Main Nav

Message from kylesmith@kyleasmith.info

Good afternoon,

There have been some talks at my institution that involve placing an Active Directory Domain Controller and/or OpenLDAP server "in the cloud" to allow for higher availability and redundancy for our primary authentication. I'd like to know the following:

1. Do you currently have an authentication server "in the cloud"? 
1a. What requirements did you have prior to placing the server in the cloud? (full access to virtual/physical machine)
1b. How is your server hosted? (ie Amazon EC2, Microsoft Azure, etc)
2. What security measures do you take to prevent a breach? 
3. What is your business' realm ? (private corporation, public sector, higher education)
4. Any other tips/tricks/advice on this topic. 

Thanks!

Kyle Smith
Higher Education

Comments

I suppose that you are excluding cloud based authentication services in your survey based on the wording you've used. Things like the Windows Azure Active Directory, which provides an extension of your on-premise Active Directory aren't a virtualized server, but rather a cloud-based authentication service, with different characteristics, interfaces, etc.

 

In the event that you aren't, then here's a bit more about our approach with respect to WAAD.

 

With something like WAAD, you can skip storing credentials in the cloud (via federated authentication), but you still sync the directory data there, and for certain "active client" profile use cases, your user's passwords do pass through Microsoft servers (i.e. the relying party does the authentication on the user's behalf).

 

For the directory data, we've chosen to filter out our member private groups, because WAAD doesn't have a mechanism that allows us to keep the group membership private. This is unfortunate because this means course groups aren't there, which are arguably at the center of many academic collaboration use cases.

 

We've almost got a contract signed with Microsoft. This has various legal protections in it for us in terms of breaches.

 

1.       Working on building an Active Directory Domain controller. Next step will be an OpenLDAP Server

a.       Don’t understand the question. Our goal is to have availability offsite for business continuity or increase capacity

b.      Currently testing with Dell vCloud. Going to look at other IaaS and PaaS vendors too

2.       Security is what we are working on right now. Don’t have much to share here yet

3.       Higher Education

4.       Once I have some to share I will be happy to share.

 

Thanks

Tina

 

 

Tina Meier

Director, Server Administration

Information Technology

Oklahoma State University System

003 Math Sciences

Stillwater, OK  74074

tina.meier@okstate.edu

405-744-9375

 

 

 

Message from peesh@peesh.net

Kyle,

What institution are you with?