Solved

Domain Controller in the cloud

Posted on 2013-05-22
6
1,043 Views
Last Modified: 2014-11-12
I am planning to move all of our services in the cloud. How does a domain controller in the cloud work and is this something doable? I did some research but it's all too technical to me. We're a small business with few locations and we use AD and have some login scripts. We don't have enough IT support while outsourcing it is too expensive, so is the reason to have everything hosted. Any recommendations - pros and cons and brief explanation of how that would work? I see MS Azure might be a good option.
Thanks!
0
Comment
Question by:Cozumel
6 Comments
 
LVL 28

Expert Comment

by:jhyiesla
ID: 39188042
I'm not terribly familiar with this concept.  However, the domain controller concept and AD itself is a critical key to the rest of your network functioning. While it's possible for a physical or virtual server to take a hit ( that's why you have more than one), what happens if your ONLY DC is in the cloud and you lose connectivity to the cloud.  I'd suspect that most network things would just fail to work because there's no way to authenticate anyone or resolve a name to an IP or look up resources in AD because there's no connectivity to AD. As I said, I will confess to some level of ignorance on this issue, but this is a really good question to ask.
0
 
LVL 5

Accepted Solution

by:
Eddie-Lopez earned 500 total points
ID: 39188074
Hi,

Yes, having your ADDS in the cloud is definitively doable, and you probably will need to do so if you plan on taking Exchange online or other services as well. Probably you should keep a local DC as well.

We are currently implementing Exchange Online / Office 365 / Lync and first we had to have our AD in the cloud. We are using Windows Azure and it works very nice, you can check their pricing to see if it fits your needs.

It's pros and cons are based on the fact that your ADDS will come from the cloud, which means that you should have enough Internet bandwidth to deal with this traffic, and if you go offline for some reason you will not have AD functionality (unless you keep a local DC, as stated above). But as long as you have Internet connection, you won't have to worry about anything else (if you have any trouble, Azure guys will deal with it). And it is great for mobile users, if you have any.

Hope this helps,

Eddie
0
 
LVL 3

Expert Comment

by:wlacroix
ID: 39188830
We host all our stuff internally on vmware, if you can afford it, its worth keeping all your stuff inside vs hosted.

Where you end up paying huge is with links to and from your branches, especially if they are dedicated links.
You can also do it via VPN but there is 100 times more management.

I guess my point is you have lots of options, not just hosted, your going to ultimately spend the same money on each one, its a matter of how much management you want to put on IT vs your other services.

Do the math on each solution and you will see what I am talking about.
0
 
LVL 2

Expert Comment

by:ajjmunoz
ID: 39192952
Why do you you setup an AD LDS instance in case you lose connectivity to the cloud; or you could setup a read only domain controller somewhere.
0
 

Author Comment

by:Cozumel
ID: 39229471
Well, here's the thing I am planning to get Office 365 and all of my services will be in the cloud anyway, so if I lose internet connection my users won't be able to access anything anyway, but they still will be able to login to their computers, right? I am even wondering if I need domain controller at all - does it give any other benefits besides the script and computer policy?
Regarding Azure - Eddie, do they support active directory specific services as well or they only make sure your virtual machine is up and running?
0
 
LVL 5

Expert Comment

by:Eddie-Lopez
ID: 39229690
If you lose Internet connection with no local domain controller, your users will be able to login to their computers as long as they had logged before to that specific computer.

On Windows Azure AD services, I'm really not sure if they can manage it since we wanted to manage it ourselves. But here's the website, if you want more info on it:

http://www.windowsazure.com/en-us/services/identity/
0

Join & Write a Comment

Every once-in-a-while, when you try to add a XenServer host to the System Center Virtual Machine Manager console, it will generate a certificate error, and the XenServer host will not be added to Virtual Machine Manager: If you are experiencing t…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now