SlideShare a Scribd company logo

Using Active Directory in AWS

TriNimbus
TriNimbus

Many Windows shops want to move to the cloud, but are overwhelmed by the numerous options. In this talk we will take a look at how to move your Active Directory environment into AWS and provide some tips and tricks on how to make the most of the options available.

Technology
1 of 44
Download to read offline
Using Active Directory in AWS Re:Invent 2017, AD Best Practices trinimbus.com
What is AD? GENERAL AD • It is both the directory information source and the service that makes the information available and usable • Essentially, it is a phonebook • Users: account information, privileges, profiles, policy management • Servers & workstations: domain joins, policies, network information • Application information: ex: Exchange and mailboxes information 2
AD Options for AWS GENERAL AD • AD Connector – gateway/proxy to existing on-premises Microsoft AD • Simple AD – AD-compatible directory powered by Samba 4 providing a subset of MS AD features • Microsoft AD – AWS-managed AD powered by Windows Server 2012 R2 • AD on EC2 – AD on EC2 3
Choosing the Correct AD Option GENERAL AD 4 Feature AD Connector Simple AD Managed AD AD on EC2 Authenticate sign on requests from AWS applications like Amazon WorkSpaces, Amazon WorkDocs, or Amazon WorkMail. Yes (proxy) Yes Yes Yes* Domain join EC2 instances running Linux and Microsoft Windows Yes (proxy) Yes Yes Yes* Enable single sign-on (SSO) to the AWS Management Console using existing AD credentials Yes (proxy) Yes Yes Yes* Support for up to 5,000 users and 20,000 objects Yes Yes Yes Yes Authenticate sign on requests from directory-aware Microsoft workloads, including custom .NET and SQL Server-based applications Yes Yes Yes Common Active Directory features such as user accounts, group memberships, and group policies Yes Yes Yes
Choosing the Correct AD Option GENERAL AD 5 Feature AD Connector Simple AD Managed AD AD on EC2 Advanced Active Directory features such as DNS dynamic updates, Active Directory Administrative Center, PowerShell support, Active Directory recycle bin, group managed service accounts, and schema extensions for POSIX and Microsoft applications Yes Yes Setup trust relationships with other Active Directory domains Yes Yes Establish trust with other AWS directories Yes Yes Support for up to 50,000 users and 200,000 objects Yes Yes
Choosing the Correct AD Option GENERAL AD 6 Feature AD Connector Simple AD Microsoft AD AD on EC2 Active Directory schema modifications, communication over LDAPS, PowerShell AD cmdlets, and the transfer of FSMO roles Yes Yes Active Directory replication Yes Support for more than 50,000 users and 200,000 objects Yes Windows Authentication to authenticate users when they connect to an Amazon RDS DB instance running Microsoft SQL Server Yes
AD Connector 7
AD Connector AD Connector • Proxy service to route authentication/authorization requests back to an AD domain someplace else. 8
Simple AD 9
Simple AD Simple AD • Samba 4, Active Directory compatible server. • Able to manage Windows/Linux EC2 instances. • User accounts allow access to Workspaces, WorkDocs, Workmail. • Daily snapshots. 10
Simple AD Simple AD ● No trust relationships ● Cannot use most Active Directory administration tools. ● No powershell support. 11
AD on EC2 12
Common Scenarios AD ON EC2 • Global (multi-region) deployments - (extension of the corp on-prem AD into the cloud) • Disaster Recovery • Enterprise Applications (with isolated access like third parties, partners and similar) • Hybrid deployments - when you need applications to talk to components hosted on-prem 13
General Design Considerations AD ON EC2 • Customer responsibility for : • patching (ex. Systems Manager), • monitoring (ex. CloudWatch) • backups (either 3rd party enterprise solutions or Windows System Backup) • and high availability • Place DCs in at least two AZs and treat AZs as separate data centers (AZ1 being one site, AZ2 being another site) 14
Security Considerations AD ON EC2 • Access to AWS resources using IAM roles and policies. • Access to EC2 OS using AD security memberships. • Keep Cloud team and AD team separated. • Never internet facing, always in private subnets • NACL and SG. 15
Networking considerations AD ON EC2 • Understand the networking in order to create proper sites, links and replication setup 16
Networking considerations AD ON EC2 • When peering multiple VPCs, it is sufficient to deploy DCs into a single VPC (Shared Services VPC concept) 17
IP addressing and DNS considerations AD ON EC2 • Define separate subnets for AD (or for all Shared/Common services) • Configure network properties of all member servers to point to the IP address of the EC2 host having AD DS & DNS roles - DHCP Option Sets • Set each AZ as a site in Sites and Services. Set each VPC as a site when dealing with multi-region. 18
Multi Region Considerations AD ON EC2 • Deploy DCs in all used regions, and in multiple AZs within each of the regions. • Connect all regions to Data Center and treat the Data Center as a hub when setting the links cost in the replication setup. • Another option is to use a dual-hub and spoke design in case one hub drops offline. 19
Multi Region Considerations AD ON EC2 • For replication between the regions (using AWS network as a backbone) use VPC Peering, IPsec VPNs between the regions, or transit VPCs. • If you are separating users from resources and into separate domains, consider using sub-domains based on region. 20
AD Backup and Recovery considerations AD ON EC2 • Do not use snapshots • Not crash consistent • VM IDs not supported in EC2 • Use Windows System State backup or 3rd party enterprise solutions • Leverage separate volumes for backups -> snapshot the volumes to S3 and perhaps to Glacier for longer term storage 21
AD DS specific design considerations AD ON EC2 • Separate forest without trusts • New forest with federation • New forest with Kerberos • Extend corp forest with deploying a replica DC • Extend corp forest by deploying a new child domain or domain tree 22
AD DS specific design considerations AD ON EC2 ● Global Catalog considerations: ○ Same considerations as with an on-prem design. ■ In most cases, it is recommended that you include the global catalog when you install new domain controllers. ■ Any application need GC? ■ More than 100 users using that region? ○ For multi domain forest, make all DCs global catalogs with the following exceptions: ■ Limited bandwidth (like VPN) ■ Security implications 23
Office365 integration AD ON EC2 • AD on EC2.. Will work with Managed AD too • AD FS on separate EC2 • Service Account • Azure AD connect on separate EC2 • AD Sync to replicate AD users into Azure AD • enables users in AWS AD to single sign on to Office365 24
AWS Managed Microsoft AD 25
What is Managed Microsoft AD AWS MANAGED MICROSOFT AD • Windows 2012 R2 DCs. • ~ 3click setup or CLI/API & CFN. • By default 2 DC in 2 AZs, dynamically scalable to more DCs. • PCI, HIPAA and SOC compliant. • Two editions: • Standard: up to ~5,000 objects* • Enterprise: up to 100,000+ objects* • Currently same set of features with a tendency to add more features into the Enterprise edition. • Priced per DC per hour, minimum 2 DC’s. 26
Shared responsibilities AWS MANAGED MICROSOFT AD • AWS: • Backups, snapshots, patching, monitoring • Customer: • policies, trusts, federation, certificate authorities, users & groups, content 27
Deployment models AWS MANAGED MICROSOFT AD • Primary directory in the Cloud only. • Resource directory includes a trust with AD (or any other directory) 28
Design Restrictions AWS MANAGED MICROSOFT AD ● Single Region - Multiple AZ ● Single Forest - Single Domain 29
Prerequisites AWS MANAGED MICROSOFT AD • VPC with 2 AZs. • VPC must have default hardware tenancy. • Cannot use 198.19.0.0/16 address space. • VPN or DirectConnect optional 30
Best practices after creation AWS MANAGED MICROSOFT AD • DHCP option set for VPC. • Tighten the default DC SGs. • Create a seperate Security Group to be assigned to domain member instances. • Separate instance for AD management (tools to be installed manually) 31
Management of the Microsoft AD AWS MANAGED MICROSOFT AD • AWS is the Domain Admin. • May cause issues with compliance. • Pre-created OU with delegated permission. • Add users into predefined (and created by AWS) groups. • Groups are "domain local" and not "universal”. • In is not end of the world if the AD is marked as "Impaired". It is perfectly normal to see it like that every once in a while… • Do AD restore only as a last resort (because it always means a loss of data). Contact AWS Support before you do a restore. 32
Application Support AWS MANAGED MICROSOFT AD 33 • As a primary directory
Application Support AWS MANAGED MICROSOFT AD 34 • As a resource directory
VPC and Account Considerations AWS MANAGED MICROSOFT AD 35
Options for Multiple VPCs with Trusts AWS MANAGED MICROSOFT AD • Option 1 • + Preserve VPC boundaries • + Billing goes to VPC owner • - Costs more 36
Options for Multiple VPCs with Trusts AWS MANAGED MICROSOFT AD • Option 2 • + Saves money • + Enables cost allocation • - Crosses VPC boundaries 37
Options for Multiple Domains +VPCs with Trusts AWS MANAGED MICROSOFT AD • Option 3 • + Isolates Environments • + Centralized Users • + Reduces duplicate systems • - Crosses VPC boundaries 38
Tips and Tricks 39
Things to watch out for Tips and Tricks ● Default Domain policy has a 45 day password rotation. Admin password included. ● Default Security Group doesn’t allow trusts to occur. ● Seamless domain join doesn’t work across VPC’s, but SSM does. ● Active Directory - Standard cannot be built via CloudFormation. Enterprise can be. ● Conditional Forwarders can be managed via CLI. ● Only directly available logs are security logs. ● It is possible to have multiple domains inside one VPC. ○ Works best in a shared services VPC design. 40
Automatic AD Cleanup ● Joining a domain is easy. Seamless domain join, SSM documents, Powershell, etc. ● Leaving a domain is hard. ● Having domain joined computers on an ASG will clutter up Active Directory. 41 Tips and Tricks
References Re:Invent 2017, AD Best Practices • AWS re:invent 2017: Deep Dive on Active Directory – From One to Many AWS Regions (WIN302) • AWS re:invent 2017: AWS Directory Service for Microsoft Active Directory Deep Dive (WIN403) • AWS re:invent 2017: Deep Dive on How Capital One Automates the Delivery of Directory (SID202) 42
QUESTIONS ? ? ? TriNimbus 43
THANK YOU TriNimbus.com Jonathan@triimbus.com Jonathan Best 19 February 2018 TriNimbus 44

Recommended

WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveWIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveAmazon Web Services
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsAmazon Web Services
 
Kurly는 AWS를 어떻게 사용하고 있을까? - 성공적 리테일 디지털 트랜스포메이션 사례 - 박경표 AWS 솔루션즈 아키텍트 / 임상석...
Kurly는 AWS를 어떻게 사용하고 있을까? - 성공적 리테일 디지털 트랜스포메이션 사례 - 박경표 AWS 솔루션즈 아키텍트 / 임상석...Kurly는 AWS를 어떻게 사용하고 있을까? - 성공적 리테일 디지털 트랜스포메이션 사례 - 박경표 AWS 솔루션즈 아키텍트 / 임상석...
Kurly는 AWS를 어떻게 사용하고 있을까? - 성공적 리테일 디지털 트랜스포메이션 사례 - 박경표 AWS 솔루션즈 아키텍트 / 임상석...Amazon Web Services Korea
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 

Recommended

WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveWIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveAmazon Web Services
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsAmazon Web Services
 
Kurly는 AWS를 어떻게 사용하고 있을까? - 성공적 리테일 디지털 트랜스포메이션 사례 - 박경표 AWS 솔루션즈 아키텍트 / 임상석...
Kurly는 AWS를 어떻게 사용하고 있을까? - 성공적 리테일 디지털 트랜스포메이션 사례 - 박경표 AWS 솔루션즈 아키텍트 / 임상석...Kurly는 AWS를 어떻게 사용하고 있을까? - 성공적 리테일 디지털 트랜스포메이션 사례 - 박경표 AWS 솔루션즈 아키텍트 / 임상석...
Kurly는 AWS를 어떻게 사용하고 있을까? - 성공적 리테일 디지털 트랜스포메이션 사례 - 박경표 AWS 솔루션즈 아키텍트 / 임상석...Amazon Web Services Korea
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...Amazon Web Services
 
What is AWS?
What is AWS?What is AWS?
What is AWS?Martin Yan
 
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...Amazon Web Services Korea
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018Amazon Web Services
 
Technical Essentials Training: AWS Innovate Ottawa
Technical Essentials Training: AWS Innovate OttawaTechnical Essentials Training: AWS Innovate Ottawa
Technical Essentials Training: AWS Innovate OttawaAmazon Web Services
 
Intro to AWS: Database Services
Intro to AWS: Database ServicesIntro to AWS: Database Services
Intro to AWS: Database ServicesAmazon Web Services
 
Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Amazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Create, map, and drive performance with Amazon FSx for Windows File Server - ...
Create, map, and drive performance with Amazon FSx for Windows File Server - ...Create, map, and drive performance with Amazon FSx for Windows File Server - ...
Create, map, and drive performance with Amazon FSx for Windows File Server - ...Amazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | EdurekaAmazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | EdurekaEdureka!
 
AWS Governance Overview - Beach
AWS Governance Overview - BeachAWS Governance Overview - Beach
AWS Governance Overview - BeachAmazon Web Services
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018Amazon Web Services
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSAmazon Web Services
 
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results Amazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Amazon Web Services
 

More Related Content

What's hot

AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...Amazon Web Services
 
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...Amazon Web Services Korea
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018Amazon Web Services
 
Technical Essentials Training: AWS Innovate Ottawa
Technical Essentials Training: AWS Innovate OttawaTechnical Essentials Training: AWS Innovate Ottawa
Technical Essentials Training: AWS Innovate OttawaAmazon Web Services
 
Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Amazon Web Services
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Create, map, and drive performance with Amazon FSx for Windows File Server - ...
Create, map, and drive performance with Amazon FSx for Windows File Server - ...Create, map, and drive performance with Amazon FSx for Windows File Server - ...
Create, map, and drive performance with Amazon FSx for Windows File Server - ...Amazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | EdurekaAmazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | EdurekaEdureka!
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018Amazon Web Services
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSAmazon Web Services
 
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results Amazon Web Services
 

What's hot (20)

AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
 
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
Migrating Your AD to the Cloud with AWS Directory Services for Microsoft Acti...
 
What is AWS?
What is AWS?What is AWS?
What is AWS?
 
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
 
Technical Essentials Training: AWS Innovate Ottawa
Technical Essentials Training: AWS Innovate OttawaTechnical Essentials Training: AWS Innovate Ottawa
Technical Essentials Training: AWS Innovate Ottawa
 
Intro to AWS: Database Services
Intro to AWS: Database ServicesIntro to AWS: Database Services
Intro to AWS: Database Services
 
Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPT
 
Create, map, and drive performance with Amazon FSx for Windows File Server - ...
Create, map, and drive performance with Amazon FSx for Windows File Server - ...Create, map, and drive performance with Amazon FSx for Windows File Server - ...
Create, map, and drive performance with Amazon FSx for Windows File Server - ...
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
 
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | EdurekaAmazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
 
AWS Governance Overview - Beach
AWS Governance Overview - BeachAWS Governance Overview - Beach
AWS Governance Overview - Beach
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWS
 
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
 

Similar to Using Active Directory in AWS

SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Amazon Web Services
 
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...Amazon Web Services
 
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...AWS Germany
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsAmazon Web Services
 
Running SQL Server on AWS | John McCormack | DataGrillen 2019
Running SQL Server on AWS | John McCormack | DataGrillen 2019Running SQL Server on AWS | John McCormack | DataGrillen 2019
Running SQL Server on AWS | John McCormack | DataGrillen 2019John McCormack
 
Migrating Microsoft Applications to AWS like an Expert
Migrating Microsoft Applications to AWS like an ExpertMigrating Microsoft Applications to AWS like an Expert
Migrating Microsoft Applications to AWS like an ExpertAmazon Web Services
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions
WIN302-Deep Dive on Active Directory From One to Many AWS RegionsWIN302-Deep Dive on Active Directory From One to Many AWS Regions
WIN302-Deep Dive on Active Directory From One to Many AWS RegionsAmazon Web Services
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfWIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfAmazon Web Services
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
 
Using Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud WorkloadsUsing Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud WorkloadsAmazon Web Services
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAmazon Web Services
 
Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201Amazon Web Services
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02gameaxt
 
AWS Webcast - How to Architect and Deploy a Multi-Tier SharePoint Server Farm...
AWS Webcast - How to Architect and Deploy a Multi-Tier SharePoint Server Farm...AWS Webcast - How to Architect and Deploy a Multi-Tier SharePoint Server Farm...
AWS Webcast - How to Architect and Deploy a Multi-Tier SharePoint Server Farm...Amazon Web Services
 
Best practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSBest practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSAmazon Web Services
 

Similar to Using Active Directory in AWS (20)

SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
 
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
 
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
 
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
Hybride Cloud Infrastrukturen durch Integration mit Active Directory - AWS Cl...
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS Workloads
 
Running SQL Server on AWS | John McCormack | DataGrillen 2019
Running SQL Server on AWS | John McCormack | DataGrillen 2019Running SQL Server on AWS | John McCormack | DataGrillen 2019
Running SQL Server on AWS | John McCormack | DataGrillen 2019
 
Migrating Microsoft Applications to AWS like an Expert
Migrating Microsoft Applications to AWS like an ExpertMigrating Microsoft Applications to AWS like an Expert
Migrating Microsoft Applications to AWS like an Expert
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions
WIN302-Deep Dive on Active Directory From One to Many AWS RegionsWIN302-Deep Dive on Active Directory From One to Many AWS Regions
WIN302-Deep Dive on Active Directory From One to Many AWS Regions
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfWIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS Services
 
Using Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud WorkloadsUsing Microsoft Active Directory across On-premises and Cloud Workloads
Using Microsoft Active Directory across On-premises and Cloud Workloads
 
teste
testeteste
teste
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
 
Aws managed microsoft ad
Aws managed microsoft adAws managed microsoft ad
Aws managed microsoft ad
 
Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02
 
AWS Webcast - How to Architect and Deploy a Multi-Tier SharePoint Server Farm...
AWS Webcast - How to Architect and Deploy a Multi-Tier SharePoint Server Farm...AWS Webcast - How to Architect and Deploy a Multi-Tier SharePoint Server Farm...
AWS Webcast - How to Architect and Deploy a Multi-Tier SharePoint Server Farm...
 
Best practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSBest practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWS
 
MCSA 70-412 Chapter 04
MCSA 70-412 Chapter 04MCSA 70-412 Chapter 04
MCSA 70-412 Chapter 04
 

More from TriNimbus

Convergence of Containers and Serverless by Mency Woo
Convergence of Containers and Serverless by Mency WooConvergence of Containers and Serverless by Mency Woo
Convergence of Containers and Serverless by Mency WooTriNimbus
 
Juni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_Insights
Juni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_InsightsJuni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_Insights
Juni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_InsightsTriNimbus
 
Teri_Radichel_Top_5_Priorities_for_Cloud_Security
Teri_Radichel_Top_5_Priorities_for_Cloud_SecurityTeri_Radichel_Top_5_Priorities_for_Cloud_Security
Teri_Radichel_Top_5_Priorities_for_Cloud_SecurityTriNimbus
 
Peter_Smith_PhD_ACL_10000_Foot_View_of_Big_Data
Peter_Smith_PhD_ACL_10000_Foot_View_of_Big_DataPeter_Smith_PhD_ACL_10000_Foot_View_of_Big_Data
Peter_Smith_PhD_ACL_10000_Foot_View_of_Big_DataTriNimbus
 
Darin_Briskman_AWS_Machine_Learning_Beyond_the_Hype
Darin_Briskman_AWS_Machine_Learning_Beyond_the_HypeDarin_Briskman_AWS_Machine_Learning_Beyond_the_Hype
Darin_Briskman_AWS_Machine_Learning_Beyond_the_HypeTriNimbus
 
Amazon Elastic Container Service for Kubernetes (EKS), AWS Fargate and Beyond
Amazon Elastic Container Service for Kubernetes (EKS), AWS Fargate and BeyondAmazon Elastic Container Service for Kubernetes (EKS), AWS Fargate and Beyond
Amazon Elastic Container Service for Kubernetes (EKS), AWS Fargate and BeyondTriNimbus
 
AWS 2017 re:Invent re:Cap - TriNimbus Presentation Slides
AWS 2017 re:Invent re:Cap - TriNimbus Presentation SlidesAWS 2017 re:Invent re:Cap - TriNimbus Presentation Slides
AWS 2017 re:Invent re:Cap - TriNimbus Presentation SlidesTriNimbus
 
Performance Optimization of Cloud Based Applications by Peter Smith, ACL
Performance Optimization of Cloud Based Applications by Peter Smith, ACLPerformance Optimization of Cloud Based Applications by Peter Smith, ACL
Performance Optimization of Cloud Based Applications by Peter Smith, ACLTriNimbus
 
Building and Operating AI Services at Scale by Randall Hunt, Amazon Web Services
Building and Operating AI Services at Scale by Randall Hunt, Amazon Web ServicesBuilding and Operating AI Services at Scale by Randall Hunt, Amazon Web Services
Building and Operating AI Services at Scale by Randall Hunt, Amazon Web ServicesTriNimbus
 
Virtual Desktops on AWS by Mike Burke, Farm Credit Canada
Virtual Desktops on AWS by Mike Burke, Farm Credit CanadaVirtual Desktops on AWS by Mike Burke, Farm Credit Canada
Virtual Desktops on AWS by Mike Burke, Farm Credit CanadaTriNimbus
 
Dan Crawford - Canadian Executive Cloud & DevOps Summit Presentation
Dan Crawford - Canadian Executive Cloud & DevOps Summit PresentationDan Crawford - Canadian Executive Cloud & DevOps Summit Presentation
Dan Crawford - Canadian Executive Cloud & DevOps Summit PresentationTriNimbus
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationTriNimbus
 
Eric_Gales_Amazon_June_9_2017_presentation
Eric_Gales_Amazon_June_9_2017_presentationEric_Gales_Amazon_June_9_2017_presentation
Eric_Gales_Amazon_June_9_2017_presentationTriNimbus
 
Darin Briskman_Amazon_June_9_2017_Presentation
Darin Briskman_Amazon_June_9_2017_PresentationDarin Briskman_Amazon_June_9_2017_Presentation
Darin Briskman_Amazon_June_9_2017_PresentationTriNimbus
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
VMware + Amazon Web Services
VMware + Amazon Web ServicesVMware + Amazon Web Services
VMware + Amazon Web ServicesTriNimbus
 
DevOps in the Amazon Warehouse - Shawn Gandhi
DevOps in the Amazon Warehouse - Shawn GandhiDevOps in the Amazon Warehouse - Shawn Gandhi
DevOps in the Amazon Warehouse - Shawn GandhiTriNimbus
 
The New Normal - Eric Gales, AWS Canada
The New Normal - Eric Gales, AWS CanadaThe New Normal - Eric Gales, AWS Canada
The New Normal - Eric Gales, AWS CanadaTriNimbus
 
Staying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierTriNimbus
 
Goran (Kima) Kimovski, Beyond Virtualization: IT In a World of Software Defin...
Goran (Kima) Kimovski, Beyond Virtualization: IT In a World of Software Defin...Goran (Kima) Kimovski, Beyond Virtualization: IT In a World of Software Defin...
Goran (Kima) Kimovski, Beyond Virtualization: IT In a World of Software Defin...TriNimbus
 

More from TriNimbus (20)

Convergence of Containers and Serverless by Mency Woo
Convergence of Containers and Serverless by Mency WooConvergence of Containers and Serverless by Mency Woo
Convergence of Containers and Serverless by Mency Woo
 
Juni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_Insights
Juni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_InsightsJuni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_Insights
Juni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_Insights
 
Teri_Radichel_Top_5_Priorities_for_Cloud_Security
Teri_Radichel_Top_5_Priorities_for_Cloud_SecurityTeri_Radichel_Top_5_Priorities_for_Cloud_Security
Teri_Radichel_Top_5_Priorities_for_Cloud_Security
 
Peter_Smith_PhD_ACL_10000_Foot_View_of_Big_Data
Peter_Smith_PhD_ACL_10000_Foot_View_of_Big_DataPeter_Smith_PhD_ACL_10000_Foot_View_of_Big_Data
Peter_Smith_PhD_ACL_10000_Foot_View_of_Big_Data
 
Darin_Briskman_AWS_Machine_Learning_Beyond_the_Hype
Darin_Briskman_AWS_Machine_Learning_Beyond_the_HypeDarin_Briskman_AWS_Machine_Learning_Beyond_the_Hype
Darin_Briskman_AWS_Machine_Learning_Beyond_the_Hype
 
Amazon Elastic Container Service for Kubernetes (EKS), AWS Fargate and Beyond
Amazon Elastic Container Service for Kubernetes (EKS), AWS Fargate and BeyondAmazon Elastic Container Service for Kubernetes (EKS), AWS Fargate and Beyond
Amazon Elastic Container Service for Kubernetes (EKS), AWS Fargate and Beyond
 
AWS 2017 re:Invent re:Cap - TriNimbus Presentation Slides
AWS 2017 re:Invent re:Cap - TriNimbus Presentation SlidesAWS 2017 re:Invent re:Cap - TriNimbus Presentation Slides
AWS 2017 re:Invent re:Cap - TriNimbus Presentation Slides
 
Performance Optimization of Cloud Based Applications by Peter Smith, ACL
Performance Optimization of Cloud Based Applications by Peter Smith, ACLPerformance Optimization of Cloud Based Applications by Peter Smith, ACL
Performance Optimization of Cloud Based Applications by Peter Smith, ACL
 
Building and Operating AI Services at Scale by Randall Hunt, Amazon Web Services
Building and Operating AI Services at Scale by Randall Hunt, Amazon Web ServicesBuilding and Operating AI Services at Scale by Randall Hunt, Amazon Web Services
Building and Operating AI Services at Scale by Randall Hunt, Amazon Web Services
 
Virtual Desktops on AWS by Mike Burke, Farm Credit Canada
Virtual Desktops on AWS by Mike Burke, Farm Credit CanadaVirtual Desktops on AWS by Mike Burke, Farm Credit Canada
Virtual Desktops on AWS by Mike Burke, Farm Credit Canada
 
Dan Crawford - Canadian Executive Cloud & DevOps Summit Presentation
Dan Crawford - Canadian Executive Cloud & DevOps Summit PresentationDan Crawford - Canadian Executive Cloud & DevOps Summit Presentation
Dan Crawford - Canadian Executive Cloud & DevOps Summit Presentation
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
 
Eric_Gales_Amazon_June_9_2017_presentation
Eric_Gales_Amazon_June_9_2017_presentationEric_Gales_Amazon_June_9_2017_presentation
Eric_Gales_Amazon_June_9_2017_presentation
 
Darin Briskman_Amazon_June_9_2017_Presentation
Darin Briskman_Amazon_June_9_2017_PresentationDarin Briskman_Amazon_June_9_2017_Presentation
Darin Briskman_Amazon_June_9_2017_Presentation
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
VMware + Amazon Web Services
VMware + Amazon Web ServicesVMware + Amazon Web Services
VMware + Amazon Web Services
 
DevOps in the Amazon Warehouse - Shawn Gandhi
DevOps in the Amazon Warehouse - Shawn GandhiDevOps in the Amazon Warehouse - Shawn Gandhi
DevOps in the Amazon Warehouse - Shawn Gandhi
 
The New Normal - Eric Gales, AWS Canada
The New Normal - Eric Gales, AWS CanadaThe New Normal - Eric Gales, AWS Canada
The New Normal - Eric Gales, AWS Canada
 
Staying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave Millier
 
Goran (Kima) Kimovski, Beyond Virtualization: IT In a World of Software Defin...
Goran (Kima) Kimovski, Beyond Virtualization: IT In a World of Software Defin...Goran (Kima) Kimovski, Beyond Virtualization: IT In a World of Software Defin...
Goran (Kima) Kimovski, Beyond Virtualization: IT In a World of Software Defin...
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Using Active Directory in AWS

  • 1. Using Active Directory in AWS Re:Invent 2017, AD Best Practices trinimbus.com
  • 2. What is AD? GENERAL AD • It is both the directory information source and the service that makes the information available and usable • Essentially, it is a phonebook • Users: account information, privileges, profiles, policy management • Servers & workstations: domain joins, policies, network information • Application information: ex: Exchange and mailboxes information 2
  • 3. AD Options for AWS GENERAL AD • AD Connector – gateway/proxy to existing on-premises Microsoft AD • Simple AD – AD-compatible directory powered by Samba 4 providing a subset of MS AD features • Microsoft AD – AWS-managed AD powered by Windows Server 2012 R2 • AD on EC2 – AD on EC2 3
  • 4. Choosing the Correct AD Option GENERAL AD 4 Feature AD Connector Simple AD Managed AD AD on EC2 Authenticate sign on requests from AWS applications like Amazon WorkSpaces, Amazon WorkDocs, or Amazon WorkMail. Yes (proxy) Yes Yes Yes* Domain join EC2 instances running Linux and Microsoft Windows Yes (proxy) Yes Yes Yes* Enable single sign-on (SSO) to the AWS Management Console using existing AD credentials Yes (proxy) Yes Yes Yes* Support for up to 5,000 users and 20,000 objects Yes Yes Yes Yes Authenticate sign on requests from directory-aware Microsoft workloads, including custom .NET and SQL Server-based applications Yes Yes Yes Common Active Directory features such as user accounts, group memberships, and group policies Yes Yes Yes
  • 5. Choosing the Correct AD Option GENERAL AD 5 Feature AD Connector Simple AD Managed AD AD on EC2 Advanced Active Directory features such as DNS dynamic updates, Active Directory Administrative Center, PowerShell support, Active Directory recycle bin, group managed service accounts, and schema extensions for POSIX and Microsoft applications Yes Yes Setup trust relationships with other Active Directory domains Yes Yes Establish trust with other AWS directories Yes Yes Support for up to 50,000 users and 200,000 objects Yes Yes
  • 6. Choosing the Correct AD Option GENERAL AD 6 Feature AD Connector Simple AD Microsoft AD AD on EC2 Active Directory schema modifications, communication over LDAPS, PowerShell AD cmdlets, and the transfer of FSMO roles Yes Yes Active Directory replication Yes Support for more than 50,000 users and 200,000 objects Yes Windows Authentication to authenticate users when they connect to an Amazon RDS DB instance running Microsoft SQL Server Yes
  • 8. AD Connector AD Connector • Proxy service to route authentication/authorization requests back to an AD domain someplace else. 8
  • 10. Simple AD Simple AD • Samba 4, Active Directory compatible server. • Able to manage Windows/Linux EC2 instances. • User accounts allow access to Workspaces, WorkDocs, Workmail. • Daily snapshots. 10
  • 11. Simple AD Simple AD ● No trust relationships ● Cannot use most Active Directory administration tools. ● No powershell support. 11
  • 13. Common Scenarios AD ON EC2 • Global (multi-region) deployments - (extension of the corp on-prem AD into the cloud) • Disaster Recovery • Enterprise Applications (with isolated access like third parties, partners and similar) • Hybrid deployments - when you need applications to talk to components hosted on-prem 13
  • 14. General Design Considerations AD ON EC2 • Customer responsibility for : • patching (ex. Systems Manager), • monitoring (ex. CloudWatch) • backups (either 3rd party enterprise solutions or Windows System Backup) • and high availability • Place DCs in at least two AZs and treat AZs as separate data centers (AZ1 being one site, AZ2 being another site) 14
  • 15. Security Considerations AD ON EC2 • Access to AWS resources using IAM roles and policies. • Access to EC2 OS using AD security memberships. • Keep Cloud team and AD team separated. • Never internet facing, always in private subnets • NACL and SG. 15
  • 16. Networking considerations AD ON EC2 • Understand the networking in order to create proper sites, links and replication setup 16
  • 17. Networking considerations AD ON EC2 • When peering multiple VPCs, it is sufficient to deploy DCs into a single VPC (Shared Services VPC concept) 17
  • 18. IP addressing and DNS considerations AD ON EC2 • Define separate subnets for AD (or for all Shared/Common services) • Configure network properties of all member servers to point to the IP address of the EC2 host having AD DS & DNS roles - DHCP Option Sets • Set each AZ as a site in Sites and Services. Set each VPC as a site when dealing with multi-region. 18
  • 19. Multi Region Considerations AD ON EC2 • Deploy DCs in all used regions, and in multiple AZs within each of the regions. • Connect all regions to Data Center and treat the Data Center as a hub when setting the links cost in the replication setup. • Another option is to use a dual-hub and spoke design in case one hub drops offline. 19
  • 20. Multi Region Considerations AD ON EC2 • For replication between the regions (using AWS network as a backbone) use VPC Peering, IPsec VPNs between the regions, or transit VPCs. • If you are separating users from resources and into separate domains, consider using sub-domains based on region. 20
  • 21. AD Backup and Recovery considerations AD ON EC2 • Do not use snapshots • Not crash consistent • VM IDs not supported in EC2 • Use Windows System State backup or 3rd party enterprise solutions • Leverage separate volumes for backups -> snapshot the volumes to S3 and perhaps to Glacier for longer term storage 21
  • 22. AD DS specific design considerations AD ON EC2 • Separate forest without trusts • New forest with federation • New forest with Kerberos • Extend corp forest with deploying a replica DC • Extend corp forest by deploying a new child domain or domain tree 22
  • 23. AD DS specific design considerations AD ON EC2 ● Global Catalog considerations: ○ Same considerations as with an on-prem design. ■ In most cases, it is recommended that you include the global catalog when you install new domain controllers. ■ Any application need GC? ■ More than 100 users using that region? ○ For multi domain forest, make all DCs global catalogs with the following exceptions: ■ Limited bandwidth (like VPN) ■ Security implications 23
  • 24. Office365 integration AD ON EC2 • AD on EC2.. Will work with Managed AD too • AD FS on separate EC2 • Service Account • Azure AD connect on separate EC2 • AD Sync to replicate AD users into Azure AD • enables users in AWS AD to single sign on to Office365 24
  • 26. What is Managed Microsoft AD AWS MANAGED MICROSOFT AD • Windows 2012 R2 DCs. • ~ 3click setup or CLI/API & CFN. • By default 2 DC in 2 AZs, dynamically scalable to more DCs. • PCI, HIPAA and SOC compliant. • Two editions: • Standard: up to ~5,000 objects* • Enterprise: up to 100,000+ objects* • Currently same set of features with a tendency to add more features into the Enterprise edition. • Priced per DC per hour, minimum 2 DC’s. 26
  • 27. Shared responsibilities AWS MANAGED MICROSOFT AD • AWS: • Backups, snapshots, patching, monitoring • Customer: • policies, trusts, federation, certificate authorities, users & groups, content 27
  • 28. Deployment models AWS MANAGED MICROSOFT AD • Primary directory in the Cloud only. • Resource directory includes a trust with AD (or any other directory) 28
  • 29. Design Restrictions AWS MANAGED MICROSOFT AD ● Single Region - Multiple AZ ● Single Forest - Single Domain 29
  • 30. Prerequisites AWS MANAGED MICROSOFT AD • VPC with 2 AZs. • VPC must have default hardware tenancy. • Cannot use 198.19.0.0/16 address space. • VPN or DirectConnect optional 30
  • 31. Best practices after creation AWS MANAGED MICROSOFT AD • DHCP option set for VPC. • Tighten the default DC SGs. • Create a seperate Security Group to be assigned to domain member instances. • Separate instance for AD management (tools to be installed manually) 31
  • 32. Management of the Microsoft AD AWS MANAGED MICROSOFT AD • AWS is the Domain Admin. • May cause issues with compliance. • Pre-created OU with delegated permission. • Add users into predefined (and created by AWS) groups. • Groups are "domain local" and not "universal”. • In is not end of the world if the AD is marked as "Impaired". It is perfectly normal to see it like that every once in a while… • Do AD restore only as a last resort (because it always means a loss of data). Contact AWS Support before you do a restore. 32
  • 33. Application Support AWS MANAGED MICROSOFT AD 33 • As a primary directory
  • 34. Application Support AWS MANAGED MICROSOFT AD 34 • As a resource directory
  • 35. VPC and Account Considerations AWS MANAGED MICROSOFT AD 35
  • 36. Options for Multiple VPCs with Trusts AWS MANAGED MICROSOFT AD • Option 1 • + Preserve VPC boundaries • + Billing goes to VPC owner • - Costs more 36
  • 37. Options for Multiple VPCs with Trusts AWS MANAGED MICROSOFT AD • Option 2 • + Saves money • + Enables cost allocation • - Crosses VPC boundaries 37
  • 38. Options for Multiple Domains +VPCs with Trusts AWS MANAGED MICROSOFT AD • Option 3 • + Isolates Environments • + Centralized Users • + Reduces duplicate systems • - Crosses VPC boundaries 38
  • 40. Things to watch out for Tips and Tricks ● Default Domain policy has a 45 day password rotation. Admin password included. ● Default Security Group doesn’t allow trusts to occur. ● Seamless domain join doesn’t work across VPC’s, but SSM does. ● Active Directory - Standard cannot be built via CloudFormation. Enterprise can be. ● Conditional Forwarders can be managed via CLI. ● Only directly available logs are security logs. ● It is possible to have multiple domains inside one VPC. ○ Works best in a shared services VPC design. 40
  • 41. Automatic AD Cleanup ● Joining a domain is easy. Seamless domain join, SSM documents, Powershell, etc. ● Leaving a domain is hard. ● Having domain joined computers on an ASG will clutter up Active Directory. 41 Tips and Tricks
  • 42. References Re:Invent 2017, AD Best Practices • AWS re:invent 2017: Deep Dive on Active Directory – From One to Many AWS Regions (WIN302) • AWS re:invent 2017: AWS Directory Service for Microsoft Active Directory Deep Dive (WIN403) • AWS re:invent 2017: Deep Dive on How Capital One Automates the Delivery of Directory (SID202) 42