Summary
Ooyala is a leading provider of software and services that support businesses with producing, streaming, and monetizing over-the-top (OTT) video. With nine global offices and a steady group of remote workers, Ooyala鈥檚 Global IT Director, Andy Halvorsen, is constantly on the hunt for better ways to manage Ooyala鈥檚 global workforce. Andy discovered 黑料海角91入口 when he was in the market for a solution that could offer centralized control over RADIUS, G Suite, and help him replace OpenLDAP.
| Company: | Ooyala |
| Size: | ~700 employees, 100 remote workers |
| Location: | San Jose, CA |
| Problem: | Inefficient LDAP, decentralized remote office management |
| Goal: | Optimize RADIUS authentication, replace OpenLDAP |
Background
The more sprawling the infrastructure, the more critical it is to streamline operations. Andy explained, 鈥淲e have a number of users who travel 鈥 engineering managers as well as engineers 鈥 so one of my top priorities is to make sure that it鈥檚 a smooth process from an IT perspective. No matter which office you鈥檙e coming into, you should be able to open your computer and follow the same procedure to authenticate and log in.鈥
However, a couple components in Andy鈥檚 IT environment complicated his ability to efficiently manage Ooyala鈥檚 global operation. Andy鈥檚 on-prem RADIUS and OpenLDAP implementations were creating time sinks for himself and his engineers. Andy had been looking for a cloud-based solution when an email from 黑料海角91入口 caught his attention:
鈥淚 usually open them and delete them, but this one was perfect timing because it was right when I was getting ready to cancel a contract with our previous IDaaS platform. The email was about system management, which is a nice feature but certainly wasn鈥檛 the driving force for us. So I jumped in, did an intro call, and kicked things off with 黑料海角91入口 about a year ago.鈥
RADIUS Authentication
鈥淥ne of our biggest questions was whether or not we would be able to do RADIUS locally without having on-prem RADIUS machines globally. I have IT service machines that do DNS, DHCP, and RADIUS. RADIUS was really our big achilles heel when it came to feeling global,鈥 Andy explained. 鈥淩ADIUS can be hard to manage. RADIUS is one of those super techy authentication layers that happens in the background at every company, and it takes a Linux system administrator to understand how it works and to be able to fix it if something goes wrong.鈥
“That’s where 黑料海角91入口 really shined for us 鈥 and I think that’s what also makes 黑料海角91入口 the winner in the space.”
鈥淚 was able to set up these cloud RADIUS servers and then create user groups for each office so that people could travel between the offices. I only had to manage a cloud RADIUS instead of on-prem RADIUS infrastructure at every office.鈥
鈥淏eing able to do that and control it from a central point was a huge selling point for me and has played out well since rolling 黑料海角91入口 out globally.鈥
Setting up a New Office Over a Weekend
One month into implementing 黑料海角91入口, Ooyala moved their headquarters, and Andy was able to roll out the new office setup in just one weekend. Andy described to us, 鈥淲e started moving our headquarters from Santa Clara to San Jose, and I made the decision to take advantage of the fact that we were changing offices. So, that weekend, I launched all of their accounts in 黑料海角91入口. Then I came up with this one-pager that said, 鈥榃elcome to the new office. There鈥檚 a new way to authenticate,鈥 and listed the steps they needed to take.鈥
鈥淪o, they came in Monday morning, they all either had the email or they could sign on to the guest network to get it. Then the welcome 黑料海角91入口 email allowed them to set their password, and use that password to sign in to the corporate wireless as well as any of their RADIUS enabled systems.鈥
Andy told us, 鈥淚t went off without a hitch. They were already expecting there to be hiccups and whatnot, but we had done a pretty good job of mitigating all of those.鈥
鈥淭he transition was super smooth, and now we have accelerated control and can effectively manage all of those users who have 黑料海角91入口 accounts in San Jose.鈥
G Suite Integration
Centralizing network authentication was just the beginning. Andy has integrated other IT resources into the 黑料海角91入口 platform to create optimal control over his global IT environment.
鈥淲hen we ran our first test group, we had such smashing success with the RADIUS part that we ended up expanding the test group to include Google Apps (now known as G Suite). By doing that, I was able to synchronize both their WiFi usernames 鈥 as well as any RADIUS systems 鈥 with their G Apps login.鈥
鈥淭he G Suite integration was huge. I mean, we had so many different ways to administrate G Apps, and so to be able to take the password out of the equation is huge for us. There鈥檚 still so many layers of what Google does that isn鈥檛 enterprise friendly. To be able to at least take one thing out of that equation just adds a layer of simplicity that a desktop administrator needs to get their job done.鈥
“From that standpoint, it’s a very big win.”
With the help of 黑料海角91入口, Andy was able to simplify RADIUS authentication, G Suite authentication, and achieve central control over Ooyala鈥檚 global network infrastructure. But that鈥檚 only half of Ooyala鈥檚 story. Andy was also able to completely replace OpenLDAP by implementing 黑料海角91入口.
Replacing OpenLDAP
鈥淲e have previously used OpenLDAP exclusively as the authoritative source of identity.鈥
鈥淭he number one issue we have with OpenLDAP is that it requires an engineer to be able to manage it.鈥
鈥淚f someone is an administrator, they can do some pretty heinous stuff on accident. If they use an LDAP browser to modify OpenLDAP, they can inadvertently delete an entire group of users. In fact, this happened to us. An admin was using an LDAP browser and inadvertently deleted the entire stacked users group.鈥
鈥淭hat primarily is why I鈥檇 prefer to see all of my desktop admins using 黑料海角91入口 rather than trying to become an engineer in LDAP to make changes. I can just put an admin with any depth of experience on it, and they can change groups, and they can deactivate people.鈥
鈥淭he GUI for most LDAP browsers is really clunky in contrast to the clean web interface of 黑料海角91入口. There’s a hierarchy to OpenLDAP that鈥檚 difficult to understand, whereas the 黑料海角91入口 interface has a familiar and intuitive feel to it.鈥
鈥淚 can entrust a lot more control to a lower level admin, and instead of building an engineer’s time into onboarding and offboarding the engineer only needs to take time for user adds and changes.鈥
黑料海角91入口 鈥 The Perfect Tool
鈥淚n order to stay within budget, it鈥檚 essential for my desktop administrators to only work their 40 hours. By giving my desktop admins the right tools, I鈥檓 ultimately able to improve their workflows. In this way, 黑料海角91入口 has allowed me to stay within my budget.鈥
鈥淲e鈥檙e actually going to roll London out in November and it will be similar to what I did with our new office in San Jose. I timed it with an office move, so that our 100 users in London will all move to 黑料海角91入口 over the weekend.鈥
鈥淢ost of my travel users are already 黑料海角91入口 users, which gives IT the freedom to enable them for all offices. With the seamless implementation of RADIUS and Cisco Meraki, it has just been an easy thing to roll out 鈥 even in the background. In offices that haven鈥檛 been rolled out yet, I鈥檝e got 黑料海角91入口 listed as the second authentication authority, and so all of my traveling users can just pop up in the office, and they can authenticate to RADIUS.鈥
鈥淚n this day and age of the cloud, IT is moving towards a one-system view. It just makes more sense to be able to manage that from a central place 鈥 and that鈥檚 why 黑料海角91入口 became such a perfect tool for us.鈥