worldsvova.blogg.se - Amazon workspaces directory unavailable

Amazon workspaces directory unavailable registration#

Delegate the necessary rights to this Security Group.

Create a single Security Group in the self-managed Active Directory or AWS Managed AD and follow process to delegate directory join privileges for AWS Managed Microsoft AD.

Reduce the administrative effort and security risk of performing the Delegation of Control multiple times when provisioning and deprovisioning new Service Accounts by creating a Security Group. Step 1: Provision service accounts for the AD Connectorsīefore deploying an AD Connector prepare a Service Account as part of the AD Connector prerequisites.Īs a best practice, create a different service account for each AD Connector to avoid a potential single point of failure.

A self-managed Active directory or an AWS Managed Microsoft AD configured to replicate to your standby Region(s).

Two private subnets in each VPC in each Region.

A Virtual Private Cloud (VPC) configured in each Region.

An Identity and Access Management (IAM) user with permissions to create AWS Managed AD, AD Connectors, Amazon WorkSpaces and Amazon Route53 DNS records.(figure 1)įigure 1: a diagram illustrating the primary and secondary regions and the flow of the redirection Prerequisites

The following diagram shows the solution overview.

Amazon workspaces directory unavailable registration#

Providing users with this FQDN instead of a registration code allows the FQDN to resolve to the registration code of the standby Region without end user intervention. The Fully Qualified Domain Name (FQDN) in the TXT DNS records replaces the WorkSpaces registration code. In order to redirect users to their WorkSpaces in the standby region, I create a TXT record in DNS with a region-specific value. You may use Amazon WorkSpaces Multi-Region Resilience to stay cost optimized in your standby region. The contingency WorkSpaces in the standby Region remain on standby as a high availability alternative. A second WorkSpace is created for each user in a standby Region. WorkSpaces are launched in the primary Region to provision users with their virtual desktop environment. The AD Connector proxies authentication requests to the AWS Managed AD. In preparation to respond to a localized issue, a multi-Region AWS Managed AD is deployed. In this example, I use an Enterprise Edition of AWS Managed AD that is replicated across the relevant AWS regions. Self-managed Active Directory can be running in your datacenter and connected to your Virtual Private Cloud (VPC) or on Amazon Elastic Compute Cloud (Amazon EC2) instances. The user database can be either a self-managed Active Directory or AWS Managed Microsoft AD. In this solution, Amazon WorkSpaces are supported by AWS Directory Services. In this post, I demonstrate a solution that you can use to redirect your WorkSpaces population from one AWS Region to another within of a few minutes. With a geographically dispersed and highly available workforce, the next step is to secure an End User Computing solution that is also resilient to localized issues. This model also removes the risk that an unforeseen event that affects a single office building could hold back an entire organization. Having a remote and disperse workforce allows organizations to reduce their real estate costs significantly while maintaining the same or even higher levels of productivity. Amazon WorkSpaces provides a cloud native, fully managed virtual desktop for remote working models with business continuity requirements.