Organizations planning to move their infrastructure to the cloud have to carefully consider how to manage the access to their services. Network IP addressing and domain naming are at the center of any migration strategy, or simply any IT services management.
Building an infrastructure on Windows servers gives access to Active Directory, one of the most powerful domain and identity management tools. Active Directory is very significant in a world where servers and devices are all connected to the network, whether it’s local or Internet. When Microsoft introduced Active Directory almost two decades ago, it understood the need for IT teams to not only centrally manage networked computers, but also control the access to the organization’s systems, applications and services.
As an MSP, you are your customer’s primary advisor when it comes to choosing the perfect strategy for Active Directory in the context of the cloud. That’s why we thought about giving you a few clues to help them.
What is Active Directory?
Active Directory, or AD, uses the LDAP (Lightweight Directory Access Protocol) to provide an organization with a unique directory of objects (primarily users and computers) defined by attributes (such as distinguished names, passwords, authorized logon hours, etc.). The objects can be organized into Organization Units (OU) and assigned specific settings (such as updates deployment frequency for computers, or password expiry for users) through Group Policy Objects (GPO).
AD intends to help the organization with identity management. It relies on Windows domain services that use IP addressing to define the organization “domain,” which can also be understood as the company’s global boundary. Active Directory allows IT administrators to define which components make up the company’s domain and to set the users’ access and level of privilege.
Active Directory in the Cloud Context
Implementing AD completely on a cloud infrastructure is different than deploying AD for a hybrid cloud solution.
If we consider a scenario in which a company builds all its services with the same public cloud provider, there are certainly less constraints to take into account. Depending on the type of services to be deployed on the virtual servers, one single AD domain may be enough to manage the authentication. For public applications, such as websites, IP addressing can help delimit a perimeter so that users don’t get access to the backend servers.
A hybrid cloud scenario is different. In this case, on-premises servers have to securely “talk” with servers in the public cloud environment. This raises more questions, such as: “should the servers run under the same domain, or should another domain be set in the cloud? Is a domain trust enough between the two, or should we go for federation to allow single sign-on?” In any case, because Microsoft’s best practices require the deployment of at least one domain controller per site, a virtual server will have to be deployed to run AD DS. This would help avoid unnecessary traffic over the Internet. Your customer should be already aware that because outbound data transfer usage is part of the bill for cloud servers, implementing a hybrid cloud should be carefully thought out to correspond to his budget.
Setting up Active Directory in the Cloud
Our solution architects have built a complete guide on AD to help you walk your customers through the process of integrating their cloud servers to their local infrastructure.
The guide devotes a full chapter to integrating the Performance Cloud infrastructure in the client’s company. Here are the steps:
- Set up IKE V2 Site-to-site VPN with Performance Cloud
- Provision a Windows virtual machine in Performance Cloud
- Create a remote site for the Performance Cloud infrastructure
- Validate connectivity between the Performance Cloud VM and the on-premises infrastructure
- Join the Performance Cloud VM to the on-premises domain
- Promote the Performance Cloud VM to a domain controller
You’ll need a solid expertise in Active Directory to help your customers deploy Windows servers in the cloud. Performance Cloud offers a stable and scalable environment to install any kind of services that rely on Active Directory, such as Hosted QuickBooks, Remote Desktop and RemoteApps. Sherweb can help you provide your customers with the best advice about migrating to the cloud. For more information about Active Directory, download our guide here.