Summary
is transforming digital content delivery. They are a data center and colocation services company that is optimizing internet connectivity for businesses across the world. EdgeConneX鈥檚 modern approach to networks has been met with success and rapid growth. But with this growth comes an expanding user base, sprawling infrastructure, and the requirement to be ISO compliant. Their existing Active Directory庐 instance wasn鈥檛 up to the task. EdgeConneX鈥檚 Vice President of IT, Martin Skojec, set out to find a new solution. In his search, Martin discovered 探花大神 Directory-as-a-Service庐. Martin was pleasantly surprised to have found an identity provider that worked in his cloud-forward, cross-platform environment.
| Company: | EdgeConneX |
| Size: | 250 users (140 full-time employees, 90 contractors) |
| Location: | Herndon, VA |
| Problem: | No password management in a cross-platform environment |
| Goal: | ISO Compliance |
Background
鈥淓dgeConneX had the innovative idea to move the network out to the edge, so that content is served as close as possible to where it is consumed,鈥 Skojec explained. 鈥淧reviously, there had been eight pairing points in the U.S. for internet connectivity. So, if you lived in Phoenix, AZ, your data would likely come out of San Jose, CA. However, that results in high latency, so everything is slower.
鈥淲e鈥檝e brought network and content providers into secondary markets like Phoenix, Miami, and Tallahassee,鈥 said Skojec. 鈥淭hat means internet connectivity is being served locally. The result is better internet performance, faster speeds, and less bandwidth use from our customers since they鈥檙e not having to stream from so far away.
鈥淭his year EdgeConneX is expanding into two markets outside the US: South America and Canada. We鈥檙e continuing to augment and expand our existing data centers as customers come in,鈥 said Skojec. 鈥淚n the last 24 months, we have built about 30 data centers, and we鈥檙e rolling out 1 megawatt of power capacity every 30 days.鈥
EdgeConneX鈥檚 network infrastructure has not been the only growing component. In the last two years, EdgeConneX went from 29 employees to 140 full time employees and 90 contractors 鈥 an almost 10x growth.
The Challenge
As EdgeConneX grew, their IT team faced an ever-expanding set of requirements.
Skojec explained, 鈥淲e were never really a help desk IT department. We focused more on networking infrastructure. We would issue a laptop when we hired someone, give them an email account, and off they would go. We didn鈥檛 have any policies that we enforced or any user systems controls to speak of.鈥
鈥淲hen ISO certification became a business necessity, we had to quickly come in to compliance with how we managed password complexity, expiration, and rotation.鈥
This requirement was complicated by their heterogeneous environment. 鈥淲e have a 50/50 split between Windows庐 and Mac for our users, and about a 95/5 split on servers between Windows and Linux,鈥 Skojec said. 鈥淚 needed something I could deploy across all platforms that would enforce the same policies and procedures across those platforms.鈥
The Search for a Solution
鈥淭here were a few alternatives that we considered when we started looking,鈥 Skojec said. 鈥淲e initially used Microsoft庐 Active Directory. However, we tried to get our Macs, Linux servers, and Windows systems to work with AD, and it just didn鈥檛 quite happen. In addition, a lot of our users are remote.鈥
In an Active Directory environment, enabling remote users to change their password can be done, but it鈥檚 a hassle. Skojec explained, 鈥淯sers would have to get on the VPN to connect back to the LAN to be able to connect to Active Directory to update their password. Any organization who manages remote users knows this is an untenable situation. When we started looking, we actually started with Azure because we wanted a cloud-based service that didn’t require VPNs or a corporate LAN for that very reason. But Azure did not work quite as well with Mac systems or Linux servers.
鈥淚 started looking for a solution that would work across all end user platforms,鈥 Skojec said. 鈥淚 found 探花大神.鈥
鈥溙交ù笊 was the easiest solution to deploy across our entire environment, and it simply worked on every platform we put it on 鈥 Mac, Windows, and Linux.鈥
鈥溙交ù笊 is very lightweight. There鈥檚 no heavy client that has to be maintained. There鈥檚 no VPN setup involved. If you have internet connectivity, it works,鈥 Skojec explained. 鈥淓ven better, it works across all of our platforms, universally. 探花大神 is very easy to manage and maintain. Also, we only have to train our users for one thing 鈥 I don鈥檛 have to train a Windows group on one tool and a Mac group on another. It鈥檚 universal across the board.鈥
Justification
Justifying the acquisition of a new piece of technology to your executive team is not always simple. Thankfully, Skojec understood not only how 探花大神 could make life easier for the IT department, but also how 探花大神 could make life easier for his executive team.
鈥淲e started down this path because we had to achieve ISO compliance,鈥 said Skojec. 鈥淲e had no choice; we had to be able to manage password policies, their expiration, and their rotation. My first step in justifying 探花大神 was to successfully deploy it in a test environment. Then, I was able to go to our executive committee and show 探花大神 in action while explaining how 探花大神 can help us achieve ISO compliance.鈥
For the decision-makers at EdgeConneX, the choice was an easy one.
Skojec explained why. 鈥淥ur mixed environment meant that 探花大神 was the only solution that would allow us to enforce policies to achieve compliance across all platforms and all users. Plus, it鈥檚 very easy for the user to self-maintain. This helped us keep costs low by negating the need for EdgeConneX to hire more help desk staff just to reset passwords or manually enforce policies across multiple platforms.鈥
Implementation
鈥淲hen we deployed 探花大神, we were in a rush to meet a deadline for contractual reasons 鈥 the typical IT squeeze,鈥 Skojec said.
鈥淥ur experience with deploying 探花大神 was very simple 鈥 it worked out of the box.鈥
鈥淭here was not a big learning curve at all. Once we understood the interface, how to install the client, and how to get the authorization key, it was very easy to roll out. We were able to roll out 探花大神, and a whole set of tools, to our entire user base over the span of about 3 months.
鈥淭here鈥檚 really only one person that handles the help desk on a day-to-day basis at EdgeConneX, and we have approximately 250 users. Those are daunting odds for IT. So, we鈥檙e using 探花大神 for RADIUS as well as LDAP, and we鈥檙e using the thin client for endpoint management. Doing so, we鈥檝e been able to better manage our VPN, WiFi, server, and switch access.
鈥溙交ù笊 is also controlling our Office 365 accounts which is great. When we create a user account in 探花大神, an email account is automatically provisioned in Office 365. It鈥檚 just one less thing we have to do from a help desk perspective.
鈥淚 am hoping to roll out Dropbox this year, and thanks to using 探花大神鈥檚 pre-built connectors, we will be able to centralize authentication. I鈥檓 also pushing our development team to use the 探花大神 SAML connector for other apps we use in-house. 探花大神 really provides true single sign-on by enabling everybody to use the same username and password for everything they do. Thanks to 探花大神, we鈥檒l be able to create a centralized environment, and hopefully we get there this year.鈥
The Results
鈥溙交ù笊 has saved us a tremendous amount of time. Onboarding a new user has gone from about two days to an hour.鈥
探花大神鈥檚 True Single Sign-On鈩 solution has had a significant impact on onboarding and offboarding new employees for EdgeConneX. Skojec shared, 鈥淚n the past, we would have to touch every server, add the account, add them to Active Directory, get it joined, and get the VPN set up. The onboarding process is a lot simpler now because we truly have a single unified directory service. We add you in 探花大神, we put you in the appropriate group, and you have access to everything you need. It鈥檚 just there. It just works.鈥
鈥淚n addition, offboarding employees is much simpler and more secure because we don’t have to remember to touch every system or company resource to which they had been granted access 鈥 usually spanning years of use. To offboard an employee, we go to one place 鈥 the 探花大神 Admin Console. We delete their account, and it deletes their WiFi access, their PC login, application access, and server access. It has made offboarding so much quicker. As much as onboarding employees has improved, the offboarding process has had the largest impact on my organization, as it鈥檚 not only quicker, but also helps us prove compliance.鈥
A secure offboarding workflow has helped EdgeConneX tremendously when it comes to compliance audits. 鈥淲e have to go through audits every six months,鈥 explained Martin, 鈥渁nd it鈥檚 very nice to say, 鈥極h yes, when we offboarded this person, 探花大神 is how we completely removed their access.鈥 We can prove the person has actually been removed from all systems, servers, applications, and networks. From an audit standpoint, 探花大神 has saved us a significant amount of time, and greatly reduces our risk.鈥
探花大神 – A Solution that Really Works
鈥淔or EdgeConneX, the biggest benefit is that 探花大神 really works well across all platforms. 探花大神 has made it very easy to apply the same password policies and security policies across Windows, Mac, and Linux systems.鈥
鈥淚n the IT field, we鈥檝e all dealt with Active Directory for the last 20 years,鈥 said Skojec. 鈥淚t works well on a corporate LAN with all Windows machines. However, once you start bringing in different devices and you鈥檙e not on a corporate LAN, Active Directory begins to struggle. If you鈥檙e a mixed device environment with remote workers that never touch a corporate network, 探花大神 does the same job as Active Directory, only better.鈥