Microsoft Active Directory Encryption

Download PDF
Challenge

It’s rare for any organization to be without at least one Microsoft Active Directory® (AD) server, and for many it is a fundamental part of their identity infrastructure. While it has many advantages, Active Directory also has limitations and complexities that make an infrastructure difficult to manage and administer.

Encryption is one area that can create problems for Microsoft Active Directory administrators. While an Active Directory instance may perform well without encryption, enabling TLS/SSL often brings a major hit, potentially impacting the entire infrastructure. TLS/SSL encryption is necessary for authentication across an insecure channel such as the Internet, so administrators who provision access for “external” parties are often forced to consider upgrading the Active Directory domain’s hardware. And, although it uses LDAP for communications, Microsoft Active Directory demands a unique format and encoding for user password change requests, so a “standard” LDAP modify operation cannot be used. While not a problem for Windows-based tools, any user management applications designed for a normal LDAP environment may be incapable of sending password requests in the required format and therefore cannot be integrated into the infrastructure.

Solution
Microsoft Active Directory Encryption Solution

Microsoft Active Directory Encryption Solution

Symlabs Virtual Directory Server is a powerful middleware application that can behave as an LDAP proxy, creating a highly efficient TLS/SSL termination point to securely provision Active Directory access for external clients. This allows independently configured front-end and back-end connectivity, so TLS/SSL can be offered to external applications without enabling it in Active Directory, thus avoiding the performance penalty. Symlabs Virtual Directory Server can also manipulate data within the network packets it routes between client applications and back-end servers, so any request or response can be modified on-the-fly so it conforms to expectations. Simple scriplets can be created to intercept password change requests and establish compatibility between AD and LDAP user management tools. Also included is an ACL plug-in that can further improve overall security by adding data access controls specifically for external users without impacting the existing AD access rules.

About Microsoft Active Directory
Active Directory is a registered trademark of Microsoft, Inc. An LDAP-based directory services product developed by Microsoft, Active Directory is a central component of the Windows platform that provides a means to manage identities and relationships that make up network environments. Active Directory Service is commonly used to manage the Windows® domain infrastructure.

Benefits

Protect LDAP connections with TLS/SSL while improving performance
Safely offer external queries without affecting existing AD infrastructure
Create access rules specifically for external users for added security
Integrate LDAP user management applications with an AD environment

About Symlabs

Symlabs is the performance leader for virtual directory and identity management solutions. Benchmarks show Symlabs Virtual Directory Server, LDAP Proxy and Federated Identity Suite are the fastest and most powerful products in the industry for managing and unifying identity data. Global giants like Sony, IBM, Vodafone, Nokia and United Nations already depend on Symlabs to add flexibility, security, and reliability to their infrastructure. Symlabs also offers annual support, training and professional services to our clients to help them develop, integrate, and maintain solutions.