Brian & Gabe LIVE #25 - Part 4: Brian is convinced Active Directory is dead

Listen to the whole show here!


Brian Madden: So we talk about, so we have managing the device versus managing the personality or the applications on the device, and this is a conversation, I look at app virtualization versus SMS or System Center, or look at managing like delivering apps and data versus, like, pushing out patches and owning the device.

Or even, Jack, like in your space, like mobile device management, MDM versus mobile application management, MAM.

And so I’m wondering that – The whole concept of, of what you gotta do with group policy and all the owning this device and locking it down, you know, there’s ways around that.  I mean, iPads and Android devices can be controlled with policy, and there’s applications to enforce remote device wiping and password enforcement and encryption and that kind of stuff.

So maybe it’s that group policy and Active Directory are sort of like the old-school, back-winger managing devices, not managing users kind of thing.  And this represents a break from the past, an opportunity for Microsoft to manage.  And maybe Win RT is only gonna be managed with, like, Windows InTune and Exchange, active sync and that kind of stuff rather than having, like, all the muck that is domain management and domain-based group policy.  So –

Gabe Knuth: I mean, that, that could be, but there’s, there’s actually as your Active Directory now, Active Directory running in the cloud.

Brian Madden: But let me –

Gabe Knuth: That’s a recent announcement.

Brian Madden: Let me ask you, though.  Why?  And is the reason for Active Directory in the cloud so that you can have your, the directory that actually controls system management coming from the cloud?  Or is it more of like Microsoft wants to allow for cloud-based identity management?  I don’t mean identity management like single sign-on and all that, but like every company has to have a master directory somewhere of like, “Here’s all my users.  Here’s their names, here’s their passwords.”  And now AD in Azure allows that to happen in the cloud.

But like – Because, because to me, Active Directory – And this is where – In the notes of this show, I was, I, you know, as we, as we sort of prepare for this show there’s a Google doc that we all share that’s like our talking points.  And I wrote in there just before the show started, I made a note called “Screw AD.”  And Gabe was like, “What’s that?”  And I kinda said –

Gabe Knuth: What, what ad don’t you like?

Brian Madden: But, but, because what I’m thinking is like – Because to me, Active Directory’s kind of anachronistic now.  I mean, it’s –

Gabe Knuth: Why is that?

Brian Madden: Because, so if you look at what we really need – So Active Directory, it did a couple of things.  It was the actual main enterprise directory that we used.  You know, user names and passwords.  But then it also managed, you know, all like the computer accounts and group policy stuff.  And like having, having all these policies applied to what systems can do and what software can be installed, how it can reboot your machine, having all that in the same directory that holds your, like, actual authenticated users, blech.

So I look in, in, look at –

Gabe Knuth: You don’t have to – Hang on.  You don’t have to do all of that stuff.  

Brian Madden: Well, where else would I manage my machines?  

Gabe Knuth: I mean, it’s just there.

Brian Madden: Well right, right, right.  You don’t have to.  And in today’s –

Gabe Knuth: There’s, there’s tons of other ways to manage all that as well.

Brian Madden: Exactly.  And so –

Gabe Knuth: Yeah.

Brian Madden: So, so 10 years ago, 15 years ago – Because even back to NT 4 system policies, where we were managing systems.  We were managing computers and saying, “This computer has this patch and this software and this user and this configuration” and all that sort of thing.  And as we’ve seen, especially with the acceleration in the past five years, we’ve seen sort of self-contained apps that have settings like for IOS and Android.  And we’re seeing with, with the touching, Windows touching Metro apps and everything.

So we’re starting to see that, you know –

Gabe Knuth: I think that you call it Windows touching.

Brian Madden: There, there has to be a master directory somewhere that as I said, here’s a list of people, here’s their user names, here’s their passwords.  You know?  That kind of stuff has to exist somewhere.

But I think we can now decouple that from the systems management configuration, which is kind of like the old-school way of doing things.  And so if we take – So Microsoft will want to –

Gabe Knuth: Yeah, but not if you’re Microsoft.  Here’s – That’s the thing.  So, so all of this stuff, I mean Microsoft is still – They’re, they’re, they’re hell-bent on still managing these devices and all of this stuff, and that’s a System Center and all of that.

Now, if you’re telling me you can run System Center entirely without AD, that’s fine.  But without, without all the management components, and you still need AD for all the authentication and the authorization and all of that.  Then that’s fine, I can subscribe to that.  But in no way do I think that Microsoft is abandoning this.

Brian Madden: Okay, so maybe –

Gabe Knuth: It’s, it’s saying, “Screw AD.”

Brian Madden: And maybe we say this, like, it’s like “Screw desktop management.”  But you know how we discuss how the word “desktop” actually means a lot of different things?  It’s the UI, it’s the hardware, it’s the security container, it’s the identity container, it’s the app, run time, all that kind of stuff.

Gabe Knuth: Again, Microsoft is not going to be the first one to, to launch into that.

Brian Madden: Well, so, well, but here’s what’s interesting, though.  Microsoft Sequel Server Business is bigger than their Windows business now.  And so Sequel Server has a really good authentication system.  If you just need a list of users and passwords in some way to authenticate people against that, I mean, you’re using Sequel.  You’re not using AD.

And so I wonder if sort of long-term for Microsoft, them getting AD into Azure allows that to provide sort of identity – Again, I don’t want to call it identity management.  I want to call it like authorization, you know, like –

Gabe Knuth: Well, it’d be like, it would be like Federation.  I mean, imagine – So imagine if all, like if everybody had some sort of – If all of the SAS services and applications out there were based in Azure, right?  And if everybody subscribed to the, the Active Directory from Azure.  Now all of a sudden all of that stuff is there and you’ve got Federation with anybody that you need Federation with for, for authorization.  And you’ve got access to all these applications.  It’s already just built in, you don’t have to, don’t have to worry about it.

Brian Madden: Well, I’m looking at it –

Gabe Knuth: And so I wonder if that’s not Microsoft trying to make it easier for that kind of thing to happen.

Brian Madden: Agreed, agreed.

Gabe Knuth: I don’t, I don’t know that that’s a, that’s a home run proposition, but I think that that’s where that is initially.  

Brian Madden: Well, look.  Today, look at OAF and how OAF has just exploded.  OAF was only invented a couple years ago.

Gabe Knuth: Right.

Brian Madden: And how it’s exploded.  Like fucking everything now – Like I just set up a Pinterest account for my personal life, not for work, and you can’t even – You have to log in with Facebook or Twitter.  It won’t even like – Because even they’re like – Can you remember how two years ago, like every single startup, they all run on Amazon web services and the cloud.  Because now a startup buying hardware, they’re like, “Wow, what year is this?”

Gabe Knuth: Yeah.

Brian Madden: Now it’s like startup, like, “Fuck, we’re running user authentication?  God damn, no.  Everyone that’s at Facebook, at Twitter can” –

Gabe Knuth: Yeah, my mom has a Twitter account just so she can use Pinterest.

Brian Madden: Yeah.  And so the, so but it’s kind of the same thing.  So OAF and SAMEL and these kind of standards for like authentication and authorization across, you know, in federated ways, are really taking off.  But getting that, getting that out of – Like if you have a corporate enterprise on-premises active directory, setting up like that to become an OAF provider to the world is really God damn difficult.  It’s not – I mean, it’s, it’s not just push a button and forget it.

Whereas if the AD is moved into the cloud, that can be one of the things you check the, you check the tip box in the, in the GUI and say, “Enable OAF for my users.”  

Gabe Knuth: Yeah.

Brian Madden: And then, and then off you go.

Gabe Knuth: It does apparently support that.

Brian Madden: I’m sorry?

Gabe Knuth: It does support that, apparently.

Brian Madden: Yeah, just like it supported Active Directory Federation service.  Like all these things were –

Gabe Knuth: Yeah.

Brian Madden: Oh, you mean in the – The Azure version?  Yeah, yeah, yeah.

Gabe Knuth: I, I mean the Azure Active Directory support OAF, it supports SAMEL, both versions.  I mean, it, so yeah.  It’s – They’re positioning it as, I think, another one of these web-based or web-wide, I guess I should say, authentication platforms.  I don’t know why I can’t talk today.

Brian Madden: So my – But so, so that’s where I’m looking – So for Active Directory, you know, so what we use Active Directory for today – So that – Everything we’re talking about and what they take into Azure, like I’m board, makes sense.  And yeah, Microsoft will provide that, Facebook will provide it, Google will provide it.  And Active Directory is their legacy, so it will be some form of Active Directory.  I’m fine with that.

The part of it – When I say “Screw AD,” I mean this whole concept of, like, all your machines are domain joined and you have, like, all these different stuff configured in Active Directory and your groups and computer groups and you’re applying policy.  And all that, like doing that from the systems management AD standpoint, that to me seems kinda old school.

So tying back to Windows RT not being able to be domain joined, I’m thinking is irrelevant now because –

Rodney Medina: Yeah, but it, it, it is old school, but running Windows desktop applications is also old school.  But the problem is people are using legacy, and they’ve really bought themselves into that like 15 years ago.  And one of my customers, as an example, has 90,000 desktops running Windows 7 now.  But they have thousands of desktop applications, and all those applications or a lot of those applications tie into the Active Directory structure.  That’s just the way that has been built the last couple of years.

And especially for those organizations, this, this is really like very distant future or future for, for them.

Brian Madden: But it, it’s – So this is an interesting space to watch, though, and it’s funny how we always joke how those of us who are sort of desktop people and applications people, now we have to get into thinking about security and server virtualization and storage.  And frankly, user authentication and user authorization, identity management, that’s really falling within our sort of bailiwick as well as some of these other things.

So I guess it just makes our job that much more difficult.

Incidentally, in the, in the chat, a couple people are asking about how things like GoToMyPC, LogMeIn, etc.  work with this new Microsoft licensing.  And that was actually something that was brought up in the comments of the article.

So those things work – All these remote access solutions – So first of all, all the stuff we talk about, like you needing SA and VDA, these are only when you’re connecting to remote virtual desktop.  So VDI and stuff like that.  If you’ve got a physical desktop computer, then the Microsoft license – And this is even if you, whether you buy the retail version of Windows, whether it’s Windows Pro.  If you’ve got a physical desktop computer, you are allowed to connect to it remotely for the purposes of working remotely, troubleshooting, etc.

So if I have a laptop, I mean, I can buy a desktop computer, pop it under my desk, and use it as my primary computer via LogMeIn all day long with the regular Microsoft retail pay once license, and buy one –

Gabe Knuth: From where, from wherever you want on whatever device you want.

Brian Madden: Exactly.

Gabe Knuth: Right.  Yeah.

Brian Madden: The key is, though, when you do that, though, that license is locked to that hardware.  So you can’t – You know, the reason people use VDI is because you want to put this in the data center and do different little balancing and turning Windows on and off only when you need it and you’re redirected to a different server over here, and it’s failing over to another site and all that kind of stuff.

So you can’t take that copy of Windows – If you have a copy of Windows that’s licensed and locked to a specific piece of hardware, then you are able to remotely access it via LogMeIn and all those kinds of things.

Yeah, so then I was saying, so then brokering to physical PC via Zen Desktop does not require VDI/SA.  That is a true statement.  And that’s also –

Gabe Knuth: And in that regard, nothing has changed yet.

Brian Madden: Yeah.  And that’s – Right.  That’s how it’s been for the past 10, five or 10 years.  And, and that’s actually what we thought at first that the OnLive was doing.  And I guess –

Gabe Knuth: Oh, right.


Brian Madden: – Know what they’re doing, although they have seen this switchover to using server instead of, instead of client OS.  

Anyway, so I – You know, we’re kind of running up on the end of our hour.  Some of the topics that we might talk about, Jack, I think you should talk about on your show on Thursday.  Like you did an article saying, “Who’s Citrix gonna buy?”

Jack Madden: Yeah, yeah.  And that’s, that brought up some interesting arguments about whether, whether Citrix would want a solution that really does the, the hardcore app wrapping and inspection or a, or a lighter, a lighter, a lighter mobile app store and distribution thing.  And there was some interesting comments, and then one of the vendors responded with a blog post of their own.

So we’ll talk about all that on Thursday.

Brian Madden: Okay, so that’s, that’s on Thursday.  You’ll talk about WatchDocs on Thursday, you’ll talk about I guess your week at MMS.

Jack Madden: The week at MMS and yeah, yeah, the supposed application management that comes from Windows InTune for mobile devices.

Gabe Knuth: I, so when they announced that last year, I emailed a friend of mine that works for the company I used to work at when I had a real job, and asked him – He, he’s like the head security guy there, and I asked him, “What do you think about InTune?”  And he didn’t know what it was.  So I explained to him desktop management from a cloud.  And his only response to me was, “I just threw up in my mouth.”  And so –

Brian Madden: He was a security guy, though, so –

Gabe Knuth: Well, but you know, it’s gotta get past these guys so, you know, before it takes off.  And so I think that that’s the problem I think InTune’s gonna have across the board is, is, is getting buy-in by the security personnel.  So we’ll see how it goes.  I mean, now that they can do all of these things, now that they have the app management and mobile management and that kind of a thing built into them, you know, maybe that makes them a little bit more appealing.

Brian Madden: So the, this guy who’s saying – By the way, back to the chat room, “Just buy a bunch of cheap PCs and stack them in your data center.”  Yes.  

Gabe Knuth: Yeah.

Brian Madden: And, and in fact you can do a VM still, too.  I mean, you are allowed to run – If you – You can buy retail licenses, even, and connect to them remotely, and they can run as a VM.  The only thing is they can never, they have to be tied to specific users and they can never move between servers.  But that’s an argument, I mean, the one – The idea of buying a bunch of cheap PCs and just stacking them in the data center, we talked about that.  I mean, that’s fine.  

Gabe Knuth: Mm-hm.

Brian Madden: Of course, you’ve got the same issues of failure and everything, like if a hard drive fails, then the user loses stuff.  But hey, at least it’s in your data center this time instead of out in the field somewhere.  So yeah, if you just need VDI – Or pardon me.  If you just need remote access and you don’t want to deal with brokers and all that kind of crap, I mean, I don’t know.  It’s – I, I have no problem with buying a stack of $300 Dell PCs –

Gabe Knuth: Right.

Brian Madden: And just stack them in the data center.  Maybe it’s not the most efficient for power and it’s not the most efficient for moving users around, but it works and you don’t need any licenses for it.

Gabe Knuth: Yeah, exactly.

Brian Madden: So events coming up.  I am down – A week from yesterday, I will be in San Diego speaking at TEC, The Experts’ Conference, apparently TEC stands for.  I’m giving the keynote there talking about desktop virtualization and consumerization.

Then the following week, Citrix Synergy is here in San Francisco.  That’s the 9th, 10th, and 11th of May.

Gabe Knuth: Are you speaking there?

Brian Madden: I am.  I did not submit any sessions, which is kind of out of laziness rather than any sort of particular protest this, this time.  But it’s – Their call – Their session, like their call for papers was like in October or something like that.  And I’m like, “Well, shit.  I don’t even know what is gonna exist in October.  I mean, what’s gonna be the hot topic like on people’s minds?”

Gabe Knuth: Yeah.

Brian Madden: But I did get a Geek Week slot.  I think I said I’d talk about VDI something.  I don’t even know.  And Laura actually – I never sent her an abstract, Laura Whalen from Citrix, who sort of like is the cat herder for all of us CTPs.  And she finally gave up asking me.  So I don’t know what’s on the agenda.  So I’m doing something there.  So Gabe, you’ll be out here for that.

Gabe Knuth: Yeah, yeah.  I, I have not, I haven’t been notified of speaking at anything.  But last time in Barcelona I was notified the day before both of my panels that I was on, so who knows.  I will be there, though, one way or another.

Brian Madden: And then we’ve got the following week, May 17, I’m speaking here in San Francisco also on the topic of desktop virtualization.  

And then, then the next day I hop on the plane and we go to London, where we have BriForum, which is taking place 23rd and 24th of May.  Registration is now open for BriForum.  Agenda is posted.  We are working out all of those details, and BriForum – Incidentally, for BriForum in the U.S., taking place in July, our call for papers window is still open.  So we’ve been getting a couple submissions per day for that, and you’ve still got time to get sessions in for another –

Jack Madden: May 25th.

Brian Madden: Yeah, so we got another month for that.  So anyway, I think that’s, that’s all I have.  There’s a whole lot of things that I’m really looking forward to your show, Jack, Consumerization Nation, with Jack Madden and Colin Steele.  The two most brilliant names in the industry.  And, and notice that the most, most brilliant names in the industry, not the most brilliant people in the industry.  So you guys can –

Jack Madden: We’re, we’re working on, on, on that part.

Brian Madden: But yeah, so Jack, I’m looking forward to your show on Thursday.  Rodney Medina, thank you so much for taking the time to, to call in today, and thank you for taking the time out of your evening to join us.

Rodney Medina: No problem.  Thanks for having me.

Brian Madden: And –

Gabe Knuth: And for setting the record straight, so it’s, so we can definitely add Immidio to the list of companies that are not very threatened by UE-V.

Rodney Medina: Well, and now I’ll try to show you on Thursday.  We’ll, we’ll handle that offline, yeah.

Brian Madden: We’ve, we’ve got a date for Thursday, and we’ll see you –

Rodney Medina: Next month in London.

Brian Madden: Next month at BriForum, yeah.  All right.  Well, and Gabe, as always, thank you so much for joining.  Thanks to Paul for coming in.  I hope it’s worth your free lunch.  And to all of you, of course, thank you so much for listening.  From San Francisco, this is Brain Madden of Brian & Gabe LIVE. Thank you so much.

Gabe Knuth: Thanks.

Rodney Medina: Thanks.  Bye bye.


View All Videos

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Interesting conversation, but I have to disagree.  I think AD will stick around for some time yet, but that with Windows RT Microsoft is beginning to say that the concept of a Domain is dead.  AD will remain an identity source, but the idea of a locked down managed group of devices is an anachronism now...