<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=986590804759414&amp;ev=PageView&amp;noscript=1">
G Suite Admins Blog > Collaboration

Managed Service for Active Directory in Google Cloud

Managed service for active directory in Google Cloud

Google Cloud Next is always an exciting time for members of the Google community. Each year, the event delivers countless exciting updates about the G Suite portfolio of productivity products, the Google Cloud Platform, and more. This year was no exception to that rule.Google Cloud Next 2019 ran a little earlier than usual, on the 9th to the 11th of April 2019, and thousands of professionals and developers turned up to hear about changes to Google hardware, software, and cloud solutions. One particularly surprising announcement from the San Francisco event was the arrival of a new Managed Service solution for the Microsoft Active Directory.

Following a press release in which Google explained that it would be making it easier for companies with a Windows operating system and Microsoft applications to move into the Google Cloud platform, Google revealed "MAD."

Managed Active Directory in the Google Cloud will be running on "actual" Active Directory, as Google puts it, which allows enterprises to control their cloud-based Active Directory workloads. Managed services for active directory through Google will also allow for the automation of AD security configurations, server maintenance, and more.

Introducing Managed Service: Active Directory in Google Cloud

The original announcement about Google making a move to the Google Cloud easier for Microsoft users involved using Google's sole-tenant nodes at the beta stage to make licensing transfers between Microsoft and Google. It's also possible to move the licensing of Microsoft applications like SharePoint Server and Exchange Server into the Google Cloud Platform.

However, Managed Service for Active Directory in Google Cloud takes a different approach. It's not about switching into the Google cloud, but simply managing your workloads from the same secure Google cloud platform that you already know.

The solution is similar to the Microsoft Azure Active Directory service and allows organizations to access the benefits of Active Directory in the cloud, without having to install domain controllers via Virtual Machines (VMs). Shifting legacy applications into the cloud through the new Managed Service solution will be much easier - reducing costs and delivery times for digitally-transforming companies.

However, cloud migrating services like legacy apps isn't the only reason to invest in Managed Services for Active Directory in the Google Cloud. Many of the modern cloud-first applications available today also rely on Active Directory. This is because the AD software is so popular among enterprises. While Microsoft might prefer you to use Azure Active Directory, Google gives you an alternative approach.

Features of Managed Active Directory in The Google Cloud

Google describes its Managed Service Active Directory solution as a hardened and highly available service that runs on "actual" Active Directory. With this solution, companies can connect their original Active Directory environments to Google's managed service. Features include:

  • An Actual Active Directory domain: Ensure full compatibility with your AD applications and features using a solution with a real Microsoft Active Directory domain. Integrate with your cloud DNS to allow for automatic VM discovery too.
  • Familiar tools and features: Give your IT team and security groups full access to their favorite Active Directory features, including Group Policy, Remote Server Administration Tools and more.
  • Automatic Patching: Google ensures that you'll always have peace of mind with your Managed Services for Active Directory with the option to automatically patch your servers and take AD snapshots for recovery. Google will also eliminate any issues quickly and monitor for future problems.
  • Highly available: Google prides itself on ensuring that it's Active Directory system is highly accessible, so that you can have more confidence in the availability of your domain systems. The solution also runs securely across a range of regions.
  • Flexible Deployment: Achieve a higher level of agility and versatility in your organization with the ability to connect the Managed Service for Active Directory functions with your on-premise domain or run as part of a standalone domain.
  • Hardened: Ensure that your Active Directory infrastructure is less prone to issues with misconfiguration thanks to secure baselines for configuration and appropriate rules for your network firewall.

Supporting Microsoft Users in the Google Cloud

As businesses of all shapes and sizes continue to invest in strategies for digital transformation, it's becoming increasingly important to find a way to leave legacy systems behind. Old-fashioned applications and solutions can cause problems with everything from security, to user productivity and more.

Active Directory isn't the most agile and modern way to stay ahead of the game with technology these days. However, there are still countless companies that rely on this service to maintain their networks. While it's possible to configure Microsoft Active Directory to run in the cloud through VMs that support AD-dependent and cloud-based infrastructure, this approach leads to additional overhead and security concerns for many organizations.

If the extra work wasn't enough to put security teams off, there's also a need to manually configure, secure, and maintain the virtual machines that you're running your Active Directory solutions in to keep everything running smoothly. This can be a challenge in a world where IAM professionals are few and far between.

With Google's new cloud-based managed service solution for Active Directory in the cloud, you get an "actual" solution for Microsoft Active Directory. The fact that you're getting an "actual" AD solution is essential because it differentiates Google's new service from the option available for the Azure Active Directory. The Azure Active Directory isn't based on the Windows server, although it does have a few overlapping features.

Other benefits of taking the Google Approach to managing Active Directory is that you get to use standard administration tools, such as the well-known Remote Server Admin Tools, or RSAT. Additionally, since Google takes control of your availability, patching, security baselines, and more, the maintenance that your team has committed to is extremely limited. Google even says that you can connect your Cloud service to the on-premise Microsoft Windows server too, as a standalone service.

How Does Managed Service for Active Directory Work?

Put simply, Managed Service Active Directory from Google Cloud is a solution that allows your security team to spend more time on high-value tasks, knowing that their service is automatically patched, highly available, and secure according to the latest baseline standards.

Managed Service for Microsoft AD, or MAD, runs on the actual Microsoft Active Directory domain controllers, on the latest version of the Windows Server. You can build in the Active Directory Services that you want to use, such as fine-grained password policies, or enhanced single sign-on, and ignore the features that you don't want. Additionally, the service has a high-availability topology. There are two separate domain centers in different zones to protect your ongoing service.

Google's solution automatically patches Active Directory servers, takes snapshots to maintain quick and simple recovery, and monitors for issues while you work. Windows event logs are also available if you need help with additional analysis or recordings for compliance.

In terms of deployment, there is a range of options available too. You can extend your Active Directory domain on-premise into the Google cloud, or create your own one-of-a-kind standalone domain for your cloud workloads, complete with your preferred VM solutions.

Currently, Microsoft Active Directory Managed Services through the Google Cloud are available in beta mode, for users to test at no extra cost. You can sign up to find out more about how the system works now. Pricing information will be published by Google when the service is fully available. Keep in mind that while you're using the beta service, there may be additional costs for using things like on-premise connectivity services and Cloud DNS.

Google's Identity Access Management (IAM) Portfolio is Growing

With the recent announcements about Managed Services for Active Directory in Google Cloud announced at Cloud Next this year, it's safe to say that Google IAM is growing. Aside from the recent changes to the Managed Services solution, Google also used Cloud Next as a chance to announce some additional updates too. For instance, the Identity Platform Service for adding IAM protections to applications is currently "generally available." 

Additionally, the Cloud Identity Security solution for Google Cloud will soon be getting some new features too, such as automated lifecycle management for your employees, single sign-on with password vaulting and a brand new management dashboard. 

Google also recently announced that they will be announcing some new context-aware capabilities to the Identity-Aware Proxy service, which is currently generally available. Context-aware access features have also been added to the beta testing stage of the Cloud Identity Service. These new features allow greater protections for businesses by providing them with more granular access management capabilities for G Suite productivity apps.