In the IT world, decision makers find themselves choosing between two options for servicing IT needs, traditional on-premises deployed IT and IT-as-a-service from a service provider. Businesses are flocking to the IT-as-a-service model that provides better cost elasticity and the ability to accurately predict IT spend. However, organizations are hesitant to abandon the investment made in on-premises in hardware, software and processes that are paid for and working well. ADSync for Citrix CloudPortal Services Manager allows businesses who wish to keep Microsoft Active Directory identity management in-house and on-premises to seamlessly blend services hosted by a provider into their overall IT solution.
In a hybrid IT environment, an identity management solution is critical for synchronizing on-premises managed identities with identities in the hosted environment.
Without an identity solution, creating and managing hosted identities for customers by hand is time consuming and leads to configuration drift and inconsistency. Service providers must first be informed by the end customer that a new user or change is required, and then find staff and time to service that request. Service provider teams must be detail oriented to ensure the same naming conventions and detail is provided to align new users with other identities for the customer. This manual process is slow to react to customer needs, time consuming and destined to result in irregularities and support calls.
ADSync provides a simple to use and cost effective alternative to heavy-weight and expensive identity management software. Identity management solutions designed and built for the enterprise are often focused on directory-to-directory migration and don’t account for syncing identity over the internet. High upfront costs and deployment complexity limits adoption of these solutions, as the high cost can’t be absorbed within subscription pricing that targets medium and small business. ADSync is designed with the service provider and hybrid IT environment in mind, delivering a simple solution and cost structure that fits into service providers’ subscription models.
One of the largest challenges faced by service providers and businesses using this model is the requirement for users to have two sets of credentials: one to log on to their computer and on-premises applications, and one for their hosted or cloud-delivered applications.
When an organization hires a new employee, it must create the individual’s user identity twice – once for local resources and again for hosted resources. As a result, users have two sets of credentials – increasing the number of forgotten passwords, help desk calls and productivity impacts. This costs service providers time and resources that could be allocated elsewhere to add value to their business.
Close down procedures for departing employees and contractors also are more complex, making it more likely that accounts will be left open and create security risks. Disconnect between customer on-premises identity and hosted identity usually results in wasted infrastructure and resources in addition to time and effort. When an end-user leaves a customer organization, a sequence of manual steps must be executed before the user is removed and allocated resources are freed in the hosted environment. This delay and effort is additional cost impact to service providers – on top of a subscription cancellation.
ADSync for CloudPortal Services Manager delivers a solution that addresses these challenges across four key areas.
- Security: ADSync safely collects and transfers user identity information and passwords across the internet securely without compromise. Requests are sent to CloudPortal Services Manager infrastructure using HTTPS. Secure API requests use a combination of a public/private key and a symmetric key (RSA and AES) to securely transfer data and credentials. This ensures that the data cannot be intercepted or diverted to another source. The data in the request is also hashed (SHA1) to detect any unauthorized changes.
- Ease of deployment: The ability to easily integrate into the customer’s existing local environment is essential for success. Customers may have limited technical experience or staff. Installation, setup and configuration of the ADSync service is simple and straightforward. This gives the tool an edge over most other Active Directory integration products, which have complex installation and licensing implications.
- Integration: The ADSync utility is tightly integrated with CloudPortal Services Manager through the API. This allows service providers to easily manage and provision services to synchedd users using familiar tools and processes. An additional benefit of CloudPortal Services Manager integration is security. Information collected by ADSync can only be decrypted and used by CloudPortal Services Manager.
- Reliability: Even if network connectivity is lost or servers are turned off, passwords and account settings will not be lost. Sync batching and throttling capabilities new in the AD Sync in CloudPortal Services Manager 11.5 avoids API timeouts and ensures the control panel remains responsive and performant during heavy synchronization cycles. Improved logging ensures that administrators have full visibility into ongoing sync processes and can identify and troubleshoot any issues that may occur.
Simplify Identity Sync and Hybrid IT with CloudPortal Services Manager
For service providers, a solution built on ADSync is a great way to start building a service footprint with customers who aren’t yet ready to relinquish their on-premises Active Directory and go all-in on IT-as-service. CloudPortal Service Manager helps align the customer’s established Active Directory investment and day-to-day service provider best practices by providing security, ease of deployment, integration and reliability.