Follow our simple step-by-step directions to launch a private TrueStack Direct Connect server from AWS then connect your local computers to your AWS servers. Move your Windows Active Directory servers to AWS so your local computers can connect from anywhere.
- Download Putty Gen here.
- Change type of key to generate to “SSH-1 (RSA)
- Click on Key from the menu, then click on “Parameters for saving keys”
- Change PPK file version from 3 to 2., click Ok
- Click Load and load the .pem file.
- Click ok to the message and click Save Private Key
- Use the .ppk to connect with putty
- Back to How to upgrade your Operating System to Debian Stretch
Upgrading to Debian Stretch is required because the internal certificate service for Debian Jesse is being deprecated.
- Before performing the upgrade we recommend that you make 2 backups.
- Backup #1: In the TrueStack Direct Connect Console on the Admin tab under Backup click Download to backup the config file. You can use this to restore to a new instance of TrueStack Direct Connect. It will restore your server to to the same state it was before the upgrade.
- Backup #2: In AWS shutdown your TrueStack Direct Connect Instance. Create a snapshot of your instance.
- Open the SSH Port in AWS: On your EC2 dashboard open the SSH port to your IP for your TrueStack Direct Connect Security Group. Open the SSH port to My IP.
- Open Putty or another SSH client. Type the Public IP Address of your instance in section Host Name (or IP address). Make sure the port is set to 22 and the Connection type is SSH. You can download putty from here: https://www.chiark.greenend.org.uk/~sgtatham/putty/
- In Putty under Connection, expand SSH and Click on Auth. Browse to the location where you saved the Key Pair (certificate) that is associated with your TrueStack Direct Connect EC2 instance in AWS. This Key Pair was created when you set up your AWS EC2 account or the first time you set up TrueStack Direct Connect.
Note: You may need to convert your .pem key to a .ppk key in order for this to work. Follow the directions here to make this conversion: https://truestack.com/ufaqs/how-to-convert-a-pem-file-to-a-ppk-file/
- Accept the certificate. To login, type the username: admin
- Type: sudo /opt/directconnect/scripts/os_update.sh
- Type: YES when prompted “Are you sure you want to upgrade to Debian Stretch?
- After the update completes Type: sudo reboot
- This will restart your instance and it will be upgraded to Debian Stretch.
Get 720 Windows server hours free from AWS and get a free 15-day trial from TrueStack
TrueStack Direct Connect is a VPN management server made to connect Windows and Mac computers to Windows domain controllers and files servers in the AWS and Azure clouds. This tutorial will help you set up your own TrueStack Direct Connect instance in your Amazon Web Services account.
1. Set up your AWS Account
If you don’t have an Amazon Web Services account, create a free tier account.
Non-Profits may be eligible for $2000 in yearly AWS credits through Techsoup that can be applied to their account. Apply through Techsoup.org.
2. Launch TrueStack Direct Connect
- Once you have an AWS account, click on this link to open TrueStack Direct Connect on the marketplace and click Continue to Subscribe in the upper right-hand corner. If you haven’t already signed into your account, you’ll be prompted to sign in now.
- Accept the Terms.
- Click Continue to Configuration when it’s available. It may take a few minutes for this button to become available.
- Leave the Fulfillment Option and Software version as default.
- Choose your region. If you’re new to AWS we suggest choose a region that is closest to your location.
- Click Continue to Launch.
- Choose Action: leave as default – Launch from Website
- EC2 Instance Type: We recommend leaving this as default – t2.micro is sufficient for up to 150 connected devices.
- VPC Settings: leave as default – we recommend using the default VPC. If you don’t have a VPC in your account, click Create a VPC in EC2, then click refresh on this page and your default VPC should appear.
- Subnet Settings: leave as default.
- Security Group Settings: Click on Create New Based on Seller Settings.
Ports 80, 443 and 1194 are required to be open for TrueStack Direct Connect to work properly. Port 80 redirects to 443 and automatically gives the console a secure certificate for web access. Port 443 is also used for updates. Port 1194 is used for the VPN connection.
- Name your Security Group, for example, TrueStack SG.
- Create a description, for example TrueStack Direct Connect Security Group.
- Click Save.
- Click refresh for the newly created Security Group to appear.
- Key Pair Settings: Create a key pair if you don’t already have one. After creating a key pair, click the refresh button on the Marketplace. The key pair you created should appear in the drop down. Important: Download and save the key pair in a secure location.
- Click Launch.
3. Access the TrueStack Direct Connect Console
- Click on the link on the next page to go to your EC2 Console. Or click here: https://aws.amazon.com. Under My Account, click on AWS Management Console, then under the All Services / Compute section click on EC2. This will bring you to the EC2 Dashboard then click on Running Instances in the middle.
- Your TrueStack Direct Connect instance should appear on the list of running instances. Click the edit button under Name and name it “TrueStack Direct Connect”.
- It should look similar to this:
- Find the public IP from the description tab of the EC2 instance. The TrueStack Direct Connect interface works best in Google Chrome.
- Open Chrome and copy the public IP in to the the address bar. The IP should redirect to a TrueStack web address. The redirected URL will look similar to this: https://nk2g.truestack.com. This redirected URL is the address you can use in the future to access your interface.
Troubleshoot: If the IP doesn’t redirect wait a few minutes. Your instance may still be starting up. After waiting, if it still doesn’t redirect to your TrueStack web address, reboot the EC2 instance from your AWS EC2 dashboard. A reboot will take about 3 minutes or less.
- On the TrueStack Direct Connect console acccept the EULA.
- In the AWS EC2 dashboard, find your EC2 Instance ID from the description tab. This is your temporary password. Copy it into the password field in the TrueStack Direct Connect console and login. We recommend that you change this password on the Settings tab after you log in.
4. Additional Required Steps:
- Add an elastic IP: Without an elastic IP, connected computers may have to clear their DNS cache every time the instance restarts and gets a new Public IP.
- Shutdown the instance before adding an elastic IP. To shutdown the instance, in the Ec2 Dashboard, choose the instance then click on Actions, Instance State, Stop.
- To add an elastic IP, in the EC2 dashboard, click on Elastic IPs under the Network and Security section. Allocate a new IP and then using Actions associate it with your TrueStack Direct Connect Instance. It should look like this.
- Shutdown the instance before adding an elastic IP. To shutdown the instance, in the Ec2 Dashboard, choose the instance then click on Actions, Instance State, Stop.
- Disable Change Source/Dest: This is required so your Windows servers will be able to route to the local computers.
- Leave the server shutdown for this step.
- In the Ec2 Dashboard, choose the TrueStack Direct Connect instance. Click on Actions, Networking, Change Source/Dest. Check. Click Yes, Disable.
- Leave Change Source/Dest. Check Enabled for your Windows servers and Disabled for your TrueStack Direct Connect server.
- Turn the server back on before proceeding.
- Add an Additional Route to the VPC: This will allow the Windows domain controller to communicate with the connected computers. Without this route you will not be able to manage AD connected computers with powershell, the command line or group policies.
- On the EC2 Dashboard click on Default VPC on the right side.
- On the VPC dashboard, click on Your VPCs. We recommend using the default VPC. If you have multiple VPCs, choose the VPC that is associated with the subnet connected to your TrueStack Direct Connect instance.
- Click on the Route Table link associated with the VPC. You may have to scroll down to see the Route Table link. The link will open in a new tab.
- Choose the route table, click on the Routes tab and click Edit.
- Click Add another Route. Do not make any changes to the current routes.
- In the Destination type 5.5.0.0/20
- In the Target drop down, choose Instance, then choose your TrueStack Direct Connect Instance from the list or copy and paste in your instance ID. You can get your instance ID from the description tab for your instance on the EC2 Dashboard.
Troubleshooting: if your TrueStack Direct Connect Server Instance ID doesn’t automatically appear in a Target drop down list ensure you are on the route table associated with your default VPC. If you have multiple VPCs ensure your are on the route table associated with the VPC that your TrueStack Direct Connect Instance is associated with. - Click save. You may have to scroll up to find save.
- It should look like this. If your route table shows Black Hole, it’s because the TrueStack Direct Connect server is turned off. Turn it on and it should change to Active.
- On the EC2 Dashboard click on Default VPC on the right side.
- Add a rule for All Traffic. This is required in order for your Windows servers in AWS to communicate with your TrueStack Direct Connect server. Without this rule your on premise computers will not be able to route to your AWS Windows servers.
- On the EC2 Dashboard, Under Network and Security, click on Security Groups and choose the TrueStack Direct Connect Security Group.
- Click on the Inbound tab and click Edit.
- Click Add Rule.
- The Type should be All Traffic.
- Set Source to Custom.
- Type in the your security name, for example TrueStack Security Group and choose it from the drop down list.
- Click Save. It should look like this.
Recommendations:
- Use the ? help in the TrueStack Direct Connect Console.
- Change the default password after you logon.
- Periodically create backups from the Admin tab.
- Periodically run the updates from the Admin tab. Create a backup before you update the server..
What’s next?
- Practice navigating the Amazon EC2 dashboard, follow our Try it tutorial.
- To take a 48-hour test drive email [email protected] with subject “Test Drive”.
- If you’re considering migrating your on-premise Windows domain controller and file server to AWS read through the Seamless Migration to help you prepare for a successful migration.
- For configuration or migration questions contact TrueStack support at [email protected].
TrueStack Direct Connect is a VPN management server made to connect Windows and Mac computers to Windows domain controllers and files servers in the AWS and Azure clouds. This tutorial will help you use TrueStack Direct Connect to connect an on premise Windows computer to an AWS Windows Domain Controller.
TrueStack Direct Connect 10 connections is FREE. Follow the directions here to set up your TrueStack Direct Connect server.
Summary:
The following steps will help you set up a Windows domain controller in Amazon Web Services and then connect a Windows Professional computer to the Windows domain using TrueStack Direct Connect. After the computer is a member of Active Directory you can test access to the server by accessing a network share from the computer, pinging the computer from the server and remotely restarting the computer from the server.
Getting Started:
Important: For the purpose of this test we recommend setting up TrueStack Direct Connect and the below Windows server in a region that doesn’t include any production servers so you won’t disrupt any of your current AWS services. We also recommend using the default VPC in that region. Choose a region with a VPC that hasn’t been changed. If you’re setting up a new AWS account then we recommend choosing a region that is closest to your location.
First follow the steps in the Step by Step Setup to configure TrueStack Direct Connect in AWS.
Launch a new Windows Server from AWS:
- Use a Windows Professional computer and use Chrome for your web browser.
- In your AWS account, from the EC2 dashboard, click Launch Instance.
- Scroll down and choose Microsoft Windows Server 2016 Base or Microsoft Windows Server 2012 R2 Base.
- Select the default instance type, t2.micro.
- Select Review and Launch instead of Next: Configure Instance Details.
- On the right side click Edit Security Groups.
- Under Assign a Security Group choose Select an existing Security Group and then select the TrueStack Security Group then choose Review and Launch.
Troubleshooting: If the TrueStack Security Group isn’t listed then you probably aren’t in the same region or VPC as your TrueStack Direct Connect Server. Cancel the setup and check your region and VPC. If you haven’t already, follow the Step by Step Setup.
- Click continue to the warning about port 3389. Port 3389 doesn’t need to be open because you will access your Windows server through the TrueStack Direct Connect VPN.
- Click Launch on the next page.
- You will see the below dialog box. If you have an existing key pair choose that, if not create one by clicking on the drop down. Give it a name and download it. Important: Save your key pair it in a secure location.
- Click Launch Instances then click View Instances in the next page.
Connect to the Windows server using TrueStack Direct Connect:
- Open your TrueStack Direct Connect console. Find the private IP of the EC2 Windows server from the description tab of the EC2 instance.
- In the TrueStack Direct Connect Interface, create an installer.
- Give the installer a descriptive name. We recommend using the name of the Windows computer you are connecting from.
- Type the private IP address of the Windows server EC2 instance you just created in both the Windows Server IPs field and the DNS Server IPs field.
- Click Save installer.
- In the security code field for the installer you just created, click on the download button.
- Download and install the TrueStack Direct Connect VPN client on your Windows Professional computer. You’ll be prompted for the security code on install.
- After you’ve installed the client you should be able to use remote desktop to access the Windows server EC2 instance by its private IP. The user is Administrator. You’ll need to get the password for the Windows server from the Connect button of the instance in AWS. You can change the password of the administrator user in Computer Management after you log in.
- Promote the Windows server to a domain controller.
- Add your TrueStack Direct Connected Windows computer to the Windows domain you just created.
Additional Practice:
- Create a shared folder on the Windows domain controller EC2 instance and access the share from your Windows domain connected computer.
- From the Windows domain controller EC2 instance, restart your Windows domain connected computer using this command line: shutdown –r –t 5 –m //yourcomputername –f.
- First set up TrueStack Direct Connect in AWS or Azure. Follow the directions here.
- Then launch a new Windows Server 2012 R2 or 2016 instance in your cloud account and add it to the TrueStack security group.
- Find the private IP of the Windows server in the instance description in your AWS account. I.E 10.0.0.157.
- In TrueStack Direct Connect, create an installer for your on premise Windows Domain Controller. In the Windows IP field only add the IP of the AWS Windows Server. This will allow the Windows on premise server to have access to the AWS Windows server. In the DNS IP field type in the IP of the on premise Windows Domain Controller. This will direct the VPN to get DNS from the on premise Windows server.
- Download and install the installer you just created on the on premise server. This will install on a physical or virtual server.
- After installation verify that that the on premise server VPN is connected in the console. If the computer is on and connected the name will appear in blue in the database.
- Find the IP of the TAP adapter on the on premise server. It will look similar to this 5.5.0.10.
- Add the IP as a Preferred DNS server on the AWS Windows server.
- Add the AWS Windows server to the on premise server’s domain.
- Before promoting the server, open DNS on the on premise server. Ensure the server is listening on all IP addresses and that Zone Transfers are allowed.
- Before promoting the server, ensure that your local administrator password on the AWS Windows server is not the same as the Domain administrator password. If it is, change the local administrator password on the AWS Windows server.
- Promote the AWS Windows server to a domain controller. Be sure to use domain credentials when you promote the server.
- On the on premise server the local computers need to lookup the local IP address of the server in order to find the server’s DNS name. This is probably a class A,B or C IP address similar to this 192.168.1.25. To ensure they don’t find the IP of the tap adapter, instead, which looks similar to this 5.5.0.10, turn off Zone Transfers on both servers. If the computers associate the TAP adapters IP with the on premise server, the computers won’t be able to access resources on the server. (Zone transfers aren’t required for AD replication however having it turned on during domain controller promotion is helpful). Also un-register the TAP connection’s IP address in DNS.
- Then clean up DNS. In DNS on the on premise server the IP for the on premise server should be from the local adapter, for example 192.168.1.25. On the AWS Windows server the IP for the on premise server should be the IP of the TAP adapter, for example 5.5.0.10. If, in the future, you need to sync DNS on both servers, you can turn Zone Transfers back on. Once the zones are in sync you can turn off Zone Transfers and clean up DNS again.
Summary
This blog outlines how to migrate an on premise Active Directory domain controller to an a cloud Active Directory domain controller using TrueStack Direct Connect.
https://truestack.com/can-you-migrate-your-on-prem-domain-controller-to-the-cloud
Please read through our FAQ The Seamless Migration for tips related to bandwidth, scanners, printers, cloud backup and client/server line of business applications.
Migration Directions:
- In the TrueStack Direct Connect interface, create an installer for your on premise Windows Domain Controller. In the Windows IP field, add the Private IP of the cloud Windows server. In AWS find the private IP on the description tab of the instance. In Azure, find the Private IP under Virtual Machines. This will allow the Windows on premise server to have access to the cloud Windows server. In the DNS IP field type in the IP of the on premise Windows Domain Controller. This will direct the VPN to get DNS from the on premise Windows server. It should look similar to this.
- Download and install the installer you just created on the on premise Windows domain controller. This will install on a physical or virtual server.
- After installation verify that the on premise server VPN is connected in the TrueStack Direct Connect interface. If the computer is on and connected the name will appear in blue in the database.
- Find the IP of the TAP adapter on the on premise server. It will look similar to this 5.5.0.10. The easiest way to find the IP of the TAP adapter on the on premise server is to right-click the network adapter in Control Panel, click on Status then Details.
- Add the IP as the Preferred DNS server on the cloud Windows server. This is added to the network adapter of the cloud server. It should look similar to this.
- Add the cloud Windows server to the on premise server’s domain.
- Before promoting the server as a domain controller, open DNS on the on premise server. Ensure the server is listening on all IP addresses and that Zone Transfers are allowed.
- Also ensure that your local administrator password on the cloud Windows server is not the same as the Domain administrator password. If it is, change the local administrator password on the cloud Windows server.
- Promote the cloud Windows server to a domain controller. Be sure to use domain credentials when you promote the server. If you have problems promoting your server to a domain controller see Troubleshoot.
- Now that the cloud server has been prompted as a Windows domain controller, in the TrueStack Direct Connect interface, click on the edit button to the right of the on premise Windows server and change the cloud Windows IP in the DNS Server IP field from the on premise server IP of the TAP adapter to the cloud Windows server IP. On the on premise server, restart the TrueStack windows service to update the change.
- This is a good time to Snapshot the Windows cloud server for additional backup.
- Create an installer in the TrueStack Direct Connect console for each computer that will connect to the cloud Windows server. In the Windows IP field and in the DNS Server IP field add the private IP of the cloud Windows Server. This will be something like 10.0.0.5. This will allow the computers access to this cloud Windows server and it will allow both the server and computers to communicate using DNS. A DNS server IP is also required for group policy and other server rules to communicate with the computers properly.
- Each installer is made for only one computer and will only work on one computer at a time. Each installer contains a unique certificate which is used to create an encrypted VPN tunnel between the computer and the Windows server. To protect the security of your cloud servers ensure that the installer is only installed on the appropriate computer. Also ensure it isn’t compromised or stolen during or after distribution.
- Distribute the individual installers to each user. There are multiple ways to do this.
- You can email or copy the installer link and send it to the computer user along with the security code. The user will need to enter the security code before it times out, in order to download their installer.
- Or you can download the installer yourself by clicking on the Download link by the security code. You can then send it to the user or put it in a local share that the user has access to or copy it to their computer.
- Install or have the user install the software on their computer. For MAC computers follow these directions to connect using Tunnelblick.
- After installation verify that that computers are connected in the console. If the computers are on and connected their names will appear in blue in the database. At this point the computers should still be able to access the on premise server as normal.
- Now migrate your data to the AWS Windows server. You can use robocopy or other migration tools. Don’t share the migrated folders until you’re ready to demote and remove the on premise server from the domain. See below.
- The following change should be planned, probably after hours, because after this change your on premise computers may not be able to access the on premise server. If DHCP for the network, via your router or on premise server, is giving out the DNS IP for the on premise Windows server to the local network adapters of the on premise computers, remove it and use different DNS addresses. Either use DNS server IPs provided by your ISP or public DNS server IPs. The computers get internet DNS lookups through the Local Area network adapter and they get Windows domain lookups through the TAP adapter. The TAP adapter should be receiving the IP address of the cloud Windows server. For your local network we don’t recommend using static IPs on the computers, however if this is your network protocol, change the Primary and/or Secondary DNS server IPs to your Gateway IP or your ISPs DNS server IPs or public DNS server IPs. For laptops that need to be used offsite, we recommend public DNS server IPs like Google’s 8.8.8.8 or 8.8.4.4.
- Transfer the FSMO roles to the cloud Windows Domain Controller.
- Document your shared folder names and printer names if you intend to enable Branch Office printer – see our FAQ on The Seamless Migration.
- Ensure Active Directory has fully replicated to the cloud server.
- Demote the on premise server and fully remove it from the domain. It’s important to delete the on premise server completely from the domain, otherwise the computers may continue to look to the on premise server for Active Directory, Group Policy and DNS lookups. We recommend renaming and restarting it after removing it from the domain so it won’t cause any confusion on the network. Check for remnants of the server in AD and AD sites and services and DNS. Delete the server in all of these places.
- Uninstall TrueStack Direct Connect on the on premise server and delete it from the TrueStack Direct Connect interface.
- Now, you can rename the cloud Windows server so it uses the same name that the on premise server used before it was demoted. This will allow your on premise computers to use cached DNS lookups to access their shares.
- For example, if your on premise server was originally name DCDATA and your cloud Windows DC is named AWSDATA, then after promoting AWSDATA as a domain controller and ensuring Active Directory replication succeeded, then demote DCDATA and remove it from the domain completely. Rename it DCDATAOLD Delete all remnants of DCDATA in Active Directory. Then rename AWSDATA to DCDATA. Set up your network shares and permissions the same way they were on DCDATA. After you migrate the data and configure your shares and permissions your Active Directory users will be able to open their mapped drives and other network shares the same way they did before without noticing that the on premise server is now offline and they are accessing these shares on the cloud Windows server.
- Restart the on premise computers. This will update their adapters and route to them to the cloud Windows server.
Please read through our FAQ The Seamless Migration for tips related to bandwidth, scanners, printers, cloud backup and client/server line of business applications.
Use TrueStack Direct Connect to set up a Windows server in the AWS or Azure cloud
The following assumes that you have already performed the Initial Configurations in either Azure or AWS. If you haven’t set up TrueStack Direct Connect, follow the Initial Configuration Instructions below.
AWS Initial Configuration
Azure Initial Configuration
If you have an on premise server, this blog gives a summary of the process of migrating your on premise Windows domain controller and file server to AWS or Azure.
https://truestack.com/can-you-migrate-your-on-prem-domain-controller-to-the-cloud
Please read through our FAQ The Seamless Migration for tips related to bandwidth, scanners, printers, cloud backup and client/server line of business applications.
Set up a new Windows server in the cloud
Summary:
1. Set up TrueStack Direct Connect in the AWS or Azure Marketplaces. Follow the initial configuration steps here.
2. Launch a Windows server in your AWS or Azure account and set up a Windows domain.
3. Create Installers for your Windows computers using TrueStack Direct Connect.
4. Download them and install them on each Windows computer.
5. Add the Windows computers to the Active Directory domain.
6. Create file shares and manage the computers with AD.
Step-by-step Instructions:
- Launch TrueStack Direct Connect from the AWS Marketplace. Follow the directions for the initial configuration.
- Then launch a new Windows Server 2012 R2 or 2016 Instance or VM in your account.
- Connect to the Windows server and set up the domain. Be sure to install the DNS role on the Windows server.
- Find the private IP of the Windows server in the instance description in your AWS account or Virtual Machine tab in Azure, for example, 10.0.0.157.
- Create an installer in the TrueStack Direct Connect console for each computer that will connect to the Windows server. In the Windows IP field and in the DNS Server IP field add the private IP of the Windows Server. This will allow the Windows computer access to this cloud Windows server only and it will allow both the server and computers to communicate using DNS. A DNS server IP is also required for group policy and other server rules to communicate with the computers properly.
- Each installer is made for only one computer and will only work on one computer. Each installer contains a unique certificate which is used to create an encrypted VPN tunnel between the computer and the Windows server. To protect the security of your AWS servers ensure that the installer is only installed on the appropriate computer. Also ensure it isn’t compromised or stolen during or after distribution.
- Distribute the individual installers to each user. There are multiple ways to do this.
- You can copy the installer link and email it or send it another way to the computer user along with the security code. The user will need to enter the security code before it times out, in order to download their installer.
- Or you can download the installer yourself by clicking on the Download link by the security code. You can then send it to the user or put it an local share that the user has access to or copy it to their computer.
- Install or have the user install the software on their computer.
- After installation verify that that computers are connected in the console. If the computers are on and connected their names will appear in blue in the database.
- Now you can add the connected computers to your cloud Windows domain.
- We recommend opening file and print sharing on the windows firewall on the Windows server so the users can access the shared folders. You can also use a group policy to open file and print sharing for the domain connected computers so you can ping them and access them via a UNC path if required.
- After the computers are added to the domain you will them be able to manage them with Windows Active Directory as normal. For example:
- You can create file shares on the AWS server that these computers can access
- You use the Windows command line or powershell to send commands to these computers
- You can create group policies used to manage these computers
- You can set up and manage users in Active Directory
Read the Seamless Migration for additional considerations related to IOPS, bandwidth, printers, scanners and performance.
You can connect cloud servers, AWS EC2 Instances or Azure Virtual Machines, that are in different regions using TrueStack Direct Connect.
Connect Servers in different regions:
- Set up TrueStack Direct Connect in one region. Follow the Initial Configuration directions here:
- Create an installer for the remote server in the other region. In the Windows Server IPs section in the console type in the private IP of the server that you want to connect to that is in the same region as your TrueStack Direct Connect server.
- For example:
-
-
-
- Your TrueStack Direct Connect server and a Windows server is in the Oregon Region.
- You want to connect a Windows server in the London region to the Windows server in the Oregon region.
- The Windows server in the Oregon region has the Private IP of 10.0.1.52.
- In the TrueStack Direct Connect Console, create an installer and type in the IP 10.0.1.52 in the Windows Server IPs section.
- If you want to connect the London server to multiple Windows server in the Oregon region, type additional private IPs for the other servers in the Oregon region on separate lines.
- For example:
- 10.0.1.52
- 10.0.1..233
- 10.0.1.39
- If you want the London server to have access to all servers in the Oregon region give the London server access to the entire subnet by typing: 10.0.1.52/24. This allows the London server to connect to all Oregon servers.
- If you want to connect the Oregon server to to multiple London servers, create additional installers for each London server and specify the private IP of the Oregon server in the Windows Server IPs section for each installer you create for each London server.
- If you want to allow all Oregon servers to connect to all London servers you need to create an installer for each London server and give each installer access to the entire Oregon subnet.
- Specify the private IP of the Windows DNS server in the Oregon region if the London server(s) should be a part of the Windows domain on the Oregon server(s).
-
-
-
- For example:
- Install the TrueStack Direct Connect client from the installer(s) you just created on the London server(s).
- By using the same configuration above you can also connect servers from different clouds, data centers and locations.
- First create an installer then choose Download Mac. This will download the config file.
- If you have a version of Linux with a GUI operating system use FireFox to download the installer.
- If you use SSH to access the console, then upload the config file you downloaded to a folder in your Linux computer using an FTP client like WinSCP.
- The config file will be named similar to this client_INSTALLERNAME.ovpn
- If you have a Linux GUI, right-click in the folder where the file is located and choose Open Terminal Here.
- If you are accessing the console through SSH navigate to the folder where you uploaded the config file. Use cd plus the folder name to navigate in Linux. For example, cd my folder or cd /tmp/my folder
- Then type: sudo apt-get install openvpn
- When that command completes type: sudo openvpn –config client_INSTALLERNAME.ovpn
- replace INSTALLERNAME with the name of your installer.
- This command will connect the client. The installer connects and then appears in blue in the TrueStack Direct Connect console.
-
- First Create an installer in TrueStack Direct Connect.
- On the security code column, email the installation link to the user of the Apple computer or download the link on their computer.
- On the download page choose Download Mac and download the config file to the Downloads folder.
- Open a brower and go to tunnelblick.net
- Download the latest stable release of Tunnelblick.
- Open the .dmg file and double-click the icon titled Tunnelblick to install it.
- When this dialog opens choose “I have configuration files”.
-
- Click Okay on the next message.
-
- Navigate to the downloads folders and look for the config file you downloaded earlier there. The config file will be named “client_installer name.
- Drag the config file over the Tunnelblick icon in the menu bar at the top of the screen. This will install the config file in Tunnelblick and start the VPN connection.
How to upgrade to another version of TrueStack Direct Connect
If you need to upgrade from a 25 connection or 50 connection version of TrueStack Direct Connect follow the directions below.
If you need to upgrade to a new version of TrueStack Direct Connect, first run the updates on the Admin tab. After the update completes check the version number on the bottom of the screen and compare it to the latest version number available at the AWS Marketplace. If the version number is the same then you do not need to upgrade to a newer version. If it the version number is lower than the version available at the AWS marketplace then follow the directions below to upgrade.
Directions:
- First create a backup from the Admin tab then run the updates on the Admin tab.
- Create a new VM (AWS) or Instance (Azure) of TrueStack Direct Connect from the AWS or Azure marketplaces.
- Follow the initial configuration instructions. Be sure to follow the Additional Required Steps.
- Shut down your current server so it doesn’t cause a DNS conflict on the internet after you complete the restore below. Do not delete your old server until the new server is up and running and tested with the restored database.
- Move your elastic IP (AWS) or Static IP (Azure) over to the new server.
- Turn on the new server and run the updates.
- After updating, on the Admin tab of the new TrueStack Direct Connect server, click on Choose File and upload the backup file to your new server, click on Restore. This will restore the database of your old TrueStack Direct Connect server to your new one.
- Do not turn the old server back on at the same time the restored server is on as this will cause a DNS conflict.
- Change your password – In the TrueStack Direct Connect console on the settings tab change the default password to a secure password.
- Backup – On the admin tab periodically backup your server.
- Update – On the admin tab periodically update the server. Always backup up the server before running updates.
- Keep your Windows servers up to date.
Please upgrade immediately to version 1.4.10 or higher to fix security vulnerability, CVE-2022-23775. Contract TrueStack at [email protected] if you have any trouble upgrading. New instances purchased from the AWS marketplace will be versions 1.4.10 or higher.
To upgrade:
- On the Admin tab in the console click on Update, notice the version number at the bottom of the screen. This should update you to version 1.4.10 or higher<img loading="lazy" decoding="async" src="https://truestack.com/wp-content/uploads/2022/03/Upgrade1.4.10.png" alt="Update Button" width="592" height="407" class="aligncenter size-full wp-image-2493"
- If TrueStack hangs on the upgrade or doesn’t upgrade to 1.4.10, SSH into the instance and run sudo apt-get upgrade
- Follow these steps:
- First backup your instance from the Admin tab of the TrueStack Direct Connect Console.
- Download and install Putty from here. or use another SSH tool if you have one.
- On your EC2 dashboard open the SSH port to your IP for your TrueStack Direct Connect Security Group. Click to expand image.
- Open Putty. Type the Public IP Address of your instance in section Host Name (or IP address). Make sure the port is set to 22 and the Connection type is SSH.
- In Putty under Connection, expand SSH and Click on Auth. Browse to the location where you saved the Key Pair (certificate) that is associated with your TrueStack Direct Connect EC2 instance in AWS. This Key Pair was created when you set up your AWS EC2 account or the first time you set up TrueStack Direct Connect. Open your instance.
- Accept the certificate. To login, type the username: admin
- Type: sudo apt-get upgrade. Click y for yes when prompted.
- When the upgrade completes Type: sudo apt-get update
- From the AWS console Stop and restart your TrueStack Direct Connect instance by clicking Actions / Instance State / Stop
- Once the Instance completely stops, start it again from the Actions tab.
- Login to your TrueStack Direct Connect console. Create another backup. Then run the updates on the settings tab to get the most up to date version of TrueStack Direct Connect.
- Remove the SSH inbound port on your TrueStack Direct Connect Security Group.
Troubleshoot upgrading:
If Sudo apt-get upgrade fails:
Some of our clients have reported that upgrades from 1.4.6, or 1.4.7 to 1.4.10 fail. If this is the case, follow these steps:
- Follow the steps above to make a backup and SSH in to the instance.
- After running sudo apt-get upgrade you may see this error:
- Follow the directions in the command and run sudo dpkg –configure -a
- Then run sudo apt-get upgrade again
- You may however get this error:
- If you see this error follow the directions but add “sudo” at the front of the command. Run this command: sudo apt –fix-broken install
- During this command you may be prompted to use additional space, click Y for Yes or enter to add additional space
- After this you may prompted to keep the current version of cloud.cfg. Click enter for N or No (default) which is to keep the current version.
- Then run sudo apt-get upgrade again
If no errors restart your Truestack instance from the AWS console and ensure it’s now up to 1.4.10 or higher
If no errors restart your Truestack instance from the AWS console and ensure it’s now up to 1.4.10 or higher
Please contact us at [email protected] if you have any trouble upgrading to version 1.4.10
Certificate shows expired on console
- The SSL certificate for your TrueStack Direct Connect console should automatically renew every few months. If your SSL certificate shows expired, on the Admin tab, run the updates to 1.3.16 or higher, then reboot your instance from the AWS or Azure console.
Update Error: Some index files failed to download. They have been ignored or old ones used instead.
- First backup your instance from the Admin tab of the TrueStack Direct Connect Console.
- If you receive this error after clicking on the Update button on the Admin tab follow these directions to resume normal updates. This will require connecting to your TrueStack Direct Connect Instance with the SSH protocol using a tool like Putty.
- Download and install Putty from here.
- On your EC2 dashboard open the SSH port to your IP for your TrueStack Direct Connect Security Group. Click to expand image.
- Open Putty. Type the Public IP Address of your instance in section Host Name (or IP address). Make sure the port is set to 22 and the Connection type is SSH.
- In Putty under Connection, expand SSH and Click on Auth. Browse to the location where you saved the Key Pair (certificate) that is associated with your TrueStack Direct Connect EC2 instance in AWS. This Key Pair was created when you set up your AWS EC2 account or the first time you set up TrueStack Direct Connect. Open your instance.
- Accept the certificate. To login, type the username: admin
- Type: sudo apt-get upgrade. Click y for yes when prompted.
- When the upgrade completes Type: sudo apt-get update
- From the AWS console Stop and restart your TrueStack Direct Connect instance by clicking Actions / Instance State / Stop
- Once the Instance completely stops, start it again from the Actions tab.
- Login to your TrueStack Direct Connect console. Create another backup. Then run the updates on the settings tab to get the most up to date version of TrueStack Direct Connect.
- Remove the SSH inbound port on your TrueStack Direct Connect Security Group.
Client won’t connect
- Ensure the computer is connected to the internet.
- Restart the TrueStack service on the computer or restart the computer.
- Delete and reinstall TrueStack Direct Connect on the computer.
Can’t ping or access the client computer from the Windows server
- Ensure the computer is connected to the internet.
- Restart the TrueStack service on the computer or restart the computer
- Ensure the computer is a member of the Windows domain
- Ensure File and Print sharing is open on the computer
- Ensure that the route 5.5.0.0/20 is added in AWS or Azure. For directions see the initial configuration.
- When adding a route in your VPC we recommend using the default VPC.
- In AWS, disable Change Source/Dest. Check. Choose the TrueStack Direct Connect instance. Click on Actions, Networking, Change Source/Dest. Check. Click Yes, Disable. For better directions see the initial configuration.
- Some DNS servers provided by your ISP may block some DNS traffic going across port 1194. In these cases the Windows server won’t be able to access the client. Check the client’s TAP adapter icon in control panel to see if it shows “Unidentified network” under the adapter name, instead of your Windows domain name.
It should show the Domain name. Change the DNS address of the TAP adapter to Google’s 8.8.8.8 or 8.8.4.4. If you’re ISP is causing this DNS issue then you will see that your domain name immediately appears on the client’s TAP adapter. Once the domain name appears on the TAP adapter, you should be able to access the client.
This should be a rare situation, however, in this case you have a few options:- Change DHCP on your on premise router to give out the IP of your gateway or a 3rd party DNS, such as Google’s DNS servers – 8.8.8.8 or 8.8.4.4 instead of your ISPs DNS servers.
- Set static DNS servers IPs for the affected computers. You may find that some laptops which are required to connect to multiple ISP networks will frequently have this issue, so it may be easier to set those laptops to Google’s DNS server IPs.
Reset your TrueStack Direct Connect Password:
- Follow the directions for Update Error above to connect to your TrueStack Direct Connect instance with the SSH protocol.
- Type “sudo /opt/directconnect/bin/resetpasswd”
- Create a new password. Then you should be able log in to the interface with the new password.
Upgrade to a new version of TrueStack Direct Connect
- First create a backup then run the updates on the Admin tab. This will update you to the latest version of TrueStack Direct Connect.
- If you need to migrate to a new Instance (AWS) or VM (Azure) or you need to upgrade to a 25 or Unlimited edition of TrueStack Direct Connect, click on the Admin tab and download a backup of your server.
- Create a new VM or Instance of TrueStack Direct Connect from the AWS or Azure marketplaces.
- Follow the initial configuration instructions.
- Shut down your current server so it doesn’t cause a DNS conflict on the internet after you complete the restore on the next step.
- Move your elastic IP (AWS) or Static IP (Azure) over to the new server.
- Turn on the new server and run the updates.
- After updating, on the Admin tab of the new TrueStack Direct Connect server, click on Choose File and upload the backup file to your new server, click on Restore.
Can’t access web console after changing to a static or elastic IP
- Clear your DNS cache on the computer.
- Clear the cache in Chrome.
- Shutdown your TrueStack Direct Connect instance and start it again. The elastic IP associates with a Truestack.net DNS name on startup. By shutting down and re-loading your server you will re-initiate this process.
My cloud Windows server won’t promote to a domain controller
- Ensure your local administrator password and your domain administrator password are not the same.
- Ensure that both the on premise and cloud servers can ping each other by IP. The cloud server should be able to ping the tap adapter IP of the on premise server.
- Server 2008 – If you are prompting a 2012 or 2016 domain controller in a 2008 forest and domain, we recommend restarting the on premise server after you’ve installed the TrueStack client and before promoting the cloud server as a domain controller.
- Domain promotion may hang on some servers if there is a slow internet connection or packets are lost during promotion. In these cases, you can cancel the promotion and try again. After canceling the promotion, we recommend terminating the cloud server and starting with a brand new cloud server. On the on premise server delete the cloud server out of Active Directory, AD sites and services and DNS before adding a new server and trying the promotion again.
Because every network has different priorities every migration will be a little bit different. With that in mind, this blog is written for the purpose of helping your organization plan your on premise Windows domain controller and file server migration to the cloud using TrueStack Direct Connect, with little or no disruption to your end-users.
TrueStack Direct Connect is a VPN management server made to connect Windows and Mac computers to Windows domain controllers and files servers in the AWS cloud.
A detailed explanation of the Windows DC and file server migrations steps are posted here.
Please read this document before you start to help you better prepare your network and plan your migration.
Overall Performance:
Slowness is generally related to computer performance, cloud server performance or bandwidth. Before you migrate, plan carefully, especially in these 3 areas.
Slowness is generally not related to managing Active Directory computers with a cloud Windows domain controller, unless your domain controller is using WSUS, SQL or other client server software or scripts that use up resources on the cloud server and on the client.
Organizations whose end-users access files on cloud Windows server network shares may experience slowness also due lack of resources in one of these three areas. See about cloud file access below.
About cloud file access:
- For organizations who use TrueStack Direct Connect to connect their end users to cloud Windows file servers, browsing files will be noticeable slower on Windows 7 computers vs. Windows 10 computers.
- If you are using Office 2010 or an earlier version of office to access files on a cloud Windows file server you will notice lag times in file access. We recommend Office 2013 or later.
- Access to files on a cloud Windows file server will be much faster if your on premise computers use Windows 10 with SSD drives.
- PDF files on the cloud Windows server will open faster with newer versions of Adobe Reader or Adobe Acrobat. Large graphic or design files will open slower if the files are on the cloud Windows server. See pictures, PDFs and Videos below.
Computer Performance:
System Requirements: Windows 7, 8, 8.1,10, 32 bit or 64 bit. Administrator rights are required for TrueStack Direct Connect client installation.
For the best performance we recommend: Windows 10 Pro, i5 (or equivalent), 8GBs memory, SSD, Microsoft Office 2016
Cloud Server Performance:
Below are general recommendations for server performance.
Free Space: Windows servers may run slower when there is less than 20% free space on the root hard drive. You can increase the size of the root hard drive in AWS. We recommend shutting down your server and making a snapshot of the drive before you increase the size.
Updates and Restarts: Updating and restarting your Windows server regularly will also increase server performance. We recommend putting your server on a schedule to restart at least once a week after hours.
Server Usage: When choosing the size of your servers consider it’s use. For example, SQL servers need more VCPUs, IOPS and memory. Servers that are used for heavy file access of pictures, large PDFs and large videos will also require more VCPUs, memory, IOPS and bandwidth (see Pictures, PDFs and Videos below).
Separate Hard Drives: We recommend that Windows storage drives used for file access in the cloud, are SSD and are separate drives from the root. This will make it much easier to upgrade your OS in the future (see upgrades below). It will also make it easier to backup and restore (see backups below) and easier to increase the size of the drive if needed without affecting the OS.
IOPS (Input/Output Operations per second): Monitor your server’s performance and IOPS usage to determine your organization needs. In cloud servers, IOPS is often the determining factor as to the speed of your server and cloud network throughput.
TrueStack IOPS: In general TrueStack Direct Connect servers use very few IOPs. You will find that the IOPS credits are very stable and it rarely has to be restarted or upgraded to a faster server.
We do not recommend restarting the TrueStack Direct Connect server on a schedule. A restart will disconnect all of your computers. After a restart, some computers may not reconnect correctly. If a computer has a connection issue, restart the TrueStack service on the computer or restart the computer instead of restarting the TrueStack Direct Connect server.
AWS IOPS:
In AWS, IOPS are determined by the server version and the size of the hard drive. The larger the hard drive or server the more IOPS credits you accumulate. T2 instances are burstable. This means that they may run out of credits. When you run out your Windows server will run very slow. If you find that your Windows server slows down in the middle of the day, consider increasing the size of the root hard drive. For Windows, we recommend starting with a 60GB SSD then increase it up to 200GBs or larger. You can also increase your VCPUs and memory by upgrading to a faster server. If you start with a T2 Micro instance and you’re seeing slowness, upgrade to a T2 Small or T2 medium and increase the size of your root drive.
You can monitor your IOPS credits on the monitor tab of your instance. If it shows close to 0 credits the server will be very slow. In general you’re credits should be around 150 – 300 or more. Regular restarts of your Windows server improves IOPs performance and credits. We recommend scheduling your Windows server to restart at least once a week. We do not recommend scheduling a restart of your TrueStack Direct Connect server. Servers running SQL will require more VCPUs and IOPS. If you are running WSUS, monitor your credits throughout the day and upgrade as needed.
You can upgrade the size of the hard drive or upgrade to a faster server without loosing data. As a precaution, we recommend that you shut the server down then snapshot the drives before you upgrade.
Use the AWS Calculator to determine the IOPS per hard drive size. 1TB = 3000 IOPs for an SSD drive. Be aware that different regions charge different rates. Because of this, for example, it may make more economic sense with little performance difference to put your servers in US West Oregon, instead of US West California.
AWS Server Size Recommendations:
Recommended: 1- 10 connected devices
TrueStack Direct Connect server: T2 Nano, 8GB SSD
Windows Server: T2 Micro 60GB SSD
10 – 20 connected devices:
TrueStack Direct Connect server: T2 Micro, 8GB SSD
Windows Server: T2 Small 100GB SSD
25 – 50 connected devices:
TrueStack Direct Connect server: T2 Micro, 8GB SSD
Windows Server: T2 Medium 200GB SSD
50 – 100 connected devices:
TrueStack Direct Connect server: T2 Micro, 30GB SSD
Windows Server: T2 Large 200GB SSD
Bandwidth:
The amount of on-prem bandwidth your organization needs depends on what type of load you are putting on your server. Here are our general recommendations based on 1 Windows DC and file server with 1 TB of Storage, using a cable connection. In this scenario users generally access Microsoft Office and PDF files on cloud Windows shared folders For some organizations a dedicated synchronous connection may be preferred.
1 – 10 connected devices: 50 mpbs/down – 10 mbps/up
10 – 50 connected devices: 100 mbps/down – 20 mpbs/up
50 – 100 connected devices: 200 mbps/down – 50 mpbs/up
Client/Server line of business applications
In general, client server applications like Quickbooks database manager or Sage Accounting or custom multi-user Microsoft Access databases, will not run at speed across the TrueStack Direct Connect VPN. Here are some alternatives:
- Move to a web-based application.
- Use Microsoft remoteapp in the cloud to stream the application to the user. We’ve written a blog explaining how to do this in AWS. How to Set up Windows Remoteapp in AWS.
- Set up a Remote Desktop Gateway server and RDP server.
- Use Parralels in the cloud or another remote streaming app to stream the application to the end-user.
- Put the application on a local member server or computer. We don’t recommend this solution unless there is no other alternative. Here’s why:
- You will need to maintain an onsite/offsite backup solution for the onsite member server.
- The client Windows computers onsite will need to be able to find the onsite member server by DNS or IP. By default the TAP adapter will register an IP for the member server in the 5.5.0.0/20 network. The onsite clients will not be able to communicate with the member server with this IP. They will only be able to communicate with the local IP, for example 192.168.1.2. So you will have to update the DNS address that the clients get. The easiest way to do this is to un-check the “Register this connection’s address in DNS” checkbox on the DNS tab of Advanced TCP/IP Settings for the TAP network adapter.
After that ensure that the local IP address of the member server appears correctly in Windows DNS on the cloud Windows DC. Another way to update DNS is to set the IP for the member server in the local host file of the client computers. One problem with this method is that if you Un-register DNS for the member computer then the Windows DC won’t be able to send Group Policy information and other commands to the member server because the Windows DC can’t communicate with the local IP. To update the member servers policies you will have to temporarily register it’s TAP adapter in DNS. This is why host files might work better.
DNS and DHCP
After migration ensure that Windows DNS and DHCP is set up correctly. If DNS isn’t working correctly your connected devices will take longer to find the correct UNC paths for shared folders and may not receive their group policies. If DHCP isn’t working correctly your computers may still be searching for the on premise Windows server instead of the cloud Windows server.
- On premise DHCP should be giving out DNS IPs of your gateway or your ISP or 3rd party DNS servers. If they are giving out the DNS IP of your old on premise Windows server you will need to change it so you’re computers will find the cloud server instead of looking to the old on premise server for DNS.
- If you had previously used your on premise DHCP server to give out IPs change DHCP to your router.
- Ensure your TrueStack Direct Connect VM or instance has a cloud static IP.
- Private IPs are inherently static. But they aren’t set at the cloud network adapter, they’re set by AWS. Public IPs that aren’t set static will change after a restart, unlike prviate IPs. In fact, do not set a static IP on the cloud network adapter of the VM or Instance, you may loose complete access to the server!
- In AWS be sure to add a route for 5.5.0.0/2. Both of these are required in order for the Windows DC to be able to access the client computers. Follow the Additional Required Steps in the step by step configuration to add these routes. https://truestack.com/truestack-direct-connect-aws-setup
- In AWS, be sure to Disable Change Source/Dest. Check for the TrueStack Direct Connect server. Follow the directions in initial configuration for AWS to make this change. https://truestack.com/truestack-direct-connect-aws-setup
- On the cloud Windows DC, ensure that the DNS address for the network adapter is set to 127.0.0.1 or the Private IP of the Windows server, for example 10.0.0.5.
- In the TrueStack Direct Connect interface ensure connected computers show the private IP of the Windows DNS server in the DNS server IPs section.
- In the Windows firewall for the client and the server open file and print sharing for the domain only, so you can access the clients by UNC path and ping them by DNS name to see if DNS is working correctly.
- Some DNS servers provided by your ISP may block some DNS traffic going across port 1194. In these cases the Windows server won’t be able to access the client. You will know that this isn’t working because you won’t be able to ping the client by DNS name from the cloud Windows server and the client’s TAP adapter icon in control panel will show “Unidentified network” under the adapter name, instead of your Windows domain name.
You can test this by changing DNS on the network adapter of one local client to an external DNS server, for example use Google’s 8.8.8.8 or 8.8.4.4. If you’re ISP is causing this DNS issue then you will see that your domain name immediately appears on the client’s TAP adapter.
This should be a rare situation, however, in this case you have a few options:- Change DHCP on your on premise router to give out the IP of your gateway or a 3rd party DNS, such as Google’s DNS servers – 8.8.8.8 or 8.8.4.4
- Set static DNS servers IPs for the affected computers. You may find that some laptops which are required to connect to multiple ISP networks will frequently have this issue, so it may be easier to set those laptops to Google’s DNS server IPs.
- Note: the client’s local area adapter or wifi adapter should not show your domain name. It should either show “Network #” or the Wifi name. If it is showing you’re domain name, it’s probably because you’re router is giving out the old on premise server’s IP for DNS or DNS is set static on the adapter with your old server’s DNS IP. This should be removed.
Minimize Disruption – Rename your Cloud Server:
The best way to minimize disruption to your end-users during migration is by removing the on premise server and renaming the cloud server to the same name the on premise server had. If you install the TrueStack Direct Connect client on their computers and restart the computers after you’ve removed the on premise server and renamed the cloud server to the same name the on premise server had, then your end-users will log on as normal and be able to access their network shares as normal after migration. If the Overall Performance is well tested (see section Overall Performance) then you’re end-users shouldn’t even notice that the server is out of the closet.
During migration, If you do not completely remove your on premise server from the cloud Windows domain, even if DNS and DHCP are set correctly, your on premise computers may still look for the old on premise Windows server for authentication and DNS. After you have migrated all of the FSMO roles, data and applications, then demote your on premise Windows DC and then remove it from the Windows domain, rename it and delete all entries for the server in AD Sites and Services and in DNS. Restart the server. Then after installing TrueStack Direct Connect on the client computers and restarting the computers, they will find the new Windows cloud server for authentication and DNS.
We recommend that you snap shot the server before you rename it.
Printers
- Use Branch Office Printing for capable printers. Here’s a explanation of Branch Office printing from Microsoft. If you rename the server to the same name your old on premise server had and ensure your shared printers have the same name they had before, then your end-users will be able to continue to print as normal after migration.
- Some printers, especially those that require print codes, may not work well with Branch Office printing. For those printers see this link to use a GPO to install the printers locally.
- Branch Office Printing does not work on Windows 7 computers. Printers on Windows 7 computers will have to be installed TCP/IP locally or installed through a GPO.
- Some printers that are capable of using DNS and Branch Office printing may connect very slowly. The end-user may feel like their entire computer is running slow because these printers are associated with the main applications they frequently use, like Microsoft Office. In these cases we recommend testing with different print drivers. Be aware that different print drivers will act differently on different Operating Systems. If there aren’t any print drivers that connect at normal speed on all computers with Branch Office printing, we recommend installing these printers TCP/IP locally instead of using Branch Office printing or use a GPO.
- Some networks require USB connected printers to be shared. In these instances, because the computers cannot communicate with each other through the TrueStack Direct Connect VPN, we recommend setting the computer with the connected USB printer to a static IP. Other users can then access the local shared printer by UNC path – for example \\192.168.0.25\printer
Scanners
- If you have been using scan to file, we recommend switching to scan to email. If you have O365 or Gsuite you can may be able to use these accounts for SSL/TLS relay through their SMPT servers. You can also use a 3rd party SMTP relay server or set up a SMTP rely in the cloud.
- If you need to use scan to file you will be required to either have an on premise file computer or member server that you’re client computers can use to access a shared folder for scans or you will need to set the computers with a static IP so the scanner can find the computers by IP across the network.
- You can also use a USB scanner connected to one computer.
Ports:
TrueStack Direct Connect uses ports TCP 80, 443 and UDP 1194. These ports should be left open in the cloud AWS firewall.
- Port UDP 1194 is used for client/server VPN traffic.
- Port 80 redirects to port 443.
- Port 443 is used for the TrueStack Direct Connect interface and updates. It’s also used for authentication of the client installer and to certify that the TrueStack Direct Connect is a valid AWS server.
- In AWS add an ALL Traffic entry in the Security Group. The Type is All Traffic and the Source is your subnet. Type the name of your security group for the subnet. See additional required steps in the step by step configuration. https://truestack.com/truestack-direct-connect-aws-setup
- You do not need to open a ports on the Windows firewall of the on premise computer. See Windows firewall section below.
Backups:
Here are some of our recommendations for backing up the cloud server.
- If you have shared files that need to be backed up nightlly, add an additional hard drive to the cloud server and use Windows backup to backup to that drive. In AWS you can use a less expensive Cold HDD (sc1)
- Periodically snapshot the server.
- For a backup DC, add an additional Windows DC in a different region and use TrueStack Direct Connect to connect the DCs.
- If you have available Microsoft volume licenses or if you can use SPLA licenses set up a Microsoft DPM server for backup.
- Use a 3rd party solution such as Cloudberry to S3.
- Consider using Volume Shadow Copy. This will require more storage and more system resources.
Windows Firewall
TrueStack Direct Connect does not require any ports to be open for the cloud server on the Windows firewall or on the client Windows firewalls.
We do recommend opening File and Print sharing on the cloud Windows server so the computers can access network shares on the server. You can also open file and print sharing for the domain for the on premise Windows computers so the Windows DC can access the computers by UNC path.
Future Operating System Upgrades
- Keep your root drives and shared storage drives separate. That way, if for any reason you need to move a hard drive to another server you can easily move it by disconnecting it from the base server and reconnecting it to another server.
- AWS makes it easy to expand any hard drive, including root drives. Snapshot the drives before expanding them.
- You can easily migrate to the a new Windows server operating system by installing the OS on a new VM, then adding it to the domain, promoting it as a DC and migrating the FSMO roles. After that move the hard drive to the new DC and set the share and NTFS permissions.
- You can then demote the old Windows server, remove it completely from the domain and rename it, then name the new Windows server the same name that the old server change the private IP to be the same IP the old server had. By doing this last step the new server will emulate the old one and the on premise computers will direct to the new server.
- If the cloud storage drives were a separate drive you can move them over to the new server.
- Snap shot all drives before doing migration.
Pictures, PDFs and Videos
- We recommend using Adobe Acrobat Reader DC or newer on Windows 10 computers for PDF viewing. Reader DC caches pages better than previous versions. This means that if your bandwidth is adequate (see section Bandwidth) a large PDF over 100 mbs in size will download quickly and open the first few pages quickly. While the user is viewing the first few pages, the rest of the pages will download to the computer. Windows 10 is better at this PDF caching than Windows 7.
- Pictures that are 1 – 2mb will open at normal speed. These generally have .gif, .jpeg and .PNG extensions. Programs that are used to edit pictures, like Photoshop, Illustrator or InDesign use much larger files. These files may open slow across the VPN.
- We recommend that graphic design stations open their design files locally on their computers especially if they are editing large pictures and video. They can periodically upload the copies or final editions to the Windows server.
- Some designers may require saving a shared folder on a computer or member server that is regularly backed up to the cloud.
- Other options include setting up a dedicated cloud hard drive for the design files or using faster servers with better throughput and more IOPS on the hard drives used for design files. You could also consider setting up a remote desktop server dedicated for a design user. However, we’ve found that none of these options work as well as opening the files locally on the design computer and periodically uploading them to the server or using a local network share that’s backed up to the cloud.
Cloud Pricing
- Use the AWS Calculator to determine the cost of your cloud servers.
AWS
- When using the AWS Calculator notice that different regions charge different rates.
- Un-check the Free Tier Usage checkbox in the upper right-hand corner to find out what your expenses will be once your Free Tier expires.
- There is no cost for Static IPs (Elastic IP) as long as they are in use. You will be charged for use of the Static IP when the server is turned off. You do not need a Static IP for your Windows server since it is only accessed by the private IP.
- If you decide to use a Reserved Instance you will have to pay for 1 year up front. You can upgrade at any time, but you will have pay the difference.
- AWS assumes there are 730 hours in a month.