It’s no surprise that the price of Microsoft Active Directory® at face value doesn’t fully represent its costs. What does come as a surprise to many though is how substantial the additional costs can be. More often than not, companies will under-estimate the required funds when budgeting, and not allocate enough funds initially to fully cover the long-term costs. This can result in Active Directory putting a serious wrench in the budget and cause IT departments to defer the purchase of other essential solutions. In our previous blog post on how to budget for Active Directory, we went through all of the underlying costs briefly. In this blog post, we will break down the costs for Mac and Linux binding a little more thoroughly.
Mac and Linux Binding
When AD was introduced, the common workplace environment was very Windows centric. Almost every machine in the office was a Windows product, so it made sense to get a Windows directory to manage it all. However, in the 20 years that have passed since AD was introduced, a lot has changed. One of the largest factors that has changed is the variety of operating systems that are being used in the office. With Mac machines, Linux machines, and even iOS/Android devices becoming massively popular in recent years, it is no surprise that people have begun to want to use them at work as well. As a matter of fact, a recent Forbes post detailed that 4 out of 5 devices are now non-Windows devices. With this surge in popularity, IT admins have had to find ways to bind their Mac and Linux devices to AD. The costs to use these identity bridge solutions is another of the hidden expenses of AD.
Active Directory’s Challenge: Binding to Non-Windows Resources
With so many companies having mixed environments, it’s rare to come across an organization that is still exclusively using Windows. These 100% Microsoft organizations are still around. But for this blog post, let’s say your organization isn’t just a Windows shop, and you have employees who are demanding the ability to use Mac and Linux systems. Let’s add to our example that you also have production infrastructure that’s not running on Windows Server. Maybe you’re running a large, robust SaaS app that is sitting on hundreds of Linux servers.
Without embellishing, if you are experiencing these scenarios and you have these disparate endpoints or operating systems, it’s more than likely that you have felt the pain of attempting to bind resources to AD that don’t and are struggling with the balance of the situation.
Many at this stage ask: “Well, if Windows through Kerberos gives me all this functionality for a Windows endpoint, what do I need to do in order to replicate that functionality across our marketing team’s Mac endpoints? What do I need to replicate the functionality of AD across the Linux systems that our devops team employs? In a cross-OS environment, how do I achieve all the group and POSIX management that I require?”
This can be done, but it is at a function of cost and time. You can work with enterprise vendors, but you will need to factor in the cost of what that licensing is in order to bind MacBooks and propagate policy from AD over into Mac. If you’re dealing with Linux, you have to factor in the hard cost of time that your sys admin needs to implement a software solution. We can enumerate a few projects that could help you bind Linux hosts to an AD domain controller, but none of them are anywhere close to “plug and play.”
All of these add-on solutions require that you factor in some pretty important questions: “Do you have the expertise? Do you have the time to make those projects secure? Can you keep it all up and running 24/7?” Once again, we see the costs of Active Directory and ancillary identity management solutions stacking up.
Active Directory Budgeting in a Heterogeneous World
If you would like to learn more about budgeting for the expenses of Mac and Linux binding to Active Directory, drop us a note. We would be happy to discuss these aspects in more detail with you. We can also get you access to our AD ROI calculator, so you can discover what your true costs would be. Lastly, check out the rest of our blog series on the total cost of AD where we look at all of the other areas of hidden costs as well. Mac and Linux binding is just one of the many areas that will create additional expenses that you may not have planned for.
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud