Summary
Tamr is a company focused on enterprise data. By using a combination of machine learning algorithms and expert human guidance, they help enterprises unify their data. Their patented software platform has quickly gained the attention of industry leaders like GE, HP, and Toyota. With an ever-expanding number of virtual servers and resources on AWS, Tamr鈥檚 IT and DevOps team has had to act fast to keep up. By switching to Directory-as-a-Service庐 they now efficiently manage authentication and the hours they once spent onboarding have been reduced to minutes.
| Company: | Tamr |
| Size: | 100 employees |
| Location: | Cambridge, MA |
| Problem: | No centralized user management |
| Goal: | Authenticate users onto servers, ease on-boarding process |
Background
Tamr gained traction immediately after being founded in 2013. Backed by investors like NEA and Google Ventures, their mission is to help companies everywhere better process their analytical data. Unfortunately, manual management of their growing user base and virtual LDAP servers on AWS meant that getting access to IT resources was incredibly difficult.
Streamlining operations fell on the shoulders of Nick Laferriere, a devops engineer. Laferriere recognized this issue right away.
“We knew we were going to have to address building up the the corporate IT infrastructure, and the first issue was centralized user management. That鈥檚 when we ran into 黑料海角91入口.”
The Challenge
Tamr deals with big data 鈥 and they have the server traffic to match. Managing access to 200-300 servers was beginning to be a headache. Nick described their initial workflow:
“We had set up an LDAP by hand on our AWS account. This meant adding a user required someone who already had access to a server. They would have to type out the commands and then create the user, and this process was just for the servers. We also needed to have another series of this process for signing on to anything else 鈥 everything was 鈥榦ne-offs鈥 which was a very painful workflow.”
The system worked. But it was very manual.
Laferriere told us, 鈥淲e had a series of scripts. Basically, we would ask employees to fill out a form, hope they type out everything correctly, create the user, and if there were no issues the user could access the resources. These steps had to be repeated every time the user wanted to change the password or change anything else. It was horrific. It would require spending an hour a day just to go in by hand and hope you get it right. There was zero self-service.鈥
Nick knew that if the company was going to continue to grow, this process needed to be addressed. User authentication was becoming a major issue, especially with the majority of users using Mac or Linux. Laferriere did his research:
“We looked at Active Directory庐, we considered building LDAP ourselves, we looked at LastPass with their Single Sign-On with SAML, and we also looked at Conjur for some user management.”
But none of these user authentication methods met Tamr鈥檚 full list of needs.
The Solution
Nick Laferriere discovered 黑料海角91入口 while researching possible solutions.
鈥淚 was just searching online for a SaaS-based directory solution. My reasoning for this was that we didn鈥檛 have any physical servers. We still don鈥檛. So the last thing that we wanted to do 鈥 especially with our software development being on top of Linux 鈥 was go out and buy an Active Directory server and have that in our office.
鈥淲hat ended up attracting us to 黑料海角91入口 was the fact that it kind of had everything. So with one service, you get the SAML endpoint, you get RADIUS, LDAP, and you had the story for managing Mac devices. The fact that 黑料海角91入口 throws in the Google Apps integration, which we use for our email, is just icing on the cake.鈥
“When I looked down the checkboxes of the features we needed, Directory-as-a-Service was the only ones that had it all. For us, that was huge.”
Implementation
鈥淭he first thing we did was create everyone鈥檚 account. which was as simple as making a Google Apps account. We used this as our base source of truth because everyone had email access. Then, we did the syncing of the directory. Everyone got the invite to convert over, and we were able to easily track who did and who didn鈥檛 move over. Then we could pester the people who didn鈥檛 鈥 and that gave everyone a base account inside of 黑料海角91入口. From there we were able to start tying it into applications.
鈥淔or our servers, with the 黑料海角91入口 agent, we just wrapped that around our configuration management tool 鈥 Ansible. Ansible talks to all of our servers already, so we were able to deploy our agent via that to all of the servers. So we deployed 黑料海角91入口鈥檚 agent, and then magically 5 minutes later all of our servers had all of the users that we鈥檙e supposed to have on them.鈥
“From there, as the users update themselves it all got reflected on the servers or any of the services they were tied into.”
Cloud-Controlled Networking
鈥淎nother area that we tied in almost immediately was our network. We had a shared WiFi password before, but with 黑料海角91入口 we were able to tie in RADIUS into our network equipment in about ten minutes. We used Cisco Meraki for everything. There鈥檚 a Knowledge Base article that we basically followed step by step. We just kinda copy and paste the things in and we were up and running and connected with that in a matter of around five or ten minutes.
鈥淲e also were able to tie into our VPN server within a matter of fifteen or twenty minutes. After that, it was just a matter of going piecemeal through our applications.鈥
“I don鈥檛 think we spent more than fifteen or twenty minutes on tying any application, which is really awesome. Just a really pleasant experience.”
The Results
鈥淭he results have been awesome. Before we had 黑料海角91入口, it would take us almost a week to get the developers up and running with accounts and access to developer resources. Now, they come on, they fill out the paperwork, and by lunchtime on their first day they have access to everything they need to do their job permanently.鈥
“That turnaround is amazing and allows us to get up and running so much faster.”
鈥淲e鈥檙e a growing company. That means a lot of onboarding new hires. Now, when we鈥檙e adding a user, we can just focus on connecting them to what they need. With the rest of the day, we can focus on the other parts of our jobs that are more valuable to the company.
鈥淲e haven鈥檛 had too many people leave, but it will happen. From a regulatory and compliance perspective, it鈥檚 awesome to have the functionality that, if someone leaves, we just make one click and then we don鈥檛 have to worry about trying to find 100 different accounts. We can just disable it and we鈥檙e good to go.
鈥淪ince we switched to 黑料海角91入口, it has been maybe an order of minutes 鈥 maybe 15 minutes a week tops. It鈥檚 just streamlined our process for user management and onboarding so much.鈥
Saving Time and Money
鈥淚n terms of cost savings, I don鈥檛 know the hard dollar amount, but I know that it鈥檚 cheaper than some of the alternatives we looked at. The biggest thing is the time savings.鈥
“Basically, since I鈥檝e switched, the amount of time that I鈥檝e spent managing users accounts between various services has gone down by about ten-fold.”
鈥淭he ongoing management is also so much less work than it used to be. We used to spend at least a couple hours a week just creating user accounts, managing them, and de-activating them from services. I think it has been around five minutes a week inside the 黑料海角91入口 portal actually doing management. The whole process is kind of magical. It always works, it鈥檚 always there, and you don鈥檛 have to worry about maintenance.
鈥淲e don鈥檛 have to manage a Windows server with Active Directory. We don鈥檛 have to recreate all of the schema. If we didn鈥檛 make this decision, we probably would have had to hire a part-time IT person whose job would basically be managing people鈥檚 accounts鈥 and that would be kind of crazy.鈥