The domain controller has been a staple in IT networks for almost two decades. The concept is relatively simple – help IT admins join their users to the domain and provide them with various services to make it easy to navigate the internal network. But a lot has changed since the advent of the domain controller. Is it possible now to have an outsourced domain controller?
The Role of a Domain Controller
The concept of the domain controller really emerged in the late 1990’s as IT admins started to build out their internal LANs. The idea was to have a user join the domain and enable them to access servers, applications, file servers, printers, and the network itself. This approach made a great deal of sense because the network was virtually all Microsoft Windows based and also located on-prem. In a sense, the network was similar to a walled garden, and the domain controller similar to a gatekeeper. If you could prove you are who you say you are to the gatekeeper, the gatekeeper would let you into the garden and you would have access to everything inside the garden. In the world of IT, “the garden” housed access to systems, applications, printers, and files. At the center of the Windows network was Microsoft Active Directory®.
Changes in IT call for an Outsourced Domain Controller
For many years, this model worked well. Then, there started to be cracks in this approach as the IT landscape shifted. It started with web applications and cloud infrastructure such as AWS. Non-Windows machines such as Mac and Linux added on to the challenges. Then came the dramatic shift in how and where people work via telecommuting and the gig economy. Today, the IT network is really no longer on-prem and Windows based. This has created many new challenges for IT admins, since the domain controller wasn’t created to handle this new modern IT world.
A Closer look at the Challenges
The main challenge with web-based applications, Mac and Linux systems, and cloud infrastructure is that they are difficult to integrate with Active Directory and the domain controller. For many years, IT has been stuck with three options: banning these new resources from their environment, manually managing them, or implementing a third party solution.
Unfortunately, there are problems with each of these options. First, refusing to adopt these new resources comes with a cost. For example, according to this study by Jamf, 75% of employees would prefer to use a Mac, and employees are 72% more productive when they can use the system of their choice. This means there is a cost in productivity when IT chooses to remain a Windows only environment. Next, manually managing resources creates vulnerabilities in security because IT is not able to fully account for identities, user access, or have proper visibility over access controls. This also makes it difficult to meet compliance regulations. Finally, third party solutions help IT admins gain control over web-based applications, non-Windows systems, and cloud infrastructure, but they are expensive and are often not a lightweight solution. Controlling access to IT resources that use a variety of platforms and locations just doesn’t work with an on-prem domain controller strategy.
You could define Microsoft’s Azure Domain Services as a stab at an outsourced domain controller, but that too doesn’t really fulfill what IT admins are looking for. It is based in Azure and functions for Azure and still leaves challenges with non-Azure or non-Windows IT resources. What this reveals is that the domain controller is really just one component of a much bigger problem – the identity provider itself. An outsourced domain controller only addresses part of the problem. So, the question becomes whether or not IT admins can shift to a cloud identity management platform and be able solve the whole issue.
Moving Beyond an Outsourced Domain Controller
The good news is that there is a new approach to cloud directory services that can accomplish much of what the on-prem domain controller is doing with a cloud hosted identity provider. Called Directory-as-a-Service®, this modern IDaaS platform is securely connecting users to the IT resources they need with one identity regardless of platform, protocol, provider, or location. This means IT benefits from a centralized, secure environment while users gain easy access to their Linux, Mac, or Windows system, legacy and web-based applications, wired and WiFi networks, and on-prem and virtual files. An outsourced domain controller is a concept whose time has come, but like anything else, the idea of just a cloud version of the Microsoft domain controller misses a big part of the intent of what IT admins need to solve.
Learn more about moving beyond an outsourced domain controller by reaching out to us. We’d be happy to answer any questions you might have about our cloud-based directory service. We also encourage you to take a look at this quickstart video and sign up for a free account. You’ll be able to test all of our features, and your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud