Active Directory Domain Services on AWS

For all new AD DS installations, Quick Start deploys AD DS and AD-integrated DNS, and it sets up Active Directory sites and subnets.

The Quick Start supports three scenarios:

  • Scenario 1: Deploy a new AWS Cloud-based AD DS environment that you manage yourself
  • Scenario 2: Extend your existing on-premises AD DS to AWS
  • Scenario 3: Deploy Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD)

For each scenario, you have the option to create a new virtual private cloud (VPC) or use your existing VPC infrastructure.

Scenario 1: Deploy a new AWS Cloud-based AD DS Environment:

In this scenario, Quick Start sets up the following:

  • A VPC configured with public and private subnets in two Availability Zones for high availability. *
  • In the public subnets:
    Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets. *
    Remote Desktop Gateway (RD Gateway) instances in an Auto Scaling group to help secure remote access to instances in private subnets. *
  • In the private subnets:
    A Windows Server Forest and domain functional level, including security groups and rules for traffic between instances.
  • AWS Systems Manager Automation documents to set up and configure AD DS and AD-integrated DNS.
  • AWS Secrets Manager to store passwords.
image

Scenario 2: Extend your on-premises AD:

In this scenario-except for the virtual private network (VPN) gateway, VPN connection, and customer gateway, which you create manually-the Quick Start sets up the following:

  • A VPC configured with public and private subnets in two Availability Zones for high availability. *
  • In the public subnets:
    Managed NAT gateways to allow outbound internet access for resources in the private subnets. *
    RD Gateway instances in an Auto Scaling group to help secure remote access to instances in private subnets. *
  • In the private subnets:
    Windows Server Forest and domain functional level, including security groups and rules for traffic between instances.
  • AWS Systems Manager Automation documents to set up and configure AD DS and AD-integrated DNS.
  • AWS Secrets Manager to store passwords.
image

Scenario 3: Deploy AWS Managed Microsoft AD:

In this scenario, the Quick Start sets up the following:

  • A VPC configured with public and private subnets in two Availability Zones for high availability. *
  • In the public subnets:
    Managed NAT gateways to allow outbound internet access for resources in the private subnets. *
    RD Gateway instances in an Auto Scaling group to help secure remote access to instances in private subnets. *
  • In the private subnets:
    (Optional) A Windows EC2 instance to act as a management instance, including security groups and rules for traffic between instances.
  • AWS Systems Manager Automation documents to set up and configure AD DS and AD-integrated DNS.
  • AWS Secrets Manager to store passwords.
  • AWS Directory Service to provide and manage AD DS in the private subnets.
image
Google meet iconteams iconDemo iconVast Edge contact us icon
Copyrights © 4 March 2024 All Rights Reserved by Vast Edge Inc.