-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Off Site Authentication Servers
Message from kylesmith@kyleasmith.info
Good afternoon,
Good afternoon,
There have been some talks at my institution that involve placing an Active Directory Domain Controller and/or OpenLDAP server "in the cloud" to allow for higher availability and redundancy for our primary authentication. I'd like to know the following:
1. Do you currently have an authentication server "in the cloud"?
1a. What requirements did you have prior to placing the server in the cloud? (full access to virtual/physical machine)
1b. How is your server hosted? (ie Amazon EC2, Microsoft Azure, etc)
2. What security measures do you take to prevent a breach?
3. What is your business' realm ? (private corporation, public sector, higher education)
4. Any other tips/tricks/advice on this topic.
Thanks!
Kyle Smith
Higher Education
Recommend
Comments
I suppose that you are excluding cloud based authentication services in your survey based on the wording you've used. Things like the Windows Azure Active Directory, which provides an extension of your on-premise Active Directory aren't a virtualized server, but rather a cloud-based authentication service, with different characteristics, interfaces, etc.
In the event that you aren't, then here's a bit more about our approach with respect to WAAD.
With something like WAAD, you can skip storing credentials in the cloud (via federated authentication), but you still sync the directory data there, and for certain "active client" profile use cases, your user's passwords do pass through Microsoft servers (i.e. the relying party does the authentication on the user's behalf).
For the directory data, we've chosen to filter out our member private groups, because WAAD doesn't have a mechanism that allows us to keep the group membership private. This is unfortunate because this means course groups aren't there, which are arguably at the center of many academic collaboration use cases.
We've almost got a contract signed with Microsoft. This has various legal protections in it for us in terms of breaches.
1. Working on building an Active Directory Domain controller. Next step will be an OpenLDAP Server
a. Don’t understand the question. Our goal is to have availability offsite for business continuity or increase capacity
b. Currently testing with Dell vCloud. Going to look at other IaaS and PaaS vendors too
2. Security is what we are working on right now. Don’t have much to share here yet
3. Higher Education
4. Once I have some to share I will be happy to share.
Thanks
Tina
Tina Meier
Director, Server Administration
Information Technology
Oklahoma State University System
003 Math Sciences
Stillwater, OK 74074
tina.meier@okstate.edu
405-744-9375
Kyle,
What institution are you with?