BARCELONA -- By creating a tool to help link Active Directory to cloud services in a simple manner, Microsoft gives IT managers a path that permits corporate data to move outside of the enterprise.
Microsoft recently released a community technology preview for its Services Connector, a tool that links Active Directory to cloud services in a way that does not compromise corporate security. A beta is expected in early 2009. The Services Connector is used along with Microsoft's Federated Gateway as a two-pronged means of managing identity rights in a services environment.
This week, here at TechEd 2008 Europe, IT managers had a chance to learn more about the Services Connector, which was previewed last week at the Professional Developers Conference in Los Angeles.
To move to a services model, IT managers must deal with the problem of tracking users in world where a user could be anywhere—whether that user is mobile or employed by a customer or partner of the enterprise, for example, said Jorgen Thelin, a senior program manager at Microsoft.
Groups within an organization can even have separate identities. This complexity can create a barrier to using services because of the enormous amount of work it would take to manage identities. To get enterprises interested in cloud computing, and to get developers to use their new cloud platform, Azure, Microsoft needed to create a way to link AD to the cloud in a low-cost manner, Thelin said.
The end concept is to keep the existing identity infrastructure and build on it, he said. That way, the company is using its existing Federated Gateway to act as a federation broker, which sits between the cloud service and the enterprise.
The Services Connector, which will be available as a free download, connects to AD and validates user credentials. The Active Directory connector then issues a login token and redirects the identity to the Federation Gateway. The Federation Gateway in turn validates and issues the token and redirects to the service, where at that point the end user can then access the service.
Though Federation Gateway has been in production since 2006, it was in limited use with a small number of partners and it was a manual process. Microsoft has since added a self-service feature to ease provisioning. So when a user wants to access a cloud application, that request is authorized seamlessly through the Services Connector to the Federated Gateway and on to the cloud. Behind the scenes, the connector also automates some management tasks.
"If we hide some of this complexity, then identity will stop being a barrier [to cloud services]," Thelin said.
Some plusses for IT managers? The technology uses industry standards, but, more important, user credentials stay within the enterprise.
Since it's early in the development cycle, it's not known just how scalable the Services Connector can be, Thelin said. For large enterprises that need to handle more complex connections, Microsoft is developing the next generation of its Active Directory Federation Services, now renamed the Geneva Server. Geneva Server is based on the same code as Services Connector.
Will cloud services change one type of complexity for another?One IT manager for a large, U.K.-based financial services firm said the problem for enterprises is moving into the outside world with information that is usually kept inside, such as user credentials.
But, he likes the technology because it seems easy to use, coupled with the fact that credentials stay in the enterprise. "The real key will be whether the service providers will take [this technology] and its ability to link to your own extranet services," said Steven Hooper, the IT manager.
Also, with the Geneva Server, IT shops are given a path to scale up if needed.
Microsoft will also face challenges from other vendors with cloud computing platforms. Google and Amazon punch at a similar weight, said Cooper. But for IT pros, cloud computing makes it possible to do some things that were difficult at best in the past. "We can do previews of technology in a safe way, and scale them if we want," he said.