Cloud Computing 06 Directory Service



Directory Service

In this video let us take a look at Directory Service. What is it, anyway?

Let’s just say there are two companies called A1 and A2. Each in their own building and let me call them A1’s building and A2’s building. By default, the employees from one company cannot enter into the other company’s building. If an employee from A1 asks for permission to enter A2’s building, using the employee badge from A1, then that employee will be denied access. In this case, each company maintains their own directory of employees and will not allow anyone else to enter into their building.

Now a company called B1 acquires both A1 and A2. All of the employees from A1 and A2 are now the employees of B1. Now the company B1 has three buildings under its control. Its own building B1, which it calls as head office,  and the buildings of A1 and A2. It says, every B1 employee can enter into any of these three buildings. So, in essence, the head office will maintain the directory of employees and these employees can enter not only the building B1, but also the buildings A1 and A2 by showing their employee badge. So, the buildings A1 and A2 becomes two resources which can be accessed by any B1 employee. In this example, B1 maintains the employee directory, which the reception areas in the buildings A1 and A2 subscribe that directory and allows people inside as needed.

Now imagine there is another company called X1, which owns buildings Y1 and Y2 apart from its head quarters, X1 building. As we have seen already, an employee of the company B1 is generally not allowed to access the buildings X1 or Y1 or Y2 since these buildings are owned by X1.

Now, let’s imagine that a new company called ITShorts.com acquires both the companies, B1 and X1. Disclaimer. Instead of ITShorts.com, I could have named it as ABC. But I wanted to avoid using any real company’s name as much as possible. And since there companies with almost every name possible, I am just using my domain name, ITShorts.com in this example. Ok, now, ITShorts acquired both B1 and X1. But lets them operate as its independent subsidiary companies. But with certain modifications in the access.

For example, the board of directors from ITShorts will have access to both these companies, B1 and X1. Then the Senior Management from both these companies to access each other. The finance team from each of these companies need to work together and share the finance information. But not anything else.

So, all of a sudden the requirement gets a little bit complex. Anyone who is designated as the board of directors need to be able to enter any of these buildings and access any resources in these buildings. Also the senior management in B1 Inc may enter X1 inc and access all the resources and vice versa. The finance people from each companies can enter into each other’s building, but cannot access everything except for the finance related documents.

In this case, the directory of employees contains multiple branches. For example, iReorg being the main organization, contains the starting point, if I may simply say that. It has its own employee list consisting these board members. Then one level below, these are two list, which are kind of sub directories to the main directory, iReorg. These sub directories contain information about B1 employees and X1 employees. Then comes multiple organization units such as Senior managements, Finance team etc. So, the authorization has to happen using this main directory and access needs to be granted as needed.

So, going back to the computer world, we can either make the domain controller servers in a network to take care of directory services also. Remember directory service is much more than maintaining the list of users. It has to authenticate the users based on the password provided or other mechanisms such as thumbprint or facial recognition. Then provide the right access to the resource as needed. It is also common to have separate servers who can do directory services function. It can take care of authentication. In the cloud world, we can also subscribe to the directory services feature provided by them. Microsoft Azure provides Active Directory Service while Amazon provides AWS Directory Service.

In this case, the directory of employees contains multiple branches. For example, iReorg being the main organization, contains the starting point, if I may simply say that. It has its own employee list consisting these board members. Then one level below, these are two list, which are kind of sub-directories to the main directory, iReorg. These sub directories contain information about B1 employees and X1 employees. Then comes multiple organization units such as Senior managements, Finance team etc. So, the authorization has to happen using this main directory and access needs to be granted as needed.

So let’s do a quick recap. So far we have seen the following cloud components. CPU, which is a compute resource. In cloud we will rent computers with various computing power options. CPU determines that. Then we saw RAM or Memory. This determines the size of memory a computer can use. Then we also saw Hard Disk Drive or Storage. This determines the size of storage used by that computer. Then we also saw about the Operating System. And in this lesson, we saw about the Directory Service.


Comments