Identity and access management in the cloud can be a tricky endeavor, but as cloud computing matures, more alternatives...
have begun to surface that promise a better experience.
One software development startup skipped integration hassles between the AWS cloud, Microsoft Active Directory and the open source Lightweight Directory Access Protocol when it chose a cloud directory from an emerging vendor.
Clip Interactive in Boulder, Colo., is a two-year-old firm which makes software to convert non-digital experiences (such as hearing a song on the radio) into digital ones (identifying the song and downloading as an MP3, for example). It runs about 80 instances in the Amazon Web Services (AWS) Elastic Compute Cloud, about a third of which use a Windows operating system while the rest run Linux.
Getting the company's Ruby-based code to run on Windows servers took some tricks with Chef and scripting, and the specter of setting up user directories for both Linux and Windows in the cloud loomed as an even larger problem, according to Ben Good, Clip's director of engineering operations.
Ben Gooddirector of engineering operations, Clip Interactive
Good had previous experience setting up a Lightweight Directory Access Protocol (LDAP) server in the cloud and found the process painful.
"I have never met someone that said, 'Oh yeah, that was great, that was easy!' about setting up an LDAP instance," he said. "Making all your machines connect in to that LDAP instance by default is also kind of a pain in the butt."
Good had also struggled with using a public/private key setup over SSH to connect users on workstations to server instances in the cloud.
As for Microsoft's Active Directory, which would be required for his Windows servers, "that was never really on the table," Good said. "We don't need that overhead and all the bells and whistles that Active Directory has."
The search for an LDAP replacement
Still, Clip needed to secure its infrastructure. It was already using software from JumpCloud, which was, at the time, selling security as a service software for cloud instances. Good participated in an alpha test of JumpCloud's user directory software about a year ago, as the company wanted its software to replace user directories like LDAP.
JumpCloud uses connectors to hook up to Windows, Linux and Mac OS machines, authenticate users and assign permissions for access to files. Company officials say it can replace both LDAP and Active Directory for $10 per user per month.
JumpCloud's software consists of agents that are installed on Windows and Linux machines alike via Chef when instances are spun up.
"From that point, when [servers] register themselves with JumpCloud, we use their API to … put the operations group on all the instances," Good said. "If it's a box that has a particular environment in Chef then they get developer permissions … and then we manage our users through JumpCloud's user interface."
So far JumpCloud's directory has met Clip's needs, but JumpCloud executives say that the initial version of its directory software is best suited for companies with fewer than 500 end users.