SlideShare ist ein Scribd-Unternehmen logo

WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive

Amazon Web Services
Amazon Web Services

The document discusses AWS Directory Service for Microsoft Active Directory. It provides an overview of AWS Managed Microsoft AD including what it is, the shared responsibilities model, deployment models, setup process, administration, and applications support. It describes how AWS Managed Microsoft AD can be used as a primary directory or as a resource directory connected to an on-premises Active Directory. Best practices for managing trusts between directories are also covered.

1 von 36
Downloaden Sie, um offline zu lesen
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT AWS Directory Service for Microsoft Active Directory Deep Dive R o n C u l l y , M a n a g e r o f P r o d u c t M a n a g e m e n t N o v e m b e r 2 7 , 2 0 1 7 WIN403
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Migrate Windows Workloads While Refactoring Migration path Implementing an Identity Strategy for Amazon Web Services
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Options for AD-aware Cloud Workloads On-premises Windows Server DC AD You manage 1 VPC EC2 for Windows Server DC AD You manage 2 VPC Endpoint AWS Microsoft AD AWS manages 3 AWS Directory Service for Microsoft Active Directory also known as AWS Managed Microsoft AD
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Options for AD-aware Cloud Workloads VPC Endpoint AWS Microsoft AD AWS manages 3 AWS Directory Service for Microsoft Active Directory also known as AWS Managed Microsoft AD • What AWS managed Microsoft AD is • Shared responsibilities • Deployment models • How to set it up • How to configure and administer • AWS applications support and use cases
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What AWS Managed Microsoft AD Is AWS managed, actual Microsoft Active Directory Windows 2012 R2 domain controllers (DC) • ~3-click setup from directory service console or script through API • 2 DCs each in separate Availability Zones (AZs) • Scale-out with additional DCs • Dynamic DNS • Compliance audited Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Manag e d Microsoft AD: Share d R e sp onsib ilities Customer—administers • Configure password policies • Configure trusts (resource forest deployment) • Configure certificate authorities (for LDAPS) • Configure federation • Administer users, groups, GPOs, other AD content • Administration via Active Directory Users and Computers (ADUC) and other standard AD tools • Add domain controllers as needed Amazon—operates • Multi-AZ deployment, patch, monitor, DC recovery, snapshot, restore Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Managed Microsoft AD: Two Editions Enterprise Edition Standard Edition Storage Capacity 17GB 1GB Performance Optimized 100,000+ employees Up to ~5,000 employees Enterprise Edition = Standard Edition plus enterprise features Currently same features Priced per DC per hour (2 DC minimum) 30-day limited free trial
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deployment Models Resource directory AWS Managed Microsoft AD Primary directory AWS Managed Microsoft AD On-premises data center or EC2 Windows in your VPC AD Microsoft Windows Server DC Primary directory
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Prerequisites You Must Create • Virtual Private Cloud (VPC) • Two subnets in different AZs • Optional on-premises link • Virtual Private Network (VPN) • Amazon Direct Connect Availability Zone 10.0.2.0/24 Availability Zone 10.0.3.0/24 Optional VPN Direct Connect OrOr On-premises data center docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • One AWS security group During Creation, AWS Creates… • 2 DCs with Dynamic DNS • Elastic network interface in your subnets Availability Zone 10.0.2.0/24 Availability Zone 10.0.3.0/24 Optional VPN Direct Connect OrOr On-premises data center AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. During Creation, AWS Creates… Don’t use on other instances You can edit Broad for your internal non-RFC 1918 addresses Used only in your private VPC • 2 DCs with Dynamic DNS • Elastic network interface in your subnets docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html • One AWS security group
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 10.0.2.0/24 Availability Zone 10.0.3.0/24 Optional VPN Direct Connect OrOr On-premises data center AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC • Key-pair (PEM) file • EC2 Windows (Install AD Administration Tools) Best Practice After Creation • DHCP option sets • AWS security group • IAM role/policy for EC2 (AmazonEC2RoleforSSM) DHCP Option Set AD Admin Tools docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configure Management Instance RDP to instance yourdomainadmin 1 Add features Group policy management AD DS and AD LDS tools DNS server tools 2 Verify tools added Active Directory Administrative Center Active Directory Domains and Trusts Active Directory Module for Windows PowerShell Active Directory Sites and Services Active Directory Users and Computers ADSI Edit DNS Group Policy Management 3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to Administer AWS Managed Microsoft AD
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AD Administration Tools 88-856-43-585 88-856-43-585 Domain “administrator” OU “admin” Customer
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AD Administration Tools 88-856-43-585 88-856-43-585 OU “admin” Customer Add OU and on-premises users/groups to reserved security groups
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Application Support and Use Cases With AWS Managed Microsoft AD
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Manag e d Microsoft AD as a Primary Dire ctory AWS Managed Microsoft AD Directory SaaS Applications Azure AD Amazon WorKSpaces RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect AWS Apps & Services Enable, authenticate, & authorize Manage, authenticate, & authorize .NET Applications Server SharePoint Server AD-aware Workloads SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing Enterprise Certificate Authority Certificate Services Domain join & manage Amazon Windows EC2 instances Amazon Linux EC2 instances Amazon EC2 SAML authenticate Synchronize users AD FS Server AD FS Azure AD Connect Server Federate ADSync Enabling features • Delegated administration for built-in groups • RAS and IAS servers (Network Policy Server) • Terminal Server Licensing Servers (Remote Desktop Licensing Manager) • Schema extensions • Group Managed Service Accounts (gMSA) • Kerberos Constrained Delegation • Register for change notifications • Add Microsoft Enterprise CA • Enable LDAPS Administer users & groups
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 AWS Manag e d Microsoft AD as a R e sou rce Dire ctory Amazon WorkSpaces AWS Managed Microsoft AD Directory RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect AWS Apps & Services .NET Applications Server SharePoint Server AD-aware Workloads SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing SaaS Applications Azure AD Enable, authenticate, & authorize Manage, authenticate, & authorize Manage, authenticate, & authorize 3 Enterprise Certificate Authority Certificate Services On-premises Microsoft Active Directory On-premises user credentials Corporate data centerVPN Direct Connect or AD FS Server SAML authenticate Synchronize users Azure AD Connect Server Amazon Windows EC2 instances Amazon Linux EC2 Instances
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Time tested, secure model The trusting forest has no admin control over the trusted forest Trusted users have cloud resource access, but only if entitled by trusting admins (you control both sides) Cloud identities have no access to on-premises resources unless: 1. On-premises trusts the cloud AND 2. On-premises admins grant permissions to identities in the cloud Forest trusts AD On-premises network VPC Trust AWS Managed Microsoft AD DC Windows AD DC Access Domain local security group (access entitlements here) Universal security group Trusting Trusted Cloud On-premises
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Securing trusts Leave SID filtering on (Windows default) Use selective authentication (on-premises side of trust) • https://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx#w2k3tr_trust_security_zyzk • Don’t grant AD groups from the cloud access to on-premises resources Open only ports for AD trust communications between DCs • https://technet.microsoft.com/en-us/library/cc756944(v=ws.10).aspx Open ports for AD authentication from cloud to on-premises AD; minimize all other ports from cloud to on-premises (e.g., WorkSpaces login using on-premises credentials) • https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and- trusts
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC and Account Considerations D C AWS Managed Microsoft AD QuickSight Chime WorkDocs WorkMail AWS Console Amazon Connect Account 1 Account 2 QuickSight Chime WorkDocs WorkMail AWS Console Amazon Connect VPC 1 VPC 2 EC2 Manual Domain Join WorkSpaces RDS for SQL Server WorkSpaces RDS for SQL Server VPC 3 EC2 Seamless Domain Join
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Options for Multiple VPC With Trusts On-premises Microsoft Active Directory On-premises user credentials Corporate data center D C AWS Managed Microsoft AD VPC 1 D C AWS Managed Microsoft AD VPC 2 Option 1 + Preserves VPC boundaries + Billing goes to VPC owner - Costs more On-premises Microsoft Active Directory On-premises user credentials Corporate data center AWS Managed Microsoft AD VPC 1 VPC 2 VPC 3 Account 1 Account 2 Account 1 EC2 Manual Domain Join EC2 Manual Domain Join Tag3 Tag2Tag1 Option 2 + Saves money + Enables cost allocation - Crosses VPC boundaries
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Reference information Documentation • AWS Directory Service—aws.amazon.com/directoryservice • AWS Security Blog—aws.amazon.com/blogs/security/ (search for “AWS Managed Microsoft AD”) • AWS What’s New—aws.amazon.com/new/ (Security, Identity & Compliance) • AWS Managed Microsoft AD—aws.amazon.com/documentation/directory-service/ • RDS for SQL Server—aws.amazon.com/documentation/rds/ AWS Quick Starts— aws.amazon.com/quickstart/ • Active Directory Domain Services • Exchange Server 2013 • SharePoint Server 2016 Enterprise • Lync Server 2013 • SQL Server 2014 AlwaysOn • Windows PowerShell DSC
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Other 2017 AWS re:Invent Sessions with AD AWS Managed Microsoft AD Topics • WIN302: Deep Dive on Active Directory—From One to Many AWS Regions • WIN310: Integrating AWS Managed Active Directory into Office 365 • WIN311: Unified Access Management with AWS Managed Services for Microsoft Active Directory SID202: Deep-dive on how Capital One Automates the Delivery of Directory Services Across AWS Accounts Other AD related topics • WIN204: Simplifying Microsoft Architectures with AWS • WIN302: Deep Dive on Active Directory—From One to Many AWS Regions • WIN309: How to Optimize AWS Architectures for SharePoint Deployments • WIN401: Migrating Microsoft Applications to AWS • ARC324: Building Manageable Windows Workloads • BAP303: Migrate Your Desktops to Amazon WorkSpaces • BAP312: Network Configuration, Identity Management, and Device Authentication Considerations for Amazon WorkSpaces • BAP315: Amazon Chime Deployment Topics: Using Active Directory with Amazon Chime • CMP214: Simplifying Microsoft Architectures with AWS • ENT325: Migrating Your Microsoft Applications to AWS • ENT329: End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 • GPSCT314: GPS: Running Microsoft Workloads on AWS: Tips from the Pros
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Empfohlen

[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS Workloads
Amazon Web Services
 
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
Amazon Web Services Korea
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 

Empfohlen

[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS Workloads
Amazon Web Services
 
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
Amazon Web Services Korea
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
Amazon Web Services Korea
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud
Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
Amazon Web Services
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
Amazon Web Services Korea
 
Aws glue를 통한 손쉬운 데이터 전처리 작업하기
Aws glue를 통한 손쉬운 데이터 전처리 작업하기Aws glue를 통한 손쉬운 데이터 전처리 작업하기
Aws glue를 통한 손쉬운 데이터 전처리 작업하기
Amazon Web Services Korea
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
Amazon Web Services
 
AWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCacheAWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCache
Amazon Web Services Japan
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
Amazon Web Services
 
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
Amazon Web Services Korea
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
20210309 AWS Black Belt Online Seminar AWS Audit Manager
20210309 AWS Black Belt Online Seminar AWS Audit Manager20210309 AWS Black Belt Online Seminar AWS Audit Manager
20210309 AWS Black Belt Online Seminar AWS Audit Manager
Amazon Web Services Japan
 
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Amazon Web Services
 
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집
Amazon Web Services Korea
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWS
TriNimbus
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
Aws IAM
Aws IAMAws IAM
Aws IAM
Chamali Liyanage
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Amazon Web Services
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
Edureka!
 
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014
Amazon Web Services
 
Best practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSBest practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWS
Amazon Web Services
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows Workloads
Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
Amazon Web Services Korea
 
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Amazon Web Services
 
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014
Amazon Web Services
 

Was ist angesagt? (20)

Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
 
Aws glue를 통한 손쉬운 데이터 전처리 작업하기
Aws glue를 통한 손쉬운 데이터 전처리 작업하기Aws glue를 통한 손쉬운 데이터 전처리 작업하기
Aws glue를 통한 손쉬운 데이터 전처리 작업하기
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
AWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCacheAWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCache
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
20210309 AWS Black Belt Online Seminar AWS Audit Manager
20210309 AWS Black Belt Online Seminar AWS Audit Manager20210309 AWS Black Belt Online Seminar AWS Audit Manager
20210309 AWS Black Belt Online Seminar AWS Audit Manager
 
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
 
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWS
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Aws IAM
Aws IAMAws IAM
Aws IAM
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
 
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014
 

Ähnlich wie WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive

Best practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSBest practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWS
Amazon Web Services
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS Services
Amazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
Amazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
Amazon Web Services
 
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Amazon Web Services
 
WIN301-Migrating Microsoft SQL Server Databases to AWS-Best Practices and Pat...
WIN301-Migrating Microsoft SQL Server Databases to AWS-Best Practices and Pat...WIN301-Migrating Microsoft SQL Server Databases to AWS-Best Practices and Pat...
WIN301-Migrating Microsoft SQL Server Databases to AWS-Best Practices and Pat...
Amazon Web Services
 
Migrating Microsoft SQL Server Databases to AWS – Best Practices and Patterns...
Migrating Microsoft SQL Server Databases to AWS – Best Practices and Patterns...Migrating Microsoft SQL Server Databases to AWS – Best Practices and Patterns...
Migrating Microsoft SQL Server Databases to AWS – Best Practices and Patterns...
Amazon Web Services
 
GPSBUS220-Refactor and Replatform .NET Apps to Use the Latest Microsoft SQL S...
GPSBUS220-Refactor and Replatform .NET Apps to Use the Latest Microsoft SQL S...GPSBUS220-Refactor and Replatform .NET Apps to Use the Latest Microsoft SQL S...
GPSBUS220-Refactor and Replatform .NET Apps to Use the Latest Microsoft SQL S...
Amazon Web Services
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
Amazon Web Services
 

Ähnlich wie WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive (20)

Best practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSBest practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWS
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows Workloads
 
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
 
Migrate & Optimize Microsoft Applications on AWS
Migrate & Optimize Microsoft Applications on AWSMigrate & Optimize Microsoft Applications on AWS
Migrate & Optimize Microsoft Applications on AWS
 
Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...
Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...
Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Inven...
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS Services
 
Migration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSMigration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWS
 
Migrating Microsoft Workloads to AWS
Migrating Microsoft Workloads to AWSMigrating Microsoft Workloads to AWS
Migrating Microsoft Workloads to AWS
 
Microsoft Active Directory Deep Dive
Microsoft Active Directory Deep DiveMicrosoft Active Directory Deep Dive
Microsoft Active Directory Deep Dive
 
ECS 19 Anil Erduran - simplifying microsoft architectures with aws services
ECS 19 Anil Erduran - simplifying microsoft architectures with aws servicesECS 19 Anil Erduran - simplifying microsoft architectures with aws services
ECS 19 Anil Erduran - simplifying microsoft architectures with aws services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
 
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
 
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
 
WIN301-Migrating Microsoft SQL Server Databases to AWS-Best Practices and Pat...
WIN301-Migrating Microsoft SQL Server Databases to AWS-Best Practices and Pat...WIN301-Migrating Microsoft SQL Server Databases to AWS-Best Practices and Pat...
WIN301-Migrating Microsoft SQL Server Databases to AWS-Best Practices and Pat...
 
Migrating Microsoft SQL Server Databases to AWS – Best Practices and Patterns...
Migrating Microsoft SQL Server Databases to AWS – Best Practices and Patterns...Migrating Microsoft SQL Server Databases to AWS – Best Practices and Patterns...
Migrating Microsoft SQL Server Databases to AWS – Best Practices and Patterns...
 
GPSBUS220-Refactor and Replatform .NET Apps to Use the Latest Microsoft SQL S...
GPSBUS220-Refactor and Replatform .NET Apps to Use the Latest Microsoft SQL S...GPSBUS220-Refactor and Replatform .NET Apps to Use the Latest Microsoft SQL S...
GPSBUS220-Refactor and Replatform .NET Apps to Use the Latest Microsoft SQL S...
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
 
Modernize and Move your Microsoft Applications on AWS
Modernize and Move your Microsoft Applications on AWSModernize and Move your Microsoft Applications on AWS
Modernize and Move your Microsoft Applications on AWS
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions
WIN302-Deep Dive on Active Directory From One to Many AWS RegionsWIN302-Deep Dive on Active Directory From One to Many AWS Regions
WIN302-Deep Dive on Active Directory From One to Many AWS Regions
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT AWS Directory Service for Microsoft Active Directory Deep Dive R o n C u l l y , M a n a g e r o f P r o d u c t M a n a g e m e n t N o v e m b e r 2 7 , 2 0 1 7 WIN403
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Migrate Windows Workloads While Refactoring Migration path Implementing an Identity Strategy for Amazon Web Services
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Options for AD-aware Cloud Workloads On-premises Windows Server DC AD You manage 1 VPC EC2 for Windows Server DC AD You manage 2 VPC Endpoint AWS Microsoft AD AWS manages 3 AWS Directory Service for Microsoft Active Directory also known as AWS Managed Microsoft AD
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Options for AD-aware Cloud Workloads VPC Endpoint AWS Microsoft AD AWS manages 3 AWS Directory Service for Microsoft Active Directory also known as AWS Managed Microsoft AD • What AWS managed Microsoft AD is • Shared responsibilities • Deployment models • How to set it up • How to configure and administer • AWS applications support and use cases
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What AWS Managed Microsoft AD Is AWS managed, actual Microsoft Active Directory Windows 2012 R2 domain controllers (DC) • ~3-click setup from directory service console or script through API • 2 DCs each in separate Availability Zones (AZs) • Scale-out with additional DCs • Dynamic DNS • Compliance audited Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Manag e d Microsoft AD: Share d R e sp onsib ilities Customer—administers • Configure password policies • Configure trusts (resource forest deployment) • Configure certificate authorities (for LDAPS) • Configure federation • Administer users, groups, GPOs, other AD content • Administration via Active Directory Users and Computers (ADUC) and other standard AD tools • Add domain controllers as needed Amazon—operates • Multi-AZ deployment, patch, monitor, DC recovery, snapshot, restore Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD Auth/ LDAP Availability Zone Private Subnet 10.0.2.0/24 EC2 App Server EC2 IIS Server AWS Managed Services D C AWS Managed Microsoft AD
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Managed Microsoft AD: Two Editions Enterprise Edition Standard Edition Storage Capacity 17GB 1GB Performance Optimized 100,000+ employees Up to ~5,000 employees Enterprise Edition = Standard Edition plus enterprise features Currently same features Priced per DC per hour (2 DC minimum) 30-day limited free trial
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deployment Models Resource directory AWS Managed Microsoft AD Primary directory AWS Managed Microsoft AD On-premises data center or EC2 Windows in your VPC AD Microsoft Windows Server DC Primary directory
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Prerequisites You Must Create • Virtual Private Cloud (VPC) • Two subnets in different AZs • Optional on-premises link • Virtual Private Network (VPN) • Amazon Direct Connect Availability Zone 10.0.2.0/24 Availability Zone 10.0.3.0/24 Optional VPN Direct Connect OrOr On-premises data center docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • One AWS security group During Creation, AWS Creates… • 2 DCs with Dynamic DNS • Elastic network interface in your subnets Availability Zone 10.0.2.0/24 Availability Zone 10.0.3.0/24 Optional VPN Direct Connect OrOr On-premises data center AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. During Creation, AWS Creates… Don’t use on other instances You can edit Broad for your internal non-RFC 1918 addresses Used only in your private VPC • 2 DCs with Dynamic DNS • Elastic network interface in your subnets docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html • One AWS security group
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 10.0.2.0/24 Availability Zone 10.0.3.0/24 Optional VPN Direct Connect OrOr On-premises data center AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC • Key-pair (PEM) file • EC2 Windows (Install AD Administration Tools) Best Practice After Creation • DHCP option sets • AWS security group • IAM role/policy for EC2 (AmazonEC2RoleforSSM) DHCP Option Set AD Admin Tools docs.aws.amazon.com/directoryservice/latest/admin-guide/tutorials_ad_test_labs.html
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configure Management Instance RDP to instance yourdomainadmin 1 Add features Group policy management AD DS and AD LDS tools DNS server tools 2 Verify tools added Active Directory Administrative Center Active Directory Domains and Trusts Active Directory Module for Windows PowerShell Active Directory Sites and Services Active Directory Users and Computers ADSI Edit DNS Group Policy Management 3
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to Administer AWS Managed Microsoft AD
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AD Administration Tools 88-856-43-585 88-856-43-585 Domain “administrator” OU “admin” Customer
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AD Administration Tools 88-856-43-585 88-856-43-585 OU “admin” Customer Add OU and on-premises users/groups to reserved security groups
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing from AWS Directory Service Console
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Application Support and Use Cases With AWS Managed Microsoft AD
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Manag e d Microsoft AD as a Primary Dire ctory AWS Managed Microsoft AD Directory SaaS Applications Azure AD Amazon WorKSpaces RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect AWS Apps & Services Enable, authenticate, & authorize Manage, authenticate, & authorize .NET Applications Server SharePoint Server AD-aware Workloads SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing Enterprise Certificate Authority Certificate Services Domain join & manage Amazon Windows EC2 instances Amazon Linux EC2 instances Amazon EC2 SAML authenticate Synchronize users AD FS Server AD FS Azure AD Connect Server Federate ADSync Enabling features • Delegated administration for built-in groups • RAS and IAS servers (Network Policy Server) • Terminal Server Licensing Servers (Remote Desktop Licensing Manager) • Schema extensions • Group Managed Service Accounts (gMSA) • Kerberos Constrained Delegation • Register for change notifications • Add Microsoft Enterprise CA • Enable LDAPS Administer users & groups
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 AWS Manag e d Microsoft AD as a R e sou rce Dire ctory Amazon WorkSpaces AWS Managed Microsoft AD Directory RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect AWS Apps & Services .NET Applications Server SharePoint Server AD-aware Workloads SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing SaaS Applications Azure AD Enable, authenticate, & authorize Manage, authenticate, & authorize Manage, authenticate, & authorize 3 Enterprise Certificate Authority Certificate Services On-premises Microsoft Active Directory On-premises user credentials Corporate data centerVPN Direct Connect or AD FS Server SAML authenticate Synchronize users Azure AD Connect Server Amazon Windows EC2 instances Amazon Linux EC2 Instances
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Time tested, secure model The trusting forest has no admin control over the trusted forest Trusted users have cloud resource access, but only if entitled by trusting admins (you control both sides) Cloud identities have no access to on-premises resources unless: 1. On-premises trusts the cloud AND 2. On-premises admins grant permissions to identities in the cloud Forest trusts AD On-premises network VPC Trust AWS Managed Microsoft AD DC Windows AD DC Access Domain local security group (access entitlements here) Universal security group Trusting Trusted Cloud On-premises
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Securing trusts Leave SID filtering on (Windows default) Use selective authentication (on-premises side of trust) • https://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx#w2k3tr_trust_security_zyzk • Don’t grant AD groups from the cloud access to on-premises resources Open only ports for AD trust communications between DCs • https://technet.microsoft.com/en-us/library/cc756944(v=ws.10).aspx Open ports for AD authentication from cloud to on-premises AD; minimize all other ports from cloud to on-premises (e.g., WorkSpaces login using on-premises credentials) • https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and- trusts
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC and Account Considerations D C AWS Managed Microsoft AD QuickSight Chime WorkDocs WorkMail AWS Console Amazon Connect Account 1 Account 2 QuickSight Chime WorkDocs WorkMail AWS Console Amazon Connect VPC 1 VPC 2 EC2 Manual Domain Join WorkSpaces RDS for SQL Server WorkSpaces RDS for SQL Server VPC 3 EC2 Seamless Domain Join
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Options for Multiple VPC With Trusts On-premises Microsoft Active Directory On-premises user credentials Corporate data center D C AWS Managed Microsoft AD VPC 1 D C AWS Managed Microsoft AD VPC 2 Option 1 + Preserves VPC boundaries + Billing goes to VPC owner - Costs more On-premises Microsoft Active Directory On-premises user credentials Corporate data center AWS Managed Microsoft AD VPC 1 VPC 2 VPC 3 Account 1 Account 2 Account 1 EC2 Manual Domain Join EC2 Manual Domain Join Tag3 Tag2Tag1 Option 2 + Saves money + Enables cost allocation - Crosses VPC boundaries
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Reference information Documentation • AWS Directory Service—aws.amazon.com/directoryservice • AWS Security Blog—aws.amazon.com/blogs/security/ (search for “AWS Managed Microsoft AD”) • AWS What’s New—aws.amazon.com/new/ (Security, Identity & Compliance) • AWS Managed Microsoft AD—aws.amazon.com/documentation/directory-service/ • RDS for SQL Server—aws.amazon.com/documentation/rds/ AWS Quick Starts— aws.amazon.com/quickstart/ • Active Directory Domain Services • Exchange Server 2013 • SharePoint Server 2016 Enterprise • Lync Server 2013 • SQL Server 2014 AlwaysOn • Windows PowerShell DSC
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Other 2017 AWS re:Invent Sessions with AD AWS Managed Microsoft AD Topics • WIN302: Deep Dive on Active Directory—From One to Many AWS Regions • WIN310: Integrating AWS Managed Active Directory into Office 365 • WIN311: Unified Access Management with AWS Managed Services for Microsoft Active Directory SID202: Deep-dive on how Capital One Automates the Delivery of Directory Services Across AWS Accounts Other AD related topics • WIN204: Simplifying Microsoft Architectures with AWS • WIN302: Deep Dive on Active Directory—From One to Many AWS Regions • WIN309: How to Optimize AWS Architectures for SharePoint Deployments • WIN401: Migrating Microsoft Applications to AWS • ARC324: Building Manageable Windows Workloads • BAP303: Migrate Your Desktops to Amazon WorkSpaces • BAP312: Network Configuration, Identity Management, and Device Authentication Considerations for Amazon WorkSpaces • BAP315: Amazon Chime Deployment Topics: Using Active Directory with Amazon Chime • CMP214: Simplifying Microsoft Architectures with AWS • ENT325: Migrating Your Microsoft Applications to AWS • ENT329: End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 • GPSCT314: GPS: Running Microsoft Workloads on AWS: Tips from the Pros
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!