Amazon has been moving into the enterprise world with the launch of corporate I.T.-friendly Fire HD and HDX tablets, its own secure storage service Zocalo, its virtual desktop computing platform WorkSpaces, and not to mention the cloud computing behemoth that is Amazon Web Services. Today, the company is making the combination of on-premise and cloud resources, easier to manage with the launch of the AWS Directory Service. The service can additionally support the needs of those who need a simpler, standalone directory in the AWS Cloud.
This new offering allows for two different types of directories, depending on the company’s needs.
If the organization is already running an existing directory – which many are, AWS Directory Service provides an “AD Connector” directory type to connect to the directory that’s already in place. That’s a big benefit for organizations that are running a directory like Microsoft’s Active Directory, which is what allows computer to join domains, authenticate users, locate and connect to equipment on the domain, like printers, and access other network services, like SQL Server databases.
When companies introduce cloud-based services, they’ve sometimes been forced to set up a separate cloud-based directory in parallel to the one they run on-premise. That’s where this new “AD Connector” comes in. It’s a gateway technology that serves as a cloud proxy to the existing directory, without the need for complex sync technology or federated sign-on Amazon explains in an announcement of the news on its AWS Blog this morning. Instead, all communications take place over AWS Direct Connect or a secure VPN connection within a Amazon Virtual Private Cloud.
This means that end users can log into Amazon WorkSpaces, Zocalo, EC2 instances running Windows, and the AWS Management Console using their existing username and password associated with the Active Directory account.
The second option provided with the new AWS Directory Service is a Samba-based directory in the cloud, which is set up via the “Simple AD” directory option. This supports common AD features like joins to Windows domains, management of Group Policies, and single sign-on to directory-powered apps. This option would let system administrators and developers sign into the AWS Management Console with directory credentials to manage resources, and it would allow for the administration of EC2 instances running Windows to be managed en masse. Zocalo and WorkSpaces could also take advantage of the directory, in this case.
Amazon claims it’s simple to set up and administer either directory type, but it has oddly chosen to go with hourly pricing based on directory size. (Small directories of either type are $0.05/hour, and large directories are $0.15/hour in the U.S. East region. Other supported regions may have different pricing, includingUS West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), and Europe (Ireland) regions. That makes it more difficult for admins who are used to thinking about paying for cloud services on a monthly or even annual basis, (as I.T. budgets are created for the upcoming year.)
Both directory types are available today in the above regions.