About Telus:

Telus is one of Canada’s largest communications companies, leading in the market of wireless, wireline and fiber products. With over 106,000 employees and an annual revenue of CA$20bn it is a major player in the tech sector in Canada. Kai worked closely with the Telus Internet of Things team during his time at Quartech Services Ltd between 2019 and 2025.

The Problem

Twelve Telus developers working on an Internet-of-Things (IoT) project had a development environment which was hosted in VMware vSphere 7 with around 12 Ubuntu virtual machines and 4 Windows machines. Each machine had a set of local accounts for each developer who needed access and different developers had different levels of access, additionally each account on each VM had its password rotated every 90 days. Naturally, this became cumbersome to manage, developers often needed their passwords reset and on-boarding/off-boarding developers for the project was a complex matter.

The Solution

It was evident that the team required a single identity solution which would allow them to use the same user accounts across multiple servers, however this posed an additional challenge as this was a mixed Windows and Linux environment and a standard Active Directory and Windows domain-join setup alone would not do.

Therefore, Kai utilized Kerberos realm configuration using sssd on the Ubuntu VM’s with an automated script to configure VM’s to join the realm. This allowed the developers to authenticate to the Linux VM’s using their AD credentials, whilst also using AD to enforce access control through group membership and require password rotation. Additionally, a self-service password reset page was configured, allowing developers with expired AD passwords to set new passwords without administrator intervention.

The Result

The efficiency of the developers was improved as they no longer had to keep track of many different passwords with different rotation schedules and they no longer needed admin assistance in the occurrence of expired credentials. This solution was utilized for five years until the project was migrated into Amazon Web Services.