Amazon Web Services will manage Microsoft's Active Directory identity management store as a service.
The AWS Directory Service for Microsoft Active Directory (Enterprise Edition) is an addition to Amazon's previously rolled out directory services, which include an Active Directory (AD) Connector and Simple AD service. It will not replace AD Connector or Simple AD.
Microsoft's Azure Active Directory service has been available since 2013.
The new AWS Active Directory Service is squarely aimed at enterprises with large Active Directory deployments on premises or on Microsoft's Azure cloud. The service is a good option for shops with more than 5,000 users that need a trust relationship set up between an AWS hosted directory and their on-premises directories, according to Amazon's AWS Directory Service administration guide.
AWS shops were cautiously optimistic about the potential for the new service to cut down on the number of instances they have to manage.
"We have to deal with redundancy of Active Directory servers on our own, which increases the cost," said Kevin Felichko, CTO of PropertyRoom.com, an online auction company based in Frederick, Md. "Assuming the pricing is attractive and there is an easy migration path, we could eliminate those [Elastic Compute Cloud] EC2 instances, which are essentially overkill for the purpose they serve."
The new AWS Active Directory service is priced at $0.40 per hour, considerably more expensive than AD Connector and Simple AD, which go for $0.05 or $0.15 per hour, depending on whether the user wants a small or large configuration. Microsoft has a free offering for Active Directory on Azure, and its paid premium version costs $6 per user, per month, plus support; AWS also has a free tier for its other directory services.
It's still unclear how widespread the adoption of AWS Active Directory will be, according to Patrick McClory, director of automation and DevOps for Datapipe Inc., a provider of managed hosting services for AWS, based in Jersey City, N.J.
"I'm glad to see it, but I don't really have people chomping at the bit for this," he said.
However, it also might lay the groundwork for Windows workloads to be set up faster on AWS, McClory said, particularly when it comes to adding Windows instances to an Active Directory domain, known as a domain join.
"If you put this together with some of the changes they've made in AWS Config, and EC2 run features ... they're doing a lot of work under the hood to get Windows running on Amazon faster from launch to ready," he said. "This gives them all the pieces in one place to do domain joins a lot more quickly and more seamlessly."
This move has little to do with technical features and everything to do with competitive politics, according to Edward Haletky, CEO of the Virtualization Practice LLC in Austin, Texas.
"This doesn't replace Amazon's directory," Haletky said. "They needed to do this, because they want Microsoft apps like SharePoint in their cloud."
Many Microsoft applications require Active Directory, including Microsoft Exchange, SQL Server and the Microsoft Office products, which Amazon currently supports as part of the WorkSpaces virtual desktop service.
"Amazon is saying, 'Migrate to us, we have everything you need,'" Haletky said. "Active Directory support within AWS enables more hybrid cloud options for existing on-premises environments, with little change to how administrators manage identity."
Still, given Microsoft has had Active Directory support for years, Haletky said he sees this as a catch-up move from Amazon.
The AWS Active Directory service joins the introduction of AWS Dedicated Hosts last month as shots across the bow of Microsoft in the competition to host enterprise apps in the cloud.
Planning Active Directory backup and restoration
Managing user identity with Windows Active Directory
Comparing and contrasting AWS and Azure