SlideShare a Scribd company logo

AWS AD Connector for On-Premises AD

Download as PPTX, PDF
Subramanyam Vemala
Subramanyam Vemala

AWS AD Connector - SSO - Directory Service - Cloud

Software
1 of 12
AWS – AD Connector for SAFE to connect to On-Premises AD
VPC AWS Cloud – SAFE Availability Zone 1 Availability Zone 2 Seamless Domain Join Instance Amazon EC2 Auto Scaling SAFE Users Private subnet Corporate data center AWS Direct Connect Elastic Load Balancing AD Connector Private subnet On-Premises ADEC2 InstancesEC2 Instances EC2 Instances Internet gateway Internet SAFE AWS Architecture in a VPC in a Region – with AD Connector.
AD Connector: With AD Connector you can connect AWS Directory Service to your existing enterprise directory.
Security features with AD Connector: 1. When connected to your existing directory, all of your directory data remains on your domain controllers. 2. AWS Directory Service does not replicate any of your directory data. 3. AD Connector allows you to proxy directory requests from AWS Enterprise IT applications to your on-premises Microsoft Active Directory, without caching any information in the cloud. 4. You can consistently enforce existing security policies (such as password expiration, password history, and account lockouts) whether users or IT administrators are accessing resources in your on-premises infrastructure or in the AWS Cloud.
Security features with AD Connector: 5. The VPC must be connected to your existing network through a Virtual Private Network (VPN) connection or AWS Direct Connect. 6. By default VPC takes default hardware tenancy. (Multi-Tenant Hardware (logically isolated)) We can opt for Single-tenant hardware/ dedicated hardware - The dedicated model means that your EC2 instances will only run on hardware with other instances that you've deployed, no other customers will use the same piece of hardware as you.)AWS Directory Service does not replicate any of your directory data. 7. Need to configure the IP’s of two DNS servers or domain controllers of the AD Connector in the existing on-premises AD.
Security features with AD Connector: 8. The firewall for your existing network must have the following ports open to the CIDRs for both subnets in your Amazon VPC. 1. TCP/UDP 53 - DNS 2. TCP/UDP 88 - Kerberos authentication 3. TCP/UDP 389 – LDAP These are the minimum ports that are needed before AD Connector can connect to your directory. Your specific configuration may require additional ports be open. 9. User accounts must have Kerberos pre-authentication enabled. 10. Rotate Admin Credentials Regularly: Change your AD Connector service account Admin password regularly, and make sure that the password is consistent with your existing Active Directory password policies.
Security features with AD Connector: 11. Enable Multi-Factor Authentication for AD Connector: You can use AD Connector to enable multi-factor authentication by integrating with your existing RADIUS-based MFA infrastructure to provide an additional layer of security when users access AWS applications. 12. Proper On-Premises AD server configurations: Provide proper delegation of control and permissions must be given to the Connectors to the group. AD password policy must be followed. 13. Use the appropriate IAM role with policy enabled.
Security features with AD Connector: 14. AD Connector service account: To connect to your existing directory, you must have the credentials for your AD Connector service account configured in the existing directory and that has been delegated with appropriate privileges as per the need. While members of the Domain Admins group of the AWS Service account must have sufficient privileges to connect to the directory. As a best practice, you should use a AWS service account that only has the minimum privileges necessary to connect to the directory.
Security features with AD Connector: 15. Encryption types: AD Connector supports the following encryption types when authenticating to your Active Directory domain controllers. • AES-256-HMAC • AES-128-HMAC • RC4-HMAC
Appendix: Active Directory Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/directory_ad_connector.html Prerequisites for AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/prereq_connector.html Create AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/create_ad_connector.html
Appendix: Securing your AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/ad_connector_security.html MFA for AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/ad_connector_mfa.html Seamlessly Join a Windows EC2 Instance: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/ad_connector_launching_instance.html Best Practices for AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/ad_connector_best_practices.html
Appendix: Limits for AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/ad_connector_limits.html

Recommended

(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014Amazon Web Services
 
Aws managed microsoft ad
Aws managed microsoft adAws managed microsoft ad
Aws managed microsoft adSubramanyam Vemala
 
Securing enterprise big data workloads on AWS
Securing enterprise big data workloads on AWSSecuring enterprise big data workloads on AWS
Securing enterprise big data workloads on AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWS Amazon Web Services
 
AWS Key Management
AWS Key ManagementAWS Key Management
AWS Key ManagementNantha Kumar Rajasekaren
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day Amazon Web Services
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsAmazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS Amazon Web Services
 

Recommended

(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014Amazon Web Services
 
Aws managed microsoft ad
Aws managed microsoft adAws managed microsoft ad
Aws managed microsoft adSubramanyam Vemala
 
Securing enterprise big data workloads on AWS
Securing enterprise big data workloads on AWSSecuring enterprise big data workloads on AWS
Securing enterprise big data workloads on AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWS Amazon Web Services
 
AWS Key Management
AWS Key ManagementAWS Key Management
AWS Key ManagementNantha Kumar Rajasekaren
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day Amazon Web Services
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsAmazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS Amazon Web Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWSAmazon Web Services
 
In Depth: AWS Shared Security Model
In Depth: AWS Shared Security ModelIn Depth: AWS Shared Security Model
In Depth: AWS Shared Security ModelAmazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
Introduction of AWS KMS
Introduction of AWS KMSIntroduction of AWS KMS
Introduction of AWS KMSRicardo Schmidt
 
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014Amazon Web Services
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
 
AWS Cryptography Services – Addressing your data security and compliance need...
AWS Cryptography Services – Addressing your data security and compliance need...AWS Cryptography Services – Addressing your data security and compliance need...
AWS Cryptography Services – Addressing your data security and compliance need...Amazon Web Services
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWSAmazon Web Services
 
AWS Storage services
AWS Storage servicesAWS Storage services
AWS Storage servicesNagesh Ramamoorthy
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Amazon Web Services
 
Amazon Web Services Federation Integration Governance Workshop with Layer 7
Amazon Web Services Federation Integration Governance Workshop with Layer 7Amazon Web Services Federation Integration Governance Workshop with Layer 7
Amazon Web Services Federation Integration Governance Workshop with Layer 7CA API Management
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
Protecting your data in AWS
Protecting your data in AWS Protecting your data in AWS
Protecting your data in AWS Dinah Barrett
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management ServicesNagesh Ramamoorthy
 
IOTA Powered Chicken Coup
IOTA Powered Chicken CoupIOTA Powered Chicken Coup
IOTA Powered Chicken CoupKevin Mwega
 
Federation
Federation Federation
Federation Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...AWS Germany
 

More Related Content

What's hot

In Depth: AWS Shared Security Model
In Depth: AWS Shared Security ModelIn Depth: AWS Shared Security Model
In Depth: AWS Shared Security ModelAmazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014Amazon Web Services
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
 
AWS Cryptography Services – Addressing your data security and compliance need...
AWS Cryptography Services – Addressing your data security and compliance need...AWS Cryptography Services – Addressing your data security and compliance need...
AWS Cryptography Services – Addressing your data security and compliance need...Amazon Web Services
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Amazon Web Services
 
Amazon Web Services Federation Integration Governance Workshop with Layer 7
Amazon Web Services Federation Integration Governance Workshop with Layer 7Amazon Web Services Federation Integration Governance Workshop with Layer 7
Amazon Web Services Federation Integration Governance Workshop with Layer 7CA API Management
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
Protecting your data in AWS
Protecting your data in AWS Protecting your data in AWS
Protecting your data in AWS Dinah Barrett
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management ServicesNagesh Ramamoorthy
 
IOTA Powered Chicken Coup
IOTA Powered Chicken CoupIOTA Powered Chicken Coup
IOTA Powered Chicken CoupKevin Mwega
 

What's hot (20)

Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
In Depth: AWS Shared Security Model
In Depth: AWS Shared Security ModelIn Depth: AWS Shared Security Model
In Depth: AWS Shared Security Model
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
 
Introduction of AWS KMS
Introduction of AWS KMSIntroduction of AWS KMS
Introduction of AWS KMS
 
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
 
AWS Cryptography Services – Addressing your data security and compliance need...
AWS Cryptography Services – Addressing your data security and compliance need...AWS Cryptography Services – Addressing your data security and compliance need...
AWS Cryptography Services – Addressing your data security and compliance need...
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
AWS Storage services
AWS Storage servicesAWS Storage services
AWS Storage services
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
 
Amazon Web Services Federation Integration Governance Workshop with Layer 7
Amazon Web Services Federation Integration Governance Workshop with Layer 7Amazon Web Services Federation Integration Governance Workshop with Layer 7
Amazon Web Services Federation Integration Governance Workshop with Layer 7
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
 
Protecting your data in AWS
Protecting your data in AWS Protecting your data in AWS
Protecting your data in AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management Services
 
IOTA Powered Chicken Coup
IOTA Powered Chicken CoupIOTA Powered Chicken Coup
IOTA Powered Chicken Coup
 
Federation
Federation Federation
Federation
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 

Similar to AWS AD Connector for On-Premises AD

Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...AWS Germany
 
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...Amazon Web Services
 
Running Microsoft Workloads on AWS
Running Microsoft Workloads on AWSRunning Microsoft Workloads on AWS
Running Microsoft Workloads on AWSAmazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Amazon Web Services
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsAmazon Web Services
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWSTriNimbus
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWSAllice Shandler
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...Amazon Web Services
 
Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201Amazon Web Services
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive Amazon Web Services
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAmazon Web Services
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsAmazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Amazon Web Services
 
Using Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud WorkloadsUsing Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud WorkloadsAmazon Web Services
 
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayPragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayAmazon Web Services
 
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Amazon Web Services
 

Similar to AWS AD Connector for On-Premises AD (20)

Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud
 
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
 
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
 
Microsoft Workloads on AWS
Microsoft Workloads on AWSMicrosoft Workloads on AWS
Microsoft Workloads on AWS
 
Running Microsoft Workloads on AWS
Running Microsoft Workloads on AWSRunning Microsoft Workloads on AWS
Running Microsoft Workloads on AWS
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
 
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS Workloads
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWS
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWS
 
Deep Dive: Hybrid Architectures
Deep Dive: Hybrid ArchitecturesDeep Dive: Hybrid Architectures
Deep Dive: Hybrid Architectures
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
 
Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS Workloads
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2
 
Using Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud WorkloadsUsing Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud Workloads
 
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayPragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
 
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
 

More from Subramanyam Vemala

Domain Driven Development (DDD)
Domain Driven Development (DDD)Domain Driven Development (DDD)
Domain Driven Development (DDD)Subramanyam Vemala
 
AWS Amazon Quantum Ledger Database (QLDB)
AWS Amazon Quantum Ledger Database (QLDB)AWS Amazon Quantum Ledger Database (QLDB)
AWS Amazon Quantum Ledger Database (QLDB)Subramanyam Vemala
 
A Java Microservices Spring Boot and Docker case study.
A Java Microservices Spring Boot and Docker case study.A Java Microservices Spring Boot and Docker case study.
A Java Microservices Spring Boot and Docker case study.Subramanyam Vemala
 
Java microservicesdockerdockerhubusecase2
Java microservicesdockerdockerhubusecase2Java microservicesdockerdockerhubusecase2
Java microservicesdockerdockerhubusecase2Subramanyam Vemala
 
Java microservicesspringbootcasestudy2
Java microservicesspringbootcasestudy2Java microservicesspringbootcasestudy2
Java microservicesspringbootcasestudy2Subramanyam Vemala
 
AWS SNS - Notifications through SMS and Email
AWS SNS - Notifications through SMS and EmailAWS SNS - Notifications through SMS and Email
AWS SNS - Notifications through SMS and EmailSubramanyam Vemala
 
Creating AppStream users through User Pool
Creating AppStream users through User Pool Creating AppStream users through User Pool
Creating AppStream users through User Pool Subramanyam Vemala
 
Creating AppStream apps and configuring users with Domain Join.
Creating AppStream apps and configuring users with Domain Join.Creating AppStream apps and configuring users with Domain Join.
Creating AppStream apps and configuring users with Domain Join.Subramanyam Vemala
 
AWS CodeCommit – Securing the Repository and Branches
AWS CodeCommit – Securing the Repository and BranchesAWS CodeCommit – Securing the Repository and Branches
AWS CodeCommit – Securing the Repository and BranchesSubramanyam Vemala
 
AWS IAM User Setup for CodeCommit
AWS IAM User Setup for CodeCommitAWS IAM User Setup for CodeCommit
AWS IAM User Setup for CodeCommitSubramanyam Vemala
 
Migration architecture on_prem
Migration architecture on_premMigration architecture on_prem
Migration architecture on_premSubramanyam Vemala
 

More from Subramanyam Vemala (14)

Domain Driven Development (DDD)
Domain Driven Development (DDD)Domain Driven Development (DDD)
Domain Driven Development (DDD)
 
AWS Amazon Quantum Ledger Database (QLDB)
AWS Amazon Quantum Ledger Database (QLDB)AWS Amazon Quantum Ledger Database (QLDB)
AWS Amazon Quantum Ledger Database (QLDB)
 
A Java Microservices Spring Boot and Docker case study.
A Java Microservices Spring Boot and Docker case study.A Java Microservices Spring Boot and Docker case study.
A Java Microservices Spring Boot and Docker case study.
 
Java microservicesdockerdockerhubusecase2
Java microservicesdockerdockerhubusecase2Java microservicesdockerdockerhubusecase2
Java microservicesdockerdockerhubusecase2
 
Java microservicesspringbootcasestudy2
Java microservicesspringbootcasestudy2Java microservicesspringbootcasestudy2
Java microservicesspringbootcasestudy2
 
Aws centralized logs
Aws centralized logsAws centralized logs
Aws centralized logs
 
AWS SNS - Notifications through SMS and Email
AWS SNS - Notifications through SMS and EmailAWS SNS - Notifications through SMS and Email
AWS SNS - Notifications through SMS and Email
 
Creating AppStream users through User Pool
Creating AppStream users through User Pool Creating AppStream users through User Pool
Creating AppStream users through User Pool
 
Creating AppStream apps and configuring users with Domain Join.
Creating AppStream apps and configuring users with Domain Join.Creating AppStream apps and configuring users with Domain Join.
Creating AppStream apps and configuring users with Domain Join.
 
AWS CodeCommit – Securing the Repository and Branches
AWS CodeCommit – Securing the Repository and BranchesAWS CodeCommit – Securing the Repository and Branches
AWS CodeCommit – Securing the Repository and Branches
 
AWS IAM User Setup for CodeCommit
AWS IAM User Setup for CodeCommitAWS IAM User Setup for CodeCommit
AWS IAM User Setup for CodeCommit
 
AWS CodeCommit Setup
AWS CodeCommit SetupAWS CodeCommit Setup
AWS CodeCommit Setup
 
Migration architecture on_prem
Migration architecture on_premMigration architecture on_prem
Migration architecture on_prem
 
Aws over view_demoppt
Aws over view_demopptAws over view_demoppt
Aws over view_demoppt
 

Recently uploaded

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 

Recently uploaded (20)

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 

AWS AD Connector for On-Premises AD

  • 1. AWS – AD Connector for SAFE to connect to On-Premises AD
  • 2. VPC AWS Cloud – SAFE Availability Zone 1 Availability Zone 2 Seamless Domain Join Instance Amazon EC2 Auto Scaling SAFE Users Private subnet Corporate data center AWS Direct Connect Elastic Load Balancing AD Connector Private subnet On-Premises ADEC2 InstancesEC2 Instances EC2 Instances Internet gateway Internet SAFE AWS Architecture in a VPC in a Region – with AD Connector.
  • 3. AD Connector: With AD Connector you can connect AWS Directory Service to your existing enterprise directory.
  • 4. Security features with AD Connector: 1. When connected to your existing directory, all of your directory data remains on your domain controllers. 2. AWS Directory Service does not replicate any of your directory data. 3. AD Connector allows you to proxy directory requests from AWS Enterprise IT applications to your on-premises Microsoft Active Directory, without caching any information in the cloud. 4. You can consistently enforce existing security policies (such as password expiration, password history, and account lockouts) whether users or IT administrators are accessing resources in your on-premises infrastructure or in the AWS Cloud.
  • 5. Security features with AD Connector: 5. The VPC must be connected to your existing network through a Virtual Private Network (VPN) connection or AWS Direct Connect. 6. By default VPC takes default hardware tenancy. (Multi-Tenant Hardware (logically isolated)) We can opt for Single-tenant hardware/ dedicated hardware - The dedicated model means that your EC2 instances will only run on hardware with other instances that you've deployed, no other customers will use the same piece of hardware as you.)AWS Directory Service does not replicate any of your directory data. 7. Need to configure the IP’s of two DNS servers or domain controllers of the AD Connector in the existing on-premises AD.
  • 6. Security features with AD Connector: 8. The firewall for your existing network must have the following ports open to the CIDRs for both subnets in your Amazon VPC. 1. TCP/UDP 53 - DNS 2. TCP/UDP 88 - Kerberos authentication 3. TCP/UDP 389 – LDAP These are the minimum ports that are needed before AD Connector can connect to your directory. Your specific configuration may require additional ports be open. 9. User accounts must have Kerberos pre-authentication enabled. 10. Rotate Admin Credentials Regularly: Change your AD Connector service account Admin password regularly, and make sure that the password is consistent with your existing Active Directory password policies.
  • 7. Security features with AD Connector: 11. Enable Multi-Factor Authentication for AD Connector: You can use AD Connector to enable multi-factor authentication by integrating with your existing RADIUS-based MFA infrastructure to provide an additional layer of security when users access AWS applications. 12. Proper On-Premises AD server configurations: Provide proper delegation of control and permissions must be given to the Connectors to the group. AD password policy must be followed. 13. Use the appropriate IAM role with policy enabled.
  • 8. Security features with AD Connector: 14. AD Connector service account: To connect to your existing directory, you must have the credentials for your AD Connector service account configured in the existing directory and that has been delegated with appropriate privileges as per the need. While members of the Domain Admins group of the AWS Service account must have sufficient privileges to connect to the directory. As a best practice, you should use a AWS service account that only has the minimum privileges necessary to connect to the directory.
  • 9. Security features with AD Connector: 15. Encryption types: AD Connector supports the following encryption types when authenticating to your Active Directory domain controllers. • AES-256-HMAC • AES-128-HMAC • RC4-HMAC
  • 10. Appendix: Active Directory Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/directory_ad_connector.html Prerequisites for AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/prereq_connector.html Create AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/create_ad_connector.html
  • 11. Appendix: Securing your AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/ad_connector_security.html MFA for AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/ad_connector_mfa.html Seamlessly Join a Windows EC2 Instance: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/ad_connector_launching_instance.html Best Practices for AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/ad_connector_best_practices.html
  • 12. Appendix: Limits for AD Connector: https://docs.aws.amazon.com/directoryservice/latest/admin- guide/ad_connector_limits.html