Are you doing that solely now? Did you give up on server management?
No. The functionality of the product hasn't changed. We have server user management, we have server orchestration. All those capabilities are still in there, it's just positioned differently as a directory. If you think about it, one of the core components of Active Directory is an orchestration thing they call Group Policy Objects, GPOs, which is how admins control and manage devices. We have that too. We just call it something different. A core part of our product and of Active Directory is that.
And if you're trying to build a next-generation Active Directory you've got to be able to execute tasks on devices. That's how our server orchestration stuff has morphed into what we call device management. Literally all of the functionality is still in the product. It's predominately just a change in how we position it.
When we talk to people about Directory-as-a-Service they instantly get it. They understand what category we're in and what we're doing, even though it's literally the same functionality we do today.
So the problem you see people having with Active Directory today is the range of resources they need to support?
Right. They're struggling with all the resources people need to access. If you have AWS servers, that becomes a separate directory or managed manually. If you've got Gmail, that's outside of Active Directory. If you've got Mac or Linux devices, those are outside. If you've got iPhones and tablets, those are outside of Active Directory. The number of things that Active Directory used to control was virtually 100%. Today it is a different story, so the question is, "How does IT manage all these resources and make them available to employees?"
You want to have one central directory because you want to control one central ID. You don't want to create an ID in AWS, then create another one in Gmail, you don't want to create an ID separately or manage a separate ID for your Mac devices, etc.
How does it work in your world? Every directory call goes out to your cloud?
Not in all cases, but in a lot of cases the auth would come to us, but you can also keep the auth local. We have an agent that sits local and that gives you survivability as well. But the idea is you have this cloud-based system that's across the globe and, if you need to authenticate, you just auth to the closest thing, which could be on your device.
A user I know who is trying to move away from Active Directory says it is hard because it has seeped into everything. Does that represent a challenge for you in terms of replacing some of that?
Sign up for CIO Asia eNewsletters.