Cloud servers are more popular than ever. With $12.3 billion in sales, AWS is transforming IT infrastructures worldwide. No longer are IT organizations building and running data centers, but rather leveraging server infrastructure from the cloud. But every revolutionary solution comes with a few unexpected challenges. One critical process that IT organizations struggle with is cloud server authentication.
Let’s take a look at why cloud server authentication has been a challenge, and the available solutions to address it.
Server Authentication was Simple in an On-prem IT World
Historically, the data center was located on-prem or connected to the on-prem network via VPN. The platform of choice was Microsoft Windows. The result was that users could easily login to their servers via their Windows credentials which were authenticated by Active Directory®. As long as the entire infrastructure was linked together, there was a single sign-on process of sorts with Kerberos.
Then, monumental changes occurred within the IT landscape. Linux has overtaken Windows as the operating system of choice for Linux servers and the cloud has removed the need for on-prem infrastructure. These changes have completely altered the approach that IT admins have had to take with managing their environment. Now server authentication isn’t so easy.
Options for Cloud Server Authentication
The options for IT admins and DevOps engineers have been the following:
- Manual Cloud Server User Management – The simplest option is to just treat the cloud servers as individual instances and to keep them separate from the on-prem identity management infrastructure. This requires the least infrastructure work, but ends up being more of an operational headache. The more cloud servers and users who access them, the less this approach makes sense.
- Configuration Management Tools – Scripting tools to manage servers have become incredibly popular with solutions such as Chef, Puppet, Salt, Ansible, and many others. DevOps engineers have become comfortable with managing server user access by writing scripts. For a small infrastructure this works well, but as it gets larger, the solution becomes unwieldy.
- Cloud LDAP or Active Directory – Another path for cloud server authentication is to (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Natalie Bluhm. Read the original post at: https://jumpcloud.com/blog/cloud-server-authentication/