STORAGE FOR MAC AND WINDOWS DOMAIN KEYGEN
This consists of three parts: creating a server certificate, creating a Client VPN endpoint, and creating a DHCP option set. To access the file share, you must set up a VPN connection. In the directory details, note the DNS addresses and save them for later.
In this step, I create a new AWS Managed Microsoft AD. In my case, Microsoft AD 1, VPN 1, and FSx 1 are in us-west-2a, while Microsoft AD 2, VPN 2, and FSx 2 are in us-west-2b. Microsoft AD 2, VPN 2, and FSx 2 should be in a different Availability Zone than Microsoft AD 1, VPN 1, and FSx 1. As shown in the following screenshot, repeat the preceding step, with subnets named Microsoft AD 2, FSx 1, FSx 2, VPN 1, and VPN 2, using different CIDR blocks for each.Select the Amazon VPC you just created, and select an Availability Zone. As shown in the following screenshot, for Name tag, enter Microsoft AD 1.Select Subnets in the sidebar, then Create Subnet.To create a solution across multiple Availability Zones, and to logically separate each aspect of my architecture, I create six subnets – two for AWS Managed Microsoft AD, two for Amazon FSx for Windows File Server, and two for Client VPN endpoints. Name your Amazon VPC and enter an IPv4 CIDR block of 10.0.0.0/16.Select Your VPCs in the sidebar, then Create VPC.Mount a file share (macOS, Microsoft Windows, or iOS).įor this tutorial, you should have the following prerequisites:Ĭonfigure Amazon VPC for AWS Managed Microsoft AD and Amazon FSxįirst, I create a new Amazon VPC for my Amazon FSx deployment.Connect to the VPN from a personal device (macOS, Microsoft Windows, or iOS).Create an AWS Client VPN endpoint – this enables VPN access to the Amazon VPC.Create an Amazon FSx for Windows File Server file system – this creates the file system that acts as a central repository.An Active Directory is required for Amazon FSx to allow access to the file share, and is used to connect to the VPN. Create an AWS Managed Microsoft AD using AWS Directory Service.Configure an Amazon Virtual Private Cloud (Amazon VPC) – this provides an isolated network for your Amazon FSx deployment.The preceding architecture diagram depicts the solution outlined in this tutorial, with each service involved spread across two Availability Zones to ensure a highly available file share that can be accessed at any time. Amazon FSx also supports creating file systems linked to an existing, on-premises Active Directory directly without the need to migrate identities over to an AWS Managed Microsoft AD. To ensure high availability, each component is spread over two AWS Availability Zones. Overview of solutionįor the solution in this blog post, I create an AWS Managed Microsoft AD using AWS Directory Service to allow for authentication and authorization to access my file shares, an Amazon FSx file system to host the file shares, and an AWS Client VPN endpoint and gateway to enable remote access. In this blog, I walk through creating a highly available, fully managed file share accessible from personal devices using a virtual private network (VPN).
It allows for Microsoft Active Directory integration, data deduplication, and fully managed backups, among other critical enterprise features. Common use cases include home directories, user and departmental shares, and even media workloads where high throughput and low latency is a requirement.Īmazon FSx for Windows File Server (Amazon FSx) is a fully managed, highly available, and scalable file storage solution built on Windows Server that uses the Server Message Block (SMB) protocol. They also want a repository that is searchable and follows a standard file system architecture. For ease of use and increased productivity, customers are looking for shared file access that can be mounted as a network drive using built-in Windows, macOS, Linux, and iOS tools. With remote work becoming the norm, customers often need a central repository for files that can be accessed from anywhere to enable collaboration and provide highly durable storage.