SlideShare a Scribd company logo

AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016

Download as PPTX, PDF
Amazon Web Services
Amazon Web Services

This session discusses Amazon Directory Service and enterprise integration with Active Directory. We also cover a number of common scenarios, including on-premises federation to the AWS console and single-sign on (SSO) between on-premises and AWS applications.

Technology
1 of 25
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Michael Cotton, Senior Solutions Architect Todd Gagorik, Senior Manager June 20, 2016 AWS Directory Service and Hybrid Strategy
What you will take away from this session Understand your federation options Get it right at scale Plan your approach Tooling to get started (C) Copyright David Precious and licensed for reuse under the Creative Commons Attribution 2.0 Generic (C) Copyright GeographBot Wallace and licensed for reuse under the Creative Commons Attribution- ShareAlike 2.0 License (C) Copyright BigMac and licensed for reuse under the Creative Commons Attribution 3.0 License License: Creative Commons Public Domain Universal 1.0
Session prerequisites • To get the most out of this session, you should be comfortable with several building blocks: AWS Identity & Access Management (IAM) Roles Policies AWS STS Long-lived credentials Temporary credentials
IAM federation: A progression of options Cross- account trust AWS Directory Service Security Assertion Markup Language (SAML) Custom identity broker Involvement Control Session focus
Active Directory options—Simple AD • Microsoft Active Directory–compatible directory powered by Samba 4 and supports common AD features • User accounts, group memberships, domain-joining Amazon EC2 instances running Linux and Microsoft Windows, Kerberos-based single sign-on (SSO), and group policies. • User accounts can also access AWS applications • Amazon WorkSpaces, Amazon WorkDocs, or Amazon WorkMail. • Also can use IAM roles to access the AWS Management Console and manage AWS resources. • Also, provides daily automated snapshots to enable point-in-time recovery. • Note: does not support trust relationships between Simple AD and other Active Directory. You cannot perform schema extensions, multi-factor authentication, communication over LDAPS, PowerShell AD cmdlets, and the transfer of FSMO roles. • When to use • Simple AD is the least expensive option and your best choice if you have 5,000 or less users and don’t need the more advanced Microsoft Active Directory features.
Active Directory Options—Microsoft AD • AWS Directory Service for Microsoft Active Directory (Enterprise Edition) • A managed Microsoft Active Directory • Provides much of the functionality offered by Microsoft Active Directory plus integration with AWS applications. • Easily set up trust relationships with your existing Active Directory domains • Note: • You cannot perform schema extensions, multifactor authentication, PowerShell AD cmdlets, or the transfer of FSMO roles. • When to use • Microsoft AD is your best choice if you have more than 5,000 users and need a trust relationship set up between an AWS hosted directory and your on-premises directories.
Active Directory Options—AD Connector • Proxy service for connecting your on-premises Microsoft AD to AWS • Forwards sign-in requests to your AD domain controllers for AuthN • Provides the ability for applications to query your AD directory for data. • Your users can use their existing corporate credentials to log on to AWS applications, • WorkSpaces, WorkDocs, or WorkMail and AWS Management Console • You can also use AD Connector to enable multi-factor authentication by integrating with your existing RADIUS-based MFA infrastructure • Continue to manage your Active Directory as usual and enforce your existing security policies When to use AD Connector is your best choice when you want to use your existing on-premises directory with AWS services.
Federation with Security Assertion Markup Language (SAML)
Why should I use federation? Before: After: Result: Unique credentials Long-lived keys One-off Users Security Compliance Short-term tokens Naturally alignedSingle sign-on
Quick SAML primer Identity provider Service provider Metadata (in advance) Assertion (login flow)
Basic AWS federation with SAML • Known science, assuming: • Few AWS accounts • AWS Management Console access • AWS CLI access • Well-documented: • Whitepapers • Blogs • Documentation (C) Copyright Diliff and licensed for reuse under the Creative Commons Attribution 3.0 License
AWS federation with SAML Many AWS accounts? Lots of IAM roles? Multiple access vectors? Resource-level permissions? AWS CloudTrail impacts? Lots of users? Dive deep = Get it right
AWS federation with SAML—planning Choose your SAML provider • Active Directory Federation Services (ADFS) • OKTA • PingFederate • Shibboleth • Optimal IDM • Etc… Understand point of AuthN and AuthZ Plan role naming standards (assumeRoleWithSAML) Do you have multiple AWS accounts? For this demo we are using: • ADFS • Active Directory
Federation with AWS—high-level steps Configure your network as a SAML provider for AWS Create a SAML provider in IAM Configure roles in AWS for your federate users Create groups in your AD name match to IAM roles Configure your SAML IdP and create assertions for the SAML authentication response Posted to: https://signin.aws.amazon.com/saml<SAML_AuthN_response>
A walkthrough of the configuration
Flow for SAML-enabled single sign-on
Demo • AWS console federation w/SAML • User name and password • Certificate • AWS CLI federation w/SAML • User name and password • What does a SAML token look like? • AWS Management Console federation with AD • User name and password
Smooth user experience • Federation shouldn’t limit access vectors • Don’t create a “low-to-high” exposure in the back end AWS federation with SAML Key takeaways AWS SDKs AWS CLI
Under the hood • Naming conventions are critical • Configurations should rely on patterns, not values • Think about traceability now AWS federation with SAML who/what/when Key takeaways IdP configurations AWS CloudTrail samples
Your own journey: Rationalizing the decision- making process
Rationalizing the decision-making process • Existing federation investments? • Federation needs beyond AWS? • Desired level of control vs. involvement? • Competency and bandwidth for application development? (C) Copyright Marco Bellucci and licensed for reuse under the Creative Commons Attribution 2.0 Generic
Remember the principles of cloud architecture • Don’t overanalyze—experiment and iterate • Federation options are not mutually exclusive • Several can exist in parallel • Federation options use the same entities • Evolve your federation approach as your needs evolve • Right for tomorrow is not always right for today
Your own journey: Taking the first steps
Additional information • Session resources (code and samples) • AWS documentation • Manage Federation • Integrating Third-Party SAML Solution Providers with AWS • Request Information That You Can Use for Policy Variables • Custom Federation Broker • AWS blogs • Whitepaper—Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth • How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0 • How to Implement ADFS with Multiple AWS accounts
Thank you!

Recommended

Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Amazon Web Services
 
Migration of Microsoft Workloads
Migration of Microsoft WorkloadsMigration of Microsoft Workloads
Migration of Microsoft WorkloadsAmazon Web Services
 
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...Amazon Web Services
 
SRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentSRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentAmazon Web Services
 
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Amazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
Shared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account StructuresShared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account StructuresAmazon Web Services
 
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Amazon Web Services
 

Recommended

Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Amazon Web Services
 
Migration of Microsoft Workloads
Migration of Microsoft WorkloadsMigration of Microsoft Workloads
Migration of Microsoft WorkloadsAmazon Web Services
 
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...Amazon Web Services
 
SRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentSRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentAmazon Web Services
 
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Amazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
Shared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account StructuresShared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account StructuresAmazon Web Services
 
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Amazon Web Services
 
Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Amazon Web Services
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSAmazon Web Services
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Amazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAmazon Web Services Korea
 
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)Amazon Web Services
 
Amazon ECS with Docker | AWS Public Sector Summit 2016
Amazon ECS with Docker | AWS Public Sector Summit 2016Amazon ECS with Docker | AWS Public Sector Summit 2016
Amazon ECS with Docker | AWS Public Sector Summit 2016Amazon Web Services
 
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...Amazon Web Services
 
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017Amazon Web Services
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...Amazon Web Services
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017Amazon Web Services
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSAmazon Web Services
 
Microsoft Best Practices on AWS
Microsoft Best Practices on AWSMicrosoft Best Practices on AWS
Microsoft Best Practices on AWSAmazon Web Services
 
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAchieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAmazon Web Services
 
Deep Dive on Amazon Elastic File System - June 2017 AWS Online Tech Talks
Deep Dive on Amazon Elastic File System - June 2017 AWS Online Tech TalksDeep Dive on Amazon Elastic File System - June 2017 AWS Online Tech Talks
Deep Dive on Amazon Elastic File System - June 2017 AWS Online Tech TalksAmazon Web Services
 
(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation OptionsAmazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)Amazon Web Services
 
Design, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech Talks
Design, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech TalksDesign, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech Talks
Design, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech TalksAmazon Web Services
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSAmazon Web Services
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...Amazon Web Services
 

More Related Content

What's hot

Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Amazon Web Services
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSAmazon Web Services
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Amazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAmazon Web Services Korea
 
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)Amazon Web Services
 
Amazon ECS with Docker | AWS Public Sector Summit 2016
Amazon ECS with Docker | AWS Public Sector Summit 2016Amazon ECS with Docker | AWS Public Sector Summit 2016
Amazon ECS with Docker | AWS Public Sector Summit 2016Amazon Web Services
 
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...Amazon Web Services
 
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017Amazon Web Services
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...Amazon Web Services
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017Amazon Web Services
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSAmazon Web Services
 
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAchieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAmazon Web Services
 
Deep Dive on Amazon Elastic File System - June 2017 AWS Online Tech Talks
Deep Dive on Amazon Elastic File System - June 2017 AWS Online Tech TalksDeep Dive on Amazon Elastic File System - June 2017 AWS Online Tech Talks
Deep Dive on Amazon Elastic File System - June 2017 AWS Online Tech TalksAmazon Web Services
 
(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation OptionsAmazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)Amazon Web Services
 
Design, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech Talks
Design, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech TalksDesign, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech Talks
Design, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech TalksAmazon Web Services
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSAmazon Web Services
 

What's hot (20)

Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWS
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
 
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
 
Amazon ECS with Docker | AWS Public Sector Summit 2016
Amazon ECS with Docker | AWS Public Sector Summit 2016Amazon ECS with Docker | AWS Public Sector Summit 2016
Amazon ECS with Docker | AWS Public Sector Summit 2016
 
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
 
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECS
 
Microsoft Best Practices on AWS
Microsoft Best Practices on AWSMicrosoft Best Practices on AWS
Microsoft Best Practices on AWS
 
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAchieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
 
Deep Dive on Amazon Elastic File System - June 2017 AWS Online Tech Talks
Deep Dive on Amazon Elastic File System - June 2017 AWS Online Tech TalksDeep Dive on Amazon Elastic File System - June 2017 AWS Online Tech Talks
Deep Dive on Amazon Elastic File System - June 2017 AWS Online Tech Talks
 
(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
 
Design, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech Talks
Design, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech TalksDesign, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech Talks
Design, Deploy, and Optimize SQL Server on AWS - June 2017 AWS Online Tech Talks
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWS
 

Viewers also liked

Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...Amazon Web Services
 
AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...Amazon Web Services
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive Amazon Web Services
 
Tjänsteplattform i mtg - 2014 02-05
Tjänsteplattform i mtg - 2014 02-05Tjänsteplattform i mtg - 2014 02-05
Tjänsteplattform i mtg - 2014 02-05Advania
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSOHuy Pham
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsHackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
Digital Workloads on Amazon Web Services
Digital Workloads on Amazon Web ServicesDigital Workloads on Amazon Web Services
Digital Workloads on Amazon Web ServicesAmazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
Customer Sharing: Trend Micro - Trend Micro's DevOps Practices
Customer Sharing: Trend Micro - Trend Micro's DevOps Practices Customer Sharing: Trend Micro - Trend Micro's DevOps Practices
Customer Sharing: Trend Micro - Trend Micro's DevOps Practices Amazon Web Services
 
AWS Partner ConneXions Taiwan - Q3 2016 Technology Update
AWS Partner ConneXions Taiwan - Q3 2016 Technology UpdateAWS Partner ConneXions Taiwan - Q3 2016 Technology Update
AWS Partner ConneXions Taiwan - Q3 2016 Technology UpdateAmazon Web Services
 
Big Data Solutions Day - Calgary
Big Data Solutions Day - CalgaryBig Data Solutions Day - Calgary
Big Data Solutions Day - CalgaryAmazon Web Services
 
Maximizing Business Value as You Migrate to AWS
Maximizing Business Value as You Migrate to AWSMaximizing Business Value as You Migrate to AWS
Maximizing Business Value as You Migrate to AWSAmazon Web Services
 
This One Weird API Request Will Save You Thousands
This One Weird API Request Will Save You ThousandsThis One Weird API Request Will Save You Thousands
This One Weird API Request Will Save You ThousandsAmazon Web Services
 
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with M...
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with M...Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with M...
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with M...Amazon Web Services
 
another day, another billion packets
another day, another billion packetsanother day, another billion packets
another day, another billion packetsAmazon Web Services
 

Viewers also liked (20)

Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud
 
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
 
AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive
 
SäKerhet I Molnen
SäKerhet I MolnenSäKerhet I Molnen
SäKerhet I Molnen
 
Tjänsteplattform i mtg - 2014 02-05
Tjänsteplattform i mtg - 2014 02-05Tjänsteplattform i mtg - 2014 02-05
Tjänsteplattform i mtg - 2014 02-05
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security Stack
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsHackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats
 
Digital Workloads on Amazon Web Services
Digital Workloads on Amazon Web ServicesDigital Workloads on Amazon Web Services
Digital Workloads on Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Customer Sharing: Trend Micro - Trend Micro's DevOps Practices
Customer Sharing: Trend Micro - Trend Micro's DevOps Practices Customer Sharing: Trend Micro - Trend Micro's DevOps Practices
Customer Sharing: Trend Micro - Trend Micro's DevOps Practices
 
AWS Partner ConneXions Taiwan - Q3 2016 Technology Update
AWS Partner ConneXions Taiwan - Q3 2016 Technology UpdateAWS Partner ConneXions Taiwan - Q3 2016 Technology Update
AWS Partner ConneXions Taiwan - Q3 2016 Technology Update
 
Big Data Solutions Day - Calgary
Big Data Solutions Day - CalgaryBig Data Solutions Day - Calgary
Big Data Solutions Day - Calgary
 
Maximizing Business Value as You Migrate to AWS
Maximizing Business Value as You Migrate to AWSMaximizing Business Value as You Migrate to AWS
Maximizing Business Value as You Migrate to AWS
 
This One Weird API Request Will Save You Thousands
This One Weird API Request Will Save You ThousandsThis One Weird API Request Will Save You Thousands
This One Weird API Request Will Save You Thousands
 
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with M...
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with M...Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with M...
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with M...
 
another day, another billion packets
another day, another billion packetsanother day, another billion packets
another day, another billion packets
 

Similar to AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016

Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - TorontoAmazon Web Services
 
Fox pong mvp architectual overview
Fox pong mvp architectual overviewFox pong mvp architectual overview
Fox pong mvp architectual overviewdaviddaedalus
 
Running Microsoft Workloads on AWS
Running Microsoft Workloads on AWSRunning Microsoft Workloads on AWS
Running Microsoft Workloads on AWSAmazon Web Services
 
Hands on Lab: Windows Workloads - AWS Online Tech Talks
Hands on Lab: Windows Workloads - AWS Online Tech TalksHands on Lab: Windows Workloads - AWS Online Tech Talks
Hands on Lab: Windows Workloads - AWS Online Tech TalksAmazon Web Services
 
Windows Workloads on AWS - July 2017 AWS Online Tech Talks
Windows Workloads on AWS - July 2017 AWS Online Tech TalksWindows Workloads on AWS - July 2017 AWS Online Tech Talks
Windows Workloads on AWS - July 2017 AWS Online Tech TalksAmazon Web Services
 
Using Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud WorkloadsUsing Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud WorkloadsAmazon Web Services
 
Hands on Lab: Windows Workloads on AWS - June 2017 AWS Online Tech Talks
Hands on Lab: Windows Workloads on AWS - June 2017 AWS Online Tech TalksHands on Lab: Windows Workloads on AWS - June 2017 AWS Online Tech Talks
Hands on Lab: Windows Workloads on AWS - June 2017 AWS Online Tech TalksAmazon Web Services
 
Aws architect certification training -Dot Net Tricks
Aws architect certification training -Dot Net TricksAws architect certification training -Dot Net Tricks
Aws architect certification training -Dot Net TricksGaurav Singh
 
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016Amazon Web Services
 
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...Amazon Web Services
 
AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview Amazon Web Services
 
Diving into Common AWS Misconfigurations
Diving into Common AWS MisconfigurationsDiving into Common AWS Misconfigurations
Diving into Common AWS MisconfigurationsNikhil Sahoo
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
Hybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsHybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsAmazon Web Services
 

Similar to AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016 (20)

Demystifying identity on AWS
Demystifying identity on AWSDemystifying identity on AWS
Demystifying identity on AWS
 
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto
 
Fox pong mvp architectual overview
Fox pong mvp architectual overviewFox pong mvp architectual overview
Fox pong mvp architectual overview
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
Running Microsoft Workloads on AWS
Running Microsoft Workloads on AWSRunning Microsoft Workloads on AWS
Running Microsoft Workloads on AWS
 
Hands on Lab: Windows Workloads - AWS Online Tech Talks
Hands on Lab: Windows Workloads - AWS Online Tech TalksHands on Lab: Windows Workloads - AWS Online Tech Talks
Hands on Lab: Windows Workloads - AWS Online Tech Talks
 
Windows Workloads on AWS - July 2017 AWS Online Tech Talks
Windows Workloads on AWS - July 2017 AWS Online Tech TalksWindows Workloads on AWS - July 2017 AWS Online Tech Talks
Windows Workloads on AWS - July 2017 AWS Online Tech Talks
 
Fundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSFundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWS
 
Using Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud WorkloadsUsing Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud Workloads
 
Hands on Lab: Windows Workloads on AWS - June 2017 AWS Online Tech Talks
Hands on Lab: Windows Workloads on AWS - June 2017 AWS Online Tech TalksHands on Lab: Windows Workloads on AWS - June 2017 AWS Online Tech Talks
Hands on Lab: Windows Workloads on AWS - June 2017 AWS Online Tech Talks
 
Aws architect certification training -Dot Net Tricks
Aws architect certification training -Dot Net TricksAws architect certification training -Dot Net Tricks
Aws architect certification training -Dot Net Tricks
 
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
 
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
 
AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview
 
Diving into Common AWS Misconfigurations
Diving into Common AWS MisconfigurationsDiving into Common AWS Misconfigurations
Diving into Common AWS Misconfigurations
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 
AWS Service Catalog
AWS Service CatalogAWS Service Catalog
AWS Service Catalog
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
Hybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsHybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both Worlds
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Michael Cotton, Senior Solutions Architect Todd Gagorik, Senior Manager June 20, 2016 AWS Directory Service and Hybrid Strategy
  • 2. What you will take away from this session Understand your federation options Get it right at scale Plan your approach Tooling to get started (C) Copyright David Precious and licensed for reuse under the Creative Commons Attribution 2.0 Generic (C) Copyright GeographBot Wallace and licensed for reuse under the Creative Commons Attribution- ShareAlike 2.0 License (C) Copyright BigMac and licensed for reuse under the Creative Commons Attribution 3.0 License License: Creative Commons Public Domain Universal 1.0
  • 3. Session prerequisites • To get the most out of this session, you should be comfortable with several building blocks: AWS Identity & Access Management (IAM) Roles Policies AWS STS Long-lived credentials Temporary credentials
  • 4. IAM federation: A progression of options Cross- account trust AWS Directory Service Security Assertion Markup Language (SAML) Custom identity broker Involvement Control Session focus
  • 5. Active Directory options—Simple AD • Microsoft Active Directory–compatible directory powered by Samba 4 and supports common AD features • User accounts, group memberships, domain-joining Amazon EC2 instances running Linux and Microsoft Windows, Kerberos-based single sign-on (SSO), and group policies. • User accounts can also access AWS applications • Amazon WorkSpaces, Amazon WorkDocs, or Amazon WorkMail. • Also can use IAM roles to access the AWS Management Console and manage AWS resources. • Also, provides daily automated snapshots to enable point-in-time recovery. • Note: does not support trust relationships between Simple AD and other Active Directory. You cannot perform schema extensions, multi-factor authentication, communication over LDAPS, PowerShell AD cmdlets, and the transfer of FSMO roles. • When to use • Simple AD is the least expensive option and your best choice if you have 5,000 or less users and don’t need the more advanced Microsoft Active Directory features.
  • 6. Active Directory Options—Microsoft AD • AWS Directory Service for Microsoft Active Directory (Enterprise Edition) • A managed Microsoft Active Directory • Provides much of the functionality offered by Microsoft Active Directory plus integration with AWS applications. • Easily set up trust relationships with your existing Active Directory domains • Note: • You cannot perform schema extensions, multifactor authentication, PowerShell AD cmdlets, or the transfer of FSMO roles. • When to use • Microsoft AD is your best choice if you have more than 5,000 users and need a trust relationship set up between an AWS hosted directory and your on-premises directories.
  • 7. Active Directory Options—AD Connector • Proxy service for connecting your on-premises Microsoft AD to AWS • Forwards sign-in requests to your AD domain controllers for AuthN • Provides the ability for applications to query your AD directory for data. • Your users can use their existing corporate credentials to log on to AWS applications, • WorkSpaces, WorkDocs, or WorkMail and AWS Management Console • You can also use AD Connector to enable multi-factor authentication by integrating with your existing RADIUS-based MFA infrastructure • Continue to manage your Active Directory as usual and enforce your existing security policies When to use AD Connector is your best choice when you want to use your existing on-premises directory with AWS services.
  • 8. Federation with Security Assertion Markup Language (SAML)
  • 9. Why should I use federation? Before: After: Result: Unique credentials Long-lived keys One-off Users Security Compliance Short-term tokens Naturally alignedSingle sign-on
  • 10. Quick SAML primer Identity provider Service provider Metadata (in advance) Assertion (login flow)
  • 11. Basic AWS federation with SAML • Known science, assuming: • Few AWS accounts • AWS Management Console access • AWS CLI access • Well-documented: • Whitepapers • Blogs • Documentation (C) Copyright Diliff and licensed for reuse under the Creative Commons Attribution 3.0 License
  • 12. AWS federation with SAML Many AWS accounts? Lots of IAM roles? Multiple access vectors? Resource-level permissions? AWS CloudTrail impacts? Lots of users? Dive deep = Get it right
  • 13. AWS federation with SAML—planning Choose your SAML provider • Active Directory Federation Services (ADFS) • OKTA • PingFederate • Shibboleth • Optimal IDM • Etc… Understand point of AuthN and AuthZ Plan role naming standards (assumeRoleWithSAML) Do you have multiple AWS accounts? For this demo we are using: • ADFS • Active Directory
  • 14. Federation with AWS—high-level steps Configure your network as a SAML provider for AWS Create a SAML provider in IAM Configure roles in AWS for your federate users Create groups in your AD name match to IAM roles Configure your SAML IdP and create assertions for the SAML authentication response Posted to: https://signin.aws.amazon.com/saml<SAML_AuthN_response>
  • 15. A walkthrough of the configuration
  • 16. Flow for SAML-enabled single sign-on
  • 17. Demo • AWS console federation w/SAML • User name and password • Certificate • AWS CLI federation w/SAML • User name and password • What does a SAML token look like? • AWS Management Console federation with AD • User name and password
  • 18. Smooth user experience • Federation shouldn’t limit access vectors • Don’t create a “low-to-high” exposure in the back end AWS federation with SAML Key takeaways AWS SDKs AWS CLI
  • 19. Under the hood • Naming conventions are critical • Configurations should rely on patterns, not values • Think about traceability now AWS federation with SAML who/what/when Key takeaways IdP configurations AWS CloudTrail samples
  • 20. Your own journey: Rationalizing the decision- making process
  • 21. Rationalizing the decision-making process • Existing federation investments? • Federation needs beyond AWS? • Desired level of control vs. involvement? • Competency and bandwidth for application development? (C) Copyright Marco Bellucci and licensed for reuse under the Creative Commons Attribution 2.0 Generic
  • 22. Remember the principles of cloud architecture • Don’t overanalyze—experiment and iterate • Federation options are not mutually exclusive • Several can exist in parallel • Federation options use the same entities • Evolve your federation approach as your needs evolve • Right for tomorrow is not always right for today
  • 23. Your own journey: Taking the first steps
  • 24. Additional information • Session resources (code and samples) • AWS documentation • Manage Federation • Integrating Third-Party SAML Solution Providers with AWS • Request Information That You Can Use for Policy Variables • Custom Federation Broker • AWS blogs • Whitepaper—Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth • How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0 • How to Implement ADFS with Multiple AWS accounts

Editor's Notes

  1. Talk slowly!!!! Good afternoon, welcome to… I am… Sr. IT Transformation Consultant with AWS Professional Services I’ve been with AWS for… During that time I’ve helped… Perhaps including….directly or indirectly Excited to convey some of that knowledge to you all as you look to initiate or enhance your own federation strategy. Also excited to have Chad… on stage with me today to share Dow Jones’ experience on this topic.
  2. Federation means linking identity and access systems together such that one system trusts the identities coming out of the other. Lastly, leave you with some tools to get started… Won’t be perfect or production ready… But I hope that they catalyze & inspire…
  3. This is a 300… We’re going to presume that you’re comfortable… Some combination of these entities are used…
  4. In this session, really focus in on the upper end of the progression… Most complex scenarios, hardest to get right at scale… If you get it right, provide some amazing capabilities… Focus & dive deep.
  5. You’ve really pulled the magic white rabbit out of your hat….because that doesn’t happen often…
  6. To make it all work, these two get together and share two things. First, in advance, they exchange metadata. This metadata defines all of the endpoints, encryption keys, other security expectations that forms the trust basis between the two.
  7. AWS released SAML support at Re:Invent 2 years ago. By this point, fairly known science…assuming… Here are some Whitepapers, Blogs, and Documentation links that will give you all of the diagrams & how to necessary either to: Build a basic SAML infrastructure Integrate a SAML infrastructure with your AWS accounts.
  8. So that’s where we’re going to focus today.
  9. To do this, I’m going to do a little demo (hopefully Murphy is on my side) – with 3 related, but distinct sections.
  10. Notes for your future reference.
  11. Again, for your future reference.
  12. Thank Chad, super interesting stuff that you & the entire Dow Jones team are doing.
  13. Once you answer these you should have a pretty good idea of the formula that’s right for you.
  14. Lastly, don’t be afraid to start somewhere on that continuum and evolve your approach. It’s only natural that your IAM federation approach will progress in conjunction with your overall AWS maturity as an org.
  15. Lastly, some quick resources to get started.
  16. Links to download all of the session content. A few key documentation pieces & blog articles that will go into even further depth.