One of the core components of any modern is its directory service. It usually operates behind the scenes, authenticating users and devices without much fanfare until something goes wrong. Typically, you employ Microsoft Active Directory, LDAP or a Radius server to provide this function. In the past year a number of cloud providers have begun offering directory as a service or DaaS, moving something else to the cloud.

Currently there are three DaaS providers: Amazon has its own Directory Service,Microsoft has its own for Azure, and a startup called JumpCloud.com. Why bother when there are dozens of on-premises directory service software vendors, including what comes built-in to a Windows Server already? A few reasons: First, you may want to scale up your enterprise or move more of your servers and services to the cloud already and want something more capable from your directory services. Second, you may want to make use of a hybrid cloud environment, and this is the enabling step. Next, managing the directory requires some specialized skills, and as you organization grows it may be more than what your existing staff can handle. Finally, it can be cost effective and provide more features too, such as the ability to provide a single sign-on user authentication portal.

Which of the three you might use, if any, depend on your circumstances. If you are already using either AWS or Azure, then you should look at their DaaS offerings first. If you use a local LDAP server, then JumpCloud might be the ticket.

Here are some other questions on how to choose the right DaaS system:

Do you currently have your own on-premises directory service, either LDAP, Radius, or AD? If so, you will have to consider how to migrate to the cloud DaaS or run a hybrid DaaS. If you are starting from scratch it might be easier to implement one of these cloud-based services.

What else besides Windows PC users can authenticate to it? Macintoshes, Smartphones, and apps are the usual kinds of things that you would want to authenticate to a DaaS. All of these cloud-based services offer this.

Is the cloud provider offering it across different geographies? You want your cloud directory to operate at scale and be up across the world. AWS has it running in 5 of its availability zones.

How much does it cost? AWS sells by the hour, JumpCloud and Azure by the connected user. AWS might be more cost-effective if you have a lot of users or devices to connect to and if you already make use of other AWS resources.

Can you integrate with other cloud-based apps? Azure comes with integrations for Salesforce.com, Box, and hundreds of other apps. If you are looking for a cloud-based single sign-on tool, you might consider what they have as a good start. AWS is more focused on integrating with its own cloud-based offerings. JumpCloud is more about migrating LDAP to the cloud.

Can you make use of multifactor authentication? This is useful if you want to provide for additional authentication security, such as with a one-time password. Both AWS and Azure offer this, with an extra charge with Azure.

We are experiencing a significant shift in how corporate IT departments deliver services to the business in this era of cloud computing. IT staffs are evolving beyond installing servers and software towards provisioning services, negotiating vendor relationships and collaborating with business users on application service delivery requirements.

I have some thoughts on what this means for IT staffs, skills and the resulting networking mix for Masergy, a broadband communications management vendor.

You can read my post on their blog here.

The days have long been over when IT could dictate what kinds of endpoint computing devices should be in their end user’s hands. But the notion of “bring your own device” (BYOD) has taken hold in the past few years means having tablets and smartphones perform truly useful business-related work. Now the particular endpoint, whether it is a desktop or a mobile, no longer matters. Indeed, mobiles are being used more and more as the main endpoint browsing device and as the default computing device.

There are some big benefits for IT with BYOD: they don’t have to invest time in their “nanny state” approach in tracking which users are running what endpoints. Or have to research which mobiles will be blessed by the corporate purchasing department. Instead, they can free up these staffers to improve their apps or deliver better service to their end users.

For these reasons, BYOD has been well received. Users don’t want to wait on IT to finish a requirements analysis study or go through a lengthy approvals process: they want their mobile apps here and now. However, the small business market has been largely a poor stepchild and not much of a beneficiary to the BYOD revolution. The SMB IT manager, where he or she exists, doesn’t have a lot of great choices to support improving the productivity of their tablet users. The challenge is that users these days want something more than just processing emails on their mobile devices: they want to be a full participant in sharing files, co-editing documents and presentations, and running corporate apps that in the past have been largely geared towards Windows endpoints.

The IT manager is faced with a series of options to support these new and more advanced tablet users. Each solution makes some compromises in terms of document fidelity, overall security, collaboration features and ease of access. Document fidelity is defined as being able to work on common Windows tools such as Word, PowerPoint, etc. on a tablet and see the same fonts and features as you would see on a traditional Windows PC. Overall security means having policies that can restrict who has access to particular files and apps on the mobile devices, or completely sandbox a business environment from one’s personal app collection. You also want to be able to collaborate on documents among multiple authors, so that they can see in real-time what changes their colleagues have made to their documents. Finally, ease of access means being able to obtain particular files without having to go through many steps or multiple and complex authentication methods.

Over the past several years, numerous vendors have tried their hand at fixing these issues and there are a number of products and services that can be combined together. There are cloud-based storage services or office app suites, custom connection apps that allow tablets to access, transfer and view files and remote terminal sessions that can bring up Windows desktops and their apps. There are also various mobile device management products that can sandbox email and app access.

One other solution involves creating an entire workspace on a tablet, sometimes as a Web service. I recently had a chance to do some custom consulting work for such as solution from NComputing called oneSpace, which compliments these products in a way that you can access both network file shares as well as cloud apps, and do so in a way that seems natural for a tablet or touchscreen user. You can see a short screencast video introduction to how this works here. Workspaces could be the future for corporate tablet usage.