What is our primary use case?
Generally, the primary use case is for our users and people in our company to access the cloud infrastructure. We're managing the ACL permissions through directory services and providing the credentials to the users so they can log into the VMs or in cloud infrastructure using that directory services. It's also for the MFA enabled, to secure the access connection from users who are able to log into the servers.
It's on cloud infrastructure. In its current role, we are using it as Azure infrastructure. Previously, I worked on AWS infrastructure and did my certification based on AWS and Azure Solutions Architect.
How has it helped my organization?
Directory Services basically manages all of our business network connections as the central point of authority. It ensures that all IT resources are connected to the right users. Let's suppose that an employee is terminated or somebody leaves the company. A directory service automatically turns off all access to every resource or device in that individual's library.
What is most valuable?
The most valuable feature is that because it's all in the cloud, you don't need to manage the infrastructure. You don't need to install the hardware cost. The primary benefit with implementing the AWS Directory Service is that the organization can now extend AD identity and management capabilities to AWS resources. Without the AWS Directory Services, both AD and Active Directory and AWS would have to be managed separately.
What needs improvement?
The main function of Active Directory is that it runs in the cloud. It's run on virtual Windows servers. The main function is to enable administrators to manage permissions and control access to our network resources. There are a lot of things that could be improved: services like the schema master, domain naming master, PDC emulator infrastructure masters. These are the things that we can manage and make changes to so that they work more efficiently.
Something I would like to see added is a main domain controller that you can use and implement for managers for access users and PC servers on the network.
For how long have I used the solution?
I have worked with AWS Directory Service for more than three and a half years in my previous work.
What do I think about the stability of the solution?
We had a problem with the schema uploading and setting up the directory when we are migrating our users from on-premises to cloud infrastructure. But then we opened a case and involved the AWS support team. That really helped with the issues that we are facing, and that was fixed. It was a challenge for us.
That's the beauty of AWS infrastructure because when you run on AWS cloud infrastructure, you just keep an eye on the maintenance, like updating the Windows server's patching and adding the users and managing their permission as administrator.
What do I think about the scalability of the solution?
This is on the Windows servers. With Windows servers, we can use the load balancer, which is going to be a scale up and scale high. AWS Directory Service provides enough storage capacity, approximately 30,000 directory objects. "Objects" refers to users, groups, and computers. They have a different edition. AWS Managed Microsoft AD enterprise edition is designed to support organizations with up to 500,000 directory objects. It's a lot of capacity.
We do have a global infrastructure with approximately 700-800 people using that infrastructure. We also set it up with the AD connector. It simply connects our existing infrastructure, on-premise infrastructure, to AWS.
We can definitely increase usage in the future. As I mentioned, the normal one can support up to 30,000 directory objects, which is a lot. We are creating users, groups, and computers. It's all together. With 700 users, 300 groups, and approximately 700-800 computers, that's all together around 2,000-3,000, but we still have enough space.
How are customer service and support?
Tech support is pretty good and they're helpful. They will contact you through email or phone. They're available 24/7.
Which solution did I use previously and why did I switch?
Everything was previously on-premises, including hardware maintenance and cooling system power. We needed to upgrade the hardware, the end of life of the hardware, so that's why we switched from on-premises to low capacity to AWS Directory Services.
How was the initial setup?
AWS Directory Service has a control navigation plan. From there, as per our requirement, we can choose the directories and then choose to set up the directory. Then it's just a simple, straightforward process. From the one I created in the past, I followed the AWS documentation, and they have a very decent and straightforward documentation to build the AWS Directory Services.
What about the implementation team?
In my previous company, where I set up the AWS Directory Services, we had three or four people that worked on the project. I was part of that project. We were basically migrating our on-premises directory service to our cloud infrastructure directory services. It took us around three to four weeks to establish that whole infrastructure.
What's my experience with pricing, setup cost, and licensing?
The pricing depends because with AWS there are two types of directory objects: 30,000 and 500,000. It varies. AWS provides the pricing calculators so we can get an estimate from there as per the company requirement of how many users and objects that we need to create. So we can go to that portal, put in the data, and get the quotation.
There are no extra licensing fees. It's all included.
What other advice do I have?
I would rate this solution 9 out of 10. I have no complaints with the product. It's pretty predefined and user-friendly.
AWS is very helpful and very useful for the infrastructure because that's how you can manage your Microsoft Office 365 user accounts with AWS-managed Microsoft Active Directory Services. That is the secure way for users to log in. As a big organization, it is very important to keep the Directory Services in the cloud and manage the Directory Services for the whole infrastructure.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner