Amazon Web Services has gained traction among startups but has been largely shunned by enterprises, which view...
its cloud services as light on features and difficult to manage. The cloud provider has been adding business functionality to change that perception, including the introduction of the AWS Directory Service.
Amazon now provides companies with a few options for tying Microsoft Active Directory (AD) systems to the public cloud. A directory is an important element in enterprise systems because it provides a central control point for all system services. It acts like a traffic cop that allows computers to access enterprise resources, authenticate users, locate printers and connect to services, such as Microsoft SQL Server databases. They also stand as a first line of defense, turning back intruders and tightly integrating with a firm's security options.
AD stores user identities, manages access control lists, enforces policies and monitors application configurations. AD is widely supported, and many business use as it as the linchpin in all of their Microsoft applications.
With the growth of cloud, compute resources have moved from being run strictly on-premises in a data center to being run in a mix of on-premises and the cloud. In an ideal world, applications that run in this hybrid scenario would use a single directory for user authentication and other housekeeping purposes. In that case, the firm would have a consistent set of policies implemented across all of its systems.
Previously, AWS applications had difficulty meeting that goal. Corporations needed to set up an AWS directory and connect it to AD, a task that added cost and management overhead to new cloud applications. Amazon Directory Service works well with other Amazon enterprise tools, including Amazon's WorkSpaces desktop as a service and Zocalo, a file sync-and-share service much like Dropbox and Box.
Two different Directory Service configurations
AWS Directory Service is available in two configurations, each geared to different company needs. If an organization is already running AD, AWS Directory Service provides an AD Connector, which connects the cloud application to the Microsoft directory. In this case, the business extends its current permissions and polices to cloud applications.
To ensure security, communications can take place over a secure virtual private network connection or within an Amazon Virtual Private Cloud.
For new cloud-based services, a business may want to set up a separate cloud-based directory, so a standalone directory, dubbed Simple AD, is available. This option is based on the Samba 4 open source directory and features user accounts, group memberships, Kerberos-based single sign-on and group policies. AWS supports these services.
AWS Directory Service vs. Azure AD
Amazon's latest directory services compete with Azure AD, Microsoft's cloud-based directory. The Microsoft utility works well with other Windows products. Single sign-on is available, so a user logs in once and gains permission to a number of AD-supported applications.
The Microsoft service also offers greater integration with third-party tools, such as Salesforce.com and Box, than the Amazon service does. And because it's an older technology, Microsoft's directory service works with more management tools.
Amazon has been trying to grow its enterprise presence. The new directory fills a glaring void and help businesses more effectively link AWS and Microsoft. While Amazon's cloud directory falls short of what Microsoft offers, it is expected to gain more functionality as the cloud market continues to evolve.