Like so many areas of information technology, identity and access management can reap significant benefits by taking advantage of cloud computing – and Harvard University Information Technology’s Identity and Access Management (IAM) program isn’t hesitating to make the most of the new technology. The program is currently in the midst of migrating two key identity databases – known as HU-LDAP and AuthLDAP – to the Amazon Web Services cloud, with deployment slated for the end of IAM’s third program planning increment on June 3.

"Moving our LDAP databases to the cloud represents both more availability and more security," says Magnus Bjorkman, director of IAM engineering. "What’s more, this improved performance goes hand-in-hand with a significant cost savings over maintaining on-premise infrastructure."

The two LDAP (or Lightweight Directory Access Protocol) databases are hierarchical collections of user identity attributes tuned to accommodate extremely fast searches and high throughput — to the order of 100,000 searches per second — in their critical role as user attribute authorities. As identity hubs, HU-LDAP and AuthLDAP allow applications to obtain contact and profile data that are then used for authorizing users, populating forms, and other high-volume, high-value actions. Users listed in the University's LDAP directories span the entire Harvard Community, and with more than 100 attributes about users potentially available to linked applications, they represent a crucial part of how user identity and access is managed at Harvard.

Moving these databases to a secure, higher-performing cloud platform improves ease of access for the applications that rely on this heavily used data source to authenticate and provide services to Harvard users. Combining HU-LDAP and AuthLDAP into one cloud-based database that performs both authentication and attribute release tasks also opens the door to more use cases, including the ability to serve information on user groups — a move that substantially boosts the flexibility of how applications can utilize user data. Through decommissioning legacy physical servers in Harvard’s data center environment, overall costs for database operation and maintenance are significantly reduced while also improving performance and reliability. Additionally, moving HU-LDP and AuthLDAP to the cloud will enable them to bridge more easily to third-party vendor products, an important factor in today’s modern “as-a-service” methodologies.

"This more flexible database is able to serve more use cases for members of the Harvard Community, helping us address our current needs and anticipate future requirements," says Bjorkman. "Combined with the increased reliability and the overall cost savings, migrating this part of Harvard’s identity ecosystem to the cloud is an overall win."