Amazon has recently introduced a new service on its AWS® platform, called Cloud Directory. Because of its name, many IT organizations immediately jump to the conclusion that it is a replacement for the on-prem identity provider. Traditionally, the role has been held by Microsoft® Active Directory® (MAD or AD). So, is it really AWS Cloud Directory vs Active Directory?
The short answer is no. AWS Cloud Directory is not a replacement for Active Directory. AWS Cloud Directory is not even a replacement for the idea of directory services, but rather a different kind of directory (AWS). But, how are the two solutions so different? Let’s find out.
AWS Cloud Directory: A Different Kind of Directory
AWS acknowledges that the goal of AWS Cloud Directory is to be a repository for object data that can be hierarchically organized. The ideal vision of AWS Cloud Directory is a database from which complex organizational information or HR data can be built. This cloud directory approach is vastly different than the concept of authenticating and authorizing user access to Windows® systems, applications, files, and networks, which is what Active Directory does.
AWS Cloud Directory is intended to be a Platforms-as-a-Service solution from which IT organizations and developers can build solutions for their internal or external customers. AWS Cloud Directory is really just a database with a specific use—organizing objects hierarchically and adding in granular data and information about those objects. These solutions can be valuable to developers and IT admins that need the capability and don’t want to build it out themselves.
The Traditional Directory Service: Microsoft Active Directory
As stated earlier, the only real similarity in the matchup of AWS Cloud Directory vs. Microsoft Active Directory is the Directory in their names. Unlike the hierarchical nature of Cloud Directory, MAD is a directory service. Based on LDAP, AD maintains and manages directories of an organization’s users. With directories, IT admins can provision their users access to their systems and IT resources. AD’s GPO (group policy object) feature is a key tool in this functionality.
As the IT (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/aws-cloud-directory-vs-active-directory/