Solved

Does AWS have a replacement for Active Directory?

Posted on 2016-09-14
3
51 Views
Last Modified: 2016-09-19
I have a small network that I want to use Dropbox for storage.
I need to be able to centrally authenticate my users and also push out policies like GPO's.

Does AWS have this sort of service?
All my users computers will be on premise, not in the cloud.
0
Comment
Question by:ie0
  • 2
3 Comments
 
LVL 10

Expert Comment

by:George Khairallah
ID: 41797905
AWS does have a directory service, which is Microsoft Active Directory compatible, and does support GPO.
You can read more about it here:
https://aws.amazon.com/directoryservice/

Though from what you're asking, it sounds like you would need to establish a VPC with a VPN gateway to your on-prem environment to authenticate that way. Typically for this type of scenario, it's more customary to use an on-prem AD service with an AWS EC2 instance with AD on it, to extend your on-prem environment. The Active Directory service provided by AWS, IMHO is more suited for workloads that are implemented within the AWS structure or within a specific VPC.

Hope this helps,
1
 

Author Comment

by:ie0
ID: 41798146
Sorry, I should have explained, I do not have an on premise AD server.
0
 
LVL 10

Accepted Solution

by:
George Khairallah earned 500 total points
ID: 41798163
Correct. I understood that you didn't.
I was simply suggesting that it's usually best practice to have your AD server on premise and have RODC or even a normal DC in the cloud.
But, for an answer directly to your concern, you should be able to use AWS's directory service and connect it to your on-prem machines, but for that, you will need to use AWS's VPN service within the VPC, to connect your on-prem network, and your AWS network.  You will likely be ok as far as cost with the AWS Directory Service, as it's not too expensive, especially if you're good with just a small instance, but there is also a cost associated with the VPN service to keep in mind.

You might also want to look at the SimpleAD FAQ here:
https://aws.amazon.com/directoryservice/faqs/

As it will show you what SimpleAD can and cannot do. If it does meet your needs, then great, otherwise, you may be better served with installing AD on an AWS EC2 instance, and connecting it to your environment in the same way. (i.e: VPN)

Hope this helps :)
1

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
AWS - Setup FTP User to Upload Files 4 494
Access to EC2 2 165
Automated Deployments in AWS 6 104
Amazon S3 Import Hardware Requirements 2 69
When using AWS as your chosen public cloud provider you will ultimately come to a point where you need to decide and define what your storage requirements are for your data that you wish to store on AWS. There are a variety of options to choose from…
Monitoring systems evolution, cloud technology benefits and cloud cost calculators business utility.
Steps to create a PostgreSQL RDS instance in the Amazon cloud. We will cover some of the default settings and show how to connect to the instance once it is up and running.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now