Header Ads

recent

AWS Cloud Directory Services & Best option for you Infrastructure

AWS Directory Services


Directory services is part of AWS cloud security, cloud security is much like security in you on-premises data center, only without the cost of maintaining hardware. 
In cloud you don't have to manage any physical servers or storage devices to manage security, instated you use the software based security tools to monitor and protect the cloud resources.

AWS Directory service provides multiple ways to use the. In the article we will explain you how AWS directory service directly relate to the specific security purposes in Cloud system and multiple ways to use it.

AWS Directory service is  managed service offering that provides directories that contain information about you organization, including users, groups, computers and other resources.

AWS Directory service provide following three options for directory types, you can choose from those.
  • Simple AD
  • AWS Directory Service for Microsoft Active Directory (Enterprise Edition)
  • AD Connector 


AWS Directory Service is a managed service offering, it is designed to reduce identity management task. There is no required to build out your own complex and highly available directory topology because each directory is deployed across multiple AWS availability zones, and monitoring automatically detects and replaces DC that fail.

we will discuss above three available directory services in details.

Simple AD

Simple AD is MS Active Directory compatible directory option from AWS directory Service that is powered by Samba 4, it is supports similar AD features such as user accounts, group membership, domain joining for AWS EC2 instance running Linux and Windows , group policies, KB based Single Sign-On (SSO), it makes it easier to deploy windows applications on the AWS Cloud.
Simple AD also can be use to access AWS applications and services, such as AWS WorkSpace, WorkDocs and WorkMail, it can also use AWS IAM roles to access the AWS Management Console and manage AWS resources 

Please note that you can't setup trust relationships between Simple AD and other AD domains, also not support DNS dynamic update, schema extensions, multi-factor authentication, LDAP protocol communication, also not support FSMO roles.

Microsoft AD (Enterprise Edition)

AWS Directory service for Microsoft Active Directory is a managed directory service hosted on AWS Cloud. it provide all functionality offered by Microsoft AD also integrate with AWS applications. Active Directory additional functionality you can easily setup trust relationship with your existing AD Domains to extend those directories to AWS cloud services.

AD Connector

This option mostly used for to utilize on-premises Directory Services, AD Connector is a proxy service for connecting your on-premises MS AD to the AWS cloud without requiring complex directory sync or the cost and complexity of hosting a federation infrastructure.

AD Connector forward sign-in requests to your AD Domain controllers for authentication and provides the ability for applications to query the directory for data.
After setup, your users can use their existing corporate credential to log on to AWS applications, such as AWS WorkSpaces, WorkDocs,WorkMail. using IAM permissions, you can access the AWS Management Console.

With the AD Connector, you continue to mange your AD as the same way you do. You can also use the AD Connector to enable MFA by integrating it with our existing RADIUS based MFA and also can be manage AWS resources such as EC2 Instance, S3 buckets.

Below are few tips to select your best option which will goes with your infrastructure.

If you have more than 5000 users and need a trust relationship setup between and AWS-hosted directory and your on-premises directories then you should choice AWS Directory Service for Microsoft Active Directory (Enterprise Edition) and this is the best option for your infra.

If you have less then 5000 users and not required more advanced function from Microsoft AD, like SSO, Trust relationship setup or On-Premises access, then Simple AD is the right option for you and it is also less expensive option at that point.

If you decided to use your On-Premises AD service then there is only one best option for you and that is AD Connector .
  

No comments:

Systemadminworld. Powered by Blogger.