Managing Linux users has been an interesting topic in the identity management world. Early on, Linux machines weren’t that popular, so the management of the associated users was handled manually. But now, as Linux becomes more commonplace, controlling access to Linux systems is an important aspect for most IT admins to have covered. Fortunately, a new generation of Linux user management has arrived – and it simplifies the task for IT by coming in the ‘as a service’ form.
How to Manage Linux Users
Linux systems have become much more popular than they used to be, but they are typically used by engineers – not standard end users. While some Linux systems are used in the office, most are Linux servers in the data center or at Infrastructure-as-a-Service providers such as AWS. You can also find developers and DevOps personnel leveraging Linux machines. Managing who has access to which Linux servers and machines can be a challenge for admins, especially if it must be done manually. Thankfully, there are some innovative new services to support Linux user management.
Managing Linux Systems
Let’s start with how to handle Linux laptops and desktops. If there is an existing identity provider in place, such as Microsoft Active Directory®, user management of those systems can be quite painful. This is because AD wasn’t built to support Linux natively. While connecting AD and Linux is possible (with configuration on both ends), the whole process isn’t nearly as smooth as it is with Windows machines.
A new vanguard of tools and services is making the connection between Active Directory and Linux systems much easier. Through a cloud identity bridge, or directory extension solution, IT admins can deeply manage users on Linux machines, all while continuing to leverage Active Directory credentials for the users. This means admins can add, delete, and modify user access on a wide variety of Linux platforms, with AD still maintaining control over the identity.
If your organization has no directory service in place, then a cloud directory such as Directory-as-a-Service® is ideal for the management of Linux systems. Not only does the platform offer management of access to Linux systems, but it also can seamlessly manage user access to Windows and Mac machines as well. This can all happen from our cloud-hosted directory service, and it is able to function as a complete replacement for Active Directory.
Managing Virtual Linux Servers
Switching gears to Linux systems within the data center, or at IaaS providers such as AWS, the situation is largely similar. Many DevOps organizations have segregated their identity management function for their Linux server infrastructure.
Historically, this has meant one of three things:
- Separate identity providers (such as OpenLDAP™ or another instance of Active Directory).
- Identity management via config management tools (such as Chef or Puppet).
- Manual user management.
All of these options come with significant issues, risks, and each represents a significant investment of time. For these reasons (and more), many IT admins and DevOps engineers are looking for a Linux user management as a service offering.
The Linux data center infrastructure is a core part of their IT network. That means they need to be managed with enterprise-grade tools. But just as with on-prem Linux systems, managing these servers through Active Directory can be a challenge. Not only is Linux a non-Microsoft platform, but it means that you must expose your AD server to the internet and make sure your security remains intact. Alternatively, using a cloud identity bridge setup allows admins to securely control Linux servers all while maintaining the core AD credentials.
If you are coming from a no directory situation, the solution is just as easy (if not more so). Directory-as-a-Service is able to securely and simply manage the access to Linux servers as well, giving you one central location to manage users and what they have access to. This means that your Linux servers, and systems, are embedded into the core user management service for the entire organization.
Learn More About Linux User Management as a Service
Directory-as-a-Service can function as your core Linux user management as a service platform. With native Linux systems support, the modern IDaaS platform natively controls user access across an entire Linux system fleet. JumpCloud’s centralized identity management allows you to connect end users to your IT resources, regardless of the platform, protocol, provider, or location that they have.
Set your organization up for the future of IT by checking out the cloud based directory service. Sign up for a free account today. Your first 10 users are free forever, with no credit card required, so there’s no reason not to give it a shot. If you have any questions on how you can better enable Linux user management in your organization, feel free to reach out to us. You can also check out the video below to see how Linux user management works in the Directory-as-a-Service platform firsthand.
This is a Security Bloggers Network syndicated blog post. Read the original at: JumpCloud 2017-11-06.