Avanpost Directory Services (Avanpost DS)

2023

Avanpost Directory Service 1.1

On November 16, 2023, the company Avanpost announced the release of an updated version of the Avanpost Directory Service 1.1. The added functionality of the solution combines a role model with a granular assignment of access rights integration and with -. DNSserver

Microsoft Active Directory For a long time, it was the only directory service provider to the domestic market, providing centralized management of users and resources and simplifying the process authentications authorizations and users on the network. Due to sanctions and withdrawal Microsoft from all products of Russia the company, including operating system Windows the Active domains Directory service, became inaccessible to Russian organizations.

At the beginning of 2023, Avanpost offered the market an up-to-date product for import substitution - a full-fledged domestic replacement of the unified Avanpost Directory Service.

Avanpost Directory Service (Avanpost DS) addresses the challenges of identifying and authenticating users in organizations by managing accounts, security policies, and user access rights to resources.

Avanpost Directory Service is the first directory service of its own design, without using Open source solutions, which guarantees high product performance, the ability to optimize and scale the functional modules of the catalog, as well as use in cloud technologies.

The Avanpost DS is based on a highly productive, proprietary LDAP directory, which is a centralized repository of user and resource information, as well as the Kerberos key distribution center, which provides end-to-end authentication in the domain.

The additional functionality implemented in Avanpost DS 1.1 offers network administrators advanced access control and infrastructure management capabilities for the catalog service of modern organizations with a large number of workplaces.

A role model with granular assignment of permissions at the attribute level was developed in Avanpost DS 1.1 for flexible delegation of authority to individual sections of the catalog. This feature enables you to implement the most complex departmental delegation scenarios for directory service objects. For example, a limited set of access rights can be granted to technical support employees or regional administrators.

This granular control system makes access control more efficient, reducing regulatory complexity while ensuring optimal availability and disaster tolerance of catalog data and authentication services in geodistributed infrastructures.

The ability to integrate flexibly with infrastructure services is another key feature of Avanpost DS, which made it possible to integrate with the high-performance Power DNS server in terms of storing zone data, for which Avanpost DS acts as an LDAP backend. The directory service and the domain name system are as closely connected as possible - so much so that Active Directory services cannot function without a stable DNS configuration.

Avanpost DS 1.1 now stores zone data in the directory and supports secure dynamic updating of DNS records. As a result, the servers are equal and the transmitted information is up-to-date.

We have been developing the Avanpost DS service for more than three years and, having released the LDAP catalog in September, we continue to improve our product. Our goal is to provide the market with a high-performance, scalable solution. The new functionality of Avanpost DS 1.1 is designed to help our customers solve a number of important problems in terms of high availability and disaster tolerance of catalog data, which is especially important for large distributed infrastructures designed for tens of thousands of jobs, - said Dmitry Zakoryuchkin, owner of the Avanpost DS product.

Starting the Avanpost DS Single Directory Service

On August 16, 2023, Outpost announced the launch of the Avanpost DS unified catalog service.

According to the company, the Avanpost DS catalog service is a solution for centralized user management, authentication and authorization in Linux infrastructures with the ability to hierarchically represent objects.

Avanpost DS Single Directory Service

Avanpost DS is a standalone development. LDAP and Kerberos protocols, domain topology building and replication - all the main functions are developed by Outpost independently in the Go language. On the one hand, this makes the implementation fully manageable, on the other hand, it provides optimal performance, the ability to optimize and scale the functional modules of the catalog, as well as use in cloud technologies.

The target audience of the product, first of all, are large enterprises, state companies and institutions - structures. They tend to have a large, often distributed IT infrastructure for tens and hundreds of thousands of jobs, which has specific scalability and performance requirements that free directory services cannot provide. For this reason, the use of open solutions, such as FreeIPA, or products based on them, in such organizations remains a big question.

In 2020, the company began developing its directory service (Avanpost DS) in response to a request from the Russian market for import substitution of infrastructure services. At the end of 2022, the first version of the product was released. This made it possible to conduct a number of pilot projects for large customers in the first half of 2023. The potential volume of future projects covers about 1 million jobs.

The roots of the development of Directory Service class systems go back to the 1980s. It began with the development of the X.500 standard, which was a distributed directory service developed, International Telecommunications Union (ITU-T) as well as the creation of the LDAP protocol, which was widespread. In 1999 Microsoft , she released her implementation of the directory service called. Active Directory It became the basis for organizing resources and user accounts in the family's networks Windows and quickly became the standard, including for Russian enterprises. In the structure of Global Identity and Access Management Market, the Directory Service segment for August 2023 occupies about 11%, while Microsoft AD is essentially a monopoly in this segment.

As of August 2023, as part of the import substitution trend in Russia, a favorable situation is developing for domestic manufacturers, which allows them to bring to the market a competitive replacement for Microsoft AD. The Avanpost DS directory service solves the tasks of centralized authentication and authorization, management of users and computers in a hierarchical structure, while ensuring optimal availability and Disaster tolerance of directory data and authentication services in geodistributed infrastructures.

Avanpost DS is based on a high-performance LDAP directory of its own design, which is a centralized directory storage information about users and resources, as well as domain a Kerberos key distribution center that provides end-to-end authentication in. For tasks such as workstation configuration management, name resolution, time synchronization, Avanpost DS provides integration with external systems for which the solution acts as an LDAP backend. For example, for DNS servers Avanpost, the DS can store zone data in the directory and support secure dynamic updates, and for the configuration management system act as a "group policy selector" by mapping stored configurations to the desired computers. The flexibility of integration with infrastructure services is a feature of Avanpost Directory Service. This allows, for example, to use a more efficient Power DNS as a DNS server instead of the usually used Bind, and also to choose the configuration management system that is most suitable for a specific infrastructure.

Moreover, Avanpost DS will allow smooth migration with Microsoft AD, without interrupting service during the transition period. During the coexistence period, it will be possible to access resources in the Avanpost DS domain from workstations Windows, as well as access to non-migrated resources from workstations running any domestic Linux distributions.