaS (Identity-as-a-Service) vendors started to build web application solutions on top of Active Directory.
Over time, though, the IT landscape shifted so dramatically that there needed to be some innovation in the core directory services space. Many vendors appeared on the market to provide virtual or hosted Active Directory solutions. These were just an Active Directory instance in the cloud. The provider would manage the server and software while the customer would only need to populate their users and connect their IT resources to the cloud AD instance. This was a significant positive step, but it wasn’t exactly transformative. Furthermore, this approach spawned a great deal of extra work around networking and security. As you know, AD assumes that the IT resources are local to the AD server.
So, while a virtual Active Directory instance was interesting, it wasn’t really sufficient for what IT admins wanted. Their IT network now consisted of Mac and Linux systems. Server infrastructure shifted from on-prem Windows-based data centers to AWS and Google Cloud. Applications split into those available on-prem and those on the Web, both being required to satisfy needs in some environments. The network shifted from wired to wireless causing a whole segment of security (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Jon Griffin. Read the original post at: https://jumpcloud.com/blog/virtual-active-directory/