3 Connect to the EC2 instance using RDP For more information see Connecting to

3 connect to the ec2 instance using rdp for more

This preview shows page 243 - 245 out of 395 pages.

3. Connect to the EC2 instance using RDP. For more information, see Connecting to Your Windows Instance in the Amazon EC2 User Guide for Windows Instances . 4. Start Server Manager to install and configure the Active Directory Domain Services role on the server. Promote the server to a domain controller and assign a domain name (the example we use here is ad.domain.com ). Make a note of the domain name because you need it later when you create the EMR security configuration and cluster. If you are new to setting up Active Directory, you can follow the instructions in How to Set Up Active Directory (AD) in Windows Server 2016 . The instance restarts when you finish. Step 3: Add User Accounts to the Domain for the EMR Cluster RDP to the Active Directory domain controller to create user accounts in Active Directory Users and Computers for each cluster user. For instructions, see Create a User Account in Active Directory Users and Computers . Make a note of each user's User logon name . You need these later when you configure the cluster. In addition, create a user account with sufficient privileges to join computers to the domain. You specify this account when you create a cluster. Amazon EMR uses it to join cluster instances to the domain. You specify this account and its password in Step 6: Launch a Kerberized EMR Cluster (p. 238) . To delegate computer join privileges to the user account, we recommend that you create a group with join privileges and then assign the user to the group. For instructions, see Delegating Directory Join Privileges in the AWS Directory Service Administration Guide . Step 4: Configure an Incoming Trust on the Active Directory Domain Controller The example commands below create a trust in Active Directory, which is a one-way, incoming, non- transitive, realm trust with the cluster-dedicated KDC. The example we use for the cluster's realm is EC2.INTERNAL . Replace the KDC-FQDN with the Public DNS name listed for the Amazon EMR master node hosting the KDC. The passwordt parameter specifies the cross-realm principal password , which you specify along with the cluster realm when you create a cluster. The realm name is derived from the default domain name in us-east-1 for the cluster. The Domain is the Active Directory domain in which you are creating the trust, which is lower case by convention. The example uses ad.domain.com Open the Windows command prompt with administrator privileges and type the following commands to create the trust relationship on the Active Directory domain controller: 237
Image of page 243
Amazon EMR Management Guide Use Kerberos Authentication C:\Users\Administrator> ksetup /addkdc EC2.INTERNAL KDC-FQDN C:\Users\Administrator> netdom trust EC2.INTERNAL /Domain: ad.domain.com /add /realm / passwordt: MyVeryStrongPassword C:\Users\Administrator> ksetup /SetEncTypeAttr EC2.INTERNAL AES256-CTS-HMAC-SHA1-96 Step 5: Use a DHCP Option Set to Specify the Active Directory Domain Controller as a VPC DNS Server Now that the Active Directory domain controller is configured, you must configure the VPC to use it as a domain name server for name resolution within your VPC. To do this, attach a DHCP options
Image of page 244
Image of page 245

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors