AD/DNS/DHCP domain controller in Amazon EC2 or VPC: migrating production environment

active-directoryamazon ec2amazon-vpcwindows-server-2012

I currently have a co-location production environment which I want to migrate to AWS. Our infrastructure relies heavily on Active Directory for access to several platforms hosted within the environment – think Sharepoint, Tableau, etc.

I've had conflicting advice so far in terms of setup – I've been advised to go down both EC2 and VPC routes and I can't seem to make either way stick. Essentially I want to be able to setup a domain controller, staging and production SQL/Web servers, CI server and SAN.

Has anybody has success in setting up an AD/DNS/DHCP domain controller in either EC2 or VPC?
Do you even need DHCP when setting up in EC2?

Best Answer

According to: Amazon Web Services – Implementing Active Directory Domain Services in the AWS Cloud

With an Amazon VPC, Dynamic Host Configuration Protocol (DHCP) services are provided by default for your instances. DHCP scopes do not need to be managed; they are created for the Amazon VPC subnets you define when you deploy your solution. These DHCP services cannot be disabled, so you’ll need to use them rather than deploying your own DHCP server.

According to Amazon EC2 Instance IP Adressing - Private IP Addresses and Internal DNS Hostnames

An instance launched in a VPC is given a primary private IP address in the address range of the subnet. For more information, see Subnet Sizing in the Amazon VPC User Guide. If you don't specify a primary private IP address when you launch the instance, we select an available IP address in the subnet's range for you. Each instance in a VPC has a default network interface (eth0) that is assigned the primary private IP address. You can also specify additional private IP addresses, known as secondary private IP addresses. Unlike primary private IP addresses, secondary private IP addresses can be reassigned from one instance to another. For more information, see Multiple Private IP Addresses.

For instances launched in EC2-Classic, we release the private IP address when the instance is stopped or terminated. If you restart your stopped instance, it receives a new private IP address.

For instances launched in a VPC, a private IP address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.

Which I take to mean you cannot assign a static Ip address within the server itself using network settings. You must assign that address when the machine is created using the EC2 console. I don't know how this works in the background, but since AWS requires you use their DHCP, this may create a reservation in the DHCP server that assigns this address to the instance when it launches.

Hope this helps.

Related Topic