Domain Joined Instances¶
Many enterprises and organizations rely on Microsoft Active Directory (AD) for provisioning user accounts, applying security policies to operating systems, and enabling access to applications. In classic on-prem environments, Windows operating systems are “joined to the (AD) domain” in order to enable these functions. Frame allows administrators to join their cloud workload VMs to their Active Directory domain. This allows their users to log in to a Windows machine using their own AD credentials. Since the Windows operating system is joined to the customer’s domain, the user can use Windows applications that rely on AD for access, authentication and authorization, such as SAP apps. IT managers can use their existing app packages, app tools and processes to install, run and manage their organization’s applications on Frame, because the Sandbox can be joined to the domain.
To use the Domain Join feature, you will need to utilize your own cloud account, where these Windows machines will be provisioned and orchestrated by the Frame Platform. This is called our Bring Your Own, or “BYO,” feature. Before continuing with this setup guide, you will need to set up your BYO described in these articles, BYO AWS, BYO Azure, or Xi Frame on AHV.
This section of Xi Frame documentation will outline the required steps to prepare and implement Domain Joined Instances for your Xi Frame account. Before reading the guides below, please review the requirements and recommendations for Domain Join to function properly on your Frame account.
- Xi Frame Account with Windows Server 2016 image.
- Each account must be in a unique CIDR. Currently, Frame only supports subnet masks between /16 and /24.
- An established peering connection to the domain controller or an “always on” VPN Connection to the domain controller.
- If using Azure, you must apply custom DNS configurations.
- Production instances can be solely joined to the domain without the Sandbox or Utility Servers. You can manually join the Sandbox or Utility Servers to the domain, but this is not required for the production instances to join successfully.
After ensuring the above requirements are met, you can move on to the “Domain Controller Preparation” guide listed on the left sidebar.