Amazon Exam Question: Best Solution for Hosting AD Data in the Cloud for WorkSpaces

Answer - C.

Simple AD is the least expensive with the required feature set to work with AWS Workspaces.

Amazon WorkSpaces uses directories to store and manage information for your WorkSpaces and users.

For your directory, you can choose from Simple AD, AD Connector, or AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as Microsoft AD.

In addition, you can establish a trust relationship between your Microsoft AD directory and your on-premises domain.

For more information on Workspaces and Simple AD , please refer to the below link:

For hosting AD data in the cloud with the requirement to use it with WorkSpaces, there are different AWS solutions available. Among the given options, the best solution would be to use the Hosted Microsoft AD service, option B.

Option A, Deploy an AD server on an M3.large instance, can be a viable solution but it requires more management effort, such as configuring and maintaining the AD server, setting up security, and backups. Also, using a standalone AD server on a single instance may not provide the desired availability and scalability needed for enterprise-grade AD services.

Option C, Use the Simple AD solution, is a lightweight directory service that is compatible with most AD features but not all. It may not be suitable for hosting AD data for a large organization as it has some limitations and lacks some critical features such as Group Policy Objects, Kerberos authentication, and Trust relationships. Also, it does not support multiple Availability Zones (AZs), which is essential for high availability.

Option D, AD Connector, is an AWS service that enables AD-aware applications to authenticate against AD without the need to replicate directory information to AWS. It may be useful for scenarios where users access AWS applications using their existing on-premises AD credentials. However, it does not provide a complete AD solution as it does not host AD data in the cloud.

Therefore, the best solution to host AD data in the cloud, with the requirement to use it with WorkSpaces, is to use the Hosted Microsoft AD solution. Hosted Microsoft AD is a fully managed AD service that provides enterprise-grade features such as Group Policy, Kerberos authentication, and Trust relationships. It also supports multiple AZs for high availability and provides automated backups and patching. Additionally, it is compatible with Microsoft WorkSpaces, which can use it as an identity provider to authenticate users.