Sponsored Links
Microsoft
released a beta code, currently in an early-stage, and internally called as
“Next Generation Active Directory (NGAD),” that’ll define the next evolution of
directories. It's a modular add-on that is built on a database and designed to
add querying capabilities and performance never before possible in a directory.
Naturally,
any new Active Directory developments are sure to cause Sysadmin ears to perk
up. So what exactly is this next-generation AD and what does it mean?
NGAD
is a modular add-on that is built on a database and designed to add querying
capabilities and performance never before possible in a directory. NGAD also is
a reshaping of the programming model for Active Directory.
NGAD is not a replacement for Active Directory
but an add on (just like service packs) that provides developers a single
programming API for building access controls into applications that can run
either internally, on devices or on Microsoft's Azure cloud operating system. Uses
will not have to alter their existing directories but will have option to replicate
data to NGAD instances. NGAD stores directory data in an SQL-based database and
utilizes its table structure and query capabilities to express claims about
users such as "I am over 21" or "Henry is my manager." To
ensure security, each claim is signed by an issuing source, such as a company,
and the signatures stay with the claim no matter where it is stored.
It’s
in the very early stages of development, so we don’t know a lot. In fact, NGAD
is not even an official name, and we are nowhere near any sort of official
release. What we do know, however, is that NGAD is not going to be a completely
new version of Active Directory. In some ways, it could even be interpreted as
another example of the company’s commitment to the cloud.
Directory
Services MVP Laura E. Hunter described NGAD as a way for Microsoft to provide a
“SQL-like frontend” where Sysadmins can make authorization decisions. The
examples she gave were functions such as “age over 21” or “can approve expense
reports = TRUE,” similar to what AD Federation Services 2.0 does now, only
taking things one step further.
So
where does the cloud fit in? Well it’s really all about the way administrators
deal with directories and applications, and creating a common interface no
matter if those directories or apps are on premise or in the cloud.
NGAD
is to be based on the claims-based identity model, which Microsoft describes as
when an “application makes identity-related decisions based on claims supplied
by the user. This could be anything from simple application personalization
with the user’s first name, to authorizing the user to access higher valued
features and resources in your application.” In other words, the claims-based
model is a simplified way of governing access control.
Again,
it’s very early, so no timeframe for NGAD has been given. It’s possible that
whenever it is released, it will be a standalone product that also comes with
Windows out-of-the-box, similar to Microsoft Hyper-V.
(With
inputs from: http://conklintechnology.com, http://microsoft-news.tmcnet.com, http://itknowledgeexchange.techtarget.com,
http://www.ditii.com)
