Microsoft AD connectors aim to ease identity management in the cloud

By Margie Semilof, Senior News Director 06 Nov 2008 | SearchCloudComputing.com

Digg This!     StumbleUpon     Del.icio.us

Microsoft recently released a community technology preview for its Services Connector, a tool that links Active Directory to cloud services in a way that does not compromise corporate security. A beta is expected in early 2009. The Services Connector is used along with Microsoft's Federated Gateway as a two-pronged means of managing identity rights in a services environment.

This week, here at TechEd 2008 Europe, IT managers had a chance to learn more about the Services Connector, which was previewed last week at the Professional Developers Conference in Los Angeles.

To move to a services model, IT managers must deal with the problem of tracking users in world where a user could be anywhere—whether that user is mobile or employed by a customer or partner of the enterprise, for example, said Jorgen Thelin, a senior program manager at Microsoft.

Groups within an organization can even have separate identities. This complexity can create a barrier to using services because of the enormous amount of work it would take to manage identities. To get enterprises interested in cloud computing, and to get developers to use their new cloud platform, Azure, Microsoft needed to create a way to link AD to the cloud in a low-cost manner, Thelin said.

The end concept is to keep the existing identity infrastructure and build on it, he said. That way, the company is using its existing Federated Gateway to act as a federation broker, which sits between the cloud service and the enterprise.

The Services Connector, which will be available as a free download, connects to AD and validates user credentials. The Active Directory connector then issues a login token and redirects the identity to the Federation Gateway. The Federation Gateway in turn validates and issues the token and redirects to the service, where at that point the end user can then access the service.

Though Federation Gateway has been in production since 2006, it was in limited use with a small number of partners and it was a manual process. Microsoft has since added a self-service feature to ease provisioning. So when a user wants to access a cloud application, that request is authorized seamlessly through the Services Connector to the Federated Gateway and on to the cloud. Behind the scenes, the connector also automates some management tasks.

"If we hide some of this complexity, then identity will stop being a barrier [to cloud services]," Thelin said.

Some plusses for IT managers? The technology uses industry standards, but, more important, user credentials stay within the enterprise.

Since it's early in the development cycle, it's not known just how scalable the Services Connector can be, Thelin said. For large enterprises that need to handle more complex connections, Microsoft is developing the next generation of its Active Directory Federation Services, now renamed the Geneva Server. Geneva Server is based on the same code as Services Connector.

Will cloud services change one type of complexity for another?

But, he likes the technology because it seems easy to use, coupled with the fact that credentials stay in the enterprise. "The real key will be whether the service providers will take [this technology] and its ability to link to your own extranet services," said Steven Hooper, the IT manager.

Also, with the Geneva Server, IT shops are given a path to scale up if needed.

Microsoft will also face challenges from other vendors with cloud computing platforms. Google and Amazon punch at a similar weight, said Cooper. But for IT pros, cloud computing makes it possible to do some things that were difficult at best in the past. "We can do previews of technology in a safe way, and scale them if we want," he said.

Tags: Data privacy in the cloud,  Data protection in the cloud,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data privacy in the cloud Cloudy with a chance of Ubuntu, Hohm gets hosted Encryption breakthrough promises privacy in the cloud Smaller hosting providers seek to offer public clouds of their own Cloud security: Sorry, what was that? Savvis homes in on cloud security Legal Cloud targets law firms, promises security, compliance Software startup credits Amazon cloud computing for cost savings Lock-in, security loom as dark side of compute cloud Data protection in the cloud Cloudy with a chance of Ubuntu, Hohm gets hosted Encryption breakthrough promises privacy in the cloud Lightning crashes at Amazon, IBM plays in the cloud Smaller hosting providers seek to offer public clouds of their own Verizon enters the cloud market Cloud security: Sorry, what was that? Amazon CTO brushes aside cloud phobias Cloud computing skepticism: IT security and compliance Microsoft TechEd attendees raise cloud computing security concerns Software startup credits Amazon cloud computing for cost savings

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CloudAV  (SearchCloudComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary