Are you connecting computers to a new AWS Windows Domain?

Are you connecting computers to a new AWS Windows Domain?

1. Set up TrueStack Direct Connect in the AWS Marketplace.
2. Launch a Windows server in your AWS account and set up a Windows domain.
3. Create Installers for your Windows computers using TrueStack Direct Connect.
4. Download them and install them on each Windows computer.
5. Add the Windows computers to the Active Directory domain.
6. Create file shares and manage the computers with AD.

Step-by-step Instructions:

  • Launch TrueStack Direct Connect from the AWS Marketplace. Follow the directions for the Initial Configuration.
  • Then launch a new EC2 Windows Server 2012 R2 or 2016 instance in your AWS account.
  • Connect to the AWS Windows server and set up the domain. Be sure to install the DNS role on the Windows server.
  • Find the private IP of the AWS Windows server in the instance description in your AWS account. I.E
  • Create an installer in the TrueStack Direct Connect console for each computer that will connect to the Windows server. In the Windows IP field and in the DNS Server IP field add the private IP of the Windows Server. This will allow the Windows computer access to this AWS Windows server only and it will allow both the server and computers to communicate using DNS. A DNS server IP is also required for group policy and other server rules to communicate with the computers properly.
  • Each installer is made for only one computer and will only work on one computer. Each installer contains a unique certificate which is used to create an encrypted VPN tunnel between the computer and the Windows server. To protect the security of your AWS servers ensure that the installer is only installed on the appropriate computer. Also ensure it isn’t compromised or stolen during or after distribution.
  • Distribute the individual installers to each user. There are multiple ways to do this.
    • You can copy the installer link and email it or send it another way to the computer user along with the security code. The user will need to enter the security code before it times out, in order to download their installer.
    • Or you can download the installer yourself by clicking on the Download link by the security code. You can then send it to the user or put it an local share that the user has access to or copy it to their computer.
  • Install or have the user install the software on their computer.
  • After installation verify that that computers are connected in the console. If the computers are on and connected their names will appear in blue in the database.
  • Now you can add the connected computers to your AWS Windows domain.
  • After the computers are added to the domain you will them be able to manage them with Windows Active Directory as normal.  For example:
    • You can create file shares on the AWS server that these computers can access
    • You use the Windows command line or powershell to send commands to these computers
    • You can create group policies used to manage these computers
    • You can set up and manage users in Active Directory

Additional considerations:

  • If your printers were shared through your on-prem server, use a GPO to install the printers locally or use Branch Office Printing or install them TCPIP manually.
  • If your office uses scan to file, switch to scan to email. Authenticate through Gmail or O365. You can also use local accounts to authenticate with SMB.
  • Snapshot your AWS server periodically to back it up. Shut it down first. Add a second Cold HDD (sc1) 500GB or larger hard drive in AWS to the Windows server. Install Windows backup on the server and back up to that hard drive. Snapshot it periodically for archived backup. Or if you have SPLA or Volume licenses build a DPM server in AWS and backup to that. Put the server in a different AWS region and use TrueStack Direct Connect to connect the two servers. You can also use Cloudberry to S3 backup or another 3rd party solution. For AD redundancy add a second AWS Windows AD server in a different region and use TrueStack Direct Connect to connect them.
  • If you have client/server applications like Quickbooks in multi-user mode these won’t run well across the VPN.  We recommend streaming these apps by setting up a remote desktop gateway server in AWS or setting up a remote desktop for the user in AWS.  Or you can use a 3rd party app streaming service.

Leave a Reply

Your email address will not be published. Required fields are marked *