Solved

Domain Controller in the cloud

Posted on 2013-05-22
6
1,068 Views
Last Modified: 2014-11-12
I am planning to move all of our services in the cloud. How does a domain controller in the cloud work and is this something doable? I did some research but it's all too technical to me. We're a small business with few locations and we use AD and have some login scripts. We don't have enough IT support while outsourcing it is too expensive, so is the reason to have everything hosted. Any recommendations - pros and cons and brief explanation of how that would work? I see MS Azure might be a good option.
Thanks!
0
Comment
Question by:Cozumel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 28

Expert Comment

by:jhyiesla
ID: 39188042
I'm not terribly familiar with this concept.  However, the domain controller concept and AD itself is a critical key to the rest of your network functioning. While it's possible for a physical or virtual server to take a hit ( that's why you have more than one), what happens if your ONLY DC is in the cloud and you lose connectivity to the cloud.  I'd suspect that most network things would just fail to work because there's no way to authenticate anyone or resolve a name to an IP or look up resources in AD because there's no connectivity to AD. As I said, I will confess to some level of ignorance on this issue, but this is a really good question to ask.
0
 
LVL 5

Accepted Solution

by:
Eddie-Lopez earned 500 total points
ID: 39188074
Hi,

Yes, having your ADDS in the cloud is definitively doable, and you probably will need to do so if you plan on taking Exchange online or other services as well. Probably you should keep a local DC as well.

We are currently implementing Exchange Online / Office 365 / Lync and first we had to have our AD in the cloud. We are using Windows Azure and it works very nice, you can check their pricing to see if it fits your needs.

It's pros and cons are based on the fact that your ADDS will come from the cloud, which means that you should have enough Internet bandwidth to deal with this traffic, and if you go offline for some reason you will not have AD functionality (unless you keep a local DC, as stated above). But as long as you have Internet connection, you won't have to worry about anything else (if you have any trouble, Azure guys will deal with it). And it is great for mobile users, if you have any.

Hope this helps,

Eddie
0
 
LVL 3

Expert Comment

by:wlacroix
ID: 39188830
We host all our stuff internally on vmware, if you can afford it, its worth keeping all your stuff inside vs hosted.

Where you end up paying huge is with links to and from your branches, especially if they are dedicated links.
You can also do it via VPN but there is 100 times more management.

I guess my point is you have lots of options, not just hosted, your going to ultimately spend the same money on each one, its a matter of how much management you want to put on IT vs your other services.

Do the math on each solution and you will see what I am talking about.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 2

Expert Comment

by:ajjmunoz
ID: 39192952
Why do you you setup an AD LDS instance in case you lose connectivity to the cloud; or you could setup a read only domain controller somewhere.
0
 

Author Comment

by:Cozumel
ID: 39229471
Well, here's the thing I am planning to get Office 365 and all of my services will be in the cloud anyway, so if I lose internet connection my users won't be able to access anything anyway, but they still will be able to login to their computers, right? I am even wondering if I need domain controller at all - does it give any other benefits besides the script and computer policy?
Regarding Azure - Eddie, do they support active directory specific services as well or they only make sure your virtual machine is up and running?
0
 
LVL 5

Expert Comment

by:Eddie-Lopez
ID: 39229690
If you lose Internet connection with no local domain controller, your users will be able to login to their computers as long as they had logged before to that specific computer.

On Windows Azure AD services, I'm really not sure if they can manage it since we wanted to manage it ourselves. But here's the website, if you want more info on it:

http://www.windowsazure.com/en-us/services/identity/
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision Office 365 tenants, synchronize your on-premise Active Directory, and implement Single Sign-On.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimized for private cloud infrastructures and datacenters, Nano Server is minimalistic, yet super-efficient, OS for services such as Hyper-V and Hyper-V cluster. Learn how you can easily deploy Nano Server and unlock its power!
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question