Running a Windows-Based SSO Solution on AWS

Brett Gillett

How we helped a Canadian-based multinational automotive manufacturer deploy a Windows-based SSO solution to support their national Content Management System (CMS).

The Customer

Our client is a multinational automotive manufacturer with operations located in Canada.

We were engaged by the Canadian team to help migrate their existing national CMS to the AWS platform. As part of the migration process we also had to design and deploy a Single Sign On (SSO) solution based on the Windows platform.

The Challenge

Running a national CMS for all their customers, our client needed a reliable and scalable solution which would streamline the process of accessing private content on their CMS.

The Solution

Working with the client and the vendor, our team helped design a highly available, reliable solution for the client to ensure their customers were able to easily access content regardless of their location.

The solution leverages multiple Microsoft-based applications including:

  • Microsoft Windows 2016
  • IIS for the managed portal

Using best practices and the principles defined in the AWS Well-Architected Framework, we worked with the client to design and support their Microsoft Workloads on AWS.

Improving Reliability

In order to ensure customers were able to access the CMS when required, we used a multi-AZ (Availability Zone) deployment strategy.

By spreading the workload across multiple AZ’s within a single region, we were able to ensure the availability of the application in the event of AWS failures or if the customer needed to run maintenance on the operating system or applications.

The application components are deployed in private subnets and customers access the solution via a publicly available Application Load Balancer.

The following AWS services were used to improve the applications reliability:

  • Amazon Virtual Private Cloud (VPC)
  • Elastic Load Balancing (ELB)

Improving Security

Although the CMS system is used by vendors across the country, we didn’t want to expose any more resources than was absolutely necessary.

This meant deploying an Application Load Balancer (ALB) in the public subnet, and all other resources (Windows and Linux) in a private subnet.

We also wanted to ensure that the client was able to capture logging information from all the components to help with troubleshooting and satisfy audit requirements.

The following AWS services were used to secure the AWS services and provide insight into how the application is performing:

  • Amazon Virtual Private Cloud (VPC)
  • Amazon VPC Flow Logs
  • VPC EC2 Security Groups
  • AWS CloudTrail
  • Elastic Load Balancing (ELB)

The Outcome

By leveraging the best practices defined by AWS in the Well-Architected Framework, we were able to build a solution for the client, which allows them to provide a reliable and scalable solution to their customers.

Windows SSO Application on AWS

Brett Gillett


Like what you read? Why not subscribe to the weekly Orbit newsletter and get content before everyone else?