Active Directory, U of I Resources in AWS

How to use UOFI Active Directory resources from within the AWS cloud without having to connect to on-campus resources.

When using an Enterprise VPC, UOFI Active Directory services are available in three ways (Please note, in order to access UOFI Active Directory, an Enterprise VPC must be peered with a Core Services VPC - See Amazon Web Services, VPC Guide for Illinois):

  • Kerberos
  • LDAP
  • Windows domain-join

Kerberos

Load-balanced Kerberos authentication is available at the following address (port 88):

  • krb-ad-aws.kerberos.illinois.edu

LDAP

Load-balanced LDAP is available at the following address (on port 389):
  • ldap-ad-aws.ldap.illinois.edu
LDAP traffic must be encrypted in one of two ways:
  • At the authentication layer, any supported SASL mechanism (preferably GSSAPI/Kerberos) with integrity validation (packet signing)
  • At the data transport layer, TLS encryption (using STARTTLS/STOPTLS commands)

Windows Domain-Join

Standard domain-join is also available for Windows OS computers in peered Enterprise VPCs, using the usual UOFI Active Directory DNS name:

  • ad.uillinois.edu




Keywords:aws, activedirectory, active, directory, uofi, cloud, kerberos, ldap, domain, AD   Doc ID:79613
Owner:Active D.Group:University of Illinois Technology Services
Created:2018-01-24 10:46 CDTUpdated:2018-07-12 16:16 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0