Expanding your Domain Controller infrastructure with AWS EC2 | Softcat
Skip to main content

Login to eCAT

Customer Support
Contact Sales

Expanding your Domain Controller infrastructure with AWS EC2

Adding resiliency to your on-premises Domain Controllers in AWS
Softcat PPT Background Radial Aubergine Gradient RGB

Anaas Shwehdi

Principal AWS Engineer

In today’s rapidly evolving IT landscape, the ability to scale and secure network infrastructure efficiently is paramount for any organisation. One critical component of network infrastructure is the Domain Controller (DC), which manages user access, systems authentication, and more. This blog post explores how AWS EC2 (Elastic Compute Cloud) facilitates the expansion of DC infrastructure, and how it can enhance resilience and scalability for your organisation 

Understanding DCs and AWS EC2 

A DC is a server that responds to security authentication requests within a Windows Server domain. It is a crucial element for user management, system authentication, and enforcing security policies.  

Cloud technologies like Amazon EC2 offers scalable computing capacity, making it an excellent choice for deploying additional DCs in order to add resiliency. EC2 provides secure, resizable compute capacity in the cloud, allowing you to launch applications when needed without upfront investments in hardware. 

The benefits of building additional DCs in AWS  

Building additional DCs in AWS offers several benefits: 

  • High availability: deploying at least two DCs in each region and configuring a minimum of two Availability Zones (AZs) provides high availability. 

  • Performance: if you require additional DCs due to performance, you can add more to existing AZs or deploy to another available AZ. 

  • Secure and fast authentication: having a locally accessible Active Directory domain controller is an important factor in achieving fast, reliable, and secure Active Directory authentication. 

  • Optimised infrastructure: you can securely extend your existing Active Directory domain to AWS and optimise your infrastructure for maximum performance. 

  • Secure remote access: AWS Systems Manager Session Manager port forwarding helps provide a secure and simple way to manage your domain resources remotely, without the need to open inbound ports and maintain Remote Desktop Gateway (RDGW) hosts. 

  • Multi-region deployment: if you’re operating in more than one AWS region and require Active Directory to be available in all these regions, you can use the best practices in the Design and Planning Guide for a multi-region deployment strategy. 

For more detailed information, you can refer to the AWS security blog and AWS Design considerations for running Active Directory on EC2 instances. 

AWS expansion in action 

Softcat recently supported a medium-sized organisation in expanding their DC into AWS EC2. The organisation had a long-standing on-premises data centre and faced significant risks due to a lack of redundancy. By integrating AWS EC2 into their domain infrastructure, the organisation not only eliminated the risks associated with a single point of failure, but also gained a scalable, resilient solution that supports their growth. The additional DCs in separate AZs (Availability Zones) provided fault tolerance, reduced latency by serving requests from the nearest geographical location, and enhanced the overall security of their network infrastructure. 

The expansion of this organisation’s Domain Controllers into AWS showcases the practical benefits of cloud integration for critical network infrastructure. 

Technical deep dive: how to build an additional DC in AWS 

Expanding your data centre into an AWS environment can significantly enhance your infrastructure's resilience and scalability. Whether you're looking to eliminate single points of failure or improve performance, the cloud offers robust solutions to meet your needs. With the support of a trusted partner like Softcat, you can navigate this transition smoothly and efficiently. 

Preparing your AWS environment 

  • EC2 instance selection: choose instances that meet the requirements for a DC, typically ones with adequate memory and network performance. 

VPC and network setup: configure your Amazon Virtual Private Cloud (VPC) to provide a logically isolated section of the AWS Cloud, where you can launch AWS resources. Set up subnets in different AZs to ensure high availability. 

Establishing a site-to-site VPN tunnel  

  • VPN configuration: set up a VPN tunnel between your on-premises network and your VPC to secure the replication data. This step involves configuring the VPN gateway on AWS and connecting it with your on-premises VPN device. 

  • Routing: ensure that routes are correctly configured to direct traffic between the on-premises DC and the AWS-hosted DC over the VPN connection. 

Configuring the DC on AWS EC2: 

  • Installation and configuration: install Windows Server on the EC2 instance and promote it to a DC. This includes setting up Active Directory and configuring DNS settings. 

  • Security settings: configure security groups and network ACLs to allow traffic on necessary ports such as TCP and UDP 53 (DNS), TCP and UDP 88 (Kerberos), TCP and UDP 389 (LDAP), and others required for AD operations. 

  • Joining to domain: join the new AWS DC to the existing domain, ensuring it replicates correctly with the on-premises DC. 

Monitoring and maintaining your DCs 

  • Implement monitoring using AWS CloudWatch to keep track of EC2 performance and system health.  

  • Set up alerts for any potential issues with the DCs, and plan regular backups using AWS Backup services to ensure data integrity and quick recovery in case of a disaster. 

  • Implement AWS CloudTrail alongside CloudWatch to log and monitor API calls and changes in your AWS environment, providing an audit trail for changes to your DCs. 

  • Plan for disaster recovery by setting up AWS Route 53 health checks and DNS failover to redirect traffic to healthy DCs automatically, in case of an outage. 

In conclusion 

AWS EC2 provides a robust, scalable platform that enhances the resilience and efficiency of services like DCs. Organisations looking to bolster their network infrastructure should consider AWS to leverage its flexibility, security, and scalability. 

Are you ready to enhance your infrastructure's resilience and scalability? Please reach out to your Softcat Account Manager or our Sales team for a detailed consultation on how you can tailor these technologies to fit your organisation's needs.