Using the AWS Launch Wizard to Simplify App Deployment, Part 1: Active Directory Setup
Brien Posey begins his two-part take on the tool by explaining the Active Directory deployment process and more.
Deploying enterprise applications can be tricky. Before an IT pro even begins the setup process, they must consider things like application sizing and how to configure the application in a way that adheres to established best practices. Cloud-based deployments can further complicate the process.
Amazon has sought to simplify the deployment of enterprise class applications through its AWS Launch Wizard. The AWS Launch Wizard is designed to guide you through the deployment of complex, enterprise applications. In doing so, it helps you make sure that the application is appropriately sized and that it is configured correctly.
For right now the AWS Launch Wizard supports Microsoft SQL Server, Microsoft Active Directory and SAP, and it seems likely that Amazon may add support for additional applications in the future.
In case you are wondering, there is no charge for using the AWS Launch Wizard. You will of course, have to pay for the resources that you use as you deploy EC2 virtual machines, provision storage and use other types of resources. So with that said, let's take a look at how the AWS Launch Wizard works.
You can access AWS Launch Wizard by selecting the Launch Wizard option from the list of services. It's located in the Management and Governance section. Upon doing so, AWS will open an overview screen that provides a brief summary of how AWS Launch Wizard works. To get started, click on the Choose Application button.
At this point, you will see a dialog box like the one shown in Figure 1, which displays a list of the supported applications. Go ahead and select the application that you want to deploy, and then click on the Create Deployment button.
For the purposes of this article, I will take a look at the Active Directory deployment process. It is worth noting, however, that the three applications that are supported by AWS Launch Wizard are vastly different from one another. As such, the general flow is relatively consistent from one application to the next, but the actual deployment steps vary widely from one application to another.
Step 1: Review Permissions
The first step in deploying any of the supported applications is to review the required permissions. When you arrive at the Review Permissions screen, which is shown in Figure 2, you will see a message telling you that AWS Identity and Access Management (IAM) allows the AWS Launch Wizard to access the necessary AWS services on your behalf. The message goes on to explain that if you continue on with the wizard, it will create a new IAM role within your account called AmazonEC3RoleForLaunchWizard. This role is created regardless of which application you are deploying. However, if you deploy SAP, then a second IAM role called AmazonLambdaRoleForLaunchWizard will be created.
The nice thing about this first step is that it does not require you to actually do anything. The AWS Launch Wizard will automatically create the required IAM role. All you have to do is to click Next.
Step 2: Configure Application Settings
The second step is where you actually configure the application settings. In the case of an Active Directory deployment, the first thing that you will need to do is to provide a name. This name has nothing to do with the Active Directory itself. It works more like a job name. As you can see in Figure 3, you also have the option of choosing an ARN if you want to use the Simple Notification Service, but doing so is optional.
The next thing that you will need to do is to choose where you want to deploy your Active Directory domain controllers. The wizard defaults to using EC2, but as you can see in the figure above, there is also an option to perform an on premises Active Directory deployment.
As you scroll down, you will see an option to select the number of domain controllers that you want to deploy, and the wizard even gives you the option of providing names for the domain controllers if you want.
Next, you will need to choose the licensing model that you want to use. In the case of an Active Directory deployment, you can choose to use a license that is included with the Amazon Machine Image (AMI), or you can use a Bring Your Own License model with a custom AMI.
The next group of settings that you will need to configure are very similar to those shown within Windows when you manually deploy a new domain controller. For example, you will need to tell the wizard whether you are adding a new domain controller to an existing forest or creating a new forest. You will also need to specify the DNS name that you want to use, along with a corresponding NetBIOS name.
Once you have provided these Active Directory specific details, you are going to need to create a domain administrator secret name. This is a process that is unique to the wizard, and I will show you how it works in Part 2.
Brien Posey is a 20-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.