Remember when Salesforce went up against Microsoft to offer an identity service to compete with Microsoft's Azure-based Active Directory?
Looks like it's Amazon's turn to try a similar stunt as part of its ongoing mission to be a cloud-based outsourcer for almost every enterprise IT function. But its new directory service won't likely steal much of Azure's thunder as its best value is tightly coupled to other Amazon services.
The newly unveiled AWS Directory Service provides Samba-based directory services in small (up to 10,000 objects, 5 cents per hour) and large (up to 100,000 objects, 15 cents per hour) incarnations. Both are meant to give enterprise Amazon users one fewer reason to keep a Windows Server instance around for the sake of single sign-on.
For those who have good justification for keeping their on-premises directory servers, Amazon has another offering. With the AD Connector service, AWS resources can provide a secured proxy connection from the cloud to the on-premises directory server. By running multiple directories across multiple Availability Zones, AWS can provide resilience.
Amazon mainly positions the new features as an on-ramp to having a directory service, minus the "care and feeding" (Amazon's own words) of the operating system that usually goes with it. Given that Amazon specifically name-checks Active Directory and Microsoft Windows in its blog post, it's plain Microsoft is the single biggest target, although Linux directory services (and the overhead of maintaining a Linux instance) could also be replaced.
The pitch seems common among cloud providers these days: Get only what you need, and pay for only how much you use it. Here, though, the pricing for the AWS Directory Service doesn't reflect the flexibility needed for a directory service; the hourly charges seem more in line with Amazon's cloud pricing structures than IT's needs.
The real flexibility of this new offering and the true cost savings show up best for users who have already made greater commitments to replacing more of their IT with Amazon infrastructure. To wit: Those using Amazon Workspaces -- Amazon's Windows-desktops-on-demand service -- pay nothing for using either the connector or the low-end directory tier.
In addition, Microsoft hasn't been content to simply dump AD into Azure and walk away. Rather, it's aggressively expanded its connectivity and utility. Management tools, support for multifactor authentication, and a free access tier for up to 500,000 objects (albeit with no SLA) have all shown up in Azure as further enticements to existing and future users.