The Schwartz Report

Blog archive

AWS Adds Active Directory Services

Amazon Web Services is now offering a set of new options to run Active Directory as a managed service in its EC2 cloud. The company this week said it's offering three options for its new cloud-based Active Directory Service.

The least expensive option is Simple AD, providing only basic Active Directory capabilities. Second is the AWS Directory Service for Microsoft Active Directory (Enterprise Edition) based on the most recent version included in Windows Server 2012 R2 and the third option is the AD Connector, which customers can link with on-premises AD domains.

The company has provided documentation to determine which service is most suitable. For those looking to create or manage user accounts, group memberships, domain-joining Amazon Elastic Compute Cloud (Amazon EC2) instances running Linux and Windows, Kerberos-based single sign-on (SSO) and group policies, Simple AD is the best choice, according to the company. It's the most suitable option for organizations with less than 5,000 user accounts.

Organizations with more than that or those that require trust relationships between the AWS-hosted version of Active Directory and on-premises directories are better off using the new AWS Service for Microsoft AD, Amazon recommends. It's available when an administrator chooses it as a directory type and is provisioned as a pair of domain controllers that run in multiple AWS Availability Zones available in any region connected to a customer's virtual private cloud (VPC), according to the company. AWS said the service offered includes host monitoring, recovery, replication, snapshots and software updates, which is configured and managed by the company.

AWS describes the AD Connector as a proxy service that links on-premises Active Directory with AWS that don't want to host AD Federation Services or other intricate directory synchronization configurations. The company recommends the connector for those with Active Directory on premises that don't require replication to the AWS-hosted directory. Developers can link to Active Directory using the AWS Directory Service API. Separate reference documentation to that API includes descriptions, syntax and examples of various actions and data types within the service.

Posted by Jeffrey Schwartz on 12/04/2015 at 12:01 PM


Featured

comments powered by Disqus

Subscribe on YouTube