Amazon takes aim at Microsoft's Active Directory with new service

Amazon Web Services wants to become a more central part of enterprise IT with the AWS Directory Service, which both competes and integrates with Microsoft's Active Directory.

With the lure of easier management, Amazon hopes CIOs are willing to trust it with one of their most important applications, the directory. Amazon has been adding all the pieces organizations need to run a complete IT infrastructure in its datacenters, including servers, databases, desktops and now a directory.

The directory is an important addition because of the central position it has. Virtually every organization uses a directory service such as Active Directory to allow computers to join domains; list and authenticate users; and to locate and connect to printers, as well as other network services including SQL Server databases, Amazon said.

Because of the importance of the directory, the company will likely find it difficult to compete head-on with Microsoft in the short term. But the ability to integrate with Active Directory is a good first step.

For companies that want to connect Active Directory with Amazon's cloud, there is AD Connector, which lets users and IT staff use their existing corporate credentials to log on to Amazon's applications. AD Connector uses Virtual Private Cloud with a hardware VPN connection or a dedicated AWS Direct Connect connection to communicate.

The stand-alone version is called Simple AD and is based on Samba 4 Active Directory Compatible Server. The list of features includes user accounts, group memberships, Kerberos-based single sign-on, and group policies. They make it easier to manage cloud-based Windows applications, according to Amazon.

Many of the applications and tools in use today that require Active Directory support can instead be used with Simple AD. User accounts stored in Simple AD can also be used to access Amazon's own applications, including the WorkSpaces desktop and the AWS Management Console, the company said.

Because the directory has such a central role, high availability will be very important. Amazon hopes running directories across multiple so-called Availability Zones will be enough to convince CIOs that Simple AD and AD Connector can cut it.

The competition between Amazon and Microsoft has been heating up. Simple AD competes with Azure Active Directory, the cloud-based version of Microsoft's directory. Amazon's expansion comes after Microsoft earlier this week launched Cloud Platform System (CPS), which makes it easier to build hybrid clouds that mix public cloud and on-premise systems.

Microsoft as well as the likes of Cisco Systems, Hewlett-Packard, Rackspace and VMware are all trying to counteract the success Amazon has seen by pushing the need for hybrid clouds.

Simple AD and AD Connector come in small and large versions.

The small version of AD Connector is for directories of up to 10,000 users, computers, groups and other directory objects and costs US$0.05 per hour or $36.50 per month. The large version is for up to 100,000 directory objects and costs $0.15 per hour or $109.50 per month.

For Simple AD, the small version is for up to 1000 directory objects and costs US$0.05 per hour or $36.50 per month, while the large version is for up to 10,000 directory objects and costs $0.15 per hour or $109.50 per month.

Simple AD and AD Connector are currently available from Amazon's datacenters in North Virginia, Oregon, Ireland, Sydney and Tokyo.

Send news tips and comments to

Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022