One of the core components of any modern is its directory service. It usually operates behind the scenes, authenticating users and devices without much fanfare until something goes wrong. Typically, you employ Microsoft Active Directory, LDAP or a Radius server to provide this function. In the past year a number of cloud providers have begun offering directory as a service or DaaS, moving something else to the cloud.
Currently there are three DaaS providers: Amazon has its own Directory Service,Microsoft has its own for Azure, and a startup called JumpCloud.com. Why bother when there are dozens of on-premises directory service software vendors, including what comes built-in to a Windows Server already? A few reasons: First, you may want to scale up your enterprise or move more of your servers and services to the cloud already and want something more capable from your directory services. Second, you may want to make use of a hybrid cloud environment, and this is the enabling step. Next, managing the directory requires some specialized skills, and as you organization grows it may be more than what your existing staff can handle. Finally, it can be cost effective and provide more features too, such as the ability to provide a single sign-on user authentication portal.
Which of the three you might use, if any, depend on your circumstances. If you are already using either AWS or Azure, then you should look at their DaaS offerings first. If you use a local LDAP server, then JumpCloud might be the ticket.
Here are some other questions on how to choose the right DaaS system:
Do you currently have your own on-premises directory service, either LDAP, Radius, or AD? If so, you will have to consider how to migrate to the cloud DaaS or run a hybrid DaaS. If you are starting from scratch it might be easier to implement one of these cloud-based services.
What else besides Windows PC users can authenticate to it? Macintoshes, Smartphones, and apps are the usual kinds of things that you would want to authenticate to a DaaS. All of these cloud-based services offer this.
Is the cloud provider offering it across different geographies? You want your cloud directory to operate at scale and be up across the world. AWS has it running in 5 of its availability zones.
How much does it cost? AWS sells by the hour, JumpCloud and Azure by the connected user. AWS might be more cost-effective if you have a lot of users or devices to connect to and if you already make use of other AWS resources.
Can you integrate with other cloud-based apps? Azure comes with integrations for Salesforce.com, Box, and hundreds of other apps. If you are looking for a cloud-based single sign-on tool, you might consider what they have as a good start. AWS is more focused on integrating with its own cloud-based offerings. JumpCloud is more about migrating LDAP to the cloud.
Can you make use of multifactor authentication? This is useful if you want to provide for additional authentication security, such as with a one-time password. Both AWS and Azure offer this, with an extra charge with Azure.