Category: AWS

Posted in Active Directory, AWS, Azure, Windows

VPN TUNNEL (AWS-AZURE) V-NET

Posted on by Akhil

Pre-requisites :

  • Two virtual networks with different Address spaces in different cloud platforms.
  • A virtual machine in each virtual network.
  • In the following scenario,
AZURE V-NETAWS-V-NET
Virtual network namevnet-Azurevnet-Aws
Address space10.0.0.0/16192.168.0.0/16
Subnetsu-1 (10.0.1.0/24)su-1-aws (192.168.1.0/24)
Virtual machineazure-serveraws-server
Private IP10.0.1.4192.168.1.214
RegionEast-USN.Virginia
Domainakhil.com

Procedure :

Azure

  • Create a gateway subnet in the virtual network. //ย Home > Virtual Networks > Select the virtual network > Subnets > Gateway subnet
  • Specify the IP Address range > OK.ย Carry out the same procedure for the both networks.
  • Create Virtual network gateways for both the virtual networks, which acts as the gateway for the traffic incoming and outgoing.
  • Home > Virtual network gateways > Add > type a valid vng name (vng-azure) > select the virtual network (vnet-Azure) > make sure the region is same as that of v-net (vnet-Azure) > create a new public IP (pip-azure-vng) > review and create.ย Noteย : A valid amount of time is taken to get vng created.

AWS

  • Create a Customer gateway (cg-aws) that communicates with the Azure virtual network gateway.
  • VPC > Virtual private network > Customer gateways > Create customer gateway and mention public IP of the virtual network gateway (pip-azure-vng) as shown below.
  • Create Virtual Private Gateway (vpn-aws) in VPC > Virtual private network > Virtual private gateways > create virtual private gateway.
  • Select the Virtual Private Gateway (vpn-aws) > Actions > Attach to vpc > Select the vpc > create.
  • Create the vpn connection in VPC (tunnel-aws-azure) > Virtual private network > site to site vpn connections > create vpn connection > select virtual private gateway (vpn-aws) > select customer gateway (cg-aws) > routing option (static) > mention IP CIDR (Azure) > create vpc connection.

Azure

  • Select the vpn connection (tunnel-aws-azure) > Tunnel details > copy IP of tunnel-1
  • Open Azure > Local network gateways > create local network gateway (lng-aws) > paste the public IP address of tunnel-1 > mention the address space of AWS-VNet (vnet-aws)
  • Create connection (aws-tunnel-1) between the cloud platforms in Home > Virtual network gateways > Select the virtual network gateway (vng-azure) > Connections > Add > vpn connection type (Site to Site (IPsec)) > select the local network gateway (lng-aws) > Paste the PSK obtained from downloaded text file

AWS

  • VPC > route tables > select the route table that is attached to the vnet > routes > edit routes > Add route > destination IP CIDR (that of Azure) > target virtual private gateway (vpn-aws)

Status of tunnel :

The status of the tunnel can be verified both in Azure and AWS cloud platforms

  • In Azure ; Home > Virtual network gateways > virtual network gateway (vng-azure) > Connections
  • In AWS ; VPC > Virtual private network > site to site vpn connections > select the vpn connection > tunnel details
Posted in Active Directory, AWS, Azure, Windows

VPN TUNNEL( V-NET TO V-NET )

Posted on by Akhil

A VPN Tunnel is an encoded connection or a encrypted path way between two different organizations or networks. This private tunnel can give an approach to cloak online activities.

Pre-requisites :

  • Two virtual networks with different Address spaces in different regions.
  • A virtual machine in each virtual network.
  • In the following scenario,
VIRTUAL NETWORK-1VIRTUAL NETWORK-2
Virtual network namev-net-1v-net-2
Address space10.0.0.0/16192.168.0.0/16
Subnetdefault (10.0.0.0/24)default (192.168.0.0/24)
Virtual machinecm-1cm-2
Private IP10.0.0.4192.168.0.4
RegionEast-USCentral-India

Procedure :

  • Create a gateway subnet in both the virtual networks. // Home > Virtual Networks > Select the virtual network > Subnets > Gateway subnet
  • Specify the IP Address range > OK. Carry out the same procedure for the both networks.
  • Create Virtual network gateways for both the virtual networks, which acts as the gateway for the traffic incoming and outgoing.
  • Home > Virtual network gateways > Add > type a valid vgn name (vgn-1) > select the virtual network (v-net-1) > make sure the region is same as that of v-net (v-net-1) > create a new public ip (pip-vgn-1) > review and create. Note : A valid amount of time is taken to get vgn created.
  • Create a second virtual network gateway (vgn-2) for the second virtual network (v-net-2) along side with public IP (pip-vgn-2) for the gateway in the similar process in the same region that of the virtual network (v-net-2).

Configuring VGN :

  • After successful creation of the virtual network gateways resources, go to the first virtual network gateway (vgn-1)
  • Home > Virtual network gateways > connections > Add.
  • Give a valid name and select the second virtual network gateway (vgn-2) and give a pre shared key as shown below.
  • The given shared key is used to establish connection from the other end.
  • Dive back to the second virtual network gateway (vgn-2) and establish a connection to the first virtual network gateway.
  • Home > Virtual network gateway > select the second virtual network gateway (vgn-2) > Connections > Add > create the connection with the same pre shared key.

Note : It takes a few minutes to get the status change from unknown to connected.

Configure the security rules :

  • Configure the security rules of the virtual machines such that the incoming traffic is allowed from the other virtual network as shown below (if required).
  • Similarly configure the security groups of other virtual machine to allow the required traffic from the other virtual network gateway.
  • Check the connection by pinging the private ip of the opposite virtual machine.
Posted in AWS, Linux, Windows

AMAZON EC2

Posted on by Akhil

Amazon elastic cloud computing is used to create cloud virtual instances and many other operations related to the servers like backup, security, maintaining and monitoring the servers. This can be configured both in console and also aws-cli.

AWS – CONSOLE

  • Sign in to the console using log on credentials and access ec2 under services.
  • ec2 > Instances > Launch instance > select the desired ami image and follow on screen commands to launch an instance.
  • ec2 > Instances > Actions > Instance state > Terminate // To terminate the instances.
  • ec2 > Instances > Launch Instances > look after the predefined or self created ami images.

AWS – CLI

  • aws configure > sign in using access key ID and secret access key ID.
  • aws ec2 run-instances --image-id ********* --count 1 --instance-type t2.micro --key-name **** --security-group-id **** // To launch an instance.
  • aws ec2 describe-instances --instance-id **** // To check the status and details of the instance.
  • aws ec2 terminate-instances --instance-ids **** // To terminate the instance and results as shown.
  • aws ec2 describe-images --owners self amazon --filters "Name=platform,Values=Windows // To search for a numerous amount of windows platformed ami images.

Upcoming..

More comparisons between aws-cli and aws console environment.

Posted in AWS, LAMP Stack, Linux, Windows

CREATING MY AIMs IN AWS

Posted on by Akhil

A fantasy or even might be a necessity in some cases to have our own created AMIs. The use of different resources in EC2 in AWS allows an individual to reach their desired targets. An individual can create a clown image of a server in two different ways.

  • An instance of Ubuntu 18.04 is created for a reference in the following practical.
  • An Apache server and also a database with some data were installed and created for the cross verification purpose.

Method One :

  • Select the instance that needed to be clowned > Actions > Image > Create image. // As shown below.
  • The clowned image can be seen in the My AIMs, while launching an instance.
  • Launch the number of instances using the created AIM and connect to any of the instance created.
  • Compare to the original instance // If needed.

Method Two :

  • EC2 > Volumes (Elastic Block Store) > Select the volume > Actions > Create Snapshot as shown below.
  • Created snapshots can be seen in the EC2 > snapshots (Elastic Block Store).
  • Select the desired snapshot > Actions > Create image.
  • The clowned image can be seen in the My AIMs, while launching an instance or in EC2 > AMIs (Images).
  • Launch the number of instances using the created AIM and connect to any of the instance created.
  • Compare to the original instance // If needed.

Posted in Active Directory, AWS, Patch Management, Windows

CONFIGURATION OF WSUS

Posted on by Akhil
  • After confirming with the desired language continue to select the products and the updates that are required for the servers to which the process of patch management should be done.
  • Option of synchronization is up to individual.
  • Begin with the initial synchronization as shown below.
  • Which results in a pop-up of the WSUS Console.
  • All the updates that are obtained once after the server gets in contact with the Microsoft cop. can be seen in this console.
  • Console > Updates > All Updates // Make sure the option (Unapproved and any) to be turned on as shown below.
  • As it is shown that these updates needed to be approved, select all the updates that are visible in the console and right click to approve them which will lead to a confirmation pop-up window as shown.
  • Right click on the group or the computers to which the patch management need to be done and approve for the installation.

Group policy management

Once the updates were approved by the PMS server, to push the desired updates to the client servers one need to update their group policy. This can be done in the Group Policy Management.

  • Windows Start > Server Manager > Tools > Group policy management // In the PMS server.
  • Create a GPO in this domain and Link it here.. by right clicking on the domain to which the patches need to be pushed.
  • Right click on the created group policy to edit which results in Group policy management editor.
  • Expand Computer configurations > Policies > Administrative Templates > Windows Components > Windows Updates.
  • Double clickย Configure Automatic Updatesย and set it toย Enabled.
  • One has a freedom of selecting an option of how to configure the updates as shown below.
  • Click on Apply and then OK.
  • Double clickย Specify Intranet Microsoft Update Service Locationย and set it toย Enabled.
  • Specify the intranet statistics server below in the format [http:Servername:8530] as shown.
  • Click on Apply and OK.
  • Proceed to the client server’s command prompt and force the server to update the group policy as shown below and wait for the servers to get appeared in the WSUS console under unassigned computers.

THE BLOG WILL BE CONTINUED

Posted in Active Directory, AWS, Patch Management, Windows

WINDOWS UPDATE CATEGORIES

Posted on by Akhil

There are various kinds of updates that are provided by Microsoft corporation. Few of them were listed below.

  • Critical Updates
  • Security Updates
  • Definition Updates
  • Update Rollup
  • Service pack
  • Tool
  • Feature pack
  • Update

Critical Updates are updates which fixes specific, non-security related, critical bug. That bug can cause for example serious execution degradation, interoperability malfunction or disturb application compatibility.

Security Updates are one of the important type of updates which makes the the complete corporation to be safe against the world of hackers.

WSUS (Windows Server Update Services)

The concept of patch management is one of the significant service that a firm need to run periodically to update themselves and be strong in every single viewpoint. WSUS is a service developed by the Microsoft, which helps in managing and distribution of the patches to multiple servers from the main server. In the point of practicality a server (Windows 2019) is launched as an instance in AWS and connected remotely

A new role Windows server update services and its features were added to the server accordingly and installed.

  • Windows start > Server manager > Add roles and features //follow the default options on the screen to add a role windows server update service and install the corresponding role.
  • Before configuring the role, Launch the post installation tasks (from the notification bar as shown below).
  • Server manager > Tools > Windows server update service > Create a folder name WSUS in the drive and mention the desired file location and click Run. \\ A dialogue box for the file confirmation appears on the screen as shown.
  • Click close to launch WSUS console.
  • Follow the on screen commands to configure the WSUS.
  • As it is the main server to which the the updates needed to be synchronized from the Microsoft, select the option of synchronize from Microsoft Update as shown.
  • Use the proxy details if needed or else continue further to start connecting with the Microsoft for updating with the details of our server.
  • Select the desired language and click Finish.

Patience is the key for success

Patience is the other important role and feature that needed to be added for success to be followed in this configuration.

CLICK TO CONTINUE THE BLOG

Posted in AWS, Linux, Windows

MANAGING IAM (IDENTITY ACCESS MANAGEMENT) USERS

Posted on by Akhil

Create the user accordingly in IAM (Console) If required multiple. (In my case i use a IAM user named Harish). As the concept of IAM is unique among all other assets of AWS, the operations also differs with the user interface accordingly to the AWS Console and AWS-CLI.

Sign-in page (IAM Users only) :

AWS CONSOLE

  • Direct to the sign-in page using IAM users sign-in link from IAM Dashboard and customize if needed.

AWS-CLI

  • Initialize the configuration of the AWS and follow the onscreen commands for the default settings and follow the commands.
  • aws iam create-account-alias --account-alias cloudees // Customizing sign in link.
  • aws iam list-account-aliases // For detailed information.

Sign-in to the IAM User account with the help of the created alias account.

Identification of IAM users by AWS :

AWS CONSOLE

  • Every IAM User will be given their individual and unique name (usually) and can of-course differentiated based on their username.
  • In any case, a possibility of rehashing names is additionally a probability however it may be of less possibility, a concept of ARN (Amazon Resource Name) is used by AWS.
  • The ARN name of every IAM user can be seen in Identity and Access Management (IAM) > Users > Click on the username // where it shows

AWS-CLI

  • aws iam get-user --user-name Harish // To get complete details of the IAM User. To obtain the result as shown
  • A additional user id is also given for the user by the AWS which helps in differentiating the IAM user by AWS.

To view actions made by the IAM user :

AWS CONSOLE

  • Services> Identity and Access Management (IAM) > Users > Click on the username > Access Advisor
  • Detailed and beautiful graphical representation can be seen.

AWS-CLI

  • aws iam generate-service-last-accessed-details -- arn Arn details obtained above // The report need to be generated initially.
  • A job Id is returned as the output.
  • aws iam get-service-last-accessed-details --job-id obtained job id from above // To get complete details as followed

Adding Policies for IAM Users :

AWS CONSOLE

  • Services> Identity and Access Management (IAM) > Users > Click on the username > Add Permissions // For adding new policies.
  • The desired policies are selected form the listed bunch of predetermined policies.

AWS-CLI

  • aws iam attach-user-policy --policy-arn arn:aws:iam: :aws:policy/amazonS3Fullaccess --user-name Harish // Policy ARN for each policy differs.

Continuation of this differences in operations in many other aspects will be posted soon..

Posted in AWS, Linux, Windows

CREATING MULTIPLE USERS (IAM) IN AWS

Posted on by Akhil

Are you about to handle a lot of servers or users in various departments by providing each their login accreditation’s , then try to use the resource (IAM) Identity Access Management in AWS. When one sign in to the root account of AWS, select the option of IAM under Services where one can find out their IAM users sign-in link: // in the dashboard of IAM, which help the IAM users to redirect for the sign in page.

  • Services > IAM ( Security, Identity, & Compliance ) > Users > Add user
  • Provide the Username (as simple as shown below) > Allow the user to access through (AWS-CLI (if necessary)) AWS Console > Highlighted part is up to individuals.
  • Follow the onscreen commands to attach the existing policies directly > Filter the desired policies and attach to the user > Add Tags // precised separation of the users accordingly as shown > Create User.
  • Download the .csv file for the purpose of AWS-CLI.
  • Direct to the login page using IAM users sign-in link (IAM Dashboard).
  • Sign in using the default credentials provided by the root account as shown.
  • The use of the resources of IAM User in AWS will be according to the permissions provided by the root user.

Good news : The number of IAM users will be just a number as our age with no limitation.

The generated bill is only dependent on the resources used by the IAM user but not the count of IAM users.

Posted in Active Directory, AWS, Windows

CREATING A WINDOWS DOMAIN

Posted on by Akhil

Changing the name of the server

  • Get access to a Windows 2019 server remotely on the host PC
  • Creating a domain controller with the name of of Domain_Controller_1 under windows > server manager > local server > computer name > change. After changing the name of the computer, a procedure of restart is recommended and also mandatory.

Setting up a static IP address

  • Windows > Settings > Network and Sharing Center > Ethernet > Details // Note down the IPv4 Address, IPv4 Subnet Mask, IPv4 Default Gateway.
  • In Ethernet status get down to the properties to select the option of properties of Internet Protocol Version 4 (TCP/IPv4) to enter the IP address, subnet mask and the default gateway.
  • Also set the DNS server as the IPv4 Address. // Setting the complete control on the domain. (Recommendation : Restart the server)

Assigning the Domain Controller

  • Windows > Server Manager > Dashboard > Add Roles and Features // Follow the onscreen commands> add a role of Active directory domain service in server roles which pop ups with its required default features > Install.
  • Configuring the active directory domain service Promote this server to a domain controller // In the notifications (exclamatory mark) > Add a forest // for the first time > specify the desired root domain name (something.something eg: cloudees.com) > follow the onscreen commands to install and followed by a restart procedure.
  • Confirmation of the Domain controller : Windows > Service manager > Local server (The computer name along with the Domain are changed respectively for the desired ones. ) > Tools (Top right corner of service manger)> Active directory Users and Controllers > Domain name > Domain Controllers (Where the current server should be seen as follows).

Connecting a client server

  • Get access to a Windows 2019 server remotely on the host PC .
  • Windows > Settings > Network and Sharing Center > Ethernet > Details // Note down the IPv4 Address, IPv4 Subnet Mask, IPv4 Default Gateway.
  • In Ethernet status get down to the properties to select the option of properties of Internet Protocol Version 4 (TCP/IPv4) to enter the IP address, subnet mask and the default gateway.
  • Also set the DNS server as the IPv4 Address of Domain Controller as shown. // Setting the complete control on the domain. (Recommendation : Restart the server)
  • Windows > Control panel > System (small icons) > Change settings (Computer name, domain and workgroup settings) > change from workgroup to domain (cloudees.com) > Username and password (Domain controller) // Cross the barrier of the domain by providing the details of the domain controller. Welcome to the () domain.

Confirmation of the client server in the domain : IN DOMAIN CONTROLLER Windows > Service manager >Tools (Top right corner of service manger)> Active directory Users and Controllers > Domain name > Domain Controllers (Where the domain controller should be seen as follows) > Computers (Where the all client servers should be displayed).

Posted in AWS, Linux, Windows

AWS-CLI (AWS-COMMAND LINE INTERFACE)

Posted on by Akhil

Accessing AWS through Windows Powershell

https://s3.amazonaws.com/aws-cli/AWSCLI64PY3.msi // Download the MSI installer for windows (64-bit) and run the downloaded MSI installer by following the onscreen instructions. Open powershell as administrator and execute the following commands. Before continuing with the commands download the Access key ID and The Secret Access Key from the security credentials of the respected aws account as shown

  • aws configure // To get started with the aws -cli
  • Provide the Access key ID and the respective Secret access key to get access to the aws (Respective account).
  • Follow the onscreen commands by typing the default region name and the default output format.
Default region names in aws-cli

Accessing AWS through Linux using AWS-CLI

Open any Ubuntu Linux operated system and follow the same steps, initializing with the configuration of aws using sudo aws configure.

Looking for the basic commands of aws-cli

https://docs.aws.amazon.com/cli/latest/userguide/aws-cli.pdf