I see a lot of buzz in the industry about IoT (Internet of Things), Artificial Intelligence, Augmented Reality, blockchain and voice activation. But these are all technologies that require a substantial amount of investment, evangelization, and a defined “jump” to a newer way of working. Whilst they may be able to provide excellent services in the future, they are still very much at an embryonic stage when it comes to enterprise adoption.
Moving to the Cloud
For the overworked administrator of today, infrastructure is very much evolving – slowly but surely. Cloud is the buzzword of the moment, and many companies are on a journey towards a computing model that embraces not just traditional on-premises systems, but cloud-based SaaS, IaaS and PaaS. Azure, Amazon Web Services, Oracle Cloud and Google Cloud Platform are all in competition to provide the infrastructure, and online application services like Office 365, Google Docs and Salesforce are steadily increasing in adoption. For the administrator of the moment, the key challenge for 2018 is extending the automation capabilities of their enterprise, in order to manage these new hybrid environments without a huge demand for new resources.
What are the most labour-intensive areas of an administrator’s workload? Whilst this is a question that varies quite widely from enterprise to enterprise and between verticals, there are nevertheless a great deal of common areas. Examples of technology stacks that are almost ubiquitous across the industry are, in my opinion, Microsoft Active Directory (or ADFS), and Microsoft’s suite of Office products. Office 365 hosted in Azure has only moved these two solutions closer together, and in the hybrid cloud world, Office and AD/ADFS are tied together almost intrinsically.
Management of Office applications (particularly Office 365) and management of user and computer objects within AD (or ADFS) are perhaps the most labour-intensive areas of the admin’s workload. Automation of any of the functions within Active Directory can help enterprise IT departments free up more time to concentrate on forward-looking projects, rather than using their time to complete laborious administrative tasks.
A Real-Life Example
As an example from a customer I work with, a great deal of time was spent on the provisioning of users. This has traditionally been a manual process, and one that is prone to both user error, and user circumvention. Firstly, if the service desk admin performing the process forgot to assign a particular security group or profile path, the new user would experience frustration and disruption as certain applications and services failed to work, necessitating further follow-up with IT support and a loss of productivity. Secondly, the predilection of the service desk to try and avoid the long manual process of provisioning a user by copying an existing one also created security issues, where users were given access levels and admin rights that they should not have received. In either of these cases, the manual provisioning process was failing in a way that created problems within the business.
Also, this particular customer was in the process of moving, as many enterprises are, towards a hybrid cloud model. This hybrid model used not just traditional AD methods for deployment of apps and services (such as security groups and OU membership), but more advanced methods such as claims-based access control based around specific custom AD attributes. In these cases, failures in the manual provisioning process (such as not setting a telephone number properly) could deny access to websites, apps and services for the new user. Add Office365 and other SaaS apps that utilized federated services into the mix, and you have the potential for major disruption when, as it invariably did, the provisioning process failed.
So the natural answer to simplifying this process, to making it more robust and reliable, is not to script it (because that just introduces more reliance on a custom method!), but to use software such as Adaxes. I like Adaxes because it is lightweight, easy to deploy, very powerful in what it can do (user provisioning automation is just a tiny part of it), and is all wrapped up in a simple GUI that will be easy for administrators to grasp.
You simply set up a Business Rule that launches whenever a new user is created. When this trigger is met, you then configure a set of Actions that are executed afterwards. You can set up home drives and permissions, create and configure mailboxes (on-premises or cloud-based), set profile paths, passwords, expiry dates, group memberships, software deployment – practically anything that needs to be done for the new user. And because it is all automated, there is absolutely no room for error, no interruption to the new user’s productivity, no security issues because people have access to the wrong applications or data.
Naturally, for this customer, there are gains to be made when de-provisioning as well. You can disable a user, archive their home drive, redirect their email, remove their data access – there is no limit to the actions that can be configured. And as above, as it is all automated, then the only possible error is if you make one in the logic – and naturally that will show straight up in testing and be rectified.
So, in summary, I think 2018 will be a year where we all have to brush up on our automation skills for the evolving hybrid cloud world. Every bit of automation will be vital, because C-Level executives will be expecting the move to the cloud model to save them money, not cost more. Starting your move towards an automated, adaptive hybrid cloud solution by using Adaxes to speed up and solidify your AD and Office 365 administration is an ideal first step.
You can try it yourself with a free 30-day trial, which is available with no restrictions on user count or functionality whatsoever.