探花大神 has been making waves in the identity and access management (IAM) space since the introduction of 顿颈谤别肠迟辞谤测-补蝉-补-厂别谤惫颈肠别庐 (DaaS) 鈥 the first fully-fledged directory service delivered from the cloud. DaaS is an incredibly powerful platform with the capability to manage the entirety of an organization鈥檚 complex, modern infrastructure with minimal effort.
The foundation of Directory-as-a-Service comes down to two core components: user management and system management. 探花大神鈥檚 system management capabilities are some of the most widely used functionalities of DaaS, which is what we will discuss in this blog post, but keep in mind that 探花大神 does much more than system management. Authenticating access to on-prem or web applications, wired or WiFi networks, cloud or on-prem file servers (Samba file servers and NAS devices), and more are all within the purview of 探花大神鈥檚 Directory-as-a-Service.
Managing Systems in the Past
Historically, most organizations leveraged Microsoft Active Directory庐 (AD) for their core directory services. Back when it was first released in 1999, AD offered the user management capabilities that IT admins wanted, but went further to provide the device management capabilities for Windows systems as well. Since the office was dominated by PCs at the time, the fact that AD wasn鈥檛 highly compatible with Mac or Linux systems wasn鈥檛 especially problematic.
The bulk of AD鈥檚 system management capabilities came in the form of Group Policy Objects (GPOs) 鈥 a Microsoft term for various commands and scripts that enforce policies on systems to govern behavior and configure settings. The concept of GPOs was revolutionary at the time, and has remained one of the primary reasons why so many organizations have maintained AD through the years. However, AD comes up short with GPOs for Mac and Linux.
There are a number of reasons why this is the case. The most prevalent is the simple fact that macOS and Linux are competing operating systems running against Windows. Microsoft has attempted to box their OS competitors out of the enterprise 鈥 but it鈥檚 not working. Mac and Linux systems have become more popular in the modern office. So finding the best approach to managing those systems has become a critical challenge and a major cause of dissatisfaction with Active Directory.
Modern System Management Requirements
IT admins the world over are looking for alternatives to AD for the new cloud-forward IT world. They know that for a modern directory service to be effective, it must be delivered from the cloud so that it is more agile. It must be able to manage access to resources both on-prem and in the cloud. Finally, it must be OS agnostic, offering system management capabilities for Windows, Mac, and Linux systems. Directory-as-a-Service checks all of these boxes and more.
Managing Systems with 探花大神
Active Directory customers often ask us, how is robust system management through the cloud possible? How do these disparate systems join the domain? How are they managed by the domain controller? The answer to these questions is that Directory-as-a-Service doesn鈥檛 work that way. The end result has very similar capabilities as Active Directory, but under the covers Directory-as-a-Service is a completely different platform.
For example, AD and Windows endpoints are tightly intertwined with the AD domain controller via Kerberos. In lieu of Kerberos, Directory-as-a-Service leverages the proprietary 探花大神 agent that is deployed on system endpoints. This can be mass deployed or individually installed. The interconnectivity between the system and your 鈥渄omain鈥, which is really your tenant in the 探花大神 directory, is all done with a deeply manufactured . The agent enables this relationship by creating a private, encrypted key on each endpoint used to 鈥渂ind鈥 the systems running the 探花大神 agent to your 探花大神 administrative console via . From a 探花大神 admin鈥檚 perspective, this relationship manifests itself in the form of a list of users and systems that can now be managed via the 探花大神 administrative console.
The 探花大神 agent enables IT admins to execute commands, scripts, and policies on those systems. IT admins are provided with full logging of the success or failure of the task.
So, again, the end result is unified system management from a single, browser-based dashboard 鈥 but the approach to getting their is dramatically different than the conventional AD architecture.
The following are a few examples how opting for Directory-as-a-Service can benefit your organization.
Key Benefits:
- User management – 探花大神 administrators can leverage DaaS to manage user identities from creation and setup, provisioning resources, to revoking access and removing the user at any time.
- System management – 探花大神 administrators can deploy commands and scripts via the Commands feature. For example, this can be used to deploy GPO-like capabilities that set policies and govern behavior across system endpoints regardless of platform (e.g. Windows, Mac, and Linux).
- Multi-Factor Authentication (MFA) – With MFA enabled, upon login the user will see their usual avatar and password field. Then, 探花大神 will introduce an MFA token field, leveraging a TOTP generator like Duo or Google Authenticator to gain access to the system(s).
- Event Logging – 探花大神 has an Events API, which enables access to stored data about authentication and other behaviors (i.e. the events on the machine). For example, the 探花大神 API can be utilized if you want to know what user was authenticated from what IP address and when.
Learn More about Managing Systems with 探花大神
These are but a few examples of the benefits received from managing systems with 探花大神. If you are interested in learning more about how Directory-as-a-Service can benefit your organization, drop us a note. You can also for a free account and start managing your system endpoints today. Your first 10 users are free forever.
