Step 5b: Deploy AD Gateway

AD Gateway

📘

If you are applying a subscription to an existing Instance, you will not be required to complete this step.

If you created a new CLICK instance, you will need to deploy the CLICK AD Gateway into your AWS Account. We provide a CloudFormation Template to simplify this process as much as possible, but the fact remains that Active Directory environments can be fairly complex. After ensuring you have gathered all necessary data on the Deployment Readiness Checklist, follow these steps for a successful AD Gateway deployment.

11101110

AD Gateway form

  1. Start at the AD Gateway form pictured above.
  2. In a separate browser tab, ensure you are logged in to the AWS Account where you intend to deploy the AD Gateway (including selecting the desired region), using administrative credentials.
  3. Return to the AD Gateway form and click the Launch Stack button.
    • A new tab will open showing the CloudFormation Quick create stack screen.
13341334

Quick create stack screen

  1. Populate the CloudFormation stack parameters. For detailed information about each parameter, see the AD Gateway Stack Parameters page.
  2. Mark the checkbox to accept the creation of IAM resources.
10611061

IAM resources dialog

  1. Create the stack.
  2. When the stack is done being created, go to the Output tab and take note of the ClickKMSKeyId value. You are about to create some parameters in the Systems Manager Parameter Store and you will use this key to encrypt them.
10531053
  1. Go to the AWS Systems Manager service, enter the Parameter Store section, and click Create Parameter.
11351135

AWS Systems Manager Parameter Store screen

  1. The Parameter details form will appear.
818818

Parameter details screen

  1. Fill in the following values and create the parameter.
FieldValue
Name/prefix/ad/password
Where "prefix" is the value you specified for the SSMPrefix parameter in the CloudFormation stack.
TypeSecureString
KMS Key IDSelect the value displayed in the CloudFormation stack outputs for SSMKeyId.
ValueThe password for the Active Directory service account you specified in the CloudFormation stack AdUser parameter.
  1. Repeat the above process to create a second parameter with these values.
FieldValue
Name/prefix/shared_secret
TypeSecureString
KMS Key IDSelect the value displayed in the CloudFormation stack outputs for SSMKeyId
ValueCopy this from the AD Gateway screen in the SynchroNet Customer Portal
10581058

Shared secret display on the SynchroNet Customer Portal

  1. If you are using Secure LDAP, follow the above steps one last time to create a parameter to store the certificate information for establishing an encrypted LDAP connection.
FieldValue
Name/prefix/ad/cert
TypeSecureString
KMS Key IDSelect the value displayed in the CloudFormation stack outputs for SSMKeyId
ValuePaste the public key value of your certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines
  1. Return to the CloudFormation stack outputs screen and copy the values for CrossAccountRoleArn and LambdaFunctionName back to the appropriate fields in the SychroNet Customer Portal.
  2. Before clicking Save and Continue, be sure to select from the dropdown the region into which you deployed your AD Gateway stack.

Review and Launch

At this point, all of your configurations are done. The SynchroNet Customer Portal will display a list of the components you have configured. Once any pending operations on your Instance components complete, you can launch your CLICK Instance.

We hope you find SynchroNet CLICK™ a joy to use!


What’s Next

Next, see how to link your WorkSpaces account to CLICK