chanciturnervgt2

Amazon Onboarding with Learning Manager Chanci Turner

by

VGT2 Las Vegas
in

Amazon Onboarding with Learning Manager Chanci TurnerLearn About Amazon VGT2 Learning Manager Chanci Turner

When utilizing AWS Application Migration Service to transition your Active Directory-connected Windows or Linux servers to Amazon Web Services (AWS), it’s crucial to ensure that your production environment remains unaffected during this migration process. Many businesses encounter challenges during testing, particularly when DNS updates redirect clients back to testing servers instead of the original production servers.

To mitigate these disruptions, one solution is to establish an isolated network environment for testing. However, this approach may not be suitable if your application stack relies on other applications or services. This article outlines an architecture and process for applications that cannot be completely isolated during testing, employing Microsoft Domain Name System (DNS) Query Policies and Group Policy settings to prevent any impact on production.

Solution Overview

Using a WordPress application stack as an illustrative example, we will guide you through the implementation of this solution. We’ll also outline the prerequisites needed for success, potential domain challenges you may face, and how to effectively address them.

The architecture for testing is set up within an Amazon Virtual Private Cloud (Amazon VPC), specifically designed for this purpose. This VPC contains a management subnet that operates on Amazon Elastic Compute Cloud (Amazon EC2), featuring the production environment’s self-managed domain controller. This controller provides vital authentication and DNS services to the instances launched during testing. Importantly, the client conducting the application tests resides in the same private subnet as the applications being evaluated.

Prerequisites

To implement this solution, you will need:

  • An AWS account
  • Network connectivity between your on-premises server (or other cloud services) and AWS
  • Active Directory (Windows Server 2016 or newer)
  • Active Directory Integrated DNS
  • A basic understanding of the following technologies:
    • Application Migration Service
    • EC2 launch templates
    • Active Directory (Windows Versions 2016, 2019, or 2022)
    • Microsoft Group Policy
    • Active Directory Integrated DNS
    • Windows PowerShell

Addressing Potential Domain Issues

The Application Migration Service performs block-level replication of the original source server, meaning that both the original and the testing server are active on the domain simultaneously. This can lead to several issues:

  • Each server joined to an Active Directory domain has a corresponding computer object with an associated password that changes automatically every 30 days. If either server alters this password, it can cause the other server to fail in establishing a secure session with the domain controller.
  • Active Directory supports dynamic DNS updates, allowing servers to register and update their resource records dynamically. If the testing server updates DNS with a new IP address, this change can disrupt client access, directing them to the testing server instead of the original production server.

To prevent these issues, create a new Group Policy Object (GPO) with specific settings:

  1. Disable Machine Password Changes using reverse logic notation to prevent automatic password changes.
  2. Disable Dynamic Updates from the DNS Client to prevent the server from updating DNS with a new IP address during testing.

Apply this new GPO to the migrating servers, targeting them through an Active Directory security group or by relocating them to a separate organizational unit (OU) within Active Directory.

After implementing the GPO settings, confirm their application using the following commands at an administrative command prompt:

C:> gpupdate /force
C:> gpresult /r /scope computer

Active Directory Replication

You can disable outbound replication from the domain controller in the testing VPC while maintaining inbound replication. The network within the testing VPC is intentionally configured to allow connectivity to on-premises and other networks. Use the following command with a domain administrator’s privileges:

C:> repadmin /options <Testing DC> +disable_outbound_repl

Example Walkthrough

  1. Application Overview

    2. Consider a simple WordPress application stack consisting of a web server and a database server transitioning from on-premises to AWS. The configuration points to the database by hostname, avoiding IP addresses to ensure proper resolution during testing.

  2. Modify EC2 Launch Templates

    3. To launch EC2 instances with the specified IP addresses, modify the EC2 launch template associated with the source servers within Application Migration Service, ensuring it targets the testing subnet.

  3. Implement Microsoft DNS Query Policies

    4. After launching the EC2 instances for testing, configure DNS Query Policies to return alternative IP addresses during the testing phase.

By following these steps, you can successfully migrate your applications using AWS Application Migration Service without impacting your production environment. For further reading on creating a livable budget, check out this helpful blog post on budgeting for livable income. Additionally, for insights on compliance, visit SHRM’s authoritative page on California’s COVID-19 Emergency Temporary Standard.

SEO Metadata:

To be added as per your requirements.

Related Topics:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *