Cloud servers are more popular than ever. With $12.3 billion in sales, AWS is transforming IT infrastructures worldwide. No longer are IT organizations building and running data centers, but rather leveraging server infrastructure from the cloud. But every revolutionary solution comes with a few unexpected challenges. One critical process that IT organizations struggle with is cloud server authentication.
Let’s take a look at why cloud server authentication has been a challenge, and the available solutions to address it.
Server Authentication was Simple in an On-prem IT World
Historically, the data center was located on-prem or connected to the on-prem network via VPN. The platform of choice was Microsoft Windows. The result was that users could easily login to their servers via their Windows credentials which were authenticated by Active Directory®. As long as the entire infrastructure was linked together, there was a single sign-on process of sorts with Kerberos.
Then, monumental changes occurred within the IT landscape. Linux has overtaken Windows as the operating system of choice for Linux servers and the cloud has removed the need for on-prem infrastructure. These changes have completely altered the approach that IT admins have had to take with managing their environment. Now server authentication isn’t so easy.
Options for Cloud Server Authentication
The options for IT admins and DevOps engineers have been the following:
- Manual Cloud Server User Management – The simplest option is to just treat the cloud servers as individual instances and to keep them separate from the on-prem identity management infrastructure. This requires the least infrastructure work, but ends up being more of an operational headache. The more cloud servers and users who access them, the less this approach makes sense.
- Configuration Management Tools – Scripting tools to manage servers have become incredibly popular with solutions such as Chef, Puppet, Salt, Ansible, and many others. DevOps engineers have become comfortable with managing server user access by writing scripts. For a small infrastructure this works well, but as it gets larger, the solution becomes unwieldy.
- Cloud LDAP or Active Directory – Another path for cloud server authentication is to either set up a cloud OpenLDAP instance or Active Directory in the cloud. Both of these can help and ultimately can be synced to an on-prem identity provider, but it ends up being a significant amount of work. Another option is to simply create a VPN infrastructure back to the on-prem identity provider. This too ends up being a great deal of work.
A New Choice for Cloud Server Authentication
For a long time, these were the best options for managing clouder server authentication. However, a new solution has surfaced that provides IT admins with one more option. This alternative option is a cloud hosted identity provider that centralizes the identity management infrastructure across both cloud and on-prem IT resources. Called Directory-as-a-Service®, this modern IDaaS platform is securely managing and connecting users to their IT resources regardless of platform, protocol, provider, and location.
Cloud server authentication – whether it’s Linux or Windows Servers hosted at AWS, Azure or GCP – can be managed from one central hosted cloud directory. Additionally, your users gain seamless access to their wired and WiFi networks, on-prem and virtual files, and legacy and web-based applications. IT not only secures and streamlines server authentication, but they also gain improved visibility of all of the IT resources in their environment.
To read about our cloud server authentication, consider reading how Tamr centralized user access to about 300 remote servers. If you would like more information about our modern IDaaS platform, drop us a note. We also encourage you to start testing our virtual identity provider by signing up for a free account. You’ll be able to explore all of our features, and your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud