1

my company purchased a Windows Server 2016 instance with AWS in order to replace our current Windows Server 2008 (which resides in a closet in our office).

However it has proven more difficult than expected to replace all the functionality. Our 2008 server essentially has a file drive that all users on the network can map a drive to as a network location. It serves files stored by other users and by applications with user permissions, ect.

The problem I am encountering when trying to do this with an instance on the cloud is that the server is no longer connected to the same network, so it must be opened up over the internet. This opens up a whole can of worms with security and networking. I have been researching and trying for months to get connected over the internet to this instance and have been unsuccessful at mapping a single drive.

I am really looking for a good guide of what to do. Aside from the last 4-5 months of research and my limited experience managing our local Windows Server 2008, I am relatively inexperienced when it comes to networking. Step by Steps are better than high level constructs. (I am familiar with tools like server manager, windows server essentials, ect but not with specific services like AD, Direct Access, VPN, ect.)

Details:

  • Company has approximately 15 users
  • We have branches in different locations we would like to give access to the files.
  • Looking to host our files, and install applications that manipulate these files (so dropbox is not a good alternative)
  • Server instance is on AWS.

  • Users must be able to "map network location" to this server as they currently do so that everything stays the same for the users.

  • I am pretty familiar with Amazon Web Services.

Thank you!

Jonathan Mongeau
  • 25
  • 3
  • 2
    This is not what AWS EC2 is designed for. EC2 is not a 1:1 replacement for on-premises servers, and it requires a different architecture for doing things - as you have discovered. You probably _can_ do what you're requesting with a VPC VPN, but that requires even more networking configuration. – Mark Henderson Nov 21 '17 at 19:21
  • 1
    I know you've said that your preference is to use/stay with AWS, but SharePoint Online via an Office 365 subscription may be the closest you're going to get to the functionality you need without resorting to some "hack" solution that proves untenable over the long term. – joeqwerty Nov 21 '17 at 19:47

1 Answers1

1

You have at least two options:

  • The probably-less-good option: Create a VPN between the firewall protecting your office and your AWS account, so that you can connect to the AWS VM in question via that VPN tunnel. Then it will be like connecting to a file server at a remote site.
  • The almost certainly better option: Research and implement Amazon S3 (Simple Storage Service), possibly with an on-site S3 gateway. This will give you the cloud resilience and availability with easier maintenance than a VM instance and low latency local caching via the on-site storage gateway. Also, users can merely connect to the share on the gateway instead of initiating a connection all the way to the cloud service. This may mean you don't need the VM instance any more. Spin it down and stop paying for it.

One thing to be aware of when migrating services to public cloud offerings is that it's usually not best to go one-for-one VM to VM. Just because you are using server on-prem for a service doesn't mean you want to replicate that server in the cloud. Using Office 365/Exchange Online to replace on-prem Exchange servers is probably the most famous and common example of this.

Todd Wilcox
  • 2,851
  • 2
  • 20
  • 32
  • Interesting. I have taken a look at Amazon S3 before but it seemed to be an "object" storage service and not a "file" storage service. Is there a fundamental difference? – Jonathan Mongeau Nov 21 '17 at 19:42
  • @JonathanMongeau Yes, there is a difference but you would use the storage gateway as a kind of storage proxy. Clients could connect to the storage gateway using SMB just like any Windows file share and then the storage gateway uses Amazon's S3 protocol to leverage the S3 object storage to keep a cloud copy of the file data. Note that Microsoft Azure has a similar service called StorSimple. The real takeaway is that you might want to engage a consultant who is an expert to do a migration to public cloud. It's fairly complicated. – Todd Wilcox Nov 21 '17 at 19:47