SysAdmin

SysAdmin's Diary: Are Domain Controllers Obsolete?

July 4, 2017 | Tim McGraw
Find me on:
SysAdmin's Diary

My career has consisted in large part growing IT DevOps at small startups, usually as the first, and sometimes only IT professional at the start. My latest project involved a company that would double twice in size in two years, serving thousands of subscribers in four major US cities.

 

As with many startups, small, and even medium-sized companies these days, everything is in the cloud. IT funding often provides only for a local infrastructure of some decent laptops and the best shared bandwidth available in the area. Speeds vary widely; some offices enjoy 300/300Mbps while others endure 25/7. If you find that laughable for an office setting of 30 people, join me in a giggle and consider that permanent live video streaming among four offices around one city was also needed. Transmission quality is going to be choppier than Gordon Ramsey making Coleslaw on horseback. Startup life.

 

It’s not exactly the picture of a standard IT shop, but then, that’s somewhat the nature of IT. For years, organizations with investments in server installations, first physical and now virtual, have been commonly considered the natural end point of a company’s IT maturation. But that’s changing.

 

All companies, startup or otherwise, need to be nimble. Decisions are made from necessity, but necessity is the mother of invention. People have to be trusted with resources because they need to act quickly and sometimes autonomously to get the job done. They don’t want to fiddle with permissions, and as a company grows in size, it soon becomes evident that it isn’t hiding information that poses the challenge; it’s distributing it correctly. Before your business reaches the size where siloed permissions are the unavoidable eventuality, consider that facilitation can be a more practical IT strategy than restriction. For many companies, it is a necessity to forego the overhead of a domain controller, both concerning infrastructure cost, as well as administrative and user services costs. Many sys admins I know either believe they need to deploy domain controllers first, as quickly as possible, or as soon as resources allow.

 

But it’s madness to think that you can grow a responsible business without a DC, right? Well, yeah, if you need a hybrid cloud and have a lot of compliance issues to contend with, then you have good reasons to use a DC. But what if you outsource to partners who take care of your PCI needs themselves, and you make good use of cloud apps for the rest of your staff needs? Forgive my heresy for a moment and consider: AI is helping to offer a way to monitor individual systems, regardless of their function, in a way that I would say alleviates the need for the old standard DC solution for many companies.

 

Set up AI, stream logs from all your workstations with NXlog (Windows) or rsyslog (Linux/Mac), and you will immediately have deep insight into all the behaviors of your system. You can tell when an update fails, when a user can’t print, even if a firmware update is waiting to run. You see when bad blocks start to appear, well before they cascade into a disk failure. Especially in a small business, where it’s possible to visit each user and provide more tailored user services, AI can be the perfect complement, and you don't need to configure it. At all.

 

Domain controller policies must be defined carefully and maintained over time. Users use bad passwords, forget them, and over time change roles. Unless you apply Herculean efforts to maintain current access for all your users, you will experience permissions creep. Let the cloud accounts determine permissions. Maintain them there, because you’re going to have to anyway. Use single sign-on and a good password manager. For smaller companies, the balance between infrastructure cost and ability to execute are in constant tension, and removing this administrative overhead lightens the maintenance load and can reduce user services in the long run. Call me a maverick, but if there’s no domain controller, there’s no domain to attack, either.

 

For the right size organization, AI can release you from the shadow of the domain and allow you to decentralize without sacrificing accountability and security. Let everyone be on a workstation, and monitor each workstation’s logs comprehensively. Apply unique AI to identify anomalies, correlate alerts across workstations by time, application, service or keyword, aggregating issues showing you trends and root causes, providing insights and recommendations to resolve issues quickly and accurately. If that’s where your company is, this might be a big relief.

 

The domain controller will always be relevant to organizations with large deployments, and AI is excellent at monitoring those large data sets, too. Too often the administrators at smaller organizations don’t see potential in new and different approaches, largely because they're so often conditioned to accept their life of limited options.

 

With a little boldness and creativity, the power and visibility of AI become apparent. Like having a superhuman senior sysadmin at my side, reading every single log entry of every single system and application in my environment, and telling me when I might need to look at something further; AI is a trusted advisor to whisper in my ear. Regardless of the size and complexity of my world, AI offers value and peace of mind.

Enter Loom Systems

Loom delivers an automated log analysis solution powered by AI that analyzes logs from the entire IT stack to detect and correlate issues in real time. Loom also provides the exact root-cause of the issues and recommended resolutions that help users solve problems faster than ever before.

For businesses based in the cloud, Loom's oversight across the enterprise can make a domain controller, and its high costs, a thing of the past. Schedule your live demo!

Tags: SysAdmin AI Tim McGraw Domain Controller

Looking for more posts like this?

 

New Call-to-action

Measure ROI from IT Operations Tools

 

 

New Call-to-action

Gain Visibility into Your OpenStack Logs with AI

 

 

New Call-to-action

Lead a Successful Digital Transformation Through IT Operations