We are elated to announce that Scalefusion now offers its users the On-Prem Connector to access an organization’s on-premise resources such as Microsoft Active Directory. IT admins can create secure and encrypted connections between the Scalefusion dashboard and an organization’s on-prem services which are not accessible over the public internet, without the threat of data leakage. The incorporation of this capability makes Scalefusion perfect for even a hybrid-deployment model with partial cloud and on-premise environments.
What is MS Active Directory?
Organizations of every sector rely heavily on technology for both simple and complex processes with an aim to reduce the manual and recurring workload on their teams. The IT teams of every organization are heavily burdened with several such manuals and tedious tasks for which the contemporary world has come up with tools and solutions to automate recurring processes and reduce redundant and time-consuming tasks.
Implementation of Active Directory (AD) in organizations is one of many such methods that help an enterprise’s IT admins to manage permissions better and streamline access to a company’s network resources such as user groups, hardware, applications and more. Cloud-based Microsoft environments rely on Azure AD for centralized control of users, computers and more. Microsoft Active Directory is the on-premise counterpart that stores sensitive employee information and is not accessible over the internet.
What is On-Prem Connector (OPC)?
The adoption of Mobile Device Management (MDM) solutions is a common practice as organizations have realized its importance in streamlining organization-wide management for IT admins. The On-prem Connector is a medium that enables a secure connection between the MDM dashboard and the organization’s on-premise resources such as the Microsoft Active Directory, MS Exchange and more.
What are the pre-requisites to set up the OPC with Scalefusion?
In order to successfully set up the On-prem connector using the Scalefusion dashboard, IT admins must fulfill the following requisites;
- Scalefusion Enterprise License: The IT admins must possess a Scalefusion account with an Enterprise license to leverage the OPC.
- Account type: In order to avail of the on-prem connector, IT admins must have a regular Scalefusion account. This account must neither be a G-suite account nor an Office 365 account.
- Account ownership: To utilize the OPC capabilities and complete the setup, an IT admin must be the owner or co-owner of the account.
- Write access: Any other administrator (Group Admin, Device Admin or in the custom role) who has the ‘write access’, contrary to the ‘read only’ access can also do the setup.
How does an On-Prem Connector work?
For the on-prem connector to successfully connect and share the information between the MDM dashboard and the On-prem connector instance, the connection request needs to be established from the Scalefusion dashboard. This creates an authorized connection to access the on-premise Microsoft Active Directory.
The OPC acts as a mediator between the Scalefusion dashboard and the on-premise resource to relay the necessary information back and forth. Furthermore, the data being transferred stays completely secure and encrypted with session keys which ensures that sensitive information is not leaked.
The communication between Scalefusion and the on-prem connector takes place in two ways; either via reverse proxy or directly.
i) Via reverse proxy: The Web Server / Reverse Proxy must have a valid public DNS name with a valid TLS/SSL certificate issued by a publicly trusted Certificate Authority. The diagram below explains this scheme.
- One of the Scalefusion dashboard servers initiates a secured HTTPS connection over port 443 to the on-prem URL.
- The request is then received by the on-premise web server/reverse proxy
- The on-premise web server/reverse proxy passes on the request using a regular HTTP connection over port 28767 to the machine that hosts the on-prem connector.
- The on-prem connector uses the LDAP connection over port 389 (configurable) to the MS Active Directory.
ii) Direct connection with OPC: The machine hosting On-Prem Connector must have a static public IP address or public DNS name. The diagram below explains this scheme.
- One of the Scalefusion dashboard servers initiates a regular HTTP connection over port 28767 to the machine that hosts the on-prem connector.
- The on-prem connector uses the LDAP connection over port 389 (configurable) to the MS Active Directory.
What is the purpose of OPC with Scalefusion?
While it is clear that the On-Prem Connector enables a simplified way to securely connect with an organization’s on-premise Active Directory, let’s look at some of the applications that can be achieved with this connectivity.
1. Import Users and User Groups over Scalefusion
With the On-Prem connector setup, IT Admins can import AD users/User Groups on Scalefusion Dashboard and enroll them to Scalefusion. The administrators simply require a Scalefusion account with Enterprise License and the OPC configuration and set up done.
2. Set up AD-based access to Scalefusion dashboard
With the On-Prem connector setup, IT Admins can set up AD-based access to Scalefusion Dashboard which means the admins can sign in to Scalefusion Dashboard with AD credentials. For this, they need to choose AD (setup with OPC) as the sign-in provider. However, IT admins are required to fulfill the following pre-requisites to achieve AD-based dashboard access.
- Scalefusion Account with Enterprise License
- OPC Configuration and Integration with Scalefusion Dashboard is done
- The user(s) to be migrated should be existing in Active Directory
3. Enroll AD-users on Scalefusion:
Once users/groups are imported their devices can be enrolled as BYOD on all platforms, viz. Android, Windows, iOS and Mac.
Closing lines
On-Prem Connector is the ideal way to access on-premise resources that hold sensitive business and employee information in an encrypted manner. Get started with the On-Prem Connector (OPC) for Scalefusion. To know more about the configuration and OPC set up please refer to our help doc.
