Domainless

 The organisation of networks in IT has been based around domains for the last 30 years. Before then we had informal, ad-hoc networking. In the Microsoft world this was primarily Windows PCs and workgroups. In Unix you had NIS. However, with Microsoft’s domain logins the IT department put a metaphorical barbed wire fence around devices and users.

Microsoft’s dominance of enterprise computing means the domain is the central container and security boundary of the modern enterprise IT environment. Domain names have evolved over time.

It all started with NetBIOS. The BIOS is the firmware that starts your PC. Its moved on a bit from the first PC, now it’s UEFI. Back in the 1980s you had the Basic Input Output System. It provided the controls for disks, keyboard, and screens. Just to get it all started before the computer loaded the operating system. Once someone started to connect a network to the PC then we got NetBIOS. A non-routable basic system for connecting machines. NetBIOS allowed you to register names for things. You could call your computer “HOME-PC”. That’s how other devices on your network would see it.

With the arrival of Windows, we got “workgroups”. A network name for computers running windows to group together. However, each Windows PC was on its own. Each user who logged in had a login for that machine. As networking became mainstream the domain was conceived to add machines and users to a centralised secure directory. The CORP domain might have a PC on it called PC1. This was expressed as CORP\PC1. If a user called “Pete” wanted to login to a Windows machine on CORP then he would be CORP\PETE.

This was a domain login. Machines, users, printers and anything else that needed to access resources of the network, joined the domain.

This was the case when Windows NT came to market and continued until Windows 2000. With Windows 2000 the domain\user (or domain\machine) login continued. However Active Directory brought a new style of domain. This was user@corp.local. The “@” symbol, primarily used for email, now denoted a form of notation of something at a place. For users this was the User Principal Name. All of this was a more sophisticated and more secure directory. Still a domain. Still fenced off from outside.

In 2022 we are still there. However, the mobile devices we have today, using a computer at home and for education or work, and less formal computing requirements are leading us to a domainless world. Employees may only need access to web based applications. They may only need to access one mobile application. The idea of them having a device that has joined the domain or an identity that needs to login to the domain is now disappearing.

Microsoft’s Azure Active Directory and other directory services are now offering meaningful accounts that are temporary and provide granular access to specific resources. Azure Role based Access Accounts. These are secured by cloud access models that are much more flexible and automated.

The old domain model is evolving, and this is the biggest change since centralised logins with Windows NT.




Comments

Popular posts from this blog

Powershell Symlink to Onedrive

Messages

Being progressive rather than universal