SlideShare a Scribd company logo

Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Active Directory

Amazon Web Services
Amazon Web Services

As you continue along your cloud migration journey with AWS, moving Windows workload to the AWS Cloud is a critical step. It is essential to have an Active Directory in the cloud to seamlessly support your group policy management, authentication, and authorization. Learn more about it in this overview session on AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft Active Directory (AD). Hear from the experts about the basics of this service, how to get started and its various use cases including its ability for trust-based federation

1 of 44
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Microsoft Global Specialty Practice LeadMigration Patterns Global Lead Mark Szalkiewicz MarkSza@ AWS Professional Services Introduction to AWS Directory Service for Microsoft Active Directory
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Introduction to AWS Managed Microsoft AD • Options to support Workloads • Introduction - What is AWS Managed Microsoft AD? • Shared Responsibilities • Use Cases • Deployment Models • Pre-req’s, Post-req’s, and Considerations • New: Directory Sharing (Cross accounts + VPCs) • Administration • Summary
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD Options to Support Windows Workloads On-premises Windows Server DC AD 1 VPC EC2 for Windows Server DC AD 2 VPC Endpoint AWS Managed Microsoft AD 3 AWS Directory Service for Microsoft Active Directory also known as AWS Managed Microsoft AD DC – Active Directory Domain Controller VPC – Amazon Virtual Private Cloud Endpoint – Accessed via IP address in your VPC
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Options for AD-aware Cloud Workloads On-premises Windows Server DC AD You manage 1 VPC EC2 for Windows Server DC AD You manage 2 You do everything… • You install and manage domain controllers • You manually join EC2 instances to your self-managed AD Use AD Connector to simplify connecting workloads in AWS to your self-managed AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Options for AD-aware Cloud Workloads On-premises Windows Server DC AD You manage 1 VPC EC2 for Windows Server DC AD You manage 2 VPC Endpoint AWS Managed Microsoft AD AWS manages 3 AWS Directory Service for Microsoft Active Directory
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Introduction
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What AWS Managed Microsoft AD Is AWS managed, actual Microsoft Active Directory Windows 2012 R2 domain controllers (DC) • ~3-click setup from directory service console or script through API • 2 DCs each in separate Availability Zones (AZs) • Scale-out with additional DCs • Dynamic DNS • Compliance audited Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD DC DC
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What AWS Managed Microsoft AD Is Enterprise Edition = Standard Edition plus enterprise features Currently same features Priced per DC per hour (2 DC minimum) 30-day limited free trial Two Editions Enterprise Edition Standard Edition Storage Capacity 17GB 1GB Performance Optimized 100,000+ employees Up to 5,000 employees
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Shared Responsibility
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Shared Responsibilities Customer - Administers Configure password policies Configure trusts (resource forest deployment) Configure Certificate Authorities (for LDAPS) Configure federation Administer users, groups, GPOs, other AD content Administration via Active Directory Users and Computers (ADUC) and other standard AD tools Add domain controllers as needed Amazon - Operates • Multi-AZ deployment, patch, monitor, DC recovery, snapshot, restore Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 APP App Server WEB IIS Server AWS Managed Services D C AWS Managed Microsoft AD DC Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 APP App Server WEB IIS Server AWS Managed Services D C AWS Managed Microsoft AD DC
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Use Cases
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Where can AWS Managed AD help me? • Amazon EC2 instances • AD aware workloads • AWS Apps and Services • On-premise AD • SaaS applications
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Use Cases Amazon WorkSpaces AWS Managed Microsoft AD On-Premises Microsoft Active Directory RDS for SQL Server On-Premises User Credentials Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Active Directory Federation Service (AD FS) Amazon Chime Amazon Connect 1 AWS Apps & Services Amazon Windows EC2 Instances Amazon Linux EC2 Instances 2 Amazon EC2 .NET Applications SharePoint 3 AD-aware Workloads SQL ServerRemote Desktop Licensing Manager .NET SPS SQL Server RD Licensing 5 On-Premises AD 4 SaaS Applications Azure AD AD FS Corporate Data Center Trust relationship Authorization & Access Management & Access Management & Access Federated Access VPN connection
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD Connector AD Connector SaaS Applications Azure AD Self-managed Microsoft Active Directory On-premises user credentials Corporate data center or Your VPCVPN Direct Connect or AD FS Server SAML authenticate Synchronize users Azure AD Connect Server Amazon EC2 Seamless Domain Join Amazon Windows EC2 instances Amazon WorkSpaces Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect AWS Apps & Services Provision & Authenticate .NET Applications Server SharePoint Server SQL ServerRemote Desktop Licensing Manager Enterprise Certificate Authority AD-aware Workloads .NET SharePoint SQL Server RD Licensing Certificate Services
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Deployment Models
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AW S Managed Microsof t A D as a Primary D irect ory AWS Managed Microsoft AD SaaS Applications Azure ADSAML authenticate Synchronize users AD FS Server AD FS Azure AD Connect Server Federate ADSync Enabling features • Delegated administration for built-in groups • RAS and IAS servers (Network Policy Server) • Terminal Server Licensing Servers (Remote Desktop Licensing Manager) • Schema extensions • Group Managed Service Accounts (gMSA) • Kerberos Constrained Delegation • Register for change notifications • Add Microsoft Enterprise CA • Enable LDAPS Administer users & groups Manage, authenticate, & authorize .NET Applications Server SharePoint Server SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing Enterprise Certificate Authority Certificate Services AD-aware Workloads Domain join & manage Amazon Windows EC2 instances Amazon Linux EC2 instances Amazon EC2 Amazon WorKSpaces RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect Enable, authenticate, & authorize AWS Apps & Services
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AW S Managed Microsof t A D as a R esource direct ory Amazon WorkSpaces AWS Managed Microsoft AD RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect .NET Applications Server SharePoint Server SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing SaaS Applications Azure AD Enable, authenticate, & authorize Manage, authenticate, & authorize Manage, authenticate, & authorize Enterprise Certificate Authority Certificate Services Self-Managed Microsoft Active Directory On-premises user credentials Corporate data centerVPN Direct Connect or AD FS Server SAML authenticate Synchronize users Azure AD Connect Server Amazon Windows EC2 instances Amazon Linux EC2 Instances AD-aware Workloads AWS Apps & Services Amazon EC2
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark D eployment Models Resource Directory AWS Managed Microsoft AD Primary Directory AWS Managed Microsoft AD On-premises data center AD Microsoft Windows Server DC (customer managed) Primary Directory AD Microsoft Windows Server DC (customer managed) or or
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Let ’s not f orget - AW S SSO Architecture Summary: • Leverage AWS Organizations to manage SSO IDs • Use AD Connector over AWS Direct Connect to establish trust with on-prem MSFT AD domain controller • SAML 2.0 token used to verify client credentials • Modern MSFT Application deployed in VPC with preferred enterprise account configuration, tagging and security configurations • SSO solution permits cross- account user management
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Using AWS Managed Microsoft AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Requisites to Use AWS Managed Microsoft AD Prerequisites • Virtual Private Cloud (VPC) • Two subnets in different AZs • Optional on-premises link • Virtual Private Network (VPN) • Amazon Direct Connect Availability Zone 10.0.2.0/24 Availability Zone 10.0.3.0/24 Optional VPN Direct Connect OrOr On-premises Data Center
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Requisites to Use AWS Managed Microsoft AD Post Directory Creation • DHCP Option Sets • AWS Security Group • IAM Role & Policy for EC2 (AmazonEC2RoleforSSM) • Key-pair (PEM) file • EC2 Windows (AD Administration Tools) Availability Zone 10.0.2.0/24 Availability Zone 10.0.3.0/24 Optional VPN Direct Connect OrOr On-premises Data Center DHCP Option Set AD Admin Tools DC AWS Managed Microsoft AD DC AWS Managed Microsoft AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Auth/ LDAP Auth/ LDAP DB RDS for SQL Server Availability Zone Private Subnet 10.0.2.0/24 APPWEB App Server IIS Server Availability Zone Private Subnet 10.0.3.0/24 APPWEB App Server IIS Server Remote Users/Admins Domain Controllers Corporate data center Example: AWS Managed Microsoft AD trust to on-premises DB RDS SQL Server AWS Managed Services AWS Managed Services Trust Application Auth/ LDAP VPN Direct Connect AD DC AWS Managed Microsoft AD DC AWS Managed Microsoft AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark C onsiderat ions f or AW S apps/services and many VPC s AWS Managed Microsoft AD requires a trust when used with on- premises AD* WorkSpaces and RDS for SQL must be in same VPC as AWS Managed Microsoft AD, QuickSight in the same account • Option 1 – Least cost, fewest trusts • Deploy AWS Managed Microsoft AD in one VPC • Deploy all RDS for SQL and WorkSpaces instances in same VPC • Use tagging for internal billing • Option 2 – Easiest billing, complex trust configuration, high cost • Deploy AWS Managed Microsoft AD in each VPC • Deploy RDS for SQL and WorkSpaces instance(s) in each VPC *1-way trust for RDS for SQL Server, 2-way trust to provision Amazon WorkSpaces, Amazon QuickSight etc.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Time tested, secure model The trusting forest has no admin control over the trusted forest Trusted users have cloud resource access, but only if entitled by trusting admins (you control both sides) Cloud identities have no access to on-premises resources unless: 1. On-premises trusts the cloud AND 2. On-premises admins grant permissions to identities in the cloud Forest trusts AD On-premises network VPC Trust Windows AD DC Access Domain Local Security group (access entitlements here) Universal Security group Trusting Trusted Cloud On-premises AWS Managed Microsoft AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark No trust vs. 1-way vs. 2-way trusts Do you need users from one forest to access resources in another forest? • If no, use no trust Can you use only a 1-way trust? • If yes, only use 1-way • RDS for SQL Server with on-premises users requires at least 1-way Is a 2-way trust required? • If yes, use 2-way trust • WorkSpaces, QuickSight Enterprise Edition, and Chime use 2-way trusts • On-premises to AWS Managed Microsoft AD trust used only to read users/groups to provision them into the application Always Secure Your Trust
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Securing trusts Leave SID filtering on when setting up the on-premises side of a trust Turn on selective authentication on the on-premises side of a trust • https://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx#w2k3tr_trust_security_zyzk Only permit AD trust ports to the DCs in the cloud • https://technet.microsoft.com/en-us/library/cc756944(v=ws.10).aspx For cloud-client-to-AD, only permit AD authentication ports to on-premises AD; minimize all other ports from cloud to on-premises (e.g., WorkSpaces login using on-premises credentials) • https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts Don’t grant groups in the cloud access to on-premises resources
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark New Announcements Summary: On September 25, we enabled customers to share a single AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) with multiple AWS accounts The problem: Increased management effort and complexity, making it difficult and more expensive to deploy directory-aware workloads in AWS • Could not domain join EC2 instances from multiple accounts and VPCs seamlessly to a single AWS Managed Microsoft AD • Had to deploy AWS Managed Microsoft AD in each account and VPC, or manually domain join the EC2 instances to the directory The solution: Share a single directory with multiple AWS accounts using Directory Service S console or AP • Directory sharing works at the account level, this also makes the directory visible to all VPCs within the accounts to which the customer shared the directory • To domain join EC2 instances to the directory seamlessly must establish networking connectivity between the VPCs where they deployed the directory and the VPCs where they will deploy the EC2 instances
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Admin with AWS Managed Microsoft AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Administration Model
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Administration Model 88-856-43-585 88-856-43-585 Domain “administrator” OU “admin” Customer
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Administration Model 88-856-43-585 88-856-43-585 OU “admin” Customer
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Managing f rom AW S D irect ory Service C onsole
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Managing f rom AW S D irect ory Service C onsole
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Managing f rom AW S D irect ory Service C onsole
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Administration Model
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD options – AWS Managed Microsoft AD AWS apps and services integration • AWS Management Console access VPC Endpoint myname myname AWS Managed Microsoft AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD AD options - AWS Managed Microsoft AD AWS apps and services integration • AWS Management Console access • EC2 seamless domain join VPC Endpoint AWS Managed Microsoft AD VPC Endpoint AWS Managed Microsoft AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD AD options - AWS Managed Microsoft AD AWS apps and services integration • AWS Management Console access • EC2 seamless domain join • RDS for SQL Server (Windows authentication, authorization) VPC Endpoint AWS Managed Microsoft AD VPC Endpoint AWS Managed Microsoft AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD AD options - AWS Managed Microsoft AD AWS apps and services integration • AWS Management Console access • EC2 seamless domain join • RDS for SQL Server (Windows authentication, authorization) • WorkSpaces, WorkDocs, WorkMail, QuickSight Enterprise, Connect, Chime Plus/Pro (provisioning and authentication) VPC Endpoint AWS Managed Microsoft AD VPC Endpoint AWS Managed Microsoft AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD AD options - AWS Managed Microsoft AD Example AD-aware application compatibility • SharePoint • SQL Server Always On Availability Groups • Local Administrator Password Solution (LAPS) • Active Directory Federation Service (AD FS) • Azure AD Connect • .NET applications • group Managed Service Accounts (gMSA) • Kerberos Constrained Delegation VPC Endpoint AWS Managed Microsoft AD VPC Endpoint AWS Managed Microsoft AD
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Microsoft AD - Summary AWS managed domain controllers in different Availability Zones Automatic patching, replication, and daily snapshots Easy setup and administration via the AWS console and existing tools Delegated administrative rights to dedicated OU • Create, read, update, and delete users and groups • Domain-joined machines added to DNS, assigned static IP addresses within VPC • Apply group policies 750 hour free trial for new AWS Directory Service customers
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark References How to share the directory with multiple accounts • Share Your Directory • How to seamlessly domain join Amazon EC2 instances to a single AWS Managed Microsoft AD directory from multiple accounts and VPCs Documentation • AWS Directory Service – aws.amazon.com/directoryservice • AWS Managed Microsoft AD – aws.amazon.com/documentation/directory-service/ • RDS for SQL Server – aws.amazon.com/documentation/rds/ AWS Quick Starts – aws.amazon.com/quickstart/ • Active Directory Domain Services • Exchange Server 2013 • SharePoint Server 2016 Enterprise • Lync Server 2013 • SQL Server 2014 AlwaysOn • Windows PowerShell DSC
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Thank You

Recommended

WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveWIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveAmazon Web Services
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)Srikanth Kappagantula
 
Deep Dive: Amazon RDS
Deep Dive: Amazon RDSDeep Dive: Amazon RDS
Deep Dive: Amazon RDSAmazon Web Services
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS LambdaAmazon Web Services
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWSTriNimbus
 

Recommended

WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveWIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveAmazon Web Services
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)Srikanth Kappagantula
 
Deep Dive: Amazon RDS
Deep Dive: Amazon RDSDeep Dive: Amazon RDS
Deep Dive: Amazon RDSAmazon Web Services
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS LambdaAmazon Web Services
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWSTriNimbus
 
BDA311 Introduction to AWS Glue
BDA311 Introduction to AWS GlueBDA311 Introduction to AWS Glue
BDA311 Introduction to AWS GlueAmazon Web Services
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfMIlton788007
 
Migrating and modernizing your data estate to Azure with Data Migration Services
Migrating and modernizing your data estate to Azure with Data Migration ServicesMigrating and modernizing your data estate to Azure with Data Migration Services
Migrating and modernizing your data estate to Azure with Data Migration ServicesMicrosoft Tech Community
 
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)Amazon Web Services Korea
 
Heterogenous Migration with DMS & SCT
Heterogenous Migration with DMS & SCTHeterogenous Migration with DMS & SCT
Heterogenous Migration with DMS & SCTAmazon Web Services
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsAmazon Web Services
 
ElastiCache & Redis
ElastiCache & RedisElastiCache & Redis
ElastiCache & RedisAmazon Web Services
 
Building A Modern Data Analytics Architecture on AWS
Building A Modern Data Analytics Architecture on AWSBuilding A Modern Data Analytics Architecture on AWS
Building A Modern Data Analytics Architecture on AWSAmazon Web Services
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & ComplianceAmazon Web Services
 
Data Warehousing with Amazon Redshift
Data Warehousing with Amazon RedshiftData Warehousing with Amazon Redshift
Data Warehousing with Amazon RedshiftAmazon Web Services
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trailzekeLabs Technologies
 
Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...
Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...
Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
AWS Service Catalog
AWS Service CatalogAWS Service Catalog
AWS Service CatalogAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
AWS Lake Formation Deep Dive
AWS Lake Formation Deep DiveAWS Lake Formation Deep Dive
AWS Lake Formation Deep DiveCobus Bernard
 
Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Amazon Web Services
 
Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...
Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...
Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...Amazon Web Services
 
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018Amazon Web Services
 

More Related Content

What's hot

Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfMIlton788007
 
Migrating and modernizing your data estate to Azure with Data Migration Services
Migrating and modernizing your data estate to Azure with Data Migration ServicesMigrating and modernizing your data estate to Azure with Data Migration Services
Migrating and modernizing your data estate to Azure with Data Migration ServicesMicrosoft Tech Community
 
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)Amazon Web Services Korea
 
Heterogenous Migration with DMS & SCT
Heterogenous Migration with DMS & SCTHeterogenous Migration with DMS & SCT
Heterogenous Migration with DMS & SCTAmazon Web Services
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsAmazon Web Services
 
Building A Modern Data Analytics Architecture on AWS
Building A Modern Data Analytics Architecture on AWSBuilding A Modern Data Analytics Architecture on AWS
Building A Modern Data Analytics Architecture on AWSAmazon Web Services
 
Data Warehousing with Amazon Redshift
Data Warehousing with Amazon RedshiftData Warehousing with Amazon Redshift
Data Warehousing with Amazon RedshiftAmazon Web Services
 
Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...
Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...
Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
AWS Lake Formation Deep Dive
AWS Lake Formation Deep DiveAWS Lake Formation Deep Dive
AWS Lake Formation Deep DiveCobus Bernard
 
Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Amazon Web Services
 

What's hot (20)

BDA311 Introduction to AWS Glue
BDA311 Introduction to AWS GlueBDA311 Introduction to AWS Glue
BDA311 Introduction to AWS Glue
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
 
TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdf
 
Migrating and modernizing your data estate to Azure with Data Migration Services
Migrating and modernizing your data estate to Azure with Data Migration ServicesMigrating and modernizing your data estate to Azure with Data Migration Services
Migrating and modernizing your data estate to Azure with Data Migration Services
 
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
 
Heterogenous Migration with DMS & SCT
Heterogenous Migration with DMS & SCTHeterogenous Migration with DMS & SCT
Heterogenous Migration with DMS & SCT
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS Workloads
 
ElastiCache & Redis
ElastiCache & RedisElastiCache & Redis
ElastiCache & Redis
 
Building A Modern Data Analytics Architecture on AWS
Building A Modern Data Analytics Architecture on AWSBuilding A Modern Data Analytics Architecture on AWS
Building A Modern Data Analytics Architecture on AWS
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 
Data Warehousing with Amazon Redshift
Data Warehousing with Amazon RedshiftData Warehousing with Amazon Redshift
Data Warehousing with Amazon Redshift
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
 
Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...
Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...
Migrating your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Mig...
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 
AWS Service Catalog
AWS Service CatalogAWS Service Catalog
AWS Service Catalog
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
AWS Lake Formation Deep Dive
AWS Lake Formation Deep DiveAWS Lake Formation Deep Dive
AWS Lake Formation Deep Dive
 
Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)
 

Similar to Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Active Directory

Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...
Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...
Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...Amazon Web Services
 
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018Amazon Web Services
 
Migrate & Optimize Microsoft Applications on AWS
Migrate & Optimize Microsoft Applications on AWSMigrate & Optimize Microsoft Applications on AWS
Migrate & Optimize Microsoft Applications on AWSAmazon Web Services
 
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...Modern Workplace Conference Paris
 
How You Can Use AWS Identity Services to Be Successful on Your AWS Cloud Journey
How You Can Use AWS Identity Services to Be Successful on Your AWS Cloud JourneyHow You Can Use AWS Identity Services to Be Successful on Your AWS Cloud Journey
How You Can Use AWS Identity Services to Be Successful on Your AWS Cloud JourneyAmazon Web Services
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
 
Simplifying Microsoft Architectures with AWS Services
Simplifying Microsoft Architectures with AWS Services Simplifying Microsoft Architectures with AWS Services
Simplifying Microsoft Architectures with AWS Services Amazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
Microsoft Active Directory Deep Dive
Microsoft Active Directory Deep DiveMicrosoft Active Directory Deep Dive
Microsoft Active Directory Deep DiveAmazon Web Services
 
Best practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSBest practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSAmazon Web Services
 
Migrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSMigrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSAmazon Web Services
 
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...Amazon Web Services
 
Migrate Microsoft Applications to AWS like an Expert (WIN301) - AWS re:Invent...
Migrate Microsoft Applications to AWS like an Expert (WIN301) - AWS re:Invent...Migrate Microsoft Applications to AWS like an Expert (WIN301) - AWS re:Invent...
Migrate Microsoft Applications to AWS like an Expert (WIN301) - AWS re:Invent...Amazon Web Services
 
Building and Deploying .Net Applications on AWS
Building and Deploying .Net Applications on AWSBuilding and Deploying .Net Applications on AWS
Building and Deploying .Net Applications on AWSAmazon Web Services
 
Cloud Migration Insights Forum, Perth
Cloud Migration Insights Forum, PerthCloud Migration Insights Forum, Perth
Cloud Migration Insights Forum, PerthAmazon Web Services
 
Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018
Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018
Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018Amazon Web Services
 
Design, Deploy, Optimize SQL Server Workloads on AWS - SRV209 - Anaheim AWS S...
Design, Deploy, Optimize SQL Server Workloads on AWS - SRV209 - Anaheim AWS S...Design, Deploy, Optimize SQL Server Workloads on AWS - SRV209 - Anaheim AWS S...
Design, Deploy, Optimize SQL Server Workloads on AWS - SRV209 - Anaheim AWS S...Amazon Web Services
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows WorkloadsAmazon Web Services
 
Cloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, SydneyCloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, SydneyAmazon Web Services
 

Similar to Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Active Directory (20)

Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...
Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...
Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...
 
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
 
Migrate & Optimize Microsoft Applications on AWS
Migrate & Optimize Microsoft Applications on AWSMigrate & Optimize Microsoft Applications on AWS
Migrate & Optimize Microsoft Applications on AWS
 
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
 
How You Can Use AWS Identity Services to Be Successful on Your AWS Cloud Journey
How You Can Use AWS Identity Services to Be Successful on Your AWS Cloud JourneyHow You Can Use AWS Identity Services to Be Successful on Your AWS Cloud Journey
How You Can Use AWS Identity Services to Be Successful on Your AWS Cloud Journey
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS Services
 
Simplifying Microsoft Architectures with AWS Services
Simplifying Microsoft Architectures with AWS Services Simplifying Microsoft Architectures with AWS Services
Simplifying Microsoft Architectures with AWS Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
 
Lanzando tu primera cargo de trabajo
Lanzando tu primera cargo de trabajoLanzando tu primera cargo de trabajo
Lanzando tu primera cargo de trabajo
 
Microsoft Active Directory Deep Dive
Microsoft Active Directory Deep DiveMicrosoft Active Directory Deep Dive
Microsoft Active Directory Deep Dive
 
Best practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSBest practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWS
 
Migrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSMigrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWS
 
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
 
Migrate Microsoft Applications to AWS like an Expert (WIN301) - AWS re:Invent...
Migrate Microsoft Applications to AWS like an Expert (WIN301) - AWS re:Invent...Migrate Microsoft Applications to AWS like an Expert (WIN301) - AWS re:Invent...
Migrate Microsoft Applications to AWS like an Expert (WIN301) - AWS re:Invent...
 
Building and Deploying .Net Applications on AWS
Building and Deploying .Net Applications on AWSBuilding and Deploying .Net Applications on AWS
Building and Deploying .Net Applications on AWS
 
Cloud Migration Insights Forum, Perth
Cloud Migration Insights Forum, PerthCloud Migration Insights Forum, Perth
Cloud Migration Insights Forum, Perth
 
Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018
Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018
Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018
 
Design, Deploy, Optimize SQL Server Workloads on AWS - SRV209 - Anaheim AWS S...
Design, Deploy, Optimize SQL Server Workloads on AWS - SRV209 - Anaheim AWS S...Design, Deploy, Optimize SQL Server Workloads on AWS - SRV209 - Anaheim AWS S...
Design, Deploy, Optimize SQL Server Workloads on AWS - SRV209 - Anaheim AWS S...
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows Workloads
 
Cloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, SydneyCloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, Sydney
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Active Directory

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Microsoft Global Specialty Practice LeadMigration Patterns Global Lead Mark Szalkiewicz MarkSza@ AWS Professional Services Introduction to AWS Directory Service for Microsoft Active Directory
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Introduction to AWS Managed Microsoft AD • Options to support Workloads • Introduction - What is AWS Managed Microsoft AD? • Shared Responsibilities • Use Cases • Deployment Models • Pre-req’s, Post-req’s, and Considerations • New: Directory Sharing (Cross accounts + VPCs) • Administration • Summary
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD Options to Support Windows Workloads On-premises Windows Server DC AD 1 VPC EC2 for Windows Server DC AD 2 VPC Endpoint AWS Managed Microsoft AD 3 AWS Directory Service for Microsoft Active Directory also known as AWS Managed Microsoft AD DC – Active Directory Domain Controller VPC – Amazon Virtual Private Cloud Endpoint – Accessed via IP address in your VPC
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Options for AD-aware Cloud Workloads On-premises Windows Server DC AD You manage 1 VPC EC2 for Windows Server DC AD You manage 2 You do everything… • You install and manage domain controllers • You manually join EC2 instances to your self-managed AD Use AD Connector to simplify connecting workloads in AWS to your self-managed AD
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Options for AD-aware Cloud Workloads On-premises Windows Server DC AD You manage 1 VPC EC2 for Windows Server DC AD You manage 2 VPC Endpoint AWS Managed Microsoft AD AWS manages 3 AWS Directory Service for Microsoft Active Directory
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Introduction
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What AWS Managed Microsoft AD Is AWS managed, actual Microsoft Active Directory Windows 2012 R2 domain controllers (DC) • ~3-click setup from directory service console or script through API • 2 DCs each in separate Availability Zones (AZs) • Scale-out with additional DCs • Dynamic DNS • Compliance audited Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD DC DC
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What AWS Managed Microsoft AD Is Enterprise Edition = Standard Edition plus enterprise features Currently same features Priced per DC per hour (2 DC minimum) 30-day limited free trial Two Editions Enterprise Edition Standard Edition Storage Capacity 17GB 1GB Performance Optimized 100,000+ employees Up to 5,000 employees
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Shared Responsibility
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Shared Responsibilities Customer - Administers Configure password policies Configure trusts (resource forest deployment) Configure Certificate Authorities (for LDAPS) Configure federation Administer users, groups, GPOs, other AD content Administration via Active Directory Users and Computers (ADUC) and other standard AD tools Add domain controllers as needed Amazon - Operates • Multi-AZ deployment, patch, monitor, DC recovery, snapshot, restore Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 APP App Server WEB IIS Server AWS Managed Services D C AWS Managed Microsoft AD DC Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 APP App Server WEB IIS Server AWS Managed Services D C AWS Managed Microsoft AD DC
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Use Cases
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Where can AWS Managed AD help me? • Amazon EC2 instances • AD aware workloads • AWS Apps and Services • On-premise AD • SaaS applications
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Use Cases Amazon WorkSpaces AWS Managed Microsoft AD On-Premises Microsoft Active Directory RDS for SQL Server On-Premises User Credentials Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Active Directory Federation Service (AD FS) Amazon Chime Amazon Connect 1 AWS Apps & Services Amazon Windows EC2 Instances Amazon Linux EC2 Instances 2 Amazon EC2 .NET Applications SharePoint 3 AD-aware Workloads SQL ServerRemote Desktop Licensing Manager .NET SPS SQL Server RD Licensing 5 On-Premises AD 4 SaaS Applications Azure AD AD FS Corporate Data Center Trust relationship Authorization & Access Management & Access Management & Access Federated Access VPN connection
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD Connector AD Connector SaaS Applications Azure AD Self-managed Microsoft Active Directory On-premises user credentials Corporate data center or Your VPCVPN Direct Connect or AD FS Server SAML authenticate Synchronize users Azure AD Connect Server Amazon EC2 Seamless Domain Join Amazon Windows EC2 instances Amazon WorkSpaces Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect AWS Apps & Services Provision & Authenticate .NET Applications Server SharePoint Server SQL ServerRemote Desktop Licensing Manager Enterprise Certificate Authority AD-aware Workloads .NET SharePoint SQL Server RD Licensing Certificate Services
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Deployment Models
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AW S Managed Microsof t A D as a Primary D irect ory AWS Managed Microsoft AD SaaS Applications Azure ADSAML authenticate Synchronize users AD FS Server AD FS Azure AD Connect Server Federate ADSync Enabling features • Delegated administration for built-in groups • RAS and IAS servers (Network Policy Server) • Terminal Server Licensing Servers (Remote Desktop Licensing Manager) • Schema extensions • Group Managed Service Accounts (gMSA) • Kerberos Constrained Delegation • Register for change notifications • Add Microsoft Enterprise CA • Enable LDAPS Administer users & groups Manage, authenticate, & authorize .NET Applications Server SharePoint Server SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing Enterprise Certificate Authority Certificate Services AD-aware Workloads Domain join & manage Amazon Windows EC2 instances Amazon Linux EC2 instances Amazon EC2 Amazon WorKSpaces RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect Enable, authenticate, & authorize AWS Apps & Services
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AW S Managed Microsof t A D as a R esource direct ory Amazon WorkSpaces AWS Managed Microsoft AD RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect .NET Applications Server SharePoint Server SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing SaaS Applications Azure AD Enable, authenticate, & authorize Manage, authenticate, & authorize Manage, authenticate, & authorize Enterprise Certificate Authority Certificate Services Self-Managed Microsoft Active Directory On-premises user credentials Corporate data centerVPN Direct Connect or AD FS Server SAML authenticate Synchronize users Azure AD Connect Server Amazon Windows EC2 instances Amazon Linux EC2 Instances AD-aware Workloads AWS Apps & Services Amazon EC2
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark D eployment Models Resource Directory AWS Managed Microsoft AD Primary Directory AWS Managed Microsoft AD On-premises data center AD Microsoft Windows Server DC (customer managed) Primary Directory AD Microsoft Windows Server DC (customer managed) or or
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Let ’s not f orget - AW S SSO Architecture Summary: • Leverage AWS Organizations to manage SSO IDs • Use AD Connector over AWS Direct Connect to establish trust with on-prem MSFT AD domain controller • SAML 2.0 token used to verify client credentials • Modern MSFT Application deployed in VPC with preferred enterprise account configuration, tagging and security configurations • SSO solution permits cross- account user management
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Using AWS Managed Microsoft AD
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Requisites to Use AWS Managed Microsoft AD Prerequisites • Virtual Private Cloud (VPC) • Two subnets in different AZs • Optional on-premises link • Virtual Private Network (VPN) • Amazon Direct Connect Availability Zone 10.0.2.0/24 Availability Zone 10.0.3.0/24 Optional VPN Direct Connect OrOr On-premises Data Center
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Requisites to Use AWS Managed Microsoft AD Post Directory Creation • DHCP Option Sets • AWS Security Group • IAM Role & Policy for EC2 (AmazonEC2RoleforSSM) • Key-pair (PEM) file • EC2 Windows (AD Administration Tools) Availability Zone 10.0.2.0/24 Availability Zone 10.0.3.0/24 Optional VPN Direct Connect OrOr On-premises Data Center DHCP Option Set AD Admin Tools DC AWS Managed Microsoft AD DC AWS Managed Microsoft AD
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Auth/ LDAP Auth/ LDAP DB RDS for SQL Server Availability Zone Private Subnet 10.0.2.0/24 APPWEB App Server IIS Server Availability Zone Private Subnet 10.0.3.0/24 APPWEB App Server IIS Server Remote Users/Admins Domain Controllers Corporate data center Example: AWS Managed Microsoft AD trust to on-premises DB RDS SQL Server AWS Managed Services AWS Managed Services Trust Application Auth/ LDAP VPN Direct Connect AD DC AWS Managed Microsoft AD DC AWS Managed Microsoft AD
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark C onsiderat ions f or AW S apps/services and many VPC s AWS Managed Microsoft AD requires a trust when used with on- premises AD* WorkSpaces and RDS for SQL must be in same VPC as AWS Managed Microsoft AD, QuickSight in the same account • Option 1 – Least cost, fewest trusts • Deploy AWS Managed Microsoft AD in one VPC • Deploy all RDS for SQL and WorkSpaces instances in same VPC • Use tagging for internal billing • Option 2 – Easiest billing, complex trust configuration, high cost • Deploy AWS Managed Microsoft AD in each VPC • Deploy RDS for SQL and WorkSpaces instance(s) in each VPC *1-way trust for RDS for SQL Server, 2-way trust to provision Amazon WorkSpaces, Amazon QuickSight etc.
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Time tested, secure model The trusting forest has no admin control over the trusted forest Trusted users have cloud resource access, but only if entitled by trusting admins (you control both sides) Cloud identities have no access to on-premises resources unless: 1. On-premises trusts the cloud AND 2. On-premises admins grant permissions to identities in the cloud Forest trusts AD On-premises network VPC Trust Windows AD DC Access Domain Local Security group (access entitlements here) Universal Security group Trusting Trusted Cloud On-premises AWS Managed Microsoft AD
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark No trust vs. 1-way vs. 2-way trusts Do you need users from one forest to access resources in another forest? • If no, use no trust Can you use only a 1-way trust? • If yes, only use 1-way • RDS for SQL Server with on-premises users requires at least 1-way Is a 2-way trust required? • If yes, use 2-way trust • WorkSpaces, QuickSight Enterprise Edition, and Chime use 2-way trusts • On-premises to AWS Managed Microsoft AD trust used only to read users/groups to provision them into the application Always Secure Your Trust
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Securing trusts Leave SID filtering on when setting up the on-premises side of a trust Turn on selective authentication on the on-premises side of a trust • https://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx#w2k3tr_trust_security_zyzk Only permit AD trust ports to the DCs in the cloud • https://technet.microsoft.com/en-us/library/cc756944(v=ws.10).aspx For cloud-client-to-AD, only permit AD authentication ports to on-premises AD; minimize all other ports from cloud to on-premises (e.g., WorkSpaces login using on-premises credentials) • https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts Don’t grant groups in the cloud access to on-premises resources
  • 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark New Announcements Summary: On September 25, we enabled customers to share a single AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) with multiple AWS accounts The problem: Increased management effort and complexity, making it difficult and more expensive to deploy directory-aware workloads in AWS • Could not domain join EC2 instances from multiple accounts and VPCs seamlessly to a single AWS Managed Microsoft AD • Had to deploy AWS Managed Microsoft AD in each account and VPC, or manually domain join the EC2 instances to the directory The solution: Share a single directory with multiple AWS accounts using Directory Service S console or AP • Directory sharing works at the account level, this also makes the directory visible to all VPCs within the accounts to which the customer shared the directory • To domain join EC2 instances to the directory seamlessly must establish networking connectivity between the VPCs where they deployed the directory and the VPCs where they will deploy the EC2 instances
  • 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Admin with AWS Managed Microsoft AD
  • 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Administration Model
  • 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Administration Model 88-856-43-585 88-856-43-585 Domain “administrator” OU “admin” Customer
  • 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Administration Model 88-856-43-585 88-856-43-585 OU “admin” Customer
  • 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Managing f rom AW S D irect ory Service C onsole
  • 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Managing f rom AW S D irect ory Service C onsole
  • 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Managing f rom AW S D irect ory Service C onsole
  • 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Managed Microsoft AD Administration Model
  • 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD options – AWS Managed Microsoft AD AWS apps and services integration • AWS Management Console access VPC Endpoint myname myname AWS Managed Microsoft AD
  • 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD AD options - AWS Managed Microsoft AD AWS apps and services integration • AWS Management Console access • EC2 seamless domain join VPC Endpoint AWS Managed Microsoft AD VPC Endpoint AWS Managed Microsoft AD
  • 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD AD options - AWS Managed Microsoft AD AWS apps and services integration • AWS Management Console access • EC2 seamless domain join • RDS for SQL Server (Windows authentication, authorization) VPC Endpoint AWS Managed Microsoft AD VPC Endpoint AWS Managed Microsoft AD
  • 40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD AD options - AWS Managed Microsoft AD AWS apps and services integration • AWS Management Console access • EC2 seamless domain join • RDS for SQL Server (Windows authentication, authorization) • WorkSpaces, WorkDocs, WorkMail, QuickSight Enterprise, Connect, Chime Plus/Pro (provisioning and authentication) VPC Endpoint AWS Managed Microsoft AD VPC Endpoint AWS Managed Microsoft AD
  • 41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AD AD options - AWS Managed Microsoft AD Example AD-aware application compatibility • SharePoint • SQL Server Always On Availability Groups • Local Administrator Password Solution (LAPS) • Active Directory Federation Service (AD FS) • Azure AD Connect • .NET applications • group Managed Service Accounts (gMSA) • Kerberos Constrained Delegation VPC Endpoint AWS Managed Microsoft AD VPC Endpoint AWS Managed Microsoft AD
  • 42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Microsoft AD - Summary AWS managed domain controllers in different Availability Zones Automatic patching, replication, and daily snapshots Easy setup and administration via the AWS console and existing tools Delegated administrative rights to dedicated OU • Create, read, update, and delete users and groups • Domain-joined machines added to DNS, assigned static IP addresses within VPC • Apply group policies 750 hour free trial for new AWS Directory Service customers
  • 43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark References How to share the directory with multiple accounts • Share Your Directory • How to seamlessly domain join Amazon EC2 instances to a single AWS Managed Microsoft AD directory from multiple accounts and VPCs Documentation • AWS Directory Service – aws.amazon.com/directoryservice • AWS Managed Microsoft AD – aws.amazon.com/documentation/directory-service/ • RDS for SQL Server – aws.amazon.com/documentation/rds/ AWS Quick Starts – aws.amazon.com/quickstart/ • Active Directory Domain Services • Exchange Server 2013 • SharePoint Server 2016 Enterprise • Lync Server 2013 • SQL Server 2014 AlwaysOn • Windows PowerShell DSC
  • 44. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Thank You