Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs
-
Upload
aws-germany -
Category
Technology
-
view
638 -
download
4
Transcript of Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs
![Page 1: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/1.jpg)
Introduction to Amazon Directory Services, Amazon WorkSpaces,
Amazon WorkMail, and Amazon WorkDocs
Justin Bradley,
AWS Solutions Architect
![Page 2: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/2.jpg)
Agenda
1. Amazon Directory Services
2. Amazon WorkSpaces
3. Amazon WorkMail
4. Amazon WorkDocs
![Page 3: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/3.jpg)
Amazon Directory Services Overview
• “Directory as a Service”
– Windows 2008 R2 compatible forest/domain
– Amazon EC2 instances can join the domain at launch
– Deploy AD-dependent applications on Windows in Amazon EC2
– Enables single sign-on to AWS Management Console and services
• Alleviates the pain of deploying, configuring, and
maintaining directory infrastructure in Amazon EC2
![Page 4: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/4.jpg)
Amazon Directory Services ModesAmazon Directory Services operates in 1 of 2 modes
– Simple Active Directory
– Active Directory Connector
*Does not support EC2 Classic network*
![Page 5: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/5.jpg)
Simple AD Directory Mode
Simple AD Directory mode
– Samba 4 as the backend
– Resides only in the AWS cloud, cannot extend to on-premises
– Limited to VPC EC2 instances
– Supports Applications such as SQL and SharePoint
– Supports Kerberos
– Group Policies
– Manage Directory via common LDAP Tools or Microsoft Directory Services MMC
– Supports ADSIedit
– Windows Event Viewer compatible logs
– Windows CLI tools such as dsadd, dsmod and the csvde import tool
![Page 6: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/6.jpg)
Simple AD Pre-requisites
Simple AD Directory for use with VPC instances
– A VPC
– At least 2 subnets in different Availability Zones
– Amazon DS creates two ENIs in your VPC to be used as DNS servers
– Amazon DS creates security group to allow you to control access to your
directory
![Page 7: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/7.jpg)
Simple AD Directory Services PortsTCP/UDP 53 – DNS
TCP/UDP 88 - Kerberos authentication
UDP 123 – NTP
TCP 135 – RPC
UDP 137-138 – Netlogon
TCP 139 – Netlogon
TCP/UDP 389 – LDAP
TCP/UDP 445 – SMB
TCP 873 – FRS
TCP 3268 - Global Catalog
TCP/UDP 1024-65535 - Ephemeral ports for RPC
![Page 8: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/8.jpg)
Amazon Directory Services BackupsAbility to backup directory data by creating snapshots
– Manual
– Auto
Restore the Directory from snapshots
![Page 9: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/9.jpg)
Amazon Directory Services AD Connector
AD Connector mode
– Enables use of existing AD credentials on on-premises Active Directory domain
– Connects your on-premises directory to AWS Apps and Services such as
Workspaces, WorkDocs, and WorkMail
– Allows single sign-on to the AWS Console
– On-premises data is not stored on AWS
– Forwards requests (ie. authentication, query/search) and sends them to the on-
premises domain
– Choice of small or large connector type
– Support for Multi Factor Authentication (MFA) – Radius
![Page 10: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/10.jpg)
Amazon Directory Services AD ConnectorAD Connector Directory Requirements
– Requires VPC with VPN connection (software or hardware based)
– IP address of on-premises DNS servers
– Credentials of Domain privileged user (required by connector account)
• Read all user information
• Join a computer to the domain
– AWS DS creates a Connect SecurityGroup which is used on the customer side
Customer
Corp Network
10.31.0.0/16 VPC 172.16.0.0/16AD
Connector
ENI
ENI
VPN
ConnectionActive
Directory
EC2 Instances
![Page 11: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/11.jpg)
Amazon Directory Services Access URL
• Globally unique ‘friendly’ identifier for a directory, example:
mobyapp.awsapps.com
• One unique access URL per Directory
• Used by Amazon WorkMail and Amazon WorkDocs to access the
service and/or access to the AWS Management Console
![Page 12: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/12.jpg)
AWS Console Access– Ability to use your on-premise AD or simple AD directory credentials to login into AWS
management console.
– Map users or groups to Amazon IAM roles (new or existing).
– Use access URL of directory followed by /console (ie.
https://mobyapp.awsapps.com/console).
![Page 13: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/13.jpg)
Amazon WorkSpaces Availability
6 Regions
• Oregon
• Northern Virginia
• Ireland
• Tokyo
• Singapore
• Sydney
![Page 14: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/14.jpg)
Amazon WorkSpaces Key Service Features
• Secure Cloud workspace accessible from any
device
• Persistent, secure cloud based storage
• Amazon WorkSpaces can joined to your Active
Directory
• Integration with customer VPC/VPN to provide
access to on-premises resources
![Page 15: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/15.jpg)
Amazon WorkSpaces Devices
• iPad
• Kindle Fire HDX (Keyboard & Mouse)
• Android Tablet
• Microsoft Windows
• Mac
• Zero clients
• Cromebook
![Page 16: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/16.jpg)
Keep Data Secure and Available
• No data stored on end-user device
• Only Pixels delivered to users (PCoIP)
• User volume backed by Amazon S3
• Multi-factor authentication (MFA)
• Encrypted Storage Volumes Using KMS
![Page 17: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/17.jpg)
Getting Started – What are the steps?
• Integrate VPC with Corporate Active Directory (or use Simple Directory)
• Choose Amazon WorkSpaces Bundle
• Select Users to receive Amazon WorkSpaces
• Launch Amazon WorkSpaces
• Users receive email when provisioned
• Users connect to Amazon WorkSpaces
![Page 18: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/18.jpg)
eth0 serves WorkSpace pixels back to the client
device
eth1 serves traffic to:• Internet • resources in VPC• resources on-prem
eth0eth1
Corp On-Prem
Network
Corp VPC
eni
Internet Gateway
Internet
AWS Direct Connect
Amazon WorkSpaces are dual-homed Windows Server 2008 R2 instances
with Windows 7 experience
eth1 = Corp VPC
Amazon WorkSpaces connect into two VPCs
Amazon
Client connects to a “WorkSpaces Gateway” between your device and your WorkSpaces
PCoIP
tcp and udp 4172
![Page 19: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/19.jpg)
Amazon WorkMail Overview
Secure email and calendaring service
Integrates with an existing corporate directory
Control both the keys that encrypt data and the
location in which the data is stored
![Page 20: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/20.jpg)
• Native compatibility with Microsoft Outlook on
Windows and Mac
• Shared calendars and shared mailboxes
• Global address book
• Support for resource booking
• Advanced permissions and delegation
• Server side rules
WorkMail: Fully featured enterprise email and calendar
![Page 21: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/21.jpg)
Amazon WorkMail AccessMicrosoft Outlook clients (Windows & OSX)
Exchange ActiveSync protocol enabled devices
– iPhone, iPad
– Kindle Fire, Fire Phone
– Android
– Windows Phone
– BlackBerry 10
Web Browser
![Page 22: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/22.jpg)
Amazon WorkMail Limits
Up to 25 users for a 30-day free trial
Mailbox size is 50GB
Maximum in/out message size is 25 MB
Maximum number of recipients per email is 500
Each user can send mail up to 3,000 recipients every
24 hours
![Page 23: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/23.jpg)
AdminsLogins / AD
Mailbox
Access
Encryption using customer managed keys
Amazon WorkMail encrypts customer data using customer managed keysby integrating with AWS Key Management Service (KMS).
Regional data control
Customers select the region in which their mailbox data will be stored,allowing them to take advantage of lower latency and regionalcompliance rules.
Simple to use
Amazon WorkMail makes it easy to manage your corporate email infrastructure and securely integrates with your existing directory service.
WorkMail: Managed & Secure
![Page 24: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/24.jpg)
Amazon WorkMail FAQs
Mailbox’s data at-rest is encrypted
Data in-transit is encrypted
Mail is scanned for spam, malware, viruses
Integrates with Amazon Simple Directory and on-premises Active Directory
Supports @corpname.com email suffix
Supports Active Directory Distribution Groups
Mailboxes managed via AWS Console
Supports Mobile Policies
Integrates with Amazon WorkDocs*
![Page 25: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/25.jpg)
Amazon WorkMail Regions (as of June 25, 2015)
US-East-1
EU-West-2
![Page 26: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/26.jpg)
Amazon WorkDocsFully managed secure enterprise storage and sharing service.
Amazon WorkDocs users can:
– Comment on files
– Send documents to others for feedback
– Upload new versions
– Sync files between PC/MAC and Amazon WorkDocs
Eliminates the need to email and track changes to documents
![Page 27: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/27.jpg)
Amazon WorkDocs Administration & Control
• Simple user management
• Delegated administration
• Fine-grained quota controls
• Employee content migration
• Viral invite option
• Audit logs
• Multi-factor authentication
![Page 28: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/28.jpg)
Amazon WorkDocs Supported Platforms
Supported Platforms
– PCs
– Macs
– Tablets
– Phones
Integrates with existing Corporate Directory (via AD connector)
Has flexible sharing policies, audit logs, and provides control of the location where data is stored
![Page 29: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/29.jpg)
Amazon WorkDocs
Sync Client for Mac and Windows– Download client from Amazon Web Services
– Register Client
– Provide credentials (AD username/password)
– Choose files to Sync and Folders to Sync
![Page 30: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/30.jpg)
Amazon WorkDocs Sync Excluded Files
.lock or .~doctor.ppt
hello.txt~ or ~hello.txt
ppt.C407.tmp or ~WRD000.tmp
Microsoft User Data or Outlook file
*/:<>?\|
Files over 5TB
![Page 31: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/31.jpg)
Amazon WorkDocs
• Supports MFA with Radius
• Single sign-on available from an Amazon
WorkSpaces Session
![Page 32: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/32.jpg)
Questions?
![Page 33: Introduction to Amazon Directory Services, Amazon WorkSpaces, Amazon WorkMail, and Amazon WorkDocs](https://reader036.fdocuments.net/reader036/viewer/2022081723/58743b051a28ab0e6c8b5613/html5/thumbnails/33.jpg)
aws.amazon.com/de/activate
Everything and Anything Startups
Need to Get Started on AWS