A domain controller is a server dedicated to authenticating user identities. Traditionally, domain controllers have been found on-prem and are used to help manage user access to on-prem IT resources. However, as more IT resources move to the cloud, more IT organizations would like a managed domain controller to match.
A managed domain controller is effectively a cloud-based authentication solution. Cloud-based authentication solutions can offer a number of benefits compared to the on-prem approach. In order to reveal those benefits, let’s first explore the characteristics of traditional domain controllers to understand how managed domain controllers stack up.
Characteristics of Legacy Domain Controllers
The concept of a domain controller was first introduced by Microsoft® Active Directory® (AD) in 1999. At the time, IT networks were predominantly built for a Windows® environment and located on-prem. That meant that traditional domain controllers were effectively designed to manage user access to on-prem, Microsoft IT resources.
The benefit of the on-prem domain controller was that Windows systems could be securely connected to an organization’s IT network upon login. Thus, enabling users to access their provisioned resources that were bound to the network. It was frictionless for the end user and IT had central control.
This approach worked well when IT resources were on-prem and Microsoft-centric. However, the effectiveness of the on-prem domain controller started to break down as the IT landscape began to shift to the cloud.
The Fall of the Conventional Domain Controller
The adoption of web applications like Salesforce and Box in the mid-2000’s signalled the beginning of the end for on-prem domain controllers. Suddenly, end users didn’t have single sign-on (SSO) access to all of their IT resources by simply logging into their systems. Instead, they had to leverage a wide range of credentials for multiple logins.
The result was that IT admins began to patch the approach with first generation IDaaS solutions, otherwise known as web application SSO. The trouble with this approach was (and still is) that it requires IT organizations to implement and manage multiple tools and solutions. Thus, adding complexity and cost to an already expensive and complicated solution.
Obviously, IT organizations cannot continue to patch traditional domain controllers indefinitely. That’s why the concept of a managed domain controller is the holy grail for IT admins when it comes to identity management.
Microsoft has taken a stab at the cloud domain controller with Azure™ Domain Services, but again, that is focused on Azure and Microsoft technology. If you are interested in connecting users to AWS cloud servers, productivity applications in G Suite, or Mac laptops and desktops, Microsoft’s managed domain controller concept isn’t going to work.
Fortunately, a new generation of SaaS-based domain controller is emerging. This cloud directory service is connecting users to the holistic array of IT resources they need regardless of platform, protocol, provider, or location. In a sense, this modern approach to IDaaS is a True Single Sign-On™ solution for systems, applications, data, and networks. It’s called Directory-as-a-Service®, from JumpCloud.
Directory-as-a-Service: Managed Domain Controller
Directory-as-a-Service is effectively a next generation managed domain controller designed for cloud-forward IT organizations. This cloud authentication solution seamlessly connects users to a wide array of IT resources, regardless of platform, provider, protocol, or location. In essence, a hosted directory services is AD and LDAP reimagined for the cloud era.
Directory-as-a-Service provides a comprehensive management platform that can authenticate users to IT resources such as systems (e.g., Windows, Mac, Linux), on-prem applications (e.g., OpenVPN, Jenkins), Samba file servers and NAS appliances (Synology, QNAP), networks via RADIUS (wired, WiFi), web applications (Salesforce, Box, Desk), cloud productivity platforms (G Suite, Office 365), cloud infrastructure (AWS, GCP), and more. A cloud directory can also provide a number of security features to help manage user credentials like the ability to enforce Multi-Factor Authentication, configure password complexity settings, and leverage SSH keys – to name a few.
The result is that IT organizations can enjoy One Directory to Rule Them All™: one managed domain controller that can securely authenticate users to virtually any IT resource via one comprehensive cloud-based directory service platform.
Learn More About a Managed Domain Controller with Directory-as-a-Service
Check out our QuickStart video if you are ready to learn more about getting started with Directory-as-a-Service.
You can also contact the JumpCloud team to learn more about managed domain controllers, or sign up for a Directory-as-a-Service account and see one in action today. Your first ten users are free forever to help you discover the full potential of the JumpCloud platform – risk free.
This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: JumpCloud