TrueStack Direct Connect / Frequently Asked Questions

TrueStack recommends AWS over Azure.  Here’s why:

For TrueStack Direct Connect, Should I host my Windows Servers in AWS or Azure?

TrueStack recommends AWS over Azure.  Here’s why:

  • In general AWS is less expensive than Azure.
  • AWS burst-able instances starting in the T2 series are faster than the Azure burst-able VMs in the B series.
  • Customers using TrueStack Direct Connect can start with a T2 Micro Instance which will easily handle up to 100 connections.
  • Azure customers should start with a DS2v1 VM.  This is more expensive but it will also easily handle up to 100 connections.
  • In AWS, For Windows domain controllers and file servers customers can start with a T2 Micro instance.  However be aware of the CPU credits used.  If the credits reach 0 the server will be very slow.
  • Azure B series VMs are too slow for Windows domain controllers and file servers.  Customers should start with the a DS2v1 VM or greater.  See The Seamless Migration for details on recommended instance and VM size.
  • Azure gives a discount for customers who bring their own Volume Licenses.  AWS is Microsoft’s largest SPLA reseller.  They receive a discount on SPLA Windows datacenter licenses which allows their customers unlimited connections without CALs.   Because of this, for Windows servers, AWS is less expensive even if the Azure customer brings their own VLs.
  • AWS SSD hard drives (GP2) are less expensive than the equivalent Premium SSD drives in Azure.

TrueStack Direct Connect is a VPN management server made to connect Windows and Mac computers to AWS and Azure cloud Windows domain controllers and file servers.  Follow our tutorials to try it out and get a free 30-day trial.

truestack.com/support

For price comparison’s use these calculators:

Note: The AWS Calculator is much easier to use than the Azure calculator.  

Calculator usage tips:

  • for AWS uncheck the free tier checkbox in the upper-right-hand corner so you can know what your price will be after the free tier expires.  Azure’s calculator doesn’t have the ability to show the difference between their free trial and normal pricing.
  • AWS calculates one month as roughly 744 hours.  Azure sets one month to 730 hours by default.  We recommend changing it to 744 to get a more accurate monthly price in Azure.
  • For both AWS and Azure, different regions charge different prices.   For example, in AWS Oregon is generally less expensive than California.
  • Azure VMs include temporary storage.  AWS Instances do not include any storage.  In AWS we recommend using GP2 drives for the root and storage.  For Windows backup we recommend Cold HDD drives.  For Azure additional storage we recommend Premium SSD for data and Standard HDD for Windows backup.

Because every network has different priorities every migration will be a little bit different.  With that in mind, this blog is written for the purpose of helping your organization plan your on premise Windows domain controller and file server migration to the cloud using TrueStack Direct Connect, with little or no disruption to your end-users.

TrueStack Direct Connect is a VPN management server made to connect Windows and Mac computers to Windows domain controllers and files servers in the AWS and Azure clouds.  Try a free 30-day trial at the Amazon Web Services or Microsoft Azure marketplaces.

TrueStack also provides migrations services for its customers.  Contact TrueStack today for a quote. 

A detailed explanation of the Windows DC and file server migrations steps are posted here.

Please read this document before you start to help you better prepare your network and plan your migration.

Overall Performance:  

If during testing or after the migration your end-users experience slowness, the issue will most likely be related to one of these 3 areas, computer performance, cloud server performance or bandwidth.  Before you migrate, plan carefully, especially in these 3 areas.

Computer Performance:

System Requirements: Windows 7, 8, 8.1,10, 32 bit or 64 bit.  Administrator rights are required for installation.

For the best performance we recommend: Windows 10 Pro, i5 (or equivalent), 8GBs memory, SSD, Microsoft Office 2016

Please note:

  • TrueStack Direct Connect is noticeably slower on most Windows 7 computers.
  • if you are using Office 2010 or earlier you will notice slower performance.
  • TrueStack Direct Connect will run much faster on computers that have SSD drives.
  • You may find that your organization will save money on Cloud server resources if you are using computers with SSD drives.

Cloud Server Performance:

Below are general recommendations for server performance.

Free Space: Windows servers may run slower when there is less than 20% free space on the root hard drive.  You can increase the size of the root hard drive in AWS or Azure.  We recommend shutting down your server and making a snapshot of the drive before you increase the size.

Updates and Restarts: Updating and restarting your Windows server regularly will also increase server performance.  We recommend putting your server on a schedule restart at least once a week after hours.

Server Usage: When choosing the size of your servers consider it’s use.  For example, SQL servers need more VCPUs, IOPS and memory.  Servers that are used for heavy file access of pictures, large PDFs and large videos will also require more VCPUs, memory, IOPS and bandwidth (see Pictures, PDFs and Videos below).

Separate Hard Drives: We recommend that Windows storage drives are SSD and are separate drives from the root.  This will make it much easier to upgrade your OS in the future (see upgrades below).  It will also make it easier to backup and restore (see backups below) and easier to increase the size of the drive if needed without affecting the OS.

IOPS (Input/Output Operations per second): Monitor your server’s performance and IOPS usage to determine your organization needs.  In cloud servers, IOPS is often the determining factor as to the speed of your server and cloud network throughput.

TrueStack IOPS: In general TrueStack Direct Connect servers use very few IOPs.  You will find that the IOPS credits are very stable and it rarely has to be restarted or upgraded to a faster server.

We do not recommend restarting the TrueStack Direct Connect server on a schedule.  A restart will disconnect all of your computers.  After a restart, some computers may not reconnect correctly.  If a computer has a connection issue, restart the TrueStack service on the computer or restart the computer instead of restarting the TrueStack Direct Connect server.

AWS IOPS:

In AWS, IOPS are determined by the server version and the size of the hard drive.  The larger the hard drive or server the more IOPS credits you accumulate.  T2 instances are burstable.  This means that they may run out of credits.  When you run out your Windows server will run very slow.  If you find that your Windows server slows down in the middle of the day, consider increasing the size of the root hard drive.  For Windows, we recommend starting with a 60GB SSD then increase it up to 200GBs or larger.  You can also increase your VCPUs and memory by upgrading to a faster server.  If you start with a T2 Micro instance and you’re seeing slowness, upgrade to a T2 Small or T2 medium and increase the size of your root drive.

You can monitor your IOPS credits on the monitor tab of your instance.  If it shows close to 0 credits the server will be very slow.  In general you’re credits should be around 150 – 300 or more.   Regular restarts of your Windows server improves IOPs performance and credits.  We recommend scheduling your Windows server to restart at least once a week.  We do not recommend scheduling a restart of your TrueStack Direct Connect server.  Servers running SQL will require more VCPUs and IOPS.  If you are running WSUS, monitor your credits throughout the day and upgrade as needed.

You can upgrade the size of the hard drive or upgrade to a faster server without loosing data.  As a precaution, we recommend that you shut the server down then snapshot the drives before you upgrade.

Use the AWS Calculator to determine the IOPS per hard drive size.  1TB = 3000 IOPs for an SSD drive.  Be aware that different regions charge different rates.  Because of this, for example, it may make more economic sense with little performance difference to put your servers in US West Oregon, instead of US West California.

Azure IOPS:

Azure also uses IOPS and has burstable Virtual Machines, but the VMs package in the root hard drives which includes caching (similar to a page file) so it’s not always so easy to determine the size of the root drive before launching a VM.

We don’t recommend using burstable Virtual Machines in Azure for Windows servers or TrueStack Direct Connect.  In general the equivalent Azure B series VMs run much slower than the AWS T2 series.  We recommend starting with the D2 series VMs which aren’t burstable.  With this in mind you’ll notice that AWS has much better pricing than Azure, however you may be able to reduce your hosting expense by bringing your own Windows licenses and paying for reserved instances. Nonprofits can also benefit from Azure if they are eligible for $5000 in Azure credits through Techsoup.  See Cloud pricing below.

Azure sets the size of the hard drive plus temporary storage used for caching when you choose a VM size.  In general we recommending using their default sizes then increase to a faster VM as needed.

See the Azure Pricing Calculator.

AWS Server Size Recommendations:

Recommended: 1- 10 connected devices
TrueStack Direct Connect server: T2 Nano, 8GB SSD
Windows Server: T2 Micro 60GB SSD

10 – 20 connected devices:
TrueStack Direct Connect server: T2 Micro, 8GB SSD
Windows Server: T2 Small 100GB SSD

25 – 50 connected devices:
TrueStack Direct Connect server: T2 Micro, 8GB SSD
Windows Server: T2 Medium 200GB SSD

50 – 100 connected devices:
TrueStack Direct Connect server: T2 Micro, 30GB SSD
Windows Server: T2 Large 200GB SSD

Azure Server Size Recommendations: 

Recommended: 1 – 10 connected devices
TrueStack Direct Connect server: Standard Tier, DS2v1 3.5GB RAM, 50GB Temporary Storage
Windows Server: Standard Tier, DS2v2, 2 cores, 7GB RAM, 100GB Temporary Storage

10 – 25 connected devices:
TrueStack Direct Connect server: Standard Tier, DS2v1 3.5GB RAM, 50GB Temporary Storage
Windows Server: DS3v2, 4 Cores 14GB RAM, 200GB Temporary Storage

25 – 75 connected devices:
TrueStack Direct Connect server: Standard Tier, DS2v1 3.5GB RAM, 50GB Temporary Storage
Windows Server: DS12v2, 4 Cores, 28GB RAM, 200GB Temporary Storage

75 – 100 connected devices:
TrueStack Direct Connect server: DS2v2, 2 cores, 7GB RAM, 100GB Temporary Storage
Windows Server: DS13v2, 8 Cores, 56GB RAM, 400GB Temporary Storage

Bandwidth:

The amount of bandwidth your organization needs depends on what type of load you are putting on your server.  Here are our general recommendations based on 1 Windows DC and file server with 1 TB of Storage, using a cable connection.  For some organizations a dedicated synchronous connection may be preferred.

1 – 10 connected devices: 50 mpbs/down – 10 mbps/up 
10 – 50 connected devices: 100 mbps/down – 20 mpbs/up
50 – 100 connected devices: 200 mbps/down – 50 mpbs/up

Client/Server line of business applications

In general, client server applications like Quickbooks database manager or Sage Accounting or custom multi-user Microsoft Access databases, will not run at speed across the TrueStack Direct Connect VPN.  Here are some alternatives:

  • Move to a web-based application.
  • Use Microsoft remoteapp in the cloud to stream the application to the user.  We’ve written a blog explaining how to do this in AWS.  How to Set up Windows Remoteapp in AWS.
  • Set up a Remote Desktop Gateway server and RDP server.
  • Use Parralels in the cloud or another remote streaming app to stream the application to the end-user.
  • Put the application on a local member server or computer.  We don’t recommend this solution unless there is no other alternative.  Here’s why:
    • You will need to maintain an onsite/offsite backup solution for the onsite member server.
    • The client Windows computers onsite will need to be able to find the onsite member server by DNS or IP.  By default the TAP adapter will register an IP for the member server in the 5.5.0.0/20 network.  The onsite clients will not be able to communicate with the member server with this IP.  They will only be able to communicate with the local IP, for example 192.168.1.2.  So you will have to update the DNS address that the clients get.  The easiest way to do this is to un-check the “Register this connection’s address in DNS” checkbox on the DNS tab of Advanced TCP/IP Settings for the TAP network adapter.

      After that ensure that the local IP address of the member server appears correctly in Windows DNS on the cloud Windows DC. Another way to update DNS is to set the IP for the member server in the local host file of the client computers.  One problem with this method is that if you Un-register DNS for the member computer then the Windows DC won’t be able to send Group Policy information and other commands to the member server because the Windows DC can’t communicate with the local IP.  To update the member servers policies you will have to temporarily register it’s TAP adapter in DNS.  This is why host files might work better.

DNS and DHCP

After migration ensure that Windows DNS and DHCP is set up correctly.  If DNS isn’t working correctly your connected devices will take longer to find the correct UNC paths for shared folders.  If DHCP isn’t working correctly your computers may still be searching for the on premise Windows server.

  • On premise DHCP should be giving out DNS IPs of your gateway or your ISP or 3rd party DNS servers.  If they are giving out the DNS IP your old on premise Windows server you will need to change it so you’re computers will find the cloud server instead of looking to the old on premise server for DNS.
  • If you had previously used your on premise DHCP server to give out IPs change DHCP to your router.
  • Ensure your TrueStack Direct Connect VM or instance has a static IP.
  • Private IPs are inherently static.  But they aren’t set at the cloud network adapter, they’re set by AWS or Azure.  Public IPs that aren’t set static will change after a restart, unlike prviate IPs. In fact, do not set a static IP on the cloud network adapter of the VM or Instance, you may loose complete access to the server!
  • In AWS be sure to add a route for 5.5.0.0/20 and in Azure be sure to add route table for 5.5.0.0/20.  Both of these are required in order for the Windows DC to be able to access the client computers.  Follow the directions in initial configuration to add these routes.  https://truestack.com/support
  • In AWS, be sure to Disable Change Source/Dest. Check for the TrueStack Direct Connect server.  Follow the directions in initial configuration for AWS to make this change.  https://truestack.com/support
  • On the cloud Windows DC, ensure that the DNS address for the network adapter is set to 127.0.0.1 or the Private IP of the Windows server, for example 10.0.0.5.
  • In the TrueStack Direct Connect interface ensure connected computers show the private IP of the Windows DNS server in the DNS server IPs section.
  • In the Windows firewall for the client and the server open file and print sharing for the domain only, so you can access the clients by UNC path and ping them by DNS name to see if DNS is working correctly.
  • Some DNS servers provided by your ISP may block some DNS traffic going across port 1194.  In these cases the Windows server won’t be able to access the client.  You will know that this isn’t working because you won’t be able to ping the client by DNS name from the cloud Windows server and the client’s TAP adapter icon in control panel will show “Unidentified network” under the adapter name, instead of your Windows domain name. 
    You can test this by changing DNS on the network adapter of one local client to an external DNS server, for example use Google’s 8.8.8.8 or 8.8.4.4.  If you’re ISP is causing this DNS issue then you will see that your domain name immediately appears on the client’s TAP adapter.

    This should be a rare situation, however, in this case you have a few options:

    • Change DHCP on your on premise router to give out the IP of your gateway or a 3rd party DNS, such as Google’s DNS servers – 8.8.8.8 or 8.8.4.4
    • Set static DNS servers IPs for the affected computers.  You may find that some laptops which are required to connect to multiple ISP networks will frequently have this issue, so it may be easier to set those laptops to Google’s DNS server IPs.
  • Note: the client’s local area adapter or wifi adapter should not show your domain name.  It should either show “Network #” or the Wifi name.  If it is showing you’re domain name, it’s probably because you’re router is giving out the old on premise server’s IP for DNS or DNS is set static on the adapter with your old server’s DNS IP.  This should be removed.

Minimize Disruption – Rename your Cloud Server:

The best way to minimize disruption to your end-users is by removing the on premise server and renaming the cloud server to the same name the on premise server had.  If you install the TrueStack Direct Connect client on their computers and restart the computers after you’ve removed the on premise server and renamed the cloud server to the same name the on premise server had, then your end-users will log on as normal and be able to access their network shares as normal after migration.  If the Overall Performance is well tested (see section Overall Performance) then you’re end-users shouldn’t even notice that the server is out of the closet.

During migration, If you do not completely remove your on premise server from the cloud Windows domain, even if DNS and DHCP are set correctly, your on premise computers may still look for the old on premise Windows server for authentication and DNS.  After you have migrated all of the FSMO roles, data and applications, then demote your on premise Windows DC and then remove it from the Windows domain, rename it and delete all entries for the server in AD Sites and Services and in DNS.  Restart the server.  Then after installing TrueStack Direct Connect on the client computers and restarting the computers, they will find the new Windows cloud server for authentication and DNS.

We recommend that you snap shot the server before you rename it.

Printers

  • Use Branch Office Printing for capable printers.  Here’s a explanation of Branch Office printing from Microsoft.  If you rename the server to the same name your old on premise server had and ensure your shared printers have the same name they had before, then your end-users will be able to continue to print as normal after migration.
  • Some printers, especially those that require print codes, may not work well with Branch Office printing.  For those printers see this link to use a GPO to install the printers locally.
  • Branch Office Printing does not work on Windows 7 computers.  Printers on Windows 7 computers will have to be installed TCP/IP locally or installed through a GPO.
  • Some printers that are capable of using DNS and Branch Office printing may connect very slowly.  The end-user may feel like their entire computer is running slow because these printers are associated with the main applications they frequently use, like Microsoft Office.  In these cases we recommend testing with different print drivers.  Be aware that different print drivers will act differently on different Operating Systems.  If there aren’t any print drivers that connect at normal speed on all computers with Branch Office printing, we recommend installing these printers TCP/IP locally instead of using Branch Office printing or use a GPO.
  • Some networks require USB connected printers to be shared.  In these instances, because the computers cannot communicate with each other through the TrueStack Direct Connect VPN, we recommend setting the computer with the connected USB printer to a static IP.  Other users can then access the local shared printer by UNC path – for example \\192.168.0.25\printer

Scanners

  • If you have been using scan to file, we recommend switching to scan to email.  If you have O365 or Gsuite you can may be able to use these accounts for SSL/TLS relay through their SMPT servers.  You can also use a 3rd party SMTP relay server or set up a SMTP rely in the cloud.
  • If you need to use scan to file you will be required to either have an on premise file computer or member server that you’re client computers can use to access a shared folder for scans or you will need to set the computers with a static IP so the scanner can find the computers by IP across the network.
  • You can also use a USB scanner connected to one computer.

Ports:

TrueStack Direct Connect uses ports TCP 80, 443 and UDP 1194.  These ports should be left open.

  • Port UDP 1194 is used for client/server VPN traffic.
  • Port 80 redirects to port 443.
  • Port 443 is used for the TrueStack Direct Connect interface and updates.  It’s also used for authentication of the client installer and to certify that the TrueStack Direct Connect is a valid AWS or Azure server.
  • In AWS if you have multiple Windows servers in the same account that need to communicate with each other in the cloud, add an ALL Traffic entry in the Security Group.  The Type is All Traffic and the Source is your subnet, for example, 10.0.0.0/24.
  • You do not need to open an ports on the Windows firewall (see Windows firewall section).

Backups:

Here are some of our recommendations for backing up the cloud server.

  • Add an additional hard drive to the cloud server and use Windows backup to backup to that drive.  In AWS you can use a less expensive Cold HDD (sc1) and in Azure you can use a less expensive HDD.
  • Periodically snapshot the server.
  • In Azure you can use Azure backup.
  • For a backup DC, add an additional Windows DC in a different region and use TrueStack Direct Connect to connect the DCs.
  • If you have available Microsoft volume licenses or if you can use SPLA licenses set up a Microsoft DPM server for backup.
  • Use a 3rd party solution such as Cloudberry to S3.
  • Consider using Volume Shadow Copy.  This will require more storage and more system resources.

Windows Firewall

TrueStack Direct Connect does not require any ports to be open for the cloud server on the Windows firewall or on the client Windows firewalls.

We do recommend opening File and Print sharing so the computers can access network shares on the server and so the Windows DC can access the computers by UNC path.

Future Operating System Upgrades

  • Keep your root drives and shared storage drives separate.  That way, if for any reason you need to move a hard drive to another server you can easily move it by disconnecting it from the base server and reconnecting it to another server.
  • Both AWS and Azure make it easy to expand any hard drive, including root drives.  Snapshot the drives before expanding them.
  • You can easily migrate to the a new Windows server operating system by installing the OS on a new VM, then adding it to the domain, promoting it as a DC and migrating the FSMO roles.  After that move the hard drive to the new DC and set the share and NTFS permissions.

Pictures, PDFs and Videos

  • We recommend using Adobe Acrobat Reader DC on Windows 10 computers for PDF viewing.  Reader DC caches pages better than previous versions.  This means that if your bandwidth is adequate (see section Bandwidth) a large PDF over 100 mbs in size will download quickly and open the first few pages quickly.  While the user is viewing the first few pages, the rest of the pages will download to the computer.  Windows 10 is better at this PDF caching than Windows 7.
  • Pictures that are 1 – 2mb will open at normal speed.   These generally have .gif, .jpeg and .PNG extensions.  Programs that are used to edit pictures, like Photoshop, Illustrator or InDesign use much larger files.  These files may open slow across the VPN.
  • We recommend that graphic design stations open their design files locally on their computers especially if they are editing large pictures and video.  They can periodically upload the copies or final editions to the Windows server.
  • Some designers may require saving a shared folder on a computer or member server that is regularly backed up to the cloud.
  • Other options include setting up a dedicated cloud hard drive for the design files or using faster servers with better throughput and more IOPS on the hard drives used for design files.  You could also consider setting up a remote desktop server dedicated for a design user.  However, we’ve found that none of these options work as well as opening the files locally on the design computer and periodically uploading them to the server or using a local network share that’s backed up to the cloud.

Cloud Pricing

AWS

  • When using the AWS Calculator notice that different regions charge different rates.
  • Un-check the Free Tier Usage checkbox in the upper right-hand corner to find out what your expenses will be once your Free Tier expires.
  • There is no cost for Static IPs (Elastic IP) as long as they are in use.  You will be charged for use of the Static IP when the server is turned off.   You do not need a Static IP for your Windows server since it is only accessed by the private IP.
  • If you decide to use a Reserved Instance you will have to pay for 1 year up front.  You can upgrade at any time, but you will have pay the difference.
  • AWS assumes there are 730 hours in a month.

Azure

  • The Azure Calculator is difficult to use and confusing.  You can also get pricing by choosing a VM in your account and viewing the price before you purchase. If you create a VM in your account to check the price Azure may require you to create a Resource Group.  We recommend deleting this to make sure you aren’t charged for anything, after you check the price.
  • Not all VMs are available in every region and different regions charge different rates.
  • The Azure calculator shows prices based on 730 hours in a month, but your account pricing is based on 744 hours a month.

TrueStack Direct Connect is a VPN management server made to connect Windows and Mac computers to Windows domain controllers and files servers in the AWS and Azure clouds.  This tutorial will help you use TrueStack Direct Connect to connect a computer to a Windows Domain Controller.

Summary:

The following steps will help you set up a Windows domain controller in Amazon Web Services and then connect a Windows Professional computer to the Windows domain using TrueStack Direct Connect.  After the computer is a member of Active Directory you can test access to the server by accessing a network share from the computer, pinging the computer from the server and remotely restarting the computer from the server.

Getting Started:

Important: For the purpose of this test we recommend setting up TrueStack Direct Connect and the below Windows server in a region that doesn’t include any production servers so you won’t disrupt any of your current AWS services.  If you’re setting up a new AWS account then we recommend choosing a region that is closest to your location.

First follow the steps in Initial Configuration to set up TrueStack Direct Connect.  

Launch a new Windows Server from AWS:

  1. Use a Windows Professional computer and use Chrome for your web browser.
  2. In your AWS account, from the EC2 dashboard, click Launch Instance.
  3. Scroll down and choose Microsoft Windows Server 2016 Base or Microsoft Windows Server 2012 R2 Base.
  4. Select the default instance type, t2.micro.
  5. Select Review and Launch instead of Next: Configure Instance Details.
  6. On the right side click Edit Security Groups.
  7. Under Assign a Security Group choose Select an existing Security Group and then select the TrueStack Security Group then choose Review and Launch.
    Troubleshooting: If the TrueStack Security Group isn’t listed then you probably aren’t in the same region or VPC as your TrueStack Direct Connect Server.  Cancel the setup and check your region and VPC.  If you haven’t already, follow the Initial Configuration steps.
    TrueStack Security Group
  8. Click continue to the warning about port 3389.  Port 3389 doesn’t need to be open because you will access your Windows server through the TrueStack Direct Connect VPN.
  9. Click Launch on the next page.
  10. You will see the below dialog box.  If you have an existing key pair choose that, if not create one by clicking on the drop down.  Give it a name and download it.  Important:  Save your key pair it in a secure location.
  11. Click Launch Instances then click View Instances in the next page.

Connect to the Windows server using TrueStack Direct Connect:

  1. Open your TrueStack Direct Connect console.  Find the private IP of the EC2 Windows server from the description tab of the EC2 instance.
  2. In the TrueStack Direct Connect Interface, create an installer.
  3. Give the installer a descriptive name. We recommend using the name of the Windows computer you are connecting from.
  4. Type the private IP address of the Windows server EC2 instance you just created in both the Windows Server IPs field and the DNS Server IPs field.
  5. Click Save installer.
  6. In the security code field for the installer you just created, click on the download button.
  7. Download and install the TrueStack Direct Connect VPN client on your Windows computer. You’ll be prompted for the security code on install.
  8. After you’ve installed the client you should be able to use remote desktop to access the Windows server EC2 instance by its private IP. The user is Administrator. You’ll need to get the password for the Windows server from the Connect button of the instance in AWS. You can change the password of the administrator user in Computer Management after you log in.
  9. Promote the Windows server to a domain controller.
  10. Add your TrueStack Direct Connected Windows computer to the Windows domain you just created.

Additional Practice:

  1. Create a shared folder on the Windows domain controller EC2 instance and access the share from your Windows domain connected computer.
  2. From the Windows domain controller EC2 instance, restart your Windows domain connected computer using this command line: shutdown –r –t 5 –m //yourcomputername –f.

TrueStack Direct Connect is a VPN management server made to connect Windows and Mac computers to Windows domain controllers and files servers in the AWS and Azure clouds.  This tutorial will help you set up your own TrueStack Direct Connect instance in your Amazon Web Services account.

Set up your AWS Account

If you don’t have an Amazon Web Services account, create a free tier account.

Non-Profits may be eligible for $2000 in yearly AWS credits through Techsoup that can be applied to their account. Apply through Techsoup.org here.

Launch TrueStack Direct Connect

  1. Once you have an AWS account, click on this link to open TrueStack Direct Connect on the marketplace and click Continue to Subscribe in the upper right-hand corner. TrueStack Direct Connect includes a free 30-day trial.
    If you haven’t already signed into your account, you’ll be prompted to sign in now.
  2. Accept the Terms.
  3. Click Continue to Configuration when it’s available.  It may take a few minutes for this button to become available.
  4. Leave the Fulfillment Option and Software version as default.
  5. Choose your region.  If you’re new to AWS we suggest choose a region that is closest to your location.  It should look like this.
  6. Click Continue to Launch.
    1. Choose Action: leave as default – Launch from Website
    2. EC2 Instance Type: We recommend leaving this as default – t2.micro is sufficient for up to 150 connected devices.
    3. VPC Settings: leave as default – we recommend using the default VPC.  If you don’t have a VPC in your account, click Create a VPC in EC2, then click refresh on this page and your default VPC should appear.  It should look like this.
    4. Subnet Settings: leave as default.
    5. Security Group Settings: Click on Create New Based on Seller Settings.

      Ports 80, 443 and 1194 are required to be open for TrueStack Direct Connect to work properly.  Port 80 redirects to 443 and automatically gives the console a secure certificate for web access.  Port 443 is also used for updates.  Port 1194 is used for the VPN connection.

      1. Name your Security Group, for example, TrueStack SG.
      2. Create a description, for example TrueStack Direct Connect Security Group.
      3. Click Save.  It should look like this.
      4. Click refresh for the newly created Security Group to appear.
    6. Key Pair Settings:  Create a key pair if you don’t already have one.  After creating a key pair, click the refresh button on the Marketplace.  The key pair you created should appear in the drop down.  Important:  Download and save the key pair in a secure location.
    7. It should look like this.
  7. Click Launch.

Access the TrueStack Direct Connect Console

  1. Click on the link on the next page to go to your EC2 Console.  Or click here: https://aws.amazon.com.  Under My Account, click on AWS Management Console, then under the All Services / Compute section click on EC2.  This will bring you to the EC2 Dashboard then click on Running Instances in the middle.
  2. Your TrueStack Direct Connect instance should appear on the list of running instances.  Click the edit button under Name and name it “TrueStack Direct Connect”.
  3. It should look similar to this:
  4. Find the public IP from the description tab of the EC2 instance. The TrueStack Direct Connect interface works best in Google Chrome.
    Description1
  5. Open Chrome and copy the public IP in to the the address bar.  The IP should redirect to a TrueStack web address. The redirected URL will look similar to this: https://nk2g.truestack.com. This redirected URL is the address you can use in the future to access your interface.
    RedirectedIP
    Troubleshoot: If the IP doesn’t redirect wait a few minutes. Your instance may still be starting up. After waiting, if it still doesn’t redirect to your TrueStack web address, reboot the EC2 instance from your AWS EC2 dashboard.  A reboot will take about 3 minutes or less.

    1. To Reboot, high-light the Instance and click on the Actions button, then Instant State and Reboot from the drop down menus.
  6. On the TrueStack Direct Connect console acccept the EULA.
  7. In the AWS EC2 dashboard, find your EC2 Instance ID from the description tab. This is your temporary password. Copy it into the password field in the TrueStack Direct Connect console and login. We recommend that you change this password on the Settings tab after you log in.

Additional Required Steps:

  1. Add an elastic IP: Without an elastic IP, connected computers may have to clear their DNS cache every time the instance restarts and gets a new Public IP. 
    1. Shutdown the instance before adding an elastic IP. To shutdown the instance, in the Ec2 Dashboard, choose the instance then click on Actions, Instance State, Stop.
    2. To add an elastic IP, in the EC2 dashboard, click on Elastic IPs under the Network and Security section.  Allocate a new IP and then using Actions associate it with your TrueStack Direct Connect Instance.  Start the Instance again from the dashboard.  After the server has started access the instance from a Chrome browser by the new IP.  The server may take 2 or 3 minutes to start.  It should look like this.

    Troubleshooting: After changing to an elastic IP if your instance isn’t accessible through Chrome by the new elastic IP try these steps:

    1. Clear your DNS cache on the computer.
    2. Clear the cache in Chrome.
    3. Shutdown your TrueStack Direct Connect instance and start it again.  The elastic IP associates with a Truestack.net DNS name on startup.  By shutting down and re-loading your server you will re-initiate this process.
  2. Disable Change Source/Dest: This is required so your Windows servers will be able to route to the local computers. 
    1. In the Ec2 Dashboard, choose the TrueStack Direct Connect instance. Click on Actions, Networking, Change Source/Dest. Check. Click Yes, Disable.
    2. Leave Change Source/Dest. Check Enabled for your Windows servers and Disabled for your TrueStack Direct Connect server.
  3. Add an Additional Route for the VPC: This will allow the Windows domain controller to communicate with the connected computers. Without this route you will not be able to manage AD connected computers with powershell, the command line or group policies.
      1. On the EC2 Dashboard click on Default VPC on the right side.
      2. On the VPC dashboard, click on Your VPCs.  We recommend using the default VPC. If you have multiple VPCs, choose the VPC that is associated with the subnet connected to your TrueStack Direct Connect instance.
      3. Click on the Route Table link associated with the VPC.  You may have to scroll down to see the Route Table link.  The link will open in a new tab.
      4. Choose the route table, click on the Routes tab and click Edit.
      5. Click Add another Route.  Do not make any changes to the current routes.
      6. In the Destination type 5.5.0.0/20
      7. In the Target begin typing “TrueStack Direct Connect”.  Your TrueStack Direct Connect name should auto-complete along with the network ID.  Choose it.
        Troubleshooting: if your TrueStack Direct Connect Server Instance doesn’t automatically appear in a Target drop down list ensure you are on the route table associated with your default VPC.  If you have multiple VPCs ensure your are on the route table associated with the VPC that your TrueStack Direct Connect Instance is associated with.
      8. Click save. You may have to scroll up to find save.
      9. It should look like this.  If your route table shows Black Hole, it’s because the TrueStack Direct Connect server is turned off.  Turn it on and it should change to Active.
  4. Add a rule for All Traffic. This is required in order for your Windows servers in AWS to communicate with your TrueStack Direct Connect server.  Without this rule your on premise computers will not be able to route to your AWS Windows servers.
    1. On the EC2 Dashboard, Under Network and Security, click on Security Groups and choose the TrueStack Direct Connect Security Group.
    2. Click on the Inbound tab and click Edit.
    3. Click Add Rule.
    4. The Type should be All Traffic.
    5. Set Source to Custom.
    6. Type in the your security name, for example TrueStack Security Group and choose it from the drop down list.
    7. Click Save. It should look like this.

Recommendations:

  1. Use the ? help in the TrueStack Direct Connect Console.
  2. Change the default password after you logon.
  3. Periodically create backups from the Admin tab.
  4. Periodically run the updates from the Admin tab.  Create a backup before you update the server.

What’s next?

  1. Practice navigating the Amazon EC2 dashboard, follow our Try it tutorial.
  2. To take a 48-hour test drive email support@truestack.com with subject “Test Drive”.
  3. If you’re considering migrating your on-premise Windows domain controller and file server to AWS read through the Seamless Migration to help you prepare for a successful migration.
  4. For configuration or migration questions contact TrueStack support at support@truestack.com.

These are general directions for using TrueStack Direct Connect to extend a Windows domain to an AWS Windows server. Contact TrueStack Support for help with TrueStack Direct Connect.  TrueStack does not support Windows servers or provide any warranties or guarantees for the following directions. Any modifications made to a Windows domain should be done by a qualified technician.

  • First launch a new EC2 Windows Server 2012 R2 or 2016 instance in your AWS account and add it to the TrueStack security group.
  • Find the private IP of the AWS Windows server in the instance description in your AWS account. I.E 10.0.0.157.
  • In TrueStack Direct Connect, create an installer for your on premise Windows Domain Controller. In the Windows IP field only add the IP of the AWS Windows Server. This will allow the Windows on premise server to have access to the AWS Windows server.  In the DNS IP field type in the IP of the on premise Windows Domain Controller.  This will direct the VPN to get DNS from the on premise Windows server.
  • Download and install the installer you just created on the on premise server.  This will install on a physical or virtual server.
  • After installation verify that that the on premise server VPN is connected in the console. If the computer is on and connected the name will appear in blue in the database.
  • Find the IP of the TAP adapter on the on premise server.  It will look similar to this 5.5.0.10. see how
  • Add the IP as a Preferred DNS server on the AWS Windows server. see how
  • Add the AWS Windows server to the on premise server’s domain.
  • Before promoting the server, open DNS on the on premise server.  Ensure the server is listening on all IP addresses and that Zone Transfers are allowed.  See how
  • Before promoting the server, ensure that your local administrator password on the AWS Windows server is not the same as the Domain administrator password.  If it is, change the local administrator password on the AWS Windows server.  See how
  • Promote the AWS Windows server to a domain controller.  Be sure to use domain credentials when you promote the server.
  • On the on premise server the local computers need to lookup the local IP address of the server in order to find the server’s DNS name.  This is probably a class A,B or C IP address similar to this 192.168.1.25.  To ensure they don’t find the IP of the tap adapter, instead, which looks similar to this 5.5.0.10, turn off Zone Transfers on both servers.  See how If the computers associate the TAP adapters IP with the on premise server, the computers won’t be able to access resources on the server.  (Zone transfers aren’t required for AD replication however having it turned on during domain controller promotion is helpful).  Also un-register the TAP connection’s IP address in DNS.  See how  
  • Then clean up DNS.  In DNS on the on premise server the IP for the on premise server should be from the local adapter, for example 192.168.1.25.  On the AWS Windows server the IP for the on premise server should be the IP of the TAP adapter, for example 5.5.0.10.  If, in the future, you need to sync DNS on both servers, you can turn Zone Transfers back on.  Once the zones are in sync you can turn off Zone Transfers and clean up DNS again.
    • First Create an installer in TrueStack Direct Connect.
    • On the security code column, email the installation link to the user of the Apple computer or download the link on their computer.
    • On the download page choose Download Mac and download the config file to the Downloads folder.
    • Open a brower and go to tunnelblick.net
    • Download the latest stable release of Tunnelblick.
    • Open the .dmg file and double-click the icon titled Tunnelblick to install it.
    • When this dialog opens choose “I have configuration files”.

TunnelBlick01

    • Click Okay on the next message.

TunnelBlick02

    • Navigate to the downloads folders and look for the config file you downloaded earlier there. The config file will be named “client_installer name.
    • Drag the config file over the Tunnelblick icon in the menu bar at the top of the screen. This will install the config file in Tunnelblick and start the VPN connection.

TunnelBlick03

Use TrueStack Direct Connect to set up a Windows server in the AWS or Azure cloud

These are general directions for using TrueStack Direct Connect to connect your computers to a new Windows domain in AWS or Azure Windows server.

Try a free 30-day trial!

TrueStack cost $142 a month and allows you to connect up to 4096 computers and 253 servers.

The following assumes that you have already performed the Initial Configurations in either Azure or AWS.  If you haven’t set up TrueStack Direct Connect, follow the Initial Configuration Instructions below.

AWS Initial Configuration
Azure Initial Configuration

If you have an on premise server, this blog gives a summary of the process of migrating your on premise Windows domain controller and file server to AWS or Azure.

https://truestack.com/can-you-migrate-your-on-prem-domain-controller-to-the-cloud

Please read through our FAQ The Seamless Migration for tips related to bandwidth, scanners, printers, cloud backup and client/server line of business applications.

Set up a new Windows server in the cloud

Summary:
1. Set up TrueStack Direct Connect in the AWS or Azure Marketplaces. Follow the initial configuration steps here.  https://truestack.com/support.
2. Launch a Windows server in your AWS or Azure account and set up a Windows domain.
3. Create Installers for your Windows computers using TrueStack Direct Connect.
4. Download them and install them on each Windows computer.
5. Add the Windows computers to the Active Directory domain.
6. Create file shares and manage the computers with AD.

Step-by-step Instructions:

  • Launch TrueStack Direct Connect from the AWS Marketplace. Follow the directions for the initial configuration.  https://truestack.com/support
  • Then launch a new Windows Server 2012 R2 or 2016 Instance or VM in your account.
  • Connect to the Windows server and set up the domain. Be sure to install the DNS role on the Windows server.
  • Find the private IP of the Windows server in the instance description in your AWS account or Virtual Machine tab in Azure, for example, 10.0.0.157.
  • Create an installer in the TrueStack Direct Connect console for each computer that will connect to the Windows server. In the Windows IP field and in the DNS Server IP field add the private IP of the Windows Server. This will allow the Windows computer access to this cloud Windows server only and it will allow both the server and computers to communicate using DNS. A DNS server IP is also required for group policy and other server rules to communicate with the computers properly.
  • Each installer is made for only one computer and will only work on one computer. Each installer contains a unique certificate which is used to create an encrypted VPN tunnel between the computer and the Windows server. To protect the security of your AWS servers ensure that the installer is only installed on the appropriate computer. Also ensure it isn’t compromised or stolen during or after distribution.
  • Distribute the individual installers to each user. There are multiple ways to do this.
    • You can copy the installer link and email it or send it another way to the computer user along with the security code. The user will need to enter the security code before it times out, in order to download their installer.
    • Or you can download the installer yourself by clicking on the Download link by the security code. You can then send it to the user or put it an local share that the user has access to or copy it to their computer.
  • Install or have the user install the software on their computer.
  • After installation verify that that computers are connected in the console. If the computers are on and connected their names will appear in blue in the database.
  • Now you can add the connected computers to your cloud Windows domain.
  • We recommend opening file and print sharing on the windows firewall on the Windows server so the users can access the shared folders.  You can also use a group policy to open file and print sharing for the domain connected computers so you can ping them and access them via a UNC path if required.
  • After the computers are added to the domain you will them be able to manage them with Windows Active Directory as normal.  For example:
    • You can create file shares on the AWS server that these computers can access
    • You use the Windows command line or powershell to send commands to these computers
    • You can create group policies used to manage these computers
    • You can set up and manage users in Active Directory

Read the Seamless Migration for additional considerations related to IOPS, bandwidth, printers, scanners and performance.

These are general directions for using TrueStack Direct Connect to migrate a Windows domain to an AWS or Azure Windows server and remove the on premise Windows server. After the migration, your on premise computers will be able to continue to access their shared folders as normal and your IT will be able to continue to manage the domain connected computers from the cloud Windows server. In addition your mobile computers will be able to access the server anywhere they have internet.
Contact TrueStack Support for help with TrueStack Direct Connect.  TrueStack does not support Windows servers or provide any warranties or guarantees for the following directions.  Any modifications made to a Windows domain should be done by a qualified technician.

The following assumes that you have already performed the Initial Configurations in either Azure or AWS.  If you haven’t set up TrueStack Direct Connect, follow the Initial Configuration Instructions below.

AWS Initial Configuration
Azure Initial Configuration

This blog gives a summary of the process of migrating your on premise Windows domain controller and file server to AWS or Azure.

https://truestack.com/can-you-migrate-your-on-prem-domain-controller-to-the-cloud

Please read through our FAQ The Seamless Migration for tips related to bandwidth, scanners, printers, cloud backup and client/server line of business applications.

Migration Directions:

  • In the TrueStack Direct Connect interface, create an installer for your on premise Windows Domain Controller. In the Windows IP field, add the Private IP of the cloud Windows server.  In AWS find the private IP on the description tab of the instance.  In Azure, find the Private IP under Virtual Machines.  This will allow the Windows on premise server to have access to the cloud Windows server.  In the DNS IP field type in the IP of the on premise Windows Domain Controller.  This will direct the VPN to get DNS from the on premise Windows server.  It should look similar to this.
  • Download and install the installer you just created on the on premise Windows domain controller.  This will install on a physical or virtual server.
  • After installation verify that the on premise server VPN is connected in the TrueStack Direct Connect interface. If the computer is on and connected the name will appear in blue in the database.
  • Find the IP of the TAP adapter on the on premise server.  It will look similar to this 5.5.0.10.  The easiest way to find the IP of the TAP adapter on the on premise server is to right-click the network adapter in Control Panel, click on Status then Details.
  • Add the IP as the Preferred DNS server on the cloud Windows server.  This is added to the network adapter of the cloud server.  It should look similar to this.
  • Add the cloud Windows server to the on premise server’s domain.
  • Before promoting the server as a domain controller, open DNS on the on premise server.  Ensure the server is listening on all IP addresses and that Zone Transfers are allowed.
  • Also ensure that your local administrator password on the cloud Windows server is not the same as the Domain administrator password.  If it is, change the local administrator password on the cloud Windows server.
  • Promote the cloud Windows server to a domain controller.  Be sure to use domain credentials when you promote the server.  If you have problems promoting your server to a domain controller see Troubleshoot.
  • Now that the cloud server has been prompted as a Windows domain controller, in the TrueStack Direct Connect interface, click on the edit button to the right of the on premise Windows server and change the cloud Windows IP in the DNS Server IP field from the on premise server IP of the TAP adapter to the cloud Windows server IP.  On the on premise server, restart the TrueStack windows service to update the change.
  • This is a good time to Snapshot the Windows cloud server for additional backup.
  • Create an installer in the TrueStack Direct Connect console for each computer that will connect to the cloud Windows server. In the Windows IP field and in the DNS Server IP field add the private IP of the cloud Windows Server. This will be something like 10.0.0.5. This will allow the computers access to this cloud Windows server and it will allow both the server and computers to communicate using DNS. A DNS server IP is also required for group policy and other server rules to communicate with the computers properly.

  • Each installer is made for only one computer and will only work on one computer at a time. Each installer contains a unique certificate which is used to create an encrypted VPN tunnel between the computer and the Windows server. To protect the security of your cloud servers ensure that the installer is only installed on the appropriate computer.  Also ensure it isn’t compromised or stolen during or after distribution.
  • Distribute the individual installers to each user. There are multiple ways to do this.
  • You can email or copy the installer link and send it to the computer user along with the security code. The user will need to enter the security code before it times out, in order to download their installer.
  • Or you can download the installer yourself by clicking on the Download link by the security code. You can then send it to the user or put it in a local share that the user has access to or copy it to their computer.
  • Install or have the user install the software on their computer.  For MAC computers follow these directions to connect using Tunnelblick.
  • After installation verify that that computers are connected in the console. If the computers are on and connected their names will appear in blue in the database. At this point the computers should still be able to access the on premise server as normal.
  • Now migrate your data to the AWS Windows server. You can use robocopy or other migration tools.  Don’t share the migrated folders until you’re ready to demote and remove the on premise server from the domain.  See below.
  • The following change should be planned, probably after hours, because after this change your on premise computers may not be able to access the on premise server.  If DHCP for the network, via your router or on premise server, is giving out the DNS IP for the on premise Windows server to the local network adapters of the on premise computers, remove it and use different DNS addresses.  Either use DNS server IPs provided by your ISP or public DNS server IPs.  The computers get internet DNS lookups through the Local Area network adapter and they get Windows domain lookups through the TAP adapter.  The TAP adapter should be receiving the IP address of the cloud Windows server.  For your local network we don’t recommend using static IPs on the computers, however if this is your network protocol, change the Primary and/or Secondary DNS server IPs to your Gateway IP or your ISPs DNS server IPs or public DNS server IPs.  For laptops that need to be used offsite, we recommend public DNS server IPs like Google’s 8.8.8.8 or 8.8.4.4.
  • Transfer the FSMO roles to the cloud Windows Domain Controller.
  • Document your shared folder names and printer names if you intend to enable Branch Office printer – see our FAQ on The Seamless Migration.
  • Ensure Active Directory has fully replicated to the cloud server.
  • Demote the on premise server and fully remove it from the domain.  It’s important to delete the on premise server completely from the domain, otherwise the computers may continue to look to the on premise server for Active Directory, Group Policy and DNS lookups. We recommend renaming and restarting it after removing it from the domain so it won’t cause any confusion on the network.  Check for remnants of the server in AD and AD sites and services and DNS.  Delete the server in all of these places.
  • Uninstall TrueStack Direct Connect on the on premise server and delete it from the TrueStack Direct Connect interface.
  • Now, you can rename the cloud Windows server so it uses the same name that the on premise server used before it was demoted.  This will allow your on premise computers to use cached DNS lookups to access their shares.
  • For example, if your on premise server was originally name DCDATA and your cloud Windows DC is named AWSDATA, then after promoting AWSDATA as a domain controller and ensuring Active Directory replication succeeded, then demote DCDATA and remove it from the domain completely.  Rename it DCDATAOLD  Delete all remnants of DCDATA in Active Directory.  Then rename AWSDATA to DCDATA.   Set up your network shares and permissions the same way they were on DCDATA.  After you migrate the data and configure your shares and permissions your Active Directory users will be able to open their mapped drives and other network shares the same way they did before without noticing that the on premise server is now offline and they are accessing these shares on the cloud Windows server.
  • Restart the on premise computers.   This will update their adapters and route to them to the cloud Windows server.

Please read through our FAQ The Seamless Migration for tips related to bandwidth, scanners, printers, cloud backup and client/server line of business applications.

Troubleshoot

Client won’t connect

  • Ensure the computer is connected to the internet.
  • Restart the TrueStack service on the computer or restart the computer.
  • Delete and reinstall TrueStack Direct Connect on the computer.

Can’t ping or access the client computer from the Windows server

  • Ensure the computer is connected to the internet.
  • Restart the TrueStack service on the computer or restart the computer
  • Ensure the computer is a member of the Windows domain
  • Ensure File and Print sharing is open on the computer
  • Ensure that the route 5.5.0.0/20 is added in AWS or Azure.  For directions see the initial configuration https://truestack.com/support.
  • When adding a route in your VPC we recommend using the default VPC.
  • In AWS, disable Change Source/Dest. Check. Choose the TrueStack Direct Connect instance. Click on Actions, Networking, Change Source/Dest. Check. Click Yes, Disable. For better directions see the initial configuration https://truestack.com/support.
  • Some DNS servers provided by your ISP may block some DNS traffic going across port 1194.  In these cases the Windows server won’t be able to access the client.  Check the client’s TAP adapter icon in control panel to see if it shows “Unidentified network” under the adapter name, instead of your Windows domain name.
    It should show the Domain name.  Change the DNS address of the TAP adapter to Google’s 8.8.8.8 or 8.8.4.4.  If you’re ISP is causing this DNS issue then you will see that your domain name immediately appears on the client’s TAP adapter.  Once the domain name appears on the TAP adapter, you should be able to access the client.
    This should be a rare situation, however, in this case you have a few options:

    • Change DHCP on your on premise router to give out the IP of your gateway or a 3rd party DNS, such as Google’s DNS servers – 8.8.8.8 or 8.8.4.4 instead of your ISPs DNS servers.
    • Set static DNS servers IPs for the affected computers.  You may find that some laptops which are required to connect to multiple ISP networks will frequently have this issue, so it may be easier to set those laptops to Google’s DNS server IPs.

Reset your TrueStack Direct Connect Password:

  • Open SSH port 22 on your cloud network security group.
  • Use Putty or a terminal to SSH into TrueStack Direct Connect
  • Type “sudo /opt/directconnect/bin/resetpasswd”
  • Create a new password.  Then you should be able log in to the interface with the new password.

Upgrade to a new version of TrueStack Direct Connect

  • In the interface on the Admin tab download a backup of your server.
  • Create a new VM or Instance of TrueStack Direct Connect from the AWS or Azure marketplaces.
  • Follow the initlal configuration instructions. https://truestack.com/support.
  • On the Admin tab of the new TrueStack Direct Connect server, click on Choose File and upload the backup file to your new server, click on Restore.

Can’t access web console after changing to a static or elastic IP

  • Clear your DNS cache on the computer.
  • Clear the cache in Chrome.
  • Shutdown your TrueStack Direct Connect instance and start it again.  The elastic IP associates with a Truestack.net DNS name on startup.  By shutting down and re-loading your server you will re-initiate this process.

My cloud server won’t promote to a domain controller

  • Ensure your local administrator password and your domain administrator password are not the same.
  • Ensure that both the on premise and cloud servers can ping each other by IP.  The cloud server should be able to ping the tap adapter IP of the on premise server.
  • Server 2008 – If you are prompting a 2012 or 2016 domain controller in a 2008 forest and domain, we recommend restarting the on premise server after you’ve installed the TrueStack client and before promoting the cloud server as a domain controller.
  • Domain promotion may hang on some servers if there is a slow internet connection or packets are lost during promotion.  In these cases, you can cancel the promotion and try again.  After canceling the promotion, we recommend terminating the cloud server and starting with a brand new cloud server.  On the on premise server delete the cloud server out of Active Directory, AD sites and services and DNS before adding a new server and trying the promotion again.
  • Change your password – In the TrueStack Direct Connect console on the settings tab change the default password to a secure password.
  • Backup – On the admin tab periodically backup your server.
  • Update – On the admin tab periodically update the server.  Always backup up the server before running updates.
  • Keep your Windows servers up to date.