Businesses that have been apprehensive or unsure about transitioning their Microsoft applications to the Rackspace Open Cloud can feel more at ease now that we’ve added Microsoft Active Directory administrator support to our Managed Cloud Fanatical Support. The new support options include installation, configuration, monitoring and patching and troubleshooting; support features that were previously only available to our dedicated hosting customers.
For more details of what is supported, check out the Knowledge Center article “Managed Cloud Windows – Sphere’s of Support.”
Here are three reasons why extending Fanatical Support for Active Directory makes transitioning your Microsoft applications, including business productivity and collaboration applications, to the Open Cloud easier, more secure and more cost effective than ever before:
Reason 1: Active Directory Provides a Single Set of Credentials
Keeping track of unique logins for individual Cloud Servers has been a challenge for anyone who’s using a cloud platform to host Windows services. Now, with Active Directory in the cloud, Rackspace Engineers can configure a one-way Forest Trust between your on-premise, dedicated and Cloud Servers to deliver a single set of credentials that will provide authentication and authorization to all of your servers and services.
This creates a number of options to make your transition to the cloud easier. Specifically, complex web apps, such as Microsoft Exchange, Lync, and SharePoint, can be deployed to the Open Cloud and have Active Directory authentication for users.
Reason 2: Active Directory Provides Better Security
Security of your data is critical. Rackspace Support Engineers can help you use the security features provided by Active Directory Domain Services and other Rackspace cloud products to reduce the risk of lost passwords, weak passwords and unenforced security controls.
You can further increase the security posture of your Cloud Servers by using Rackspace Cloud Networks to create a private network to isolate traffic to just your Cloud Servers; RackConnect to protect your servers with a stateful firewall; and Cloud Backup to complete your data protection strategy with file-level daily backups.
Reason 3: Active Directory in the Cloud is More Cost Effective
Moving your Active Directory Domain Controller and other applications to the cloud has additional advantages as well. Cloud computing resources costing significantly less than dedicated infrastructure, meaning you can architect your environment to perform better and be more fault tolerant with each server appropriately sized for the role it plays in the environment as opposed to having one larger dedicated box forced to play multiple roles.
So, since Active Directory does not require a significant amount of resources a 1GB Managed Cloud Server at $0.18/hr should be sufficient. However, keep in mind that best practices still encourage deploying a minimum of two Active Directory Domain Controllers in the environment for redundancy.
Dos and Don’ts of Hosting Active Directory Services in the Open Cloud
Generally speaking, when using RackConnect, all ports are usually allowed from the Cloud Servers to the dedicated servers. But if you have specific compliance requirements, like PCI, then only specific ports must be allowed and the RPC dynamic range ports must be “pegged” on each domain controller.
Keep in mind that cloning or re-building your Domain Controller from a snapshot is not supported by Rackspace and is discouraged by Microsoft. Microsoft’s best practices says to not recover a Domain Controller from a back-up, but rather build a new one and allow the built-in replication to bring the Domain Controller up to the appropriate level, hence the recommendation for two.
Also, you’ll still have a problem when you try to rebuild from the snapshot; the rebuild will run into a conflict when it tries to set a local password since Domain Controllers do not have local accounts. If you would like a more in-depth explanation on this, check out the Knowledge Center Article about Why Password Reset Fails on a Domain Controller.
You’ll save yourself a few hours of headaches if you don’t snapshot your Active Directory.