Most enterprises have come to rely upon Active Directory for authentication and authorization—for users, workstations, servers, and business applications. Among your first considerations when planning a major implementation initiative will be how best to architect Active Directory—and how best to take advantage of the benefits of the AWS cloud. This session focuses on three design patterns: Single Forest, Federated, and Disconnected. Covering general design guidance for Active Directory in AWS, what to look for when deciding what to choose and the practical implications of that choice, and the three patterns themselves.
7. A managed service that allows you to connect your AWS resources
with a Microsoft Active Directory or AD compatible directory in the
AWS cloud, or an existing on-premises Microsoft AD directory
Deploy and operate traditional workloads like Microsoft Exchange,
SharePoint, SQL Server, and .NET applications in the AWS cloud
Provide single sign-on (SSO) across all your AWS applications like
Amazon Workspaces, Amazon WorkDocs, Amazon WorkMail, and
the AWS Management Console, as well as RDS SQL Server, and
domain joined EC2 Linux and Windows instances
What is the AWS Directory Service
8. Microsoft Active Directory (Enterprise Edition)
Highly available directory running Microsoft Active Directory on
Windows Server 2012 R2. Offering full Activity Directory functionality,
including trust relationships and data replication
Simple AD
Samba 4 Active Directory Compatible Server that supports a subset of
functionality including Kerberos-based single sign-on, group policies
AD Connector
Proxies directory requests across AWS Direct Connect or VPN
connection to an existing, on-premises Microsoft Active Directory
AWS Directory Service Directory Types
9. AWS Directory Service Benefits
Familiar
Single Sign-On
Simplifies
Deployments
Managed
Service
Cost
Effective
10. Simplifies Deployments
Domain-join Linux and Microsoft
Windows instances
Define and apply Group Policy
Objects
Migrate directory-aware Windows
applications such as Exchange,
SharePoint, or custom .NET
11. Cost-Effective
Trade capital expense for variable expense
Benefit from massive economies of scale
Pay only for what you use
No long-term commitments
14. Single Sign-On
Use existing, corporate credentials
Map IAM roles to directory users and groups
SSO for AWS Work applications, the AWS
Management Console, domain joined EC2
instances, RDS SQL Server, and directory
dependent Microsoft applications
15. Directory Comparison
AWS Directory Service
Simple AD*
(small)
Simple AD*
(large)
Microsoft AD
(Enterprise)
Hourly $0.05 $0.15 $0.40
Monthly $36.50 $109.50 $292.00
Annually $438.00 $1,314.00 $3,504.00
Feature Comparison
Maximum Users Supported 500 5,000 50,000
Built-in Monitoring and Recovery
Built-in High Availability
Built-in Backup and Restore
Auto Scaling - Q2 2016
Ability to Domain Join to Hierarchical OUs
LDAP Support
Policy Configuration for Targeted OUs
Support for Schema Extensions - Q1 2016
Support for Domain Trusts -
Provision AD Directories On-Demand -
Manage Users/Groups using Exisitng AD Tools
SAML Federation - -
Built-in Security at Rest - Encrypted EBS
Security on Wire HTTPS HTTPS
* Prices for AD Connector and Simple AD are equivalent
18. Try AWS Directory Service For Free
Log into the AWS Management Console and launch a directory
Choose between Microsoft AD, Simple AD and AD Connector
Your first 750 hours are free https://console.aws.amazon.com
19. Learn More About AWS Directory Service
Get Started with AWS Directory Service:
https://aws.amazon.com/directoryservice/getting-started
Learn more about AWS Directory Service:
https://aws.amazon.com/directoryservice
Frequently asked questions:
https://aws.amazon.com/directoryservice/faqs