Active Directory Certificate Services – 2016 in AWS

I am tasked with deploying Active Directory Certificate Service Chain on Windows 2016 Server platform.
Servers would be VMs hosted in AWS (except for the Root Authority), I need to make this environment highly available. My understanding is that OCSP is the service that is needing high availability the most. How do I make use of AWS services to insure High Availability? Is this possible?
mezenAsked:
Who is Participating?
 
LearnctxConnect With a Mentor EngineerCommented:
I need to make this environment highly available

You will need to look at using Windows Failover Clustering then, see the MS community Wiki on CA HA here (I have no idea if AWS fully supports Windows clustering). And the MS AD DS blog on OCSP HA here. OCSP is easy you just jam it between a load balancer (ELB). You do the same for your CRL's as well.
0
 
Adelaido JimenezDevOpsCommented:
To make the service High Available, I would suggest you put the Domain controller in two different availability zone in AWS. This will provide you with fault tolerance and will prevent a domain controller failure from impacting the availability of you servers. I would recommend reading this paper to get a better understanding https://docs.aws.amazon.com/quickstart/latest/active-directory-ds/vpc-rec.html.
2
 
mezenAuthor Commented:
Good read, I was referring to Certificate Services not Domain Services though.
0
 
Adelaido JimenezDevOpsCommented:
Ah I see. The concept would be the same, having the VM's in  different availability zones will help with high Availability  since the zones in AWS are not in the same geological location.
0
 
mezenAuthor Commented:
Great references.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.