Prerequisites
-
Configure the domain controller before deploying the Active Roles virtual machine on the cloud.
-
Configure the SQL server before deploying the Active Roles virtual machine on the cloud.
-
The domain controller and SQL server must be accessible to the Active Roles virtual machine on cloud.
- In the case of the on-premises hybrid configuration, add a domain controller and connect Active Roles to it.
-
In case of an hybrid on-premises or cross-cloud configuration, network must be setup with the domain controller and SQL server should be accessible to Active Roles virtual machine on the cloud.
Communication ports
If the environment managed by Active Roles is protected by a firewall, then the applicable ports must be open between the Active Roles Administration Service and the managed environment. For example, if there is a firewall between Active Roles and DNS, then port 15172 must be open (Inbound/Outbound) on the Active Roles host (or the firewall between Active Roles and Exchange) and port 53 must be open on the DNS server (or the firewall between Active Roles and DNS).
For the list of communication ports, see Active Roles Administration Guide. For additional information on communication ports, see https://support.oneidentity.com/kb/30256/communication-ports-for-active-roles-service-and-clients.
Opening ports in Azure
Create a network filter on a subnet or a VM network interface to open a port or create an endpoint to a virtual machine (VM) on Azure. You select the filters to control both inbound and outbound traffic, on a network security group attached to the resource that receives the traffic.
For more information on opening ports for Azure virtual machine, see https://docs.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal.
Opening ports in AWS
A security group acts as a virtual firewall that controls the traffic for one or more instances. You can add rules to each security group that allow traffic to or from its associated instances. If you have requirements that are not met by the security groups, you can maintain your own firewall on any of your instances apart from using the security groups.
Ensure for Windows-based AMIs an RDP port (3389) by default is open. WINRM (port 5985) must be open to the required IP address. For more information on opening ports for AWS instance, see https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-security-groups.html#adding-security-group-rule.
