Which solution will meet these requirements MOST cost-effectively?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A company’s solutions architect needs to provide secure Remote Desktop connectivity to users for Amazon EC2 Windows instances that are hosted in a VPC.The solution must integrate centralized user management with the company’s on-premises Active Directory.Connectivity to the VPC is through the internet.The company has hardware that can be used to establish an AWS Site-to-Site VPN connection.

Which solution will meet these requirements MOST cost-effectively?

Deploy a managed Active Directory by using AWS Directory Service for Microsoft Active Directory. Establish a trust with the on-premises Active Directory. Deploy an EC2 instance as a bastion host in the VPC. Ensure that the EC2 instance is joined to the domain. Use the bastion host to access the target instances through RDP.

Configure AWS Single Sign-On to integrate with the on-premises Active Directory by using the AWS Directory Service for Microsoft Active Directory AD Connector. Configure permission sets against user groups for access to AWS Systems Manager. Use Systems Manager Fleet Manager to access the target instances through RDP.

Implement a VPN between the on-premises environment and the target VPEnsure that the target instances are joined to the on-premises Active Directory domain over the VPN connection. Configure RDP access through the VPN. Connect from the company’s network to the target instances.

Deploy a managed Active Directory by using AWS Directory Service for Microsoft Active Directory. Establish a trust with the on-premises Active Directory. Deploy a Remote Desktop Gateway on AWS by using an AWS Quick Start. Ensure that the Remote Desktop Gateway is joined to the domain. Use the Remote Desktop Gateway to access the target instances through RDP.

Explanations:

This setup requires additional costs and maintenance for the bastion host and does not leverage Systems Manager or VPN for secure, centralized access. While it supports Active Directory, it’s less cost-effective and secure.

AWS SSO with AD Connector to the on-premises AD and Systems Manager Fleet Manager provides a centralized, cost-effective solution for RDP access without needing additional infrastructure.

This approach requires maintaining a VPN connection for RDP, which can add costs. It also lacks integration with AWS Systems Manager and would not be as cost-effective or easily scalable as other solutions.

Although RD Gateway offers secure access, deploying and managing it on AWS can incur additional costs and operational overhead compared to the AWS Systems Manager solution, which provides native integration and reduced cost.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × one =