• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
AWS Webcast - Active Directory on AWS
 

AWS Webcast - Active Directory on AWS

on

  • 1,113 views

Microsoft Active Directory is the foundation for distributed networks built on Windows Server. Learn how our new Active Directory Reference Implementation Guide can help you deploy highly available AD ...

Microsoft Active Directory is the foundation for distributed networks built on Windows Server. Learn how our new Active Directory Reference Implementation Guide can help you deploy highly available AD Domain Services on AWS in about an hour.

Included will be an overview of the reference architecture, implementation guide, and Cloud Formation templates, which automate much of the process. Two scenarios are covered: one fully cloud-based and one hybrid, using AWS Direct Connect to extend an existing on-premises AD solution into the AWS Cloud.

Statistics

Views

Total Views
1,113
Views on SlideShare
1,091
Embed Views
22

Actions

Likes
6
Downloads
35
Comments
0

1 Embed 22

https://twitter.com 22

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    AWS Webcast - Active Directory on AWS AWS Webcast - Active Directory on AWS Presentation Transcript

    • Implementing Active Directory in the AWS Cloud AWS Whitepaper by Mike Pfeiffer 1
    • Introduction This reference implementation guide includes architectural considerations and configuration steps for implementing highly available Active Directory Domain Services (AD DS) in the Amazon Web Services (AWS) cloud. We’ll discuss best practices for launching the necessary AWS services, such as Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Virtual Private Cloud (Amazon VPC), in two scenarios: • An AWS cloud-based deployment • The extension of an on-premises solution to the AWS cloud We also provide links to automated AWS CloudFormation templates that you can leverage for your implementation or launch directly into your AWS account. This presentation gives an overview of the process to create the example solution. It does not outline each step. For the detailed overview, please consult the whitepaper available here: https://aws.amazon.com/microsoft/whitepapers/#ad 2
    • Before You Get Started This is an advanced topic. If you are new to AWS, see the Getting Started section of the AWS documentation. You should also be familiar with the following topics: • Amazon EC2 • Amazon VPC • AWS CloudFormation • Windows Server 2012 or 2008 R2 • Windows Server Active Directory and DNS 3
    • Microsoft Platform on AWS • Partnership to support running Windows Server-based workloads on AWS • Amazon Machine Images (AMIs) with Windows Server and SQL Server today that were jointly developed by Microsoft and AWS • SharePoint Server and other Microsoft server products can be licensed to run on AWS Two licensing models: •Windows Server •SQL Server Standard Pay-as-you-go – AMI pricing includes software •SQL Server Enterprise •SharePoint Server •Other qualifying Microsoft Windows Server products* BYOL – use existing licenses on AWS *General info on AWS and License Mobility for a variety of MS server products: http://aws.amazon.com/windows/mslicensemobility/ Detail on AWS and License Mobility with SQL Server: http://aws.amazon.com/windows/mslicensemobility/sql/ Microsoft “License Mobility through Software Assurance” gives Microsoft Volume Licensing customers the flexibility to deploy Windows Server applications with active Software Assurance (SA) on Amazon Web Services. 4
    • What We’ll Cover AD Architecture Considerations Sample Deployment Scenario #1 Deploy Active Directory Domain Services in the AWS Cloud Considerations for Extending Existing AD Domain Services into the AWS Cloud Sample Deployment Scenario #2 Extend on-premises Active Directory Domain Services to the AWS Cloud 5
    • AD Architecture Considerations Sample Deployment Scenario #1 Deploy Active Directory Domain Services in the AWS Cloud Considerations for Extending Existing AD Domain Services into the AWS Cloud Sample Deployment Scenario #2 Extend on-premises Active Directory Domain Services to the AWS Cloud 6
    • Architecture Considerations Virtual Private Cloud • Amazon VPC lets you provision a private, isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. • You can define a virtual network topology closely resembling a traditional network that you might operate on your own premises. • You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
    • Architecture Considerations Active Directory Design • Site Topology • Highly Available Directory Domain Services • Read-Only and Writeable Domain Controllers
    • Architecture Considerations Instance Configuration • Active Directory DNS and DHCP inside the Amazon VPC • DNS Settings on Windows Server Instances • Security Group Ingress Traffic • Setting up Secure Administrative Access Using Remote Desktop Gateway
    • AD Architecture Considerations Sample Deployment Scenario #1 Deploy Active Directory Domain Services in the AWS Cloud Considerations for Extending Existing AD Domain Services into the AWS Cloud Sample Deployment Scenario #2 Extend on-premises Active Directory Domain Services to the AWS Cloud 10
    • Sample Deployment Scenario #1 Automated Deployment The AWS CloudFormation template performs these actions to deploy the architecture shown. • Set up the Amazon VPC, including subnets in two Availability Zones. • Configure private and public routes. • Launch Windows Server 2012 Amazon Machine Images (AMIs) and set up and configure AD DS and AD integrated DNS. • Create empty private subnets in each Availability Zone into which you can deploy additional servers. • Configure security groups and rules for traffic between application tiers. • Set up and configure AD Sites and Subnets. • Enable ingress traffic into the Amazon VPC for administrative access to Remote Desktop Gateway and NAT instances. LaunchStack 11
    • Template Customization • Sample Template 1 allows for customization of 26 defined parameters • You can modify these or use them as a guide for creating your own set of parameters
    • AD Architecture Considerations Sample Deployment Scenario #1 Deploy Active Directory Domain Services in the AWS Cloud Considerations for Extending Existing AD Domain Services into the AWS Cloud Sample Deployment Scenario #2 Extend on-premises Active Directory Domain Services to the AWS Cloud 13
    • Considerations for Extending AD DS into AWS IPSec Tunnels over the Internet AWS Direct Connect Two ways to extend an on-premises network to the Amazon VPC
    • Considerations for Extending AD DS into AWS • It isn’t required, but recommended to add an additional DC within the cloud for resources in AWS that need access to your AD DS. • This reduces network latency and also provides availability in the event of an outage on premises Deploy Additional Domain Controllers
    • Considerations for Extending AD DS into AWS Initial DNS Configuration • Manually assign DNS server settings on the Windows instances. This static DNS setting would initially point to the on-premises Active Directory DNS server. After promoting the instance to a Domain Controller, you could modify the setting to use a cloud based Active Directory DNS server IP address to prevent subsequent DNS queries from traversing the link back to the on- premises environment. • Initially configure the Amazon VPC DHCP Option Set to assign your on- premises Active Directory DNS server IP address to your instances launched into the Amazon VPC. After the Windows instances have been joined to the domain and promoted to Domain Controllers, you can create a new DHCP option set to assign the IP address of the Active Directory DNS server instances running in AWS.
    • AD Architecture Considerations Sample Deployment Scenario #1 Deploy Active Directory Domain Services in the AWS Cloud Considerations for Extending Existing AD Domain Services into the AWS Cloud Sample Deployment Scenario #2 Extend on-premises Active Directory Domain Services to the AWS Cloud 17
    • Sample Deployment Scenario #2 Partially Automated Deployment The AWS CloudFormation template performs these actions to deploy the architecture shown. You will need to create the virtual private gateway and VPN connection manually. • Set up the Amazon VPC, including subnets in two Availability Zones. • Configure private and public routes. • Launch Windows Server 2012 Amazon Machine Images (AMIs). • Create empty private subnets in each Availability Zone into which you can deploy additional servers. • Configure security groups and rules for traffic between application tiers. • Set up and configure AD Sites and Subnets. • Enable ingress traffic into the Amazon VPC for administrative access to Remote Desktop Gateway and NAT instances. LaunchStack
    • Template Customization • Sample Template 2 allows for customization of 20 defined parameters • These can be modified or extended just like Template 1
    • More Reference Architectures from AWS • Remote Desktop Gateway: – Reference Architecture Whitepaper – Advanced Implementation Guide and CloudFormation templates • SharePoint Server: – Reference Architecture Whitepaper – Advanced Implementation Guide and CloudFormation templates • SQL Server: – “Implementing Microsoft Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud” • Microsoft Exchange: – “Microsoft Exchange Server 2010 in the AWS Cloud: Planning and Implementation Guide” These and more can be found at http://aws.amazon.com/microsoft/whitepapers/ 20
    • Additional Resources Web Pages Microsoft on AWS http://aws.amazon.com/microsoft/ Windows on AWS (includes pricing) http://aws.amazon.com/windows/ Reference Deployment Quickstart http://aws.amazon.com/quickstart/ AWS Windows and .NET Developer Center (with sdk) http://aws.amazon.com/net/ Amazon EC2 Windows Guide http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ Scenarios for Amazon VPC http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scen arios.html Microsoft Licensing http://aws.amazon.com/windows/mslicensemobility/ Covers Exchange, SharePoint, SQL, Lync, SCOM, and Dynamics. See page for specific details, including which versions are covered. Whitepapers Secure Microsoft Applications on AWS Relational Database Management Systems in the Cloud: Microsoft SQL Server 2008 R2 Amazon’s Corporate IT Deploys SharePoint 2010 to the AWS Cloud Remote Desktop Gateway Reference Architecture Contact Us https://aws.amazon.com/microsoft/contact-us/ If you have either business or technical questions about running Microsoft software on AWS, please don’t hesitate to contact us. 21
    • Join us and learn about the AWS platform, new services and how to get started. Register for a Summit near you. aws.amazon.com/aws-summit-2014/ New York | July 10 Register now Tokyo | July 17-18 Register now Brisbane | August 5 Registration coming soon Melbourne | August 12 Registration coming soon Perth | August 20 Registration coming soon Beijing | September 4 Registration coming soon Tel Aviv | September 17 Registration coming soon
    • http://reinvent.awsevents.com
    • Implementing Active Directory in the AWS Cloud Thank You 24