Friday, March 5, 2010

Microsoft Releasing Next Generation Active Directory (NGAD), a Plug-in that Support Cloud Computing.

Sponsored Links

Microsoft released a beta code, currently in an early-stage, and internally called as “Next Generation Active Directory (NGAD),” that’ll define the next evolution of directories. It's a modular add-on that is built on a database and designed to add querying capabilities and performance never before possible in a directory.

Naturally, any new Active Directory developments are sure to cause Sysadmin ears to perk up. So what exactly is this next-generation AD and what does it mean?

NGAD is a modular add-on that is built on a database and designed to add querying capabilities and performance never before possible in a directory. NGAD also is a reshaping of the programming model for Active Directory.

 NGAD is not a replacement for Active Directory but an add on (just like service packs) that provides developers a single programming API for building access controls into applications that can run either internally, on devices or on Microsoft's Azure cloud operating system. Uses will not have to alter their existing directories but will have option to replicate data to NGAD instances. NGAD stores directory data in an SQL-based database and utilizes its table structure and query capabilities to express claims about users such as "I am over 21" or "Henry is my manager." To ensure security, each claim is signed by an issuing source, such as a company, and the signatures stay with the claim no matter where it is stored.

It’s in the very early stages of development, so we don’t know a lot. In fact, NGAD is not even an official name, and we are nowhere near any sort of official release. What we do know, however, is that NGAD is not going to be a completely new version of Active Directory. In some ways, it could even be interpreted as another example of the company’s commitment to the cloud.

Directory Services MVP Laura E. Hunter described NGAD as a way for Microsoft to provide a “SQL-like frontend” where Sysadmins can make authorization decisions. The examples she gave were functions such as “age over 21” or “can approve expense reports = TRUE,” similar to what AD Federation Services 2.0 does now, only taking things one step further.

So where does the cloud fit in? Well it’s really all about the way administrators deal with directories and applications, and creating a common interface no matter if those directories or apps are on premise or in the cloud.

NGAD is to be based on the claims-based identity model, which Microsoft describes as when an “application makes identity-related decisions based on claims supplied by the user. This could be anything from simple application personalization with the user’s first name, to authorizing the user to access higher valued features and resources in your application.” In other words, the claims-based model is a simplified way of governing access control.

Again, it’s very early, so no timeframe for NGAD has been given. It’s possible that whenever it is released, it will be a standalone product that also comes with Windows out-of-the-box, similar to Microsoft Hyper-V.

(With inputs from:,,,

blog comments powered by Disqus
Related Posts Plugin for WordPress, Blogger...