Are your server room’s days numbered? This question is probably too broad to be of any help when planning how to get the most value and usability from your technology. Cloud alternatives like Microsoft Entra ID and Azure could be poised to replace tried-and-true identity management solutions like Active Directory. Depending on the size of your company, where your employees work from, and a few other factors, the cloud may be the next step forward and let you decommission your current server. Today, we’ll take a look at some of the features and of the factors that will help you make the decision, and describe scenarios where the cloud would work best.
From on-the-ground to in-the-cloud
Enterprise and business-level networks mostly use an Active Directory (AD) server to manage access and identity services. AD manages identity by storing and authenticating users when they log in to their machine and gives users access to the resources they need on your network. It has been an industry standard for a long time, so it was tuned to being set up on an on-premises server to manage these things in-house. That has required that companies keep a (usually) dedicated server running to manage these network features.
As “cloud computing” becomes a more accepted and cost-effective practice, these on-prem services can be moved to a virtual machine in the cloud. On one hand, moving the server onto a cloud host like AWS or Azure lets you decommission your AD server–this saves your IT the team time and effort of maintaining the server, often streamlines the updating process, and gives you the ability to access the AD from the internet. On the other hand, the cost is a monthly subscription for the “computer” that you use as a server on the cloud host. In this scenario, the functionality remains the same: AD is running from a server, just one on the internet.
Enter Entra ID
The newest Microsoft offering for identity and access management is Entra ID. With it, Microsoft hosts your identity management for you, meaning that it’s available anywhere in the world, it’s stored with “high availability” in mind, and your company can scale up without any additional hardware or software. High availability is a relatively recent term that refers to practices that keep data available by having redundant servers in multiple regions, meaning that even a fairly large-scale disruption of services and resources won’t impede users from accessing what’s in the cloud.
We’ve addressed the prospect of Entra ID replacing your AD in the past, here on the blog; there we discussed it as a way of modernizing your authentication platform. Together with Intune—Microsoft’s cloud-based management platform for devices that is more geared for managing mobile—these offerings provide your organization to become cloud-first, and move away from the traditional model that requires a physical, standalone server to manage all of your authentication.
So what about your server?
Without getting too complex, for everything we’ve just described Entra ID doesn’t need to be used exclusively, and Entra ID Sync can take your existing AD and sync it with Microsoft’s cloud management. This means that your IT team manages the AD and Entra ID from the cloud, just like they manage your Exchange mail server, Microsoft 365 licenses, and other Microsoft products. For each of these options that we’ve discussed, moving more toward the cloud solutions brings us better availability at larger scales. Entra ID’s availability ensures that users could work from around the world while relying on Microsoft’s identity platform to securely access both your on-premises and cloud infrastructure.
While this can all be a bit complex and confusing if you’re not used to working with these products, the technical process involved with all of it can all be boiled down to the cost. It’s helpful to think of the three options here as three separate ways to invest in your critical IT infrastructure.
- On-premises AD:
- cost of server and its management and upkeep, including upgrades to new OS on the EOS lifecycle
- Cloud AD on a cloud machine:
- monthly cost for organization to subscribe to cloud host; cost is typically in the hundreds of dollars per month
- Entra ID:
- cost is a subscription like your 365 licenses, less than $10 per user per month
Finding the sweet-spot for your organization’s particular use-case can be a daunting task, and implementing a change in your authentication infrastructure requires planning and expertise on the back end. As your partner in technology and services, Crown Computers is committed to finding the best value and experience for your organization, as well as delivering the peace of mind and security that your organization needs to get your work done effectively.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team