ADDS on AWS vs Azure - drewwbikk/capstone GitHub Wiki

ADDS on Azure

This article, written by Microsoft, provides an outline on the details of extending an on-premise Active Directory Domain to an Azure virtual network. It contains recommendations for the VM and network configuration, and then some “tips and tricks” about configuring the domain forest and potential AD backups. It mentions some manageability considerations, like the correct way to shut down and restart an AD server, and ensuring an authoritative domain controller is available when a domain controller in Azure is restarted. While this article does not outline specific steps on creating an ADDS server in Azure, it does provide useful information for those looking to begin extending their network off-premise, which is exactly the use-case in this implementation project. The following diagram outlines the ideal ADDS setup, according to Microsoft:

Azure-AD-architecture

Without an outline or step-by-step guide, first-time users may be looking elsewhere for unofficial information, which could contain errors, not be completely up-to-date, or contain configurations that are not recommended. Otherwise, ADDS seems to work well in Azure; one of the benefits of using Azure would be that integration with Microsoft applications and services is done well, since Microsoft owns and maintains Azure.

ADDS on AWS

Amazon provides extensive Amazon-created documentation on ADDS services in AWS. There are multiple ways ADDS integrates with AWS. The first, and more traditional method, is deploying an ADDS service on an Amazon EC2 instance. For that, Amazon has multiple “QuickStarts” where initial deployment configuration can be done automatically, as seen HERE. In this implementation, Scenario 2 (Extend your on-premises AD DS to AWS on Amazon EC2 instances) would be directly applicable, and it can be deployed to an existing VPC, or a new one. The following diagram outlines the ideal ADDS setup, according to AWS:

AWS-AD-architecture

The second method is using an AWS service called AWS Managed Microsoft AD. This service creates a fully managed AD in AWS powered by Windows Server 2012. It creates two domain controllers (with the ability to add more later) and adds the DNS service, and the controllers are created in different subnets in a VPC for redundancy. In theory, this would eliminate the need for a Domain controller on-premise, which would relieve the burden of creating a highly-available domain controller. Its standard edition is optimized for small and midsize businesses, providing storage capacity to support up to 30,000 directory objects.

Overall, the first method is more applicable towards this project's implementation, however both options are quite viable to medium sized businesses. With AWS's QuickStarts, and other extensive official documentation, setup should be easy, even for users who have little experience with AWS or hybrid solutions.