Open Directory is Apple’s foray into the directory services space. Based on OpenLDAP™, this directory services solution has been around for a number of years. As the world shifts to the cloud and uncertainty abounds with Apple’s vision for Open Directory, a common question we hear is if there will be a virtual Open Directory option in the future?
Open Directory Today
Open Directory is shipped with macOS server, although recently there are murmurs about Apple’s wavering commitment to the macOS server line and even Open Directory. This has been spurred by Apple eliminating their server hardware (Xserve). While the macOS server software is still an option for $20, the big picture is foggy: it isn’t clear whether Apple will continue down this path and support Open Directory in the future.
Servers and server management have never been priorities for Apple. In fact, as you take a look at what macOS server is really focused on, it is aimed at being a small business server. The primary tasks center around being a management tool for macOS and iOS platforms. IT admins can control software deployment and simple management of their Apple devices. That’s all well and good, but it’s not exactly enterprise-class IT management tools.
So let’s take a look at where Open Directory came from, and then dig into the idea of a virtual Open Directory.
Open Directory an Alternative to Active Directory
Open Directory was added many years ago with the Mac OS X Server 10.2 and was created to be an alternative to Microsoft Active Directory®. At the time and still to this day, Active Directory has made it difficult for IT to smoothly authorize and authenticate Mac systems. So Open Directory, or OD as it has become to be known, was popular in the Apple community because it made it easy to leverage LDAP and Kerberos for authentication in an Apple network.
But as the workplace started moving towards web-based applications and cloud infrastructure, both Open Directory and Active Directory had trouble with adapting to this new IT landscape.
Virtual Open Directory in the Future?
As IT management infrastructure moves to the cloud, many IT admins have been wondering about how to move their identity and access management tools to the cloud as well. For those utilizing Open Directory, that question takes on an even deeper meaning with Apple’s seeming departure from the server OS market. Is a virtual Open Directory solution from the cloud a viable option and is staying with Open Directory even the right thing to do given where Apple is headed with macOS server?
Unfortunately, it doesn’t look like relying on Open Directory in the future is a viable option. Apple is licensing its macOS server option to be run on either their laptops, desktops, or more likely their Mac mini platform, and isn’t meant to be run on third party hardware platforms. All told, advancing their existing Open Directory or establishing virtual cloud-based Open Directory doesn’t seem to be high on Apple’s list – despite the strong moves to the cloud with iCloud and their App Store. It seems Apple has bigger fish to fry.
For now and for the indefinite future, IT admins who want to leverage Apple Open Directory in the cloud will need to place a Mac mini in the cloud at a hosting provider and manage it all themselves. Obviously, these are not great options for IT admins, but there is a path that doesn’t treat Macs as an afterthought and is delivered from the cloud.
Consider an Open Directory Alternative
The cloud identity management platform, Directory-as-a-Service, is an excellent alternative to Open Directory. As a virtual identity provider, the modern IDaaS platform delivers seamless user and device management from the cloud. Directory-as-a-Service connects a user’s core identity to systems, servers, applications, networks, and storage – while providing IT with a central place to manage and secure access to resources. Additionally, IT can increase visibility over all of the Mac, Linux, and Windows systems in their environment with the ability to remotely execute commands and enforce security policies.
Learn more about our virtual Open Directory alternative by dropping us a note. We also encourage you to start testing our user and device management by signing up for a free account. All of our features are available and your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post. Read the original at: JumpCloud 2017-11-05.