An enterprise customer is starting their migration to the cloud, their main reason for migrating is agility, and they want to make their internal Microsoft Active Directory available to any applications running on AWS; this is so internal users only have to remember one set of credentials and as a central point of user control for leavers and joiners. How could they make their Active Directory secure, and highly available, with minimal on-premises infrastructure changes, in the most cost and time-efficient way? (Choose 1)
a. Using Amazon Elastic Cloud Compute (EC2), they could create a DMZ using a security group; within the security group they could provision two smaller Amazon EC2 instances that are running Openswan for resilient IPSEC tunnels, two larger instances that are domain controllers, they would use multiple availability zones.
b. Using VPC, they could create an extension to their data centre and make use of resilient hardware IPSEC tunnels; they could then have two domain controller instances that are joined to their existing domain and reside within different subnets, in different availability zones.
c. Within the customer’s existing infrastructure, they could provision new hardware to run Active Directory Federation Services; this would present Active Directory as a SAML2 endpoint on the internet; any new application on AWS could be written to authenticate using SAML2.
d. The customer could create a stand-alone VPC with its own Active Directory Domain Controllers; two domain controller instances could be configured, one in each availability zone; new applications would authenticate with those domain controllers.
This question is testing your understanding of how to extend your existing on-premises Active Directory Service into AWS as well as the varying options that AWS offers. There are a few fundamentals of Active Directory that are worth knowing in order to know how you might begin with answering this question.