Sprint 4 - drewwbikk/capstone GitHub Wiki

Deliverable Statement

Sprint 4's objective is to explore the different potential solutions for file services and then deploy the most successful one or two in the environment. This will include exploring AWS Backup and FSx for Windows File Server.

Objectives

  • Explore FSx for Windows File Server
  • Explore AWS Backup

Discrete Tasks

Link to Implementation Project Board

Link to Project Board for Sprint 4

  • Explore FSx for Windows Server
    • Create compatible subnet
    • Add subnet to environment (accessible on-prem)
    • Setup service account for FSx
    • Create FSx share
    • Mount share using GPO
  • Explore AWS Backup
    • Create on-demand backup
    • Create scheduled backups (backup plan)
    • Restore backup

Documentation

Sprint 4 Documentation

Outcomes

I went into this Sprint not knowing which services would work and be the most useful to the environment. Therefore, the goals changed throughout the sprint changed to focus on the services that I found most useful. Initially, I wanted to explore Amazon Storage Gateway and redundant DFS servers on premise and AWS. However, after deploying Amazon FSx for Windows Server, that service did all of the things I wanted out of a file share integrated across the domain. Therefore, I eliminated the goals of exploring those other two options, and focused more time on configuring FSx. I did deploy and configure AWS Backup, as well. I included on-demand backups, scheduled backups, and backup restorations. So, overall, the goal of the Sprint to explore and implement effective file storage and system backup services was achieved.

Reflection

I am so happy with how this Sprint turned out. This sprint was the only one I really didn't have a set plan for from the beginning, in terms of discrete tasks needed to be performed. I was lucky that I started with exploring FSx for Windows Server, because that service ended up doing everything I wanted from a file share across the entire environment. The issue I ran into when setting it up was that my subnet was not in an availability zone that was compatible with FSx. Since the availability zone cannot be changed in a subnet, I had to create a separate subnet in the VPC to host FSx. This involved configuring the VPN to give 10.0.0.0/24 access to the new 192.168.1.0/24, adding a static route in fw, creating a new subnet in AD Sites and Services, and creating another DNS reverse lookup zone. I'm actually glad I had to go through that, because I forgot a lot of steps at first to integrating a new subnet into the environment, and it caused FSx to not work. It forced me to go through and document the exact steps needed to integrate a new subnet into the environment, which is a great resource for future expansion. And, I utilized a tool from AWS that validated network and AD config, which was a great resource to find as well. Finally, AWS Backup was exciting to explore. I love redundancy, and AWS Backup is so flexible and relatively easy to set up. I wasn't sure how a backup restoration would go when considering domain-joined instances, but it worked really well, and I am happy with how that part of the Sprint turned out as well.

Overall, as this completes my capstone project, I am extremely happy with the finished product. Even with falling behind, I was still able to wrap up the final sprint, and catch up on my documentation and demos for other sprints. While I wish I was able to keep up with all of that during the semester, this was one of the most difficult semesters for me both academically and in terms of my mental health. Considering that, I am proud of myself and my project. While I hit some major bumps in the road with the site-to-site VPN from AWS not working, and then the site-to-site VPN from OpenVPN not working initially, and then having subnet and availability zone issues with the FSx fileserver, it all came together in the end to what I think achieved my goal of integrating an already-existing on-premise enterprise environment with the public cloud. On top of this, I was intentionally thorough with my documentation, so that someone with little-to-no experience with Active Directory, VPNs, or AWS can still follow it as a guide and adapt it to their specific environment needs.