SlideShare a Scribd company logo

Operationalizing Microsoft Workloads, AWS Federal Pop-Up Loft

Amazon Web Services
Amazon Web Services

The document provides an overview of operationalizing Microsoft workloads using AWS services like AWS Systems Manager and Amazon CloudWatch. It discusses how AWS Systems Manager can be used for infrastructure provisioning, configuration management, monitoring, and resource optimization of Microsoft workloads running on AWS. It also covers how Amazon CloudWatch can provide visibility and monitoring of these workloads. The document includes demos of these services.

1 of 99
Operationalizing Microsoft Workloads Jason Opdycke Sr. Solutions Architect Department of DefenseTeam jasonaws@amazon.com
Overall Agenda • Part 1 – SystemsManager • Part 2 - ManagedAD • Bonus Round – CAC Auth to Workspaces
PU B L IC SE C T OR SU M M I T Operationalizing MicrosoftWorkloads What comes tomind? © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Agenda – Part1 Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T What are the steps to build an environment? AWS CloudFormation Availability Zone Private Subnet Availability Zone Private Subnet Remote Users IIS App IIS Web IIS App IIS Web AWS Director y Service AWS Director y Service MS SQL MS SQL © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T AWS CloudFormation • Automated • Repeatable © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T AWS QuickStarts https://aws.amazon.com/quickstart/ © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.RPU B L IC SE C T O SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization
PU B L IC SE C T OR SU M M I T Managing your Windowsinstances Amazon Elastic Compute Cloud (Amazon EC2) AWS Systems Manager Run Command AWS Systems Manager Session Manager Tools Tasks Target © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Running PowerShell AWS Systems Manager Session Manager Interactive AWS Systems Manager Run Command Non-interactive Good for bulk administrative changes Good for full, interactive access © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Secure remote configurationmanagement Availability Zone Web security group Private subnet Accept traffic from SSM WEB2 WEB1 AWS administrator Corporate data center AWS Systems Manager Amazon S3 bucket SNS topic Amazon CloudWatch metric Amazon IAM policy © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Demo SystemsManagerIAMInstanceProfile QuickSetup Systems Manager HomePage Run Command SessionManager
PU B L IC SE C T OR SU M M I T Patching Microsoft Windows in thecloud Up-to-date instances Out-dated instances AWS Systems Manager Maintenance Windows AWS Systems Manager Patch Manager © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T AWS Systems Manager Patch Manager • Scan instances for missing patches AWS Systems Manager Maintenance Windows Create recurring schedules to perform administrative tasks Create baselines that include rules for auto approving patches Apply missing patches individually or to bulk instances using tags Integrates with AWS Systems Manager Run command, Automation, AWS Lambda, AWS Step Functions © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC S E C T OR © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved. SU M M I T Demo Configure Patching Patch Baselines ComplianceDashboard
PU B L IC SE C T OR SU M M I T Keeping your golden images up to date Up-to-date AMIOut-dated AMI © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Simplify common IT tasks Express your workflow as automation steps in a JSON- based document Support for Run command, Lambda functions, AWS APIs © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Demo AutomationConsole UpdateWindowsAMI
PU B L IC SE C T OR SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Visibility into Cloud Resources andApplications Service and application availability Monitor individual systems and applications Detect and Troubleshoot problems Set-up monitoring infrastructure and systems © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Monitoring Windows workloads usingAmazon CloudWatch Monitor and Manage AWS, hybrid, and on-premises applications and infrastructure resources. Get Visibility • Windows Performance Counters • IIS Logs, SQL Server Logs, custom application log Monitor • High resolution alarms • Custom dashboards Take Action © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Observability for N-tier .NETapplications © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Amazon CloudWatch Application Insights for .NET& SQL Server Machine learning based anomaly detection for metrics and logs Visualize root cause with Amazon CloudWatch Automatic Dashboards Improved customer experience Easily and quickly detect and diagnose common problems with .NET and SQL Server applications © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Examples • SQL Server errors such as Failed backups, • .NET application problems such as Mem • Elastic Load Balancer such as latencies d Scheduler deadlocks ory leaks, custom log errors ue to high CPU on application server © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Demo CloudWatch Application Insights – App Onboarding CloudWatch Application Insights – Example Problem
PU B L IC SE C T OR SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Keeping inventory Amazon EC2 Tools Items Target AWS Systems Manager Inventory © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T AWS Systems Manager Inventory Collects information about your instances and the software installed on them Enables you to manage application assets, track licenses, monitor file integrity, discover applications … © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Managing configurationdrift Amazon EC2 Tools Tasks Target AWS Systems Manager State Manager © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T AWS Systems Manager State Manager Configuration management Configuration policies Amazon EC2 instances or on-premises instances © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Demo AWS Systems Manager – State Manager – RDP Example
PU B L IC SE C T OR SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Fine-tuning your Microsoft workloads in thecloud What to fine tune? Amazon EC2 Target AWS Trusted Advisor Tools © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Core checks and recommendations available to all AWS customers Security AWS Service limits Full Trusted Advisor benefits available with business or enterprise support plans Security AWS service limits Cost optimization Performance Fault tolerance AWS Trusted Advisor © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
PU B L IC SE C T OR SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization Summary AWS CloudFormation AWS Systems Manager AWS Systems Manager AWS Trusted Advisor Amazon CloudWatch Amazon CloudWatch Application Insights for .NET and SQL Server © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
20 min Break
Part 2 AWS Directory Service for Microsoft Active Directory
© 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved. What we will cover • What AWS Managed Microsoft AD is • Key use cases • How applications use AWS Managed Microsoft AD • Deployment models (user vs. resource forest) • How to install, administer, and configure • Supported trust models • Security event logging • Directory sharing
What is AWS Managed MicrosoftAD?
AWS Managed Microsoft AD DC AWS D i re c to ry Se rv i c e f o r M i c ro so f t Ac ti v e D i re c to ry “AWS Managed Microsoft AD” AWS Managed Microsoft AD DC © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry Domain controllers are exclusively yours “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry Domain controllers are exclusively yours Compliance audited “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
https://aws.amazon.com/compliance/services-in-scope/
Amazon—operates • Multi-AZ deployment, patch, monitor, DC recovery, instance rotation, snapshot, restore AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Amazon—operates • Multi-AZ deployment, patch, monitor, DC recovery, instance rotation, snapshot, restore Customer—administer and configure • Administer users, groups, GPOs, other AD content • Administration via Active Directory Users and Computers (ADUC) and other standard AD tools • Configure password policies • Add domain controllers as needed • Configure trusts (resource forest deployment) • Configure certificate authorities (for LDAPS) • Configure federation AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Standard Edition Enterprise Edition Storage Capacity 1GB 17GB Performance Optimized ~5,000 employees Over 5,000 employees AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry “AWS Managed Microsoft AD” © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Key Use Cases
AWS Managed Microsoft AD AWS M a n a g e d M i c ro so f t AD u se c a se s Domain Join & Manage with Group Policy © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
AWS Managed Microsoft AD AWS M a n a g e d M i c ro so f t AD u se c a se s Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services Traditional AD Applications © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
AWS Managed Microsoft AD AWS M a n a g e d M i c ro so f t AD u se c a se s Amazon Connect Amazon WorkMail Amazon WorkDocs RDS for SQL Amazon Amazon Server WorKSpaces QuickSight Amazon Chime Compatible AWS Applications and Services Learn more: https://aws.amazon.com/directoryservice Traditional AD Applications Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
AWS M a n a g e d M i c ro so f t AD u se c a se s Amazon Connect Amazon WorkMail Amazon WorkDocs RDS for SQL Amazon Amazon Server WorKSpaces QuickSight Amazon Chime Compatible AWS Applications and Services User Directory Traditional AD Applications Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services AWS Managed Microsoft AD © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Azure AD Connect AD FS AWS M a n a g e d M i c ro so f t AD u se c a se s Amazon Connect Amazon WorkMail Amazon WorkDocs RDS for SQL Amazon Amazon Server WorKSpaces QuickSight Amazon Chime Compatible AWS Applications and Services Azure AD User Directory Pass- through Use Microsoft Tools with Web Applications Traditional AD Applications Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services AWS Managed Microsoft AD © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
AWS M a n a g e d M i c ro so f t AD u se c a se s Azure AD Connect AD FS Amazon Connect Amazon WorkMail Amazon WorkDocs RDS for SQL Amazon Amazon Server WorKSpaces QuickSight Amazon Chime Compatible AWS Applications and Services AWS SSO User Directory Traditional AD Applications Use AWS SSO with Web Applications Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services Azure AD Sync SAML AWS Managed Microsoft AD Use Microsoft Tools with Web Applications © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved. AWS M a n a g e d M i c ro so f t AD u se c a se s Azure AD Connect AD FS Amazon Connect Amazon WorkMail Amazon WorkDocs RDS for SQL Amazon Amazon Server WorKSpaces QuickSight Amazon Chime Compatible AWS Applications and Services AWS SSO User Directory Traditional AD Applications Active Directory Extend Existing AD Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services SAML Use AWS SSO with Web Applications Sync Azure AD AWS Managed Microsoft AD Use Microsoft Tools with Web Applications Azure AD Connect
How to install, administer, andconfigure
Prerequisites you must create • Virtual Private Cloud (VPC) • Two subnets in different AZs • Optional on-premises link • AWS Direct Connect or Virtual Private Network (VPN) • Optional AD on-premises docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html Customer VPC Availability Zone 1 10.0.2.0/24 Availability Zone 2 10.0.3.0/24 Corporate data center Active Directory VPN Connection AWS Direct Connect Optional © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
During creation AWS creates • 2 DCs with Dynamic DNS • Elastic network interface in your subnets • One AWS security group docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html Customer VPC Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 AWS Managed VPC AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 2 VPN Connection AWS Direct Connect Corporate data center Active Directory Optional Use extreme caution modifying the security groups! © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Best practice after creation docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html Customer VPC Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 AWS Managed VPC AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 2 VPN Connection AWS Direct Connect Corporate data center Active Directory Optional • DHCP option sets • AWS security group (for your EC2 creations) • IAM role/policy for EC2 (AmazonEC2RoleforSSM) • Key-pair (PEM) file • EC2 Windows (Install AD Administration Tools) PEM File DHCP Opt Set IAM Role © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Configure administration instance 1 RDP to Instance yourdomainadmin Add Features Group Policy Management AD DS and AD LDS Tools DNS Server Tools 2 Verify Tools Added Active Directory Administrative Center Active Directory Domains and Trusts Active Directory Module for Windows PowerShell Active Directory Sites and Services Active Directory Users and Computers ADSI Edit DNS Group Policy Management 3 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Administer with AD tools Configure from AWS Console © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Managing from AD Administration Tools 88-856-43-585 88-856-43-585 OU “admin” Customer Domain “administrator” © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Managing from AD Administration Tools 88-856-43-58588-856-43-585 Customer OU “admin” Add OU and on-premises users/groups to reserved security groups © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Demo Setup New AWS Managed Microsoft AD Explore Existing ManagedAD Explore ENIs, SG, IAM Roles Seamless DomainJoin
Supported Trust Models
Trusts Trust Access Active Directory Access requires permissions to resource in the trusting domain Active Directory © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Forests, domains, treedomains Active Directory Root Domain Active Directory Child Domain Active Directory Child Domain Active Directory Child Domain Active Directory Tree Root Domain Active Directory Tree Child Domain AWS Managed Microsoft AD Single domain forest Active Directory Root Domain © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
AWS Managed Microsoft AD forest trust support Active Directory Root Domain Active Directory Child Domain Active Directory Child Domain Active Directory Child Domain Active Directory Tree Root Domain Active Directory Tree Child Domain AWS Managed Microsoft AD Single domain forest Active Directory Root Domain Forest Trust © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
AWS Managed Microsoft AD domain trust support Active Directory Root Domain Active Directory Child Domain Active Directory Child Domain Active Directory Child Domain Active Directory Tree Root Domain Active Directory Tree Child Domain AWS Managed Microsoft AD Single domain forest Active Directory Root Domain Domain Trust Domain Trust © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
AWS Managed Microsoft AD mixed trust support Active Directory Root Domain Active Directory Child Domain Active Directory Child Domain Active Directory Child Domain Active Directory Tree Root Domain Active Directory Tree Child Domain AWS Managed Microsoft AD Single domain forest Active Directory Root Domain Forest Trust Domain Trust © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Customer VPC Availability Zone 1 10.0.2.0/24 AWS Managed VPC AWS Managed Microsoft AD DC Availability Zone 1 VPN Connection AWS Direct Connect Corporate data center Active Directory RDS for SQL Server AWS applications and trusts for hybrid IT use cases Traditional AD aware applications © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
AWS applications and trusts for hybrid IT use cases Customer VPC Availability Zone 1 10.0.2.0/24 AWS Managed VPC AWS Managed Microsoft AD DC Availability Zone 1 VPN Connection AWS Direct Connect Corporate data center Active Directory Amazon Connect Amazon Amazon WorkDocs WorkMail Amazon Chime AWS SSO Amazon Amazon WorKSpaces QuickSight RDS for SQL Server Traditional AD aware applications AWS cloud-based applications © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Security Event Logging
Security event logging to Amazon CloudWatch © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Use existing or create a new log group © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Directory Sharing
Cross-account sharing © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Customer VPC1 Account A Amazon WorKSpaces RDS for SQL Server EC2 Amazon Connect Amazon WorkMail Amazon WorkDocs Amazon QuickSight Amazon Chime AWS SSO AWS Internal DC APIs Communication paths to AWS Managed Microsoft AD Discover DCs Domain Join Read AWS Managed VPC DC1 DC2 DC3 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Internal DC APIs inaccessible inother accounts Customer VPC1 Account A Amazon WorKSpaces RDS for SQL Server EC2 Amazon Connect Amazon WorkMail Amazon WorkDocs Amazon QuickSight Amazon Chime AWS SSO AWS Internal DC APIs Account B EC2 Customer VPC2 Peering Discover DCs Domain Join Read AWS Managed VPC DC1 DC2 DC3 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Cross-account directory sharing Customer VPC1 Account A Amazon WorKSpaces RDS for SQL Server EC2 Amazon Connect Amazon WorkMail Amazon WorkDocs Amazon QuickSight Amazon Chime AWS SSO AWS Internal DC APIs Account B EC2 Customer VPC2 AWS Internal DC APIs Peering Discover DCs Domain Join Read AWS Managed VPC DC1 DC2 DC3 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Sharing across multiple VPCs andaccounts DC1 DC2 DC3 AWS Managed VPC Account A Customer VPC2 Customer VPC3 Customer VPC4 Account B Customer VPC5 Account C Customer VPC6 Customer VPC1 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
Recap • What AWS Managed Microsoft AD is • Key use cases • How applications use AWS Managed Microsoft AD • Deployment models (user vs. resource forest) • How to install, administer, and configure • Supported trust models • Security event logging • Directory sharing © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
BONUS!! CAC/PIV AUTH TO AWSWorkspaces
VPC AWSGovCloud Availability Zone1 Availability Zone2 NAT Gateway RDP Gateway Proxy NAT Gateway RDP Gateway Proxy ADDomain Controller DC-1 AmazonWorkSpaces AmazonWorkSpaces ADDomain Controller DC-2 AWSDirectConnect Internet gateway or Private Subnets Users AmazonEC2Auto Scaling External network routed Subnets Port443 ADConnector Private Subnets
RDGateway Manage r File Action View Help X RDGatewayManager v i EC2AMAZ-NTOAJFQ(Local) " Policies .....Connection Authorization Policies Resource Authorization Policies Monitoring < > Connection Authorization Policies ARemoteDesktopconnectionauthorizationpoicy{ROCAP)allowsyou tospeafytheus= whocanconnecttothisRDGatewayserver. .O rnrd ,er -3 Poicy C,ApptiedinOrderUsted) UserGroups OientComputerGroups Status Default-CAP vaecdemoOomainAdmins;vae...Not applicableviocomputer gr... Enabled •• Alowed-RO{i atewayAccess vaecdemoOoman Admns;vae... Not applicableviocomputergr... Enabled Apply this policywhen a user attempts to connect to the RDGatewayserver: If the user isa member of any of the following usergroups: vaecdemo Domain Users If the client computer isa member of anyof the following compu te r groups: Not applicable (no computer group is specified) If the user uses the following supported Windows aut hentication methods: Password or smart card Allow the user to connect to this RD Gateway server and disable device redirection for the following client devices: Not applicab le(device redirectionis allowed for all clientdevices ) After the idle timeout is reached: -Not applicable (no idle timeout) After the session timeout is reached: - Not applicable(no session timeo ut) Ifthe userdoes not meet the conditions of thi.s policy, then RDGateway attempts to verify wheth er the user meets the conditions for the next policyin the list. .., = Actions Connection Authorization Policies .. ► ► Create New Policy 61Configure Central RDCAP View 19.Refresh 6 Help ..PIVauthorization Move Up • MoveDown @ Disable )( Delete □ Properties 6 Help
RDGateway Manager File Action View Help .;--.. 1_.rmliJ tim X RDGatewayManager ,:l EC2AMAZ-NTOAJFQ(Local) K2AMAZ-NTOAJFQ(LocaO EC2AMAZ-NTOAJFQPropert iesRDGateway Server Status:EC2AMAZ ConnectionStatus Total number of connections ServerFann General Audlng SSLCertificate SSLBndong TransportSettings Messaong RDCAPStore X Number of users connected to this server Number of resources thatusers are connec ConfigurationStatus CertificateisneededfOfsecurecoomunicatlonal HTTPSIUDPUstenersandforNAP messaging.CertificateisautomaticallyboundtotheconfiguredHTTPand UDPports. i. Thefollowiig certificateisn staled onEC2AMAZ-NTOAJFQ .DConnection authorization policies ':.tJResource authorization policies ,:l RDGateway server farm members Issuedto: Issuedby : E,cpirationdate: 2/25/2020 corrc:,ute-1.amaoznaws.com compute-1.amaoznaws.com Specifythetype al SSLcertilcate toImport forthe RDGatewayserverby doingoneal the folowing: 0 Createasef-s ignedcertficate I =@ Select an eiostingcertificate fromthe RDGatewayEC2AMAZ-NTOAJFQ Certificates(LocalComputer)/Personalstore ImportCertiicate... 0 Importacertilcate into the RDGatewayEC2AMAZ-NTOAJFQ Certiicates (LocalComputer)/Personalstore I OK Cancel I fpply Actions ... EC2AMAZ-NTOAJFQ(Local) Do not manage thisserver Export policyand configuration settings Import policy and configuration settings @ Properties View ► LQ;Refre sh 6 Help Imports RDGateway configuration and policies from an xml file 2:41 PM == p (OJ e P!'I 0 c1x 09/6/2019
RDGateway Manage r File Action View Help X RDGatewayManager ,:lEC2AMAZ-NTOAJFQ(Local) K2AMAZ-NTOAJFQ(LocaO EC2AMAZ·NTOAJFQPropertiesRDGat ewayServer Status: E C 2 A M A Z ConnectionStatus Total number of connections ServerFann General Audlng SSLCertificate SSLBndgng TransportSettings Messagng RDCAPStore X Number of users connected to this server Number of resources thatusers are connec Configuration Status Usingthesettlngsbelow.youcan modifytheIP/PortsforHTTPandUDPtransports.Note: BothRPC-HTTPandHTTPtransport sharethesamesettings. Connection authorization policies HTTPTransportSettings Resource authorization policies :JRDGateway server farm members IPAddress /!JIUnassigned V I •• HTTPS Port ( defaut 443) ._4_143 I. TTPPortd au 80 UDPTransport Settings 0 EnableUDPtransport IPAddress /!JIUnassigned v Port( default3391) OK Cancel I fpply Actions ..EC2AMAZ-NTOAJFQ(Loca l) Do not manage this server Export policy and configuration settings Importpolicy and configurationsettings ffi Properties View ► LQ;Refresh 6 Help 2:42 PM == p [OJ e e'.'I r.a O c1x 09/6/2019
© 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved. Reference information Documentation AWS Directory Service—aws.amazon.com/directoryservice AWS Security Blog—aws.amazon.com/blogs/security/ (search for “AWS Managed Microsoft AD”) • AWS What’s New—aws.amazon.com/new/ (Security, Identity & Compliance) AWS Managed Microsoft AD—aws.amazon.com/documentation/directory-service/ RDS for SQL Server—aws.amazon.com/documentation/rds/ AWS Quick Starts— aws.amazon.com/quickstart/ Active Directory Domain Services Exchange Server 2013 SharePoint Server 2016 Enterprise Lync Server 2013 SQL Server 2014 AlwaysOn Windows PowerShell DSC

Recommended

Budget management with Cloud Economics | AWS Summit Tel Aviv 2019
Budget management with Cloud Economics | AWS Summit Tel Aviv 2019Budget management with Cloud Economics | AWS Summit Tel Aviv 2019
Budget management with Cloud Economics | AWS Summit Tel Aviv 2019Amazon Web Services
 
AWSome-Day-Keynote-HK
AWSome-Day-Keynote-HKAWSome-Day-Keynote-HK
AWSome-Day-Keynote-HKAmazon Web Services
 
AWS Purpose-Built Database Strategy: The Right Tool For The Right Job
AWS Purpose-Built Database Strategy: The Right Tool For The Right JobAWS Purpose-Built Database Strategy: The Right Tool For The Right Job
AWS Purpose-Built Database Strategy: The Right Tool For The Right JobAmazon Web Services
 
Using automation to drive continuous-compliance best practices - SEC208 - New...
Using automation to drive continuous-compliance best practices - SEC208 - New...Using automation to drive continuous-compliance best practices - SEC208 - New...
Using automation to drive continuous-compliance best practices - SEC208 - New...Amazon Web Services
 
Migrating Data to the Cloud: Explore Your Options From AWS
Migrating Data to the Cloud: Explore Your Options From AWSMigrating Data to the Cloud: Explore Your Options From AWS
Migrating Data to the Cloud: Explore Your Options From AWSAmazon Web Services
 
What's new in Amazon Aurora - ADB203 - Atlanta AWS Summit
What's new in Amazon Aurora - ADB203 - Atlanta AWS SummitWhat's new in Amazon Aurora - ADB203 - Atlanta AWS Summit
What's new in Amazon Aurora - ADB203 - Atlanta AWS SummitAmazon Web Services
 
Expand-Your-Business-to-China-AWS-GCR-Regions
Expand-Your-Business-to-China-AWS-GCR-RegionsExpand-Your-Business-to-China-AWS-GCR-Regions
Expand-Your-Business-to-China-AWS-GCR-RegionsAmazon Web Services
 
Multi-Source, Multi-Speed Analytics on AWS Webinar
Multi-Source, Multi-Speed Analytics on AWS WebinarMulti-Source, Multi-Speed Analytics on AWS Webinar
Multi-Source, Multi-Speed Analytics on AWS WebinarAmazon Web Services
 

Recommended

Budget management with Cloud Economics | AWS Summit Tel Aviv 2019
Budget management with Cloud Economics | AWS Summit Tel Aviv 2019Budget management with Cloud Economics | AWS Summit Tel Aviv 2019
Budget management with Cloud Economics | AWS Summit Tel Aviv 2019Amazon Web Services
 
AWSome-Day-Keynote-HK
AWSome-Day-Keynote-HKAWSome-Day-Keynote-HK
AWSome-Day-Keynote-HKAmazon Web Services
 
AWS Purpose-Built Database Strategy: The Right Tool For The Right Job
AWS Purpose-Built Database Strategy: The Right Tool For The Right JobAWS Purpose-Built Database Strategy: The Right Tool For The Right Job
AWS Purpose-Built Database Strategy: The Right Tool For The Right JobAmazon Web Services
 
Using automation to drive continuous-compliance best practices - SEC208 - New...
Using automation to drive continuous-compliance best practices - SEC208 - New...Using automation to drive continuous-compliance best practices - SEC208 - New...
Using automation to drive continuous-compliance best practices - SEC208 - New...Amazon Web Services
 
Migrating Data to the Cloud: Explore Your Options From AWS
Migrating Data to the Cloud: Explore Your Options From AWSMigrating Data to the Cloud: Explore Your Options From AWS
Migrating Data to the Cloud: Explore Your Options From AWSAmazon Web Services
 
What's new in Amazon Aurora - ADB203 - Atlanta AWS Summit
What's new in Amazon Aurora - ADB203 - Atlanta AWS SummitWhat's new in Amazon Aurora - ADB203 - Atlanta AWS Summit
What's new in Amazon Aurora - ADB203 - Atlanta AWS SummitAmazon Web Services
 
Expand-Your-Business-to-China-AWS-GCR-Regions
Expand-Your-Business-to-China-AWS-GCR-RegionsExpand-Your-Business-to-China-AWS-GCR-Regions
Expand-Your-Business-to-China-AWS-GCR-RegionsAmazon Web Services
 
Multi-Source, Multi-Speed Analytics on AWS Webinar
Multi-Source, Multi-Speed Analytics on AWS WebinarMulti-Source, Multi-Speed Analytics on AWS Webinar
Multi-Source, Multi-Speed Analytics on AWS WebinarAmazon Web Services
 
Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...
Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...
Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...Amazon Web Services
 
Building well architected .NET applications - SVC209 - Atlanta AWS Summit
Building well architected .NET applications - SVC209 - Atlanta AWS SummitBuilding well architected .NET applications - SVC209 - Atlanta AWS Summit
Building well architected .NET applications - SVC209 - Atlanta AWS SummitAmazon Web Services
 
Introduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
Introduction to AWS App Mesh - MAD303 - Atlanta AWS SummitIntroduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
Introduction to AWS App Mesh - MAD303 - Atlanta AWS SummitAmazon Web Services
 
How SAP customers are benefiting from machine learning and IoT with AWS - MAD...
How SAP customers are benefiting from machine learning and IoT with AWS - MAD...How SAP customers are benefiting from machine learning and IoT with AWS - MAD...
How SAP customers are benefiting from machine learning and IoT with AWS - MAD...Amazon Web Services
 
Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...
Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...
Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...AWS Summits
 
Running Amazon EC2 workloads at scale - CMP301 - New York AWS Summit
Running Amazon EC2 workloads at scale - CMP301 - New York AWS SummitRunning Amazon EC2 workloads at scale - CMP301 - New York AWS Summit
Running Amazon EC2 workloads at scale - CMP301 - New York AWS SummitAmazon Web Services
 
Module 2: Getting started with the cloud - AWSome Day Online Conference 2019
Module 2: Getting started with the cloud - AWSome Day Online Conference 2019 Module 2: Getting started with the cloud - AWSome Day Online Conference 2019
Module 2: Getting started with the cloud - AWSome Day Online Conference 2019Amazon Web Services
 
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...Amazon Web Services
 
Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019
Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019 Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019
Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019AWS Summits
 
Building with AWS Databases: Match Your Workload to the Right Database | AWS ...
Building with AWS Databases: Match Your Workload to the Right Database | AWS ...Building with AWS Databases: Match Your Workload to the Right Database | AWS ...
Building with AWS Databases: Match Your Workload to the Right Database | AWS ...AWS Summits
 
Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...
Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...
Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...Amazon Web Services
 
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...Amazon Web Services
 
Best practices for running Windows workloads on AWS
Best practices for running Windows workloads on AWSBest practices for running Windows workloads on AWS
Best practices for running Windows workloads on AWSAmazon Web Services
 
利用 AWS Step Functions 建構穩定的資料處理流程.pdf
利用 AWS Step Functions 建構穩定的資料處理流程.pdf利用 AWS Step Functions 建構穩定的資料處理流程.pdf
利用 AWS Step Functions 建構穩定的資料處理流程.pdfAmazon Web Services
 
Cloud Economics
Cloud EconomicsCloud Economics
Cloud EconomicsAmazon Web Services
 
利用 Fargate - 無伺服器的容器環境建置高可用的系統
利用 Fargate - 無伺服器的容器環境建置高可用的系統利用 Fargate - 無伺服器的容器環境建置高可用的系統
利用 Fargate - 無伺服器的容器環境建置高可用的系統Amazon Web Services
 
AWS storage solutions for business-critical applications - STG301 - Chicago A...
AWS storage solutions for business-critical applications - STG301 - Chicago A...AWS storage solutions for business-critical applications - STG301 - Chicago A...
AWS storage solutions for business-critical applications - STG301 - Chicago A...Amazon Web Services
 
Introducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS Summit
Introducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS SummitIntroducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS Summit
Introducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS SummitAmazon Web Services
 
Pro-Tips-for-Builders-on-AWS
Pro-Tips-for-Builders-on-AWSPro-Tips-for-Builders-on-AWS
Pro-Tips-for-Builders-on-AWSAmazon Web Services
 
Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration Amazon Web Services
 
Operationalizing Microsoft Workloads
Operationalizing Microsoft WorkloadsOperationalizing Microsoft Workloads
Operationalizing Microsoft WorkloadsAmazon Web Services
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Amazon Web Services
 

More Related Content

What's hot

Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...
Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...
Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...Amazon Web Services
 
Building well architected .NET applications - SVC209 - Atlanta AWS Summit
Building well architected .NET applications - SVC209 - Atlanta AWS SummitBuilding well architected .NET applications - SVC209 - Atlanta AWS Summit
Building well architected .NET applications - SVC209 - Atlanta AWS SummitAmazon Web Services
 
Introduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
Introduction to AWS App Mesh - MAD303 - Atlanta AWS SummitIntroduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
Introduction to AWS App Mesh - MAD303 - Atlanta AWS SummitAmazon Web Services
 
How SAP customers are benefiting from machine learning and IoT with AWS - MAD...
How SAP customers are benefiting from machine learning and IoT with AWS - MAD...How SAP customers are benefiting from machine learning and IoT with AWS - MAD...
How SAP customers are benefiting from machine learning and IoT with AWS - MAD...Amazon Web Services
 
Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...
Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...
Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...AWS Summits
 
Running Amazon EC2 workloads at scale - CMP301 - New York AWS Summit
Running Amazon EC2 workloads at scale - CMP301 - New York AWS SummitRunning Amazon EC2 workloads at scale - CMP301 - New York AWS Summit
Running Amazon EC2 workloads at scale - CMP301 - New York AWS SummitAmazon Web Services
 
Module 2: Getting started with the cloud - AWSome Day Online Conference 2019
Module 2: Getting started with the cloud - AWSome Day Online Conference 2019 Module 2: Getting started with the cloud - AWSome Day Online Conference 2019
Module 2: Getting started with the cloud - AWSome Day Online Conference 2019Amazon Web Services
 
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...Amazon Web Services
 
Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019
Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019 Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019
Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019AWS Summits
 
Building with AWS Databases: Match Your Workload to the Right Database | AWS ...
Building with AWS Databases: Match Your Workload to the Right Database | AWS ...Building with AWS Databases: Match Your Workload to the Right Database | AWS ...
Building with AWS Databases: Match Your Workload to the Right Database | AWS ...AWS Summits
 
Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...
Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...
Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...Amazon Web Services
 
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...Amazon Web Services
 
Best practices for running Windows workloads on AWS
Best practices for running Windows workloads on AWSBest practices for running Windows workloads on AWS
Best practices for running Windows workloads on AWSAmazon Web Services
 
利用 AWS Step Functions 建構穩定的資料處理流程.pdf
利用 AWS Step Functions 建構穩定的資料處理流程.pdf利用 AWS Step Functions 建構穩定的資料處理流程.pdf
利用 AWS Step Functions 建構穩定的資料處理流程.pdfAmazon Web Services
 
利用 Fargate - 無伺服器的容器環境建置高可用的系統
利用 Fargate - 無伺服器的容器環境建置高可用的系統利用 Fargate - 無伺服器的容器環境建置高可用的系統
利用 Fargate - 無伺服器的容器環境建置高可用的系統Amazon Web Services
 
AWS storage solutions for business-critical applications - STG301 - Chicago A...
AWS storage solutions for business-critical applications - STG301 - Chicago A...AWS storage solutions for business-critical applications - STG301 - Chicago A...
AWS storage solutions for business-critical applications - STG301 - Chicago A...Amazon Web Services
 
Introducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS Summit
Introducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS SummitIntroducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS Summit
Introducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS SummitAmazon Web Services
 
Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration Amazon Web Services
 

What's hot (20)

Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...
Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...
Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...
 
Building well architected .NET applications - SVC209 - Atlanta AWS Summit
Building well architected .NET applications - SVC209 - Atlanta AWS SummitBuilding well architected .NET applications - SVC209 - Atlanta AWS Summit
Building well architected .NET applications - SVC209 - Atlanta AWS Summit
 
Introduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
Introduction to AWS App Mesh - MAD303 - Atlanta AWS SummitIntroduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
Introduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
 
How SAP customers are benefiting from machine learning and IoT with AWS - MAD...
How SAP customers are benefiting from machine learning and IoT with AWS - MAD...How SAP customers are benefiting from machine learning and IoT with AWS - MAD...
How SAP customers are benefiting from machine learning and IoT with AWS - MAD...
 
Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...
Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...
Need for Speed – Intro To Real-Time Data Streaming Analytics on AWS | AWS Sum...
 
Running Amazon EC2 workloads at scale - CMP301 - New York AWS Summit
Running Amazon EC2 workloads at scale - CMP301 - New York AWS SummitRunning Amazon EC2 workloads at scale - CMP301 - New York AWS Summit
Running Amazon EC2 workloads at scale - CMP301 - New York AWS Summit
 
Module 2: Getting started with the cloud - AWSome Day Online Conference 2019
Module 2: Getting started with the cloud - AWSome Day Online Conference 2019 Module 2: Getting started with the cloud - AWSome Day Online Conference 2019
Module 2: Getting started with the cloud - AWSome Day Online Conference 2019
 
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
 
Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019
Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019 Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019
Let Your Business Logic go Serverless | AWS Summit Tel Aviv 2019
 
Building with AWS Databases: Match Your Workload to the Right Database | AWS ...
Building with AWS Databases: Match Your Workload to the Right Database | AWS ...Building with AWS Databases: Match Your Workload to the Right Database | AWS ...
Building with AWS Databases: Match Your Workload to the Right Database | AWS ...
 
Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...
Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...
Fulfilling_a_Billion_Requests_from_a_Global_SaaS_Company_Insights_into_AfterS...
 
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
 
Best practices for running Windows workloads on AWS
Best practices for running Windows workloads on AWSBest practices for running Windows workloads on AWS
Best practices for running Windows workloads on AWS
 
利用 AWS Step Functions 建構穩定的資料處理流程.pdf
利用 AWS Step Functions 建構穩定的資料處理流程.pdf利用 AWS Step Functions 建構穩定的資料處理流程.pdf
利用 AWS Step Functions 建構穩定的資料處理流程.pdf
 
Cloud Economics
Cloud EconomicsCloud Economics
Cloud Economics
 
利用 Fargate - 無伺服器的容器環境建置高可用的系統
利用 Fargate - 無伺服器的容器環境建置高可用的系統利用 Fargate - 無伺服器的容器環境建置高可用的系統
利用 Fargate - 無伺服器的容器環境建置高可用的系統
 
AWS storage solutions for business-critical applications - STG301 - Chicago A...
AWS storage solutions for business-critical applications - STG301 - Chicago A...AWS storage solutions for business-critical applications - STG301 - Chicago A...
AWS storage solutions for business-critical applications - STG301 - Chicago A...
 
Introducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS Summit
Introducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS SummitIntroducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS Summit
Introducing Open Distro for Elasticsearch - ADB201 - Atlanta AWS Summit
 
Pro-Tips-for-Builders-on-AWS
Pro-Tips-for-Builders-on-AWSPro-Tips-for-Builders-on-AWS
Pro-Tips-for-Builders-on-AWS
 
Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration
 

Similar to Operationalizing Microsoft Workloads, AWS Federal Pop-Up Loft

Operationalizing Microsoft Workloads
Operationalizing Microsoft WorkloadsOperationalizing Microsoft Workloads
Operationalizing Microsoft WorkloadsAmazon Web Services
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Amazon Web Services
 
Websites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit BerlinWebsites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit BerlinBoaz Ziniman
 
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...Amazon Web Services
 
AWS Summit Singapore 2019 | AWS Techfest Opening Keynote
AWS Summit Singapore 2019 | AWS Techfest Opening KeynoteAWS Summit Singapore 2019 | AWS Techfest Opening Keynote
AWS Summit Singapore 2019 | AWS Techfest Opening KeynoteAWS Summits
 
Getting Started with Microservices, Containers, and Serverless Architectures
Getting Started with Microservices, Containers, and Serverless ArchitecturesGetting Started with Microservices, Containers, and Serverless Architectures
Getting Started with Microservices, Containers, and Serverless ArchitecturesAmazon Web Services
 
Scale - Best Practices for Migrating your Microsoft Workloads to AWS
Scale - Best Practices for Migrating your Microsoft Workloads to AWSScale - Best Practices for Migrating your Microsoft Workloads to AWS
Scale - Best Practices for Migrating your Microsoft Workloads to AWSAmazon Web Services
 
Control your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsControl your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsAmazon Web Services
 
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Amazon Web Services
 
Modern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSModern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSAmazon Web Services
 
Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...Amazon Web Services
 
Built & Delivered in Six Months Using Serverless Technical Patterns and Micro...
Built & Delivered in Six Months Using Serverless Technical Patterns and Micro...Built & Delivered in Six Months Using Serverless Technical Patterns and Micro...
Built & Delivered in Six Months Using Serverless Technical Patterns and Micro...Amazon Web Services
 
Why AWS for running Microsoft workloads - CMP202-I - New York AWS Summit
Why AWS for running Microsoft workloads - CMP202-I - New York AWS SummitWhy AWS for running Microsoft workloads - CMP202-I - New York AWS Summit
Why AWS for running Microsoft workloads - CMP202-I - New York AWS SummitAmazon Web Services
 
DevOps - Moving to DevOps the Amazon Way
DevOps - Moving to DevOps the Amazon WayDevOps - Moving to DevOps the Amazon Way
DevOps - Moving to DevOps the Amazon WayAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Simplifying Microsoft Architectures with AWS Services
Simplifying Microsoft Architectures with AWS ServicesSimplifying Microsoft Architectures with AWS Services
Simplifying Microsoft Architectures with AWS ServicesAWS Summits
 
如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案Amazon Web Services
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019John Varghese
 
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS SystemsScale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS SystemsAmazon Web Services
 
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...Amazon Web Services
 

Similar to Operationalizing Microsoft Workloads, AWS Federal Pop-Up Loft (20)

Operationalizing Microsoft Workloads
Operationalizing Microsoft WorkloadsOperationalizing Microsoft Workloads
Operationalizing Microsoft Workloads
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
 
Websites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit BerlinWebsites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit Berlin
 
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...
 
AWS Summit Singapore 2019 | AWS Techfest Opening Keynote
AWS Summit Singapore 2019 | AWS Techfest Opening KeynoteAWS Summit Singapore 2019 | AWS Techfest Opening Keynote
AWS Summit Singapore 2019 | AWS Techfest Opening Keynote
 
Getting Started with Microservices, Containers, and Serverless Architectures
Getting Started with Microservices, Containers, and Serverless ArchitecturesGetting Started with Microservices, Containers, and Serverless Architectures
Getting Started with Microservices, Containers, and Serverless Architectures
 
Scale - Best Practices for Migrating your Microsoft Workloads to AWS
Scale - Best Practices for Migrating your Microsoft Workloads to AWSScale - Best Practices for Migrating your Microsoft Workloads to AWS
Scale - Best Practices for Migrating your Microsoft Workloads to AWS
 
Control your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsControl your cloud environment with AWS management tools
Control your cloud environment with AWS management tools
 
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
 
Modern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSModern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECS
 
Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...
 
Built & Delivered in Six Months Using Serverless Technical Patterns and Micro...
Built & Delivered in Six Months Using Serverless Technical Patterns and Micro...Built & Delivered in Six Months Using Serverless Technical Patterns and Micro...
Built & Delivered in Six Months Using Serverless Technical Patterns and Micro...
 
Why AWS for running Microsoft workloads - CMP202-I - New York AWS Summit
Why AWS for running Microsoft workloads - CMP202-I - New York AWS SummitWhy AWS for running Microsoft workloads - CMP202-I - New York AWS Summit
Why AWS for running Microsoft workloads - CMP202-I - New York AWS Summit
 
DevOps - Moving to DevOps the Amazon Way
DevOps - Moving to DevOps the Amazon WayDevOps - Moving to DevOps the Amazon Way
DevOps - Moving to DevOps the Amazon Way
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Simplifying Microsoft Architectures with AWS Services
Simplifying Microsoft Architectures with AWS ServicesSimplifying Microsoft Architectures with AWS Services
Simplifying Microsoft Architectures with AWS Services
 
如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019
 
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS SystemsScale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
 
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 

Operationalizing Microsoft Workloads, AWS Federal Pop-Up Loft

  • 1. Operationalizing Microsoft Workloads Jason Opdycke Sr. Solutions Architect Department of DefenseTeam jasonaws@amazon.com
  • 2.
  • 3.
  • 4.
  • 5. Overall Agenda • Part 1 – SystemsManager • Part 2 - ManagedAD • Bonus Round – CAC Auth to Workspaces
  • 6. PU B L IC SE C T OR SU M M I T Operationalizing MicrosoftWorkloads What comes tomind? © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 7. PU B L IC SE C T OR SU M M I T Agenda – Part1 Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 8. PU B L IC SE C T OR SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 9. PU B L IC SE C T OR SU M M I T What are the steps to build an environment? AWS CloudFormation Availability Zone Private Subnet Availability Zone Private Subnet Remote Users IIS App IIS Web IIS App IIS Web AWS Director y Service AWS Director y Service MS SQL MS SQL © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 10. PU B L IC SE C T OR SU M M I T AWS CloudFormation • Automated • Repeatable © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 11. PU B L IC SE C T OR SU M M I T AWS QuickStarts https://aws.amazon.com/quickstart/ © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.RPU B L IC SE C T O SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization
  • 13. PU B L IC SE C T OR SU M M I T Managing your Windowsinstances Amazon Elastic Compute Cloud (Amazon EC2) AWS Systems Manager Run Command AWS Systems Manager Session Manager Tools Tasks Target © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 14. PU B L IC SE C T OR SU M M I T Running PowerShell AWS Systems Manager Session Manager Interactive AWS Systems Manager Run Command Non-interactive Good for bulk administrative changes Good for full, interactive access © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 15. PU B L IC SE C T OR SU M M I T Secure remote configurationmanagement Availability Zone Web security group Private subnet Accept traffic from SSM WEB2 WEB1 AWS administrator Corporate data center AWS Systems Manager Amazon S3 bucket SNS topic Amazon CloudWatch metric Amazon IAM policy © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 17. PU B L IC SE C T OR SU M M I T Patching Microsoft Windows in thecloud Up-to-date instances Out-dated instances AWS Systems Manager Maintenance Windows AWS Systems Manager Patch Manager © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 18. PU B L IC SE C T OR SU M M I T AWS Systems Manager Patch Manager • Scan instances for missing patches AWS Systems Manager Maintenance Windows Create recurring schedules to perform administrative tasks Create baselines that include rules for auto approving patches Apply missing patches individually or to bulk instances using tags Integrates with AWS Systems Manager Run command, Automation, AWS Lambda, AWS Step Functions © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 19. PU B L IC S E C T OR © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved. SU M M I T Demo Configure Patching Patch Baselines ComplianceDashboard
  • 20. PU B L IC SE C T OR SU M M I T Keeping your golden images up to date Up-to-date AMIOut-dated AMI © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 21. PU B L IC SE C T OR SU M M I T Simplify common IT tasks Express your workflow as automation steps in a JSON- based document Support for Run command, Lambda functions, AWS APIs © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 23. PU B L IC SE C T OR SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 24. PU B L IC SE C T OR SU M M I T Visibility into Cloud Resources andApplications Service and application availability Monitor individual systems and applications Detect and Troubleshoot problems Set-up monitoring infrastructure and systems © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 25. PU B L IC SE C T OR SU M M I T Monitoring Windows workloads usingAmazon CloudWatch Monitor and Manage AWS, hybrid, and on-premises applications and infrastructure resources. Get Visibility • Windows Performance Counters • IIS Logs, SQL Server Logs, custom application log Monitor • High resolution alarms • Custom dashboards Take Action © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 26. PU B L IC SE C T OR SU M M I T Observability for N-tier .NETapplications © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 27. PU B L IC SE C T OR SU M M I T Amazon CloudWatch Application Insights for .NET& SQL Server Machine learning based anomaly detection for metrics and logs Visualize root cause with Amazon CloudWatch Automatic Dashboards Improved customer experience Easily and quickly detect and diagnose common problems with .NET and SQL Server applications © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 28. PU B L IC SE C T OR SU M M I T Examples • SQL Server errors such as Failed backups, • .NET application problems such as Mem • Elastic Load Balancer such as latencies d Scheduler deadlocks ory leaks, custom log errors ue to high CPU on application server © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 29. Demo CloudWatch Application Insights – App Onboarding CloudWatch Application Insights – Example Problem
  • 30. PU B L IC SE C T OR SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 31. PU B L IC SE C T OR SU M M I T Keeping inventory Amazon EC2 Tools Items Target AWS Systems Manager Inventory © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 32. PU B L IC SE C T OR SU M M I T AWS Systems Manager Inventory Collects information about your instances and the software installed on them Enables you to manage application assets, track licenses, monitor file integrity, discover applications … © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 33. PU B L IC SE C T OR SU M M I T Managing configurationdrift Amazon EC2 Tools Tasks Target AWS Systems Manager State Manager © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 34. PU B L IC SE C T OR SU M M I T AWS Systems Manager State Manager Configuration management Configuration policies Amazon EC2 instances or on-premises instances © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 35. Demo AWS Systems Manager – State Manager – RDP Example
  • 36. PU B L IC SE C T OR SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 37. PU B L IC SE C T OR SU M M I T Fine-tuning your Microsoft workloads in thecloud What to fine tune? Amazon EC2 Target AWS Trusted Advisor Tools © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 38. PU B L IC SE C T OR SU M M I T Core checks and recommendations available to all AWS customers Security AWS Service limits Full Trusted Advisor benefits available with business or enterprise support plans Security AWS service limits Cost optimization Performance Fault tolerance AWS Trusted Advisor © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 39. PU B L IC SE C T OR SU M M I T Infrastructure provisioning Configuration management Governance & compliance Monitoring & performance Resource optimization Summary AWS CloudFormation AWS Systems Manager AWS Systems Manager AWS Trusted Advisor Amazon CloudWatch Amazon CloudWatch Application Insights for .NET and SQL Server © 2019, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 41. Part 2 AWS Directory Service for Microsoft Active Directory
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved. What we will cover • What AWS Managed Microsoft AD is • Key use cases • How applications use AWS Managed Microsoft AD • Deployment models (user vs. resource forest) • How to install, administer, and configure • Supported trust models • Security event logging • Directory sharing
  • 43. What is AWS Managed MicrosoftAD?
  • 44. AWS Managed Microsoft AD DC AWS D i re c to ry Se rv i c e f o r M i c ro so f t Ac ti v e D i re c to ry “AWS Managed Microsoft AD” AWS Managed Microsoft AD DC © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 45. App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 46. App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 47. AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry Domain controllers are exclusively yours “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 48. AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry Domain controllers are exclusively yours Compliance audited “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 50. Amazon—operates • Multi-AZ deployment, patch, monitor, DC recovery, instance rotation, snapshot, restore AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 51. Amazon—operates • Multi-AZ deployment, patch, monitor, DC recovery, instance rotation, snapshot, restore Customer—administer and configure • Administer users, groups, GPOs, other AD content • Administration via Active Directory Users and Computers (ADUC) and other standard AD tools • Configure password policies • Add domain controllers as needed • Configure trusts (resource forest deployment) • Configure certificate authorities (for LDAPS) • Configure federation AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry “AWS Managed Microsoft AD” AWS Managed VPC Customer VPC App 1 App 2 App 1 App 2 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 Availability Zone 2 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 52. Standard Edition Enterprise Edition Storage Capacity 1GB 17GB Performance Optimized ~5,000 employees Over 5,000 employees AWS Di re c to ry S e rv i c e f o r M i c ro s o f t Ac ti v e Di re c to ry “AWS Managed Microsoft AD” © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 54. AWS Managed Microsoft AD AWS M a n a g e d M i c ro so f t AD u se c a se s Domain Join & Manage with Group Policy © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 55. AWS Managed Microsoft AD AWS M a n a g e d M i c ro so f t AD u se c a se s Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services Traditional AD Applications © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 56. AWS Managed Microsoft AD AWS M a n a g e d M i c ro so f t AD u se c a se s Amazon Connect Amazon WorkMail Amazon WorkDocs RDS for SQL Amazon Amazon Server WorKSpaces QuickSight Amazon Chime Compatible AWS Applications and Services Learn more: https://aws.amazon.com/directoryservice Traditional AD Applications Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 57. AWS M a n a g e d M i c ro so f t AD u se c a se s Amazon Connect Amazon WorkMail Amazon WorkDocs RDS for SQL Amazon Amazon Server WorKSpaces QuickSight Amazon Chime Compatible AWS Applications and Services User Directory Traditional AD Applications Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services AWS Managed Microsoft AD © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 58. Azure AD Connect AD FS AWS M a n a g e d M i c ro so f t AD u se c a se s Amazon Connect Amazon WorkMail Amazon WorkDocs RDS for SQL Amazon Amazon Server WorKSpaces QuickSight Amazon Chime Compatible AWS Applications and Services Azure AD User Directory Pass- through Use Microsoft Tools with Web Applications Traditional AD Applications Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services AWS Managed Microsoft AD © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 59. AWS M a n a g e d M i c ro so f t AD u se c a se s Azure AD Connect AD FS Amazon Connect Amazon WorkMail Amazon WorkDocs RDS for SQL Amazon Amazon Server WorKSpaces QuickSight Amazon Chime Compatible AWS Applications and Services AWS SSO User Directory Traditional AD Applications Use AWS SSO with Web Applications Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services Azure AD Sync SAML AWS Managed Microsoft AD Use Microsoft Tools with Web Applications © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 60. © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved. AWS M a n a g e d M i c ro so f t AD u se c a se s Azure AD Connect AD FS Amazon Connect Amazon WorkMail Amazon WorkDocs RDS for SQL Amazon Amazon Server WorKSpaces QuickSight Amazon Chime Compatible AWS Applications and Services AWS SSO User Directory Traditional AD Applications Active Directory Extend Existing AD Remote Desktop Licensing .NET Apps SharePoint SQL Server Certificate Services SAML Use AWS SSO with Web Applications Sync Azure AD AWS Managed Microsoft AD Use Microsoft Tools with Web Applications Azure AD Connect
  • 61. How to install, administer, andconfigure
  • 62. Prerequisites you must create • Virtual Private Cloud (VPC) • Two subnets in different AZs • Optional on-premises link • AWS Direct Connect or Virtual Private Network (VPN) • Optional AD on-premises docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html Customer VPC Availability Zone 1 10.0.2.0/24 Availability Zone 2 10.0.3.0/24 Corporate data center Active Directory VPN Connection AWS Direct Connect Optional © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 63. During creation AWS creates • 2 DCs with Dynamic DNS • Elastic network interface in your subnets • One AWS security group docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html Customer VPC Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 AWS Managed VPC AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 2 VPN Connection AWS Direct Connect Corporate data center Active Directory Optional Use extreme caution modifying the security groups! © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 64. Best practice after creation docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html Customer VPC Availability Zone 1 10.0.2.0/24 10.0.3.0/24 Availability Zone 2 AWS Managed VPC AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC Availability Zone 1 Availability Zone 2 VPN Connection AWS Direct Connect Corporate data center Active Directory Optional • DHCP option sets • AWS security group (for your EC2 creations) • IAM role/policy for EC2 (AmazonEC2RoleforSSM) • Key-pair (PEM) file • EC2 Windows (Install AD Administration Tools) PEM File DHCP Opt Set IAM Role © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 65. Configure administration instance 1 RDP to Instance yourdomainadmin Add Features Group Policy Management AD DS and AD LDS Tools DNS Server Tools 2 Verify Tools Added Active Directory Administrative Center Active Directory Domains and Trusts Active Directory Module for Windows PowerShell Active Directory Sites and Services Active Directory Users and Computers ADSI Edit DNS Group Policy Management 3 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 66. Administer with AD tools Configure from AWS Console © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 67. Managing from AD Administration Tools 88-856-43-585 88-856-43-585 OU “admin” Customer Domain “administrator” © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 68. Managing from AD Administration Tools 88-856-43-58588-856-43-585 Customer OU “admin” Add OU and on-premises users/groups to reserved security groups © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 69. Demo Setup New AWS Managed Microsoft AD Explore Existing ManagedAD Explore ENIs, SG, IAM Roles Seamless DomainJoin
  • 71. Trusts Trust Access Active Directory Access requires permissions to resource in the trusting domain Active Directory © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 72. Forests, domains, treedomains Active Directory Root Domain Active Directory Child Domain Active Directory Child Domain Active Directory Child Domain Active Directory Tree Root Domain Active Directory Tree Child Domain AWS Managed Microsoft AD Single domain forest Active Directory Root Domain © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 73. AWS Managed Microsoft AD forest trust support Active Directory Root Domain Active Directory Child Domain Active Directory Child Domain Active Directory Child Domain Active Directory Tree Root Domain Active Directory Tree Child Domain AWS Managed Microsoft AD Single domain forest Active Directory Root Domain Forest Trust © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 74. AWS Managed Microsoft AD domain trust support Active Directory Root Domain Active Directory Child Domain Active Directory Child Domain Active Directory Child Domain Active Directory Tree Root Domain Active Directory Tree Child Domain AWS Managed Microsoft AD Single domain forest Active Directory Root Domain Domain Trust Domain Trust © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 75. AWS Managed Microsoft AD mixed trust support Active Directory Root Domain Active Directory Child Domain Active Directory Child Domain Active Directory Child Domain Active Directory Tree Root Domain Active Directory Tree Child Domain AWS Managed Microsoft AD Single domain forest Active Directory Root Domain Forest Trust Domain Trust © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 76. Customer VPC Availability Zone 1 10.0.2.0/24 AWS Managed VPC AWS Managed Microsoft AD DC Availability Zone 1 VPN Connection AWS Direct Connect Corporate data center Active Directory RDS for SQL Server AWS applications and trusts for hybrid IT use cases Traditional AD aware applications © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 77. AWS applications and trusts for hybrid IT use cases Customer VPC Availability Zone 1 10.0.2.0/24 AWS Managed VPC AWS Managed Microsoft AD DC Availability Zone 1 VPN Connection AWS Direct Connect Corporate data center Active Directory Amazon Connect Amazon Amazon WorkDocs WorkMail Amazon Chime AWS SSO Amazon Amazon WorKSpaces QuickSight RDS for SQL Server Traditional AD aware applications AWS cloud-based applications © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 79. Security event logging to Amazon CloudWatch © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 80. Use existing or create a new log group © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 82. Cross-account sharing © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 83. Customer VPC1 Account A Amazon WorKSpaces RDS for SQL Server EC2 Amazon Connect Amazon WorkMail Amazon WorkDocs Amazon QuickSight Amazon Chime AWS SSO AWS Internal DC APIs Communication paths to AWS Managed Microsoft AD Discover DCs Domain Join Read AWS Managed VPC DC1 DC2 DC3 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 84. Internal DC APIs inaccessible inother accounts Customer VPC1 Account A Amazon WorKSpaces RDS for SQL Server EC2 Amazon Connect Amazon WorkMail Amazon WorkDocs Amazon QuickSight Amazon Chime AWS SSO AWS Internal DC APIs Account B EC2 Customer VPC2 Peering Discover DCs Domain Join Read AWS Managed VPC DC1 DC2 DC3 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 85. Cross-account directory sharing Customer VPC1 Account A Amazon WorKSpaces RDS for SQL Server EC2 Amazon Connect Amazon WorkMail Amazon WorkDocs Amazon QuickSight Amazon Chime AWS SSO AWS Internal DC APIs Account B EC2 Customer VPC2 AWS Internal DC APIs Peering Discover DCs Domain Join Read AWS Managed VPC DC1 DC2 DC3 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 86. Sharing across multiple VPCs andaccounts DC1 DC2 DC3 AWS Managed VPC Account A Customer VPC2 Customer VPC3 Customer VPC4 Account B Customer VPC5 Account C Customer VPC6 Customer VPC1 © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 87. Recap • What AWS Managed Microsoft AD is • Key use cases • How applications use AWS Managed Microsoft AD • Deployment models (user vs. resource forest) • How to install, administer, and configure • Supported trust models • Security event logging • Directory sharing © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved.
  • 88. BONUS!! CAC/PIV AUTH TO AWSWorkspaces
  • 89. VPC AWSGovCloud Availability Zone1 Availability Zone2 NAT Gateway RDP Gateway Proxy NAT Gateway RDP Gateway Proxy ADDomain Controller DC-1 AmazonWorkSpaces AmazonWorkSpaces ADDomain Controller DC-2 AWSDirectConnect Internet gateway or Private Subnets Users AmazonEC2Auto Scaling External network routed Subnets Port443 ADConnector Private Subnets
  • 90. RDGateway Manage r File Action View Help X RDGatewayManager v i EC2AMAZ-NTOAJFQ(Local) " Policies .....Connection Authorization Policies Resource Authorization Policies Monitoring < > Connection Authorization Policies ARemoteDesktopconnectionauthorizationpoicy{ROCAP)allowsyou tospeafytheus= whocanconnecttothisRDGatewayserver. .O rnrd ,er -3 Poicy C,ApptiedinOrderUsted) UserGroups OientComputerGroups Status Default-CAP vaecdemoOomainAdmins;vae...Not applicableviocomputer gr... Enabled •• Alowed-RO{i atewayAccess vaecdemoOoman Admns;vae... Not applicableviocomputergr... Enabled Apply this policywhen a user attempts to connect to the RDGatewayserver: If the user isa member of any of the following usergroups: vaecdemo Domain Users If the client computer isa member of anyof the following compu te r groups: Not applicable (no computer group is specified) If the user uses the following supported Windows aut hentication methods: Password or smart card Allow the user to connect to this RD Gateway server and disable device redirection for the following client devices: Not applicab le(device redirectionis allowed for all clientdevices ) After the idle timeout is reached: -Not applicable (no idle timeout) After the session timeout is reached: - Not applicable(no session timeo ut) Ifthe userdoes not meet the conditions of thi.s policy, then RDGateway attempts to verify wheth er the user meets the conditions for the next policyin the list. .., = Actions Connection Authorization Policies .. ► ► Create New Policy 61Configure Central RDCAP View 19.Refresh 6 Help ..PIVauthorization Move Up • MoveDown @ Disable )( Delete □ Properties 6 Help
  • 91. RDGateway Manager File Action View Help .;--.. 1_.rmliJ tim X RDGatewayManager ,:l EC2AMAZ-NTOAJFQ(Local) K2AMAZ-NTOAJFQ(LocaO EC2AMAZ-NTOAJFQPropert iesRDGateway Server Status:EC2AMAZ ConnectionStatus Total number of connections ServerFann General Audlng SSLCertificate SSLBndong TransportSettings Messaong RDCAPStore X Number of users connected to this server Number of resources thatusers are connec ConfigurationStatus CertificateisneededfOfsecurecoomunicatlonal HTTPSIUDPUstenersandforNAP messaging.CertificateisautomaticallyboundtotheconfiguredHTTPand UDPports. i. Thefollowiig certificateisn staled onEC2AMAZ-NTOAJFQ .DConnection authorization policies ':.tJResource authorization policies ,:l RDGateway server farm members Issuedto: Issuedby : E,cpirationdate: 2/25/2020 corrc:,ute-1.amaoznaws.com compute-1.amaoznaws.com Specifythetype al SSLcertilcate toImport forthe RDGatewayserverby doingoneal the folowing: 0 Createasef-s ignedcertficate I =@ Select an eiostingcertificate fromthe RDGatewayEC2AMAZ-NTOAJFQ Certificates(LocalComputer)/Personalstore ImportCertiicate... 0 Importacertilcate into the RDGatewayEC2AMAZ-NTOAJFQ Certiicates (LocalComputer)/Personalstore I OK Cancel I fpply Actions ... EC2AMAZ-NTOAJFQ(Local) Do not manage thisserver Export policyand configuration settings Import policy and configuration settings @ Properties View ► LQ;Refre sh 6 Help Imports RDGateway configuration and policies from an xml file 2:41 PM == p (OJ e P!'I 0 c1x 09/6/2019
  • 92. RDGateway Manage r File Action View Help X RDGatewayManager ,:lEC2AMAZ-NTOAJFQ(Local) K2AMAZ-NTOAJFQ(LocaO EC2AMAZ·NTOAJFQPropertiesRDGat ewayServer Status: E C 2 A M A Z ConnectionStatus Total number of connections ServerFann General Audlng SSLCertificate SSLBndgng TransportSettings Messagng RDCAPStore X Number of users connected to this server Number of resources thatusers are connec Configuration Status Usingthesettlngsbelow.youcan modifytheIP/PortsforHTTPandUDPtransports.Note: BothRPC-HTTPandHTTPtransport sharethesamesettings. Connection authorization policies HTTPTransportSettings Resource authorization policies :JRDGateway server farm members IPAddress /!JIUnassigned V I •• HTTPS Port ( defaut 443) ._4_143 I. TTPPortd au 80 UDPTransport Settings 0 EnableUDPtransport IPAddress /!JIUnassigned v Port( default3391) OK Cancel I fpply Actions ..EC2AMAZ-NTOAJFQ(Loca l) Do not manage this server Export policy and configuration settings Importpolicy and configurationsettings ffi Properties View ► LQ;Refresh 6 Help 2:42 PM == p [OJ e e'.'I r.a O c1x 09/6/2019
  • 93.
  • 94.
  • 95.
  • 96.
  • 97.
  • 98.
  • 99. © 2018, Amazon Web Services, Inc. or its affiliates. All rightsreserved. Reference information Documentation AWS Directory Service—aws.amazon.com/directoryservice AWS Security Blog—aws.amazon.com/blogs/security/ (search for “AWS Managed Microsoft AD”) • AWS What’s New—aws.amazon.com/new/ (Security, Identity & Compliance) AWS Managed Microsoft AD—aws.amazon.com/documentation/directory-service/ RDS for SQL Server—aws.amazon.com/documentation/rds/ AWS Quick Starts— aws.amazon.com/quickstart/ Active Directory Domain Services Exchange Server 2013 SharePoint Server 2016 Enterprise Lync Server 2013 SQL Server 2014 AlwaysOn Windows PowerShell DSC