Active directory extension solution was built for companies that prefer to keep their infrastructure on premise but would like to have a solution in place for AD DR and redundancy.
Extending your AD to Google Cloud gives you an option to replicate your whole AD with all your users and security groups to GCP and the users will still be able to authenticate if there's an issue with your on premise domain controller.
Before proceeding, check this guide for restrictions and previous steps.
- Login to itopia and create a new deployment. Click All deployments from the main menu and then click the green plus sign
2. Select Server Only as the deployment type, then type the Name of your deployment. The deployment code will be generated automatically. If you prefer to define your own code, uncheck the "Autogenerate Code" box and Type your custom code (we allow from 3 to 8 characters).
Click the Create button.
3. Select your deployment configuration
Select "Existing domain" option and provide your domain admin credentials.
DNS Server IP field: fill in your Active Directory server internal IP
Operating System: if you select 2012, users will get Windows 8 experience, with 2016 you'll get Windows 10 user experience
Secondary Domain Controller: Enabling the option will create Backup Domain Controller server so you will have a primary extended AD server and one more backup AD server that you can schedule to only turn on for 1 hour a day to synchronize the database with primary domain controller and save cost.
Once all the above fields are populated, click Next.
4. Select your GCP settings
Authenticate with your GCP account. The system will ask you for your Google email address and password. Make sure to use the same one you used to sign up for Google Cloud.
Then create a project that will be associated with your deployment. Put the Project Name and click "Create" button. "Project" is a logical way to separate different deployments in GCP.
If you already created a project in Google Cloud, click "Already have one" and it will appear in the drop-down list so you can select it.
5. Enable APIs
The APIs need to be enabled for every project. They allow itopia software to integrate and communicate with your Google infrastructure.
The system will try to enable the API's automatically. In case any of the API's stay disabled, click on the "Enable" button next to it and you will be redirected to a new tab in Google Cloud Platform.
In Google tab, click Enable button located in the top of the screen.
Once enabled, the button will change to "Disable"
IP quota restriction will also be checked. The system will confirm if your Google account is upgraded. Without upgrading the GCP account you would only have access to limited number of static IPs that may not be enough for a basic deployment in itopia.
In https://console.cloud.google.com/ click on the UPGRADE button in the top right corner to upgrade your account. If you don't see such button in the IP quota tab, it means that you account was already upgraded.
After you enable the APIs in Google, you can click on the refresh buttons next to each API.
APIs will turn green to confirm they were enabled so you can continue to Region selection below.
6. Select your GCP Region(s)
In case you'd like to have the AD copied in multiple GCP regions (data center locations), you can add all of them in this step.
Just select the region and add it with the green plus sign.
Editing subnets: Google assigns a default subnet but you have an option to edit it clicking on the pencil icon next to the datacenter.
On the bottom of the screen you can see the instances that will be created. You can add additional instances like app/ web/ database servers clicking on the green plus sign on the right.
Once done, click Next and you'll get the summary of your settings
7. Check if your selected settings are correct and confirm the disclaimer.
Under the settings summary and just above the disclaimer message, you will see Google infrastructure cost estimate to give you an idea of the approximate Google cost for your selected settings after you spend your free credits. The estimate shows two scenarios, one if you leave your servers on 24/7 or just 14 hours from Monday to Friday.
Once confirmed, check the disclaimer in the bottom and click "DEPLOY" button in the bottom right lo launch the deployment to Cloud.
The Deployment Process
After the provision is saved, you can see Provisioning Status in itopia after clicking on your deployment dashboard and watch how Google servers are being automatically deployed and configured.
If there's any issue connecting to your current domain, you will receive the following message:
You can correct your Domain credentials (username, password or the IP) in case they were provided incorrectly.
If you're using interconnect, it's possible that it's disabled, make sure to enable it.
If the credentials are correct, the issue is probably the connection to your existing domain. You can create a VPN connection from your domain to GCP to facilitate the communication between your domain and GCP.
Once VPN is created or you updated the connection information, you can click "Retry" to launch the deployment process again.
After the automatic server configuration is complete, you will receive an email with your environment admin credentials to be able to connect to your servers.
IMPORTANT: Don't turn off your servers before the provisioning process has fully completed.
Import users and groups from your local AD to your newly extended AD in itopia and GCP
Server Uptime Scheduling - save cost turning your servers down when they are not being used
Snapshot Automation - create disaster recovery automation for your servers using snapshot technology