This is just a random thought. For small business companies, in case they don't want to host a Windows Server for computers in the office to work in a domain environment, can they rent a server in Amazon EC2 or Rackspace, run Active Directory on the remote server, and have clients in their office connect via VPN to the internal network within the cloud?
The client user scenario would be:
– start the computer
– VPN client connects to the cloud network automatically before user logon
– user logs on with his/her domain account
Is it possible? And if so, is there any performance or security concern?
Best Answer
Should you do this?
This is possible, but not recommended. Active Directory is the cornerstone of an internal Windows network. Without it, users can't log in to their PCs, access network resources, etc. Services like Amazon do have downtime. When this happens you are powerless to resolve the issue yourself, you have to sit and wait.
Assuming you have a large enough pipe to the Internet and can pay for the EC2 bandwidth usage, there's no technical reason why you can't do this, but it's really not good practice to leave the foundation of your internal infrastructure up to a service that you have no control over.
How to implement this if you decide the risk is acceptable
I would get a firewall that can act as a VPN termination point and install the VPN client on the AD server and have that auto-connect on startup. This way the Domain Controller appears to be internal to the clients and you don't need to install VPN client software on every machine.