AD LAB IN THE CLOUD

Getting started on AWS

Top

AD Lab Setup

Use the following steps to prepare for and deploy your AD Lab environment.

Prerequisites

  1. Create a key pair if you don’t already have one (this is required in the CloudFormation template)
    1. Create a new key pair (EC2 -> Under Network & Security, Key Pairs -> Create Key Pair)(or import if desired)
  2. Ensure your EBS SSD volume limit is in the region you will be using are set to 50 TB
  3. Determine Domain setup - A domain is required to operate Ad Lab
    1. Domain Option 1 - Connect to an existing domain - Advanced user
    2. Domain Option 2 - New Domain on an EC2 instance - Advanced user
    3. Domain Option 3 - Simple Domain in AWS (See instructions at the bottom)
  4. Connection Options
    1. VPN Setup - Advanced user
    2. Direct Connect - Advanced user
    3. Bastion Host - Source IP address required

 

Deployment

  1. Subscribe to AWS marketplace
  2. Continue to Configuration (or if previously subscribed but not configured, go to CloudFormation then *Configure subscription below)
    1. Fulfillment Option, AccessData Lab
    2. Version, 1.0
    3. Select Region
    4. Continue to Launch
    5. Action, Launch CloudFormation
  3. CF Configuration
    1. Set name
    2. Select AZ
    3. Set IP range
    4. Select volume sizes, ensure enough space is available (2048 GB, 1024 GB)
    5. Select above created key pair
    6. Accept T&Cs
    7. next
  4. Options: (if/as desired)
    1. (Create Key-tags if/as necessary)
    2. (Select IAM roles if/as necessary)
    3. (Advanced config if/as necessary)
    4. next
    5. Review

  Click acknowledgement box

  Create

 

Once the CloudFormation template is complete you should have

7 Servers

23 EBS volumes

 

Access and Configuration

Bastion Host

  1. Launch new T2micro, Windows EC2 instance
    1. Create a bastion host in the DMZ subnet and bastion security group.
  2. Get EC2 passwords from AWS console using key pair
    1. Get Windows password - Need to download key pair file
  3. RDP into bastion host to access all other servers via RDP.
  4. Add your public IP to the VPC Security Groups - RDP-Access Security Rule

Domain and system setup

  1. Join all servers to your domain.
  2. Create service account for application.
  3. Change DPM and DPE's services to run as domain service account.
  4. Add service account to SQL logins with sysadmin role.
  5. Log in to Lab Client server, launch License Manager, enter your VCM activation code.
  6. Share folders on the DPM for Evidence and Case Folders to the service account.
  7. Launch Lab application from the Lab client system to initialize database and start working.

 

 

Option 3 - AWS Simple Domain Setup

http://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_simple_ad.html
http://docs.aws.amazon.com/directoryservice/latest/admin-guide/create_simple_ad.html
https://aws.amazon.com/directoryservice/other-directories-pricing/

Pre-Reqs

  1. At least 2 Subnets  in different AZ        
    1. West-2c-Private-AD (10.10.12.0/24)
    2. West-2a-Private-AD (10.10.11.0/24)
  2. Open Ports between AZs - Inbound and Outbound rules
    1. TCP/UDP 53 – DNS
    2. TCP/UDP 88 - Kerberos authentication
    3. UDP 123 – NTP
    4. TCP 135 – RPC
    5. UDP 137-138 – Netlogon
    6. TCP 139 – Netlogon
    7. TCP/UDP 389 – LDAP
    8. TCP/UDP 445 – SMB
    9. TCP 873 – Rsync
    10. TCP 3268 - Global Catalog
    11. TCP/UDP 1024-65535 - Ephemeral ports for RPC
    12. The VPC must have default hardware tenancy.
    13. The following encryption types must be enabled in the directory:
      1. RC4_HMAC_MD5
      2. AES128_HMAC_SHA1
      3. AES256_HMAC_SHA1
      4. Future encryption types
  3. Simple AD Configuration (AWS Directory Services)          
    1. Go through step using http://docs.aws.amazon.com/directoryservice/latest/admin-guide/how_to_create_simple_ad.html
      1. Directory DNS: adlab.aws.local
      2. Netbios: adlab
      3. Credential: Administrator\xxxxxxxxx
      4. DNS Address: x.x.x.x, x.x.x.x
    2. Access Active Directory Management
    3. Create new DHCP option with Server and Domain name
      1. VPC Dashboard - Your VPC - highlight your VPC Edit HCP Options set
      2. Refresh IP on Servers
    4. Domain Join directory: Adlad.aws.local
  4. Once you have servers added to the domain - Add Role and Features: Remote Server Administration Tools to the DPM server
Contact us today to learn more about our products and our
approach to improving how you collect, analyze and use data.
Tell Me More