Menu
Web Application Proxy and AD FS on AWS
Web Application Proxy and AD FS Quick Start

Step 2. Launch the Quick Start

Note

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start. For full details, see the pricing pages for each AWS service you will be using in this Quick Start. Prices are subject to change.

This automated AWS CloudFormation template deploys Web Application Proxy and AD FS in multiple Availability Zones into a VPC. Please make sure that you've created a key pair in your chosen region before launching the stack.

  1. Choose one of the following options to launch the AWS CloudFormation template into your AWS account. For help choosing an option, see Deployment Options earlier in this guide.

    Option 1

    Deploy software into a new VPC on AWS

    
                                                    Quick Start launch button for software in new
                                                        VPC

    Option 2

    Deploy software into an existing VPC on AWS

    
                                                    Quick Start launch button for software in
                                                        existing VPC

    Important

    If you’re deploying the software into an existing VPC, make sure that your VPC has two private subnets in different Availability Zones. These subnets require NAT gateways or NAT instances in their route tables, to allow the instances to download packages and software without exposing them to the internet. You’ll also need the domain name option configured in the DHCP options as explained in the Amazon VPC documentation. You’ll be prompted for your VPC settings when you launch the Quick Start.

    Each deployment takes about 1.5 hours to complete.

  2. Check the region that’s displayed in the upper-right corner of the navigation bar, and change it if necessary. The template is launched in the US East (Ohio) Region by default.

  3. On the Select Template page, keep the default setting for the template URL, and then choose Next.

  4. On the Specify Details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require your input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.

    In the following tables, parameters are listed by category and described separately for the two deployment options:

    Option 1: Parameters for deploying the software into a new VPC

    View template

    Network Configuration:

    Parameter label Parameter name Default Description
    Availability Zones AvailabilityZones Requires input The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify.
    VPC CIDR VPCCIDR 10.0.0.0/16 CIDR block for the Amazon VPC.
    Private Subnet 1 CIDR PrivateSubnet1CIDR 10.0.0.0/19 CIDR block for the private subnet located in Availability Zone 1.
    Private Subnet 2 CIDR PrivateSubnet2CIDR 10.0.32.0/19 CIDR block for the private subnet located in Availability Zone 2.
    Public Subnet 1 CIDR PublicSubnet1CIDR 10.0.128.0/20 CIDR block for the public subnet located in Availability Zone 1.
    Public Subnet 2 CIDR PublicSubnet2CIDR 10.0.144.0/20 CIDR block for the public subnet located in Availability Zone 2.
    Allowed Remote Desktop Gateway External Access CIDR RDGWCIDR Requires input Allowed CIDR block for external access to the Remote Desktop Gateway instances. We recommend that you set this value to a trusted CIDR block.

    Amazon EC2 configuration:

    Parameter label Parameter name Default Description
    Key Pair Name KeyPairName Requires input Public/private key pair, which enables you to connect securely to your instance after it launches. When you created an AWS account, this is the key pair you created in your preferred region.
    Domain Controller 1 Instance Type ADServer1InstanceType m4.xlarge EC2 instance type for the first Active Directory instance.
    Domain Controller 1 NetBIOS Name ADServer1NetBIOSName DC1 NetBIOS name of the first Active Directory server. This can be up to 15 characters long.
    Domain Controller 1 Private IP Address ADServer1PrivateIP 10.0.0.10 Fixed private IP for the first Active Directory server located in Availability Zone 1.
    Domain Controller 2 Instance Type ADServer2InstanceType m4.xlarge EC2 instance type for the second Active Directory instance.
    Domain Controller 2 NetBIOS Name ADServer2NetBIOSName DC2 NetBIOS name of the second Active Directory server. This can be up to 15 characters long.
    Domain Controller 2 Private IP Address ADServer2PrivateIP 10.0.32.10 Fixed private IP for the second Active Directory server located in Availability Zone 1.
    Remote Desktop Gateway Instance Type RDGWInstanceType t2.large EC2 instance type for the Remote Desktop Gateway instances.
    WAP and ADFS Server Instance Type WAPADFSInstanceType c4.2xlarge EC2 instance type for the WAP and AD FS servers.

    Microsoft Active Directory configuration:

    Parameter label Parameter name Default Description
    Domain DNS Name DomainDNSName example.com Fully qualified domain name (FQDN) of the forest root domain.
    Domain NetBIOS Name DomainNetBIOSName example NetBIOS name of the domain for users of earlier versions of Windows. This can be up to 15 characters long.
    Restore Mode Password RestoreModePassword Requires input Password for a separate administrator account when the domain controller is in restore mode. This must be a complex password that’s at least 8 characters long.
    Domain Admin User Name DomainAdminUser StackAdmin User name for the account that is added as domain administrator. This is separate from the default administrator account.
    Domain Admin Password DomainAdminPassword Requires input Password for the domain administrator user. This must be a complex password that’s at least 8 characters long.

    Microsoft Remote Desktop Gateway Configuration:

    Parameter label Parameter name Default Description
    Number of RDGW Hosts NumberOfRDGWHosts 1 The number of RD Gateway instances to create. You can choose 1-4 instances.

    AWS Quick Start configuration:

    Parameter label Parameter name Default Description
    Quick Start S3 Bucket Name QSS3BucketName aws-quickstart S3 bucket where the Quick Start templates and scripts are installed. Use this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen.
    Quick Start S3 Key Prefix QSS3KeyPrefix quickstart-microsoft-wapadfs/ The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes.

    Option 2: Parameters for deploying the software into an existing VPC

    View the template for existing VPC

    VPC Network Configuration:

    Parameter label Parameter name Default Description
    VPC CIDR VPCCIDR 10.0.0.0/16 CIDR block for the VPC.
    VPC ID VPCID Requires input ID of your existing VPC (e.g., vpc-0343606e).
    Private Subnet 1 ID PrivateSubnet1ID Requires input ID of the private subnet in Availability Zone 1 in your existing VPC (e.g., subnet-a0246dcd).
    Private Subnet 2 ID PrivateSubnet2ID Requires input ID of the private subnet in Availability Zone 2 in your existing VPC (e.g., subnet-b58c3d67).
    Public Subnet 1 ID PublicSubnet1ID Requires input ID of the public subnet in Availability Zone 1 in your existing VPC (e.g., subnet-e3246d8e).
    Public Subnet 2 ID PublicSubnet2ID Requires input ID of the public subnet in Availability Zone 2 in your existing VPC (e.g., subnet-e3246d8e).
    Allowed Remote Desktop Gateway External Access CIDR RDGWCIDR Requires input Allowed CIDR block for external access to the Remote Desktop Gateway instances. We recommend that you set this value to a trusted CIDR block.

    Amazon EC2 configuration:

    Parameter label Parameter name Default Description
    Key Pair Name KeyPairName Requires input Public/private key pair, which enables you to connect securely to your instance after it launches. When you created an AWS account, this is the key pair you created in your preferred region.
    WAP and ADFS Server Instance Type WAPADFSInstanceType c4.2xlarge EC2 instance type for the WAP and AD FS servers.

    Microsoft Active Directory configuration:

    Parameter label Parameter name Default Description
    Domain DNS Name DomainDNSName example.com Fully qualified domain name (FQDN) of the forest root domain.
    Domain NetBIOS Name DomainNetBIOSName example NetBIOS name of the domain for users of earlier versions of Windows. This can be up to 15 characters long.
    Restore Mode Password RestoreModePassword Requires input Password for a separate administrator account when the domain controller is in restore mode. This must be a complex password that’s at least 8 characters long.
    Domain Admin User Name DomainAdminUser StackAdmin User name for the account that is added as domain administrator. This is separate from the default administrator account.
    Domain Admin Password DomainAdminPassword Requires input Password for the domain administrator user. This must be a complex password that’s at least 8 characters long.

    AWS Quick Start configuration:

    Parameter label Parameter name Default Description
    Quick Start S3 Bucket Name QSS3BucketName aws-quickstart S3 bucket where the Quick Start templates and scripts are installed. Use this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen.
    Quick Start S3 Key Prefix QSS3KeyPrefix quickstart-microsoft-wapadfs/ The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes.
  5. On the Options page, you can specify tags (key-value pairs) for resources in your stack and set additional options. When you're done, choose Next.

  6. On the Review page, review and confirm the template settings. Under Capabilities, select the check box to acknowledge that the template will create IAM resources.

  7. Choose Create to deploy the stack.

  8. Monitor the status of the stack. When the status is CREATE_COMPLETE, the deployment is ready.