Imanami was recently quoted in Windows IT Pro on Active Directory’s 10th anniversary. Part of that discussion was whether Active Directory could be put in the cloud.
“That’s tough,” Haaverson says. “AD is protected with a vengeance. Why would you want to push it to the cloud? What do you do if the Internet goes down? If you’re going to push all the other products to the cloud, you need AD, so you replicate the directory. So I think that’s where we’re headed-you’re not going to outsource your AD but you’re going to replicate it.”
I have personally had this discussion with several customers and have heard an emphatic “NO”. They view Active Directory as too strategic of a resource to risk it in the cloud. Granted, I asked this question at a product strategy meeting that includes several customers with over 100,000 users so that may have skewed the discussion but I trust their judgement.
But this discussion isn’t going away…we ourselves have Exchange in the cloud (we use Microsoft BPOS, a customer of ours, so we have a copy of our own directory in the cloud {see quote above}). But we certainly don’t use it for network authentication or apply GPOs to that replicated directory.
Then, on a recent call with an industry analyst (I don’t know the protocol if I should name him or not), the discussion drifted to this topic. I stated that our customers are saying no and he countered with (paraphrasing here) “tons of companies are moving Active Directory to the cloud.” I was more than shocked…we have well over 600 customers across all industries and sizes and as far as we know none of them are hosting Active Directory in the cloud.
So, we drilled in a bit and it turns out that he meant that a ton of companies are putting applications in the cloud that need replication of Active Directory to the cloud but we still aren’t at the point where Active Directory is in the cloud. So that meshes with what we are seeing.
Of course, the question is why not? Why is Active Directory so strategic? Every bit of information that is in Active Directory gets in the cloud for the applications to use. But one missing piece seems to be password, most cloud apps have a separate password so that you don’t have to synch passwords. Also, if the cloud-replica-Active Directory dies, your network doesn’t die, you can still authenticate against the real thing. Is the solution encryption and better connectivity? Or is this the best way to outsource…put applications out there and keep infrastructure on our networks?
Examples of on premise Active Directory with applications in The Cloud:
- Manage Active Directory on premise; outsource Exchange to BPOS
- Group management with Microsoft’s BPOS
- Using Active Directory groups with Google Apps
Update with a cloud identity management solution utilizing Active Directory groups:
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.
Interestingly, it just became easy to extend on-premise apps, like AD management tools, to the cloud with Windows Azure AppFabric.
“Does Quest OnDemand point to a new breed of AD tools in the cloud?”
http://activedirectorytools.com/archives/azure-appfabric-quest-ondemand-tool/
Kamran, that fits into “put apps in the cloud” but I never thought about tools in the cloud.
There’s no reason Imanami’s own software couldn’t reside in the cloud; in fact that’s what is done with Microsofts BPOS service: GroupID Self-Service is in the cloud managing groups for the end customer.
Great post on your blog by the way.