Microsoft Active Directory is often used by organizations that host resources in their datacenters for authentication and access control. Directory requirements don’t disappear when resources are created in a public cloud or outsourced to one.
Amazon Web Services (AWS) makes it easy to create an Active Directory environment.
You can create a few Windows Server instances to create a cloud-based Active Directory environment and then deploy the Active Directory domain service. AWS offers a quick way to do this. Instead of manually creating a cloud-based Active Directory you can use an automated setup process. AWS will create two domain controllers as well as a DNS server by doing this. Redundancy is achieved by placing the domain controllers in separate subnets.
Log into AWS and click on the Directory Service link. This link is located in the Security & Identity Tools section. Click on the Get Started Now button, as shown in Figure 1.
[Click on the image to see a larger version.] Figure 1: Click the Create Directories link. The next screen will ask you to select the type of directory you want to create. First, create a Microsoft Active Directory. This is the option I will be focusing upon in this column.
The second option is to create an Active Directory. A simple Active Directory doesn’t represent an Active Directory environment. It is a Samba-based directory, which is compatible with the Microsoft Active Directory. The Simple Active Directory functions in a similar way to a Microsoft LDAP environment. It provides basic Active Directory functionality but lacks some of the more advanced capabilities. AWS says that the Simple Active Directory is best for organizations with fewer than 5,000 users.
The AD Connector option is the last option on this list, as shown in Figure 2. This option is for those who already have an Active Directory environment within their datacenter and want to extend it to the cloud. This type of Active Directory extension will be covered in a future column. This article assumes you want to create an Active Directory environment.
[Click on the image to see a larger version.] Figure 2: Click the Create Microsoft AD button. Click on the Create Microsoft AD button. You will be asked to enter directory details and virtual private cloud details (VPC). It is a good idea, before you start, to double-check that the Directory Type is set correctly to Microsoft AD (see Figure 3).
[Click on the image to see a larger version.] Figure 3: Make certain that the Directory Type is set for Microsoft AD. This screen will prompt you to enter a domain name that is fully qualified for your Active Directory DNS server. This name must contain your domain and not duplicate any DNS servers. For example, I might use DNS.PoseyDemo.com to name my DNS server. Remember that your name does not have to be publicly available.
Next, you can enter a NetBIOS address for your DNS server. I recommend that you leave this field blank. The NetBIOS name will match the first part in the DNS name. If my DNS server was named DNS.PoseyDemo.com then my NetBIOS name would be DNS.
Next, you will need to confirm and provide an administrative password. Administrator is automatically assigned a username. The password must be between 8 and 64 characters long and contain three of the following four character types: numbers, upper-case letters and numbers.