11 March,2022 by Tom Collins
Best practices for running Microsoft Active Directory Services on AWS
To extend Active Directory Services from on-prem to AWS - that is the question
I watched a very informative video by Boris Nisenbaum at AWS
These are my video notes , with some added questions\ comments . Full video at bottom
Options for running MS Active Directory (AD) on AWS
Primary reason to deploy AD is to support Windows workloads running on AWS. A standard use case - might be deploying AWS RDS SQL Server with Single-Sign on with on-prem resources
Option 1 : self managed AWS EC2. Deploy domain controllers and add to forest
--expand on-premises and extend the corporate AD
--retain full admin access
Option 2: AWS Managed Microsoft AD
- based on MS AD
-single tenant , dedicated to customer
- default of 2 domain controllers
- provides delegated admin authority
- supports standard AD management tools
-AWS managed infrastructure
-seamless integration with AWS services such as RDS
Common deployment patterns
-extending your AD to AWS on Amazon EC2
- 2 DC to 2 Regions
-AWS AD - deploy a separate active forest with one or two -way truct
- will allow\support access to on-prem resources
Patterns for architecture
- common single region - AD on Amazon EC2
- Multi-region design - AD on Amazon EC2
-AWS managed AD - single region
-AWS managed AD - multi region
benefits of managed AD
- seamless integration with AD
- reduce management overhead
- faster deployments using APIs
- High Availability
SQL Server RDS will only work with AWS AD managed services to work with SSO . A one-way or two-way trust is required
Watch the full video
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |