Active Directory, U of I Resources in AWS
How to use UOFI Active Directory resources from within the AWS cloud without having to connect to on-campus resources.
When using an Enterprise VPC, UOFI Active Directory services are available in three ways (Please note, in order to access UOFI Active Directory, an Enterprise VPC must be peered with a Core Services VPC - See Amazon Web Services, VPC Guide for Illinois):
- Kerberos
- LDAP
- Windows domain-join
Kerberos
Load-balanced Kerberos authentication is available at the following address (port 88):
- krb-ad-aws.kerberos.illinois.edu
LDAP
Load-balanced LDAP (on port 389) and LDAPS (on port 636) are available at the following address:
- ldap-ad-aws.ldap.illinois.edu
- On port 389, at the authentication layer, any supported SASL mechanism (preferably GSSAPI/Kerberos) with integrity validation (packet signing)
- On port 389, at the data transport layer, TLS encryption (using STARTTLS/STOPTLS commands)
- On port 636, at the data transport layer, SSL encryption