Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > ServerTemplates > Infinity > ST > Microsoft Active Directory (v14 Infinity)

Microsoft Active Directory (v14 Infinity)

Table of Contents    
  1. Description
  2. Features
  3. Technical Overview
    1. Supported Clouds
    2. Backup Method
    3. Supported Images
    4. Security and Firewall Permissions
      1. Security Group
        1. TCP
        2. UDP
      2. Windows Firewall
    5. Managing NTDS and SYSVOL Files
  4. See also

Infinity

Leading edge features
    ►  Overview

 

Description

Configures a Microsoft Active Directory server or additional Directory Controllers leveraging Microsoft best practices.

Features

  • Standalone or multiple Active Directory server configurations
  • Volume-based Active Directory database
  • Scheduled, continuous backups

Technical Overview

Supported Clouds

  • AWS EC2
  • Rackspace Open Cloud*
  • Microsoft Azure

* Rackspace Performance Cloud Servers are not supported.

Backup Method

Backups of Active Directory are performed as system state backups to attached volume and stored as a volume snapshot. (e.g. EBS snapshots on AWS)

Supported Images

  • Windows 2008R2 - Active Directory is included in the image (and is not installed using a boot script like other applications) in order to reduce boot times.

Security and Firewall Permissions

The firewall permissions for the Active Directory server is configured by setting Windows Firewall permssions. For clouds that use security groups (e.g. AWS EC2) for networking permissions at the cloud level, you must also set up and use a security group that has the same firewall permissions. 

Security Group

TCP
  • 53 - Domain Name System (DNS)
  • 88 - Kerberos - Authentication System
  • 135 - Microsoft EPMAP (End Point Mapper)
  • 137 - NetBIOS NetBIOS Name Service
  • 139 - NetBIOS NetBIOS Session Service
  • 389 - Lightweight Directory Access Protocol (LDAP)
  • 445 - Microsoft-DS Active Directory, Windows shares
  • 636 - Lightweight Directory Access Protocol over TLS/SSL (LDAPS)
  • 3268 - Microsoft Global Catalog (LDAP service which contains data from Active Directory forests)
  • 3269 - Microsoft Global Catalog over SSL (similar to port 3268, LDAP over SSL)
  • 1024-65535Registered Ports
UDP
  • 53 - Domain Name System (DNS)
  • 88 - Kerberos - Authentication System
  • 135 - Microsoft EPMAP (End Point Mapper)
  • 137 - NetBIOS NetBIOS Name Service
  • 138 - NetBIOS NetBIOS Datagram Service
  • 389 - Lightweight Directory Access Protocol (LDAP)
  • 445 - Microsoft-DS Active Directory, Windows shares

Windows Firewall

The SYS AD open ports boot script sets up the Windows Firewall on the server with the same permissions as described above. If security groups are not supported by the cloud, only Windows Firewall is used for controlling network access.

Managing NTDS and SYSVOL Files

The ServerTemplate uses volume-based storage (e.g. Amazon EBS), to store the following important Active Directory data:

  • The Active Directory database (Ntds.dit) and associated log files are stored in a volume mapped to the D:\ drive.
  • The system volume (SYSVOL) tree files are stored in a volume mapped to the E:\ drive on AWS and Azure clouds. But on the Rackspace Open Cloud, SYSVOL shares the D:\ drive with Ntds.

 

See also

You must to post a comment.
Last modified
14:17, 23 Jan 2015

Tags

Classifications

This page has no classifications.

Announcements

None

Powered by MindTouch ®

© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.