Many of our users view their CloudShare environments as separate and different entities than their own organizational infrastructure and systems. On one side, there is your organizational environment and on the other there are your CloudShare environments. But why make this distinction when they can both be part of the same entity? More and more organizations are starting to understand the needs for Hybrid Cloud solutions and look for different ways to implement them.
With Cloudshare’s new Shared Environment and VPN Tunneling features (available for TeamLabs and Enterprise users), we introduced a huge potential for integration of your different environments.
One of the great benefits of these features is an integration of your CloudShare environments with your organizational Active Directory domain, thus making them a part and an extension of your organizational environment.
Basically, there are three different solutions for integrating your CloudShare environments with your organizational domain:
- Join your VMs directly to your domain through the VPN Tunnel (transparent integration).
- Add a new Domain Controller on your CloudShare Shared Environment that will be a part of the domain (Preferably configured on a different site and optionally as a RODC).
- Add a new Domain Controller on your CloudShare Shared Environment that will be a part of a new domain and configure Trust relationships between the domains.
This blog post won’t provide you with step-by-step walkthroughs, but general guidelines for each solution.
These guidelines are based on the assumption that you already have a Shared Environment with VPN Tunnel up and running.
Not sure how to set this up? Check this blog post on how to set up a Shared Environment and VPN Tunnel.
1 – Join your VMs directly to your organizational domain
My personal favorite option. Simple and fast.
As long as you have a functional VPN Tunnel from your Shared Environment, you can join your Sub-Environments’ VMs directly to your organizational domain. Adding the VMs to you domain is similar to adding any other regular machine in your network. The only changes you have to do before joining the VMs are:
- Change the VM’s DNS server to point to your Domain Controller IP address.
- Make sure the following ports are open in your network for your CloudShare network: UDP – 389. TCP – 139, 389, and 445.
That’s it! As I said, Simple and fast
2 – Add a new Domain Controller on your CloudShare Shared Environment as a part of your domain
This option is more complex but provides you with great security and delegation control.
When deploying this kind of solution I usually prefer “going all out” and deploying it with RODC and configuring the CloudShare Environment as a different site with this RODC.
RODC (Read Only DC) was introduced in Windows Server 2008 and ensures that no AD changes (users, permissions, etc.) can be made by VMs which are authenticated through it. This way you can tighten your control over possible changes from your CloudShare environments.
Additionally, you can deploy this solution with a VPN Tunnel only configured for the shared DC alone, thus exposing your network only to one specific CloudShare VM.
Few points to consider:
- Make sure you know how to work with Active Directory (DC Promo, adding a new DC to your domain, Sites&RODC optionally).
- You’ll need to create a DC (or RODC) in the Shared Environment. This can be easily achieved by adding an additional standard Windows Server VM from our templates library. Just make sure that the Windows version corresponds with your Domain Functional Level.
- Your new CloudShare DC’s DNS server should point to your organizational DC IP address. The rest of your VMs’ DNS should point to the new DC.
- Make sure the following ports are open for your new DC: UDP – 389. TCP – 139, 389, and 445.
3 – Create a new domain for your CloudShare environments and configure Trust relationships with your organizational domain
I personally don’t see too many benefits with this solution compared to the second one (If you do, go ahead and share your opinion in the comments). But it is possible to implement this solution of course, and has the same requirements as the second solution.
Hybrid Cloud is the new buzz word! So go ahead and expand yourself and have a happy Hybrid-CloudSharing while doing so!