Working with on-premises directories
During this course we will explore the enterprise applications that AWS provides, including Amazon WorkSpaces, Amazon WorkDocs and Amazon WorkMail. We will start with a basic overview of each service, one by one, then move on to a more practical experience by demonstrating an integration of all these services with an on-premises network, and a discussion of the available options to configure these services to make them suit your company's needs.
We assume you have some pre-requisites for this course. You need to have some general IT understanding plus some AWS knowledge, including the core AWS services such as EC2, IAM, and VPC. In addition, because all the services in the enterprise applications category make use of the Directory Service, you will also need to be familiar with this service.
This course is for anyone getting started with the AWS cloud, but is particularly geared toward systems engineers and windows administrators.
Hi, and welcome to this lecture. In this lecture we'll talk about Amazon WorkMail and we briefly discussed what is it, talked about pricing, and then we go ahead on the AWS Console and have a demonstration on how it works.
Amazon WorkMail. It is basically a managed business e-mail and calendar service. It integrates referred directory and, again, it makes use of the directory service, so this directory can be either hosted entirely on the cloud or in on-premises directory. It works on multiple devices, desktops and mobile phones, and it has its own mobile device management. You can manage some secure aspects that you want to have in your mobile phones. It make use of the Microsoft Exchange ActiveSync protocol. This is something that probably Windows administrators are familiar with.
About the pricing, it costs four dollars per user per month, and if you have work mail and work docs for the same user, you will pay only six dollars per month. This is for a 50 gigabytes mailbox. This is the maximum amount of storage that you can have, but this is also the default amount of storage that a user has.
Let's now go ahead on the AWS Console, and have our demonstration on how it works. Here on the AWS Console let's select WorkMail and we need to click on get started. AWS is very kind to us. They are saying that there is a directory already available for setup and that we need to choose Custom Setup to use this directory. So let's do so. Let's choose Custom Setup. In here we need to select the CA Enterprise, the directory that we created in the Workspace lecture. Here is where we select our encryption key. We could go on the IAM service and create a new encryption key just for this directory, if that was the case if we really wanted to do that, or we can just select the default WorkMail encryption key. That for this example is more than enough. Click on Create, and we need to wait a few minutes till it gets created. I will stop the video and come back once it's done.
Okay, our directory's active in the WorkMail service. We can now click in here and we can start managing our directory inside the WorkMail service. The first thing that we want to do in the case is to add a new user, so let's click here and we could either create a new user or select an existing one. I would rather select one, and in here we can see that we have a few users to choose from. I will select our famous user Jklimber here and we select Next Step. We can create now an email address for the Jklimber user, I will just simply use Jklimber. This is the domain that we are going to use. Right now we only have one domain, and if you notice, caenterprise.awsapps.com. This address, this URL, is the URL from the directory service, is the access URL. AWS enabled it for us when we registered our domain in the Workspace service, but yeah, that's it. That's that URL. Let's click Enable, and now we have our user, the Jklimber user, with his own email account. We can access that by going this address right where we usually would go to the WorkDocs page. In here, I'm already logged in so let me log out, and instead of going to the WorkDocs page I want to go to my email account so I can select slash mail, put my password in here, and we will have access to our email account.
In here we have everything that we would expect from an email service. We have emails, of course, and we have some calendar in here and contacts. This is the standard email 101 service that we would expect, and that's not what I really want to show in here.
Let's talk about the Amazon WorkMail service itself, so let's go back to the service page and see a few options that we can have. We can have in here groups, which will create a new group in our directory and enable an email for it. Let's create a new group. Call this group "Developers," and the email for them.
Okay, and now we can select some user to our Developers group. I will select the Jklimber user, finish and now if send in here let's send from this email address an email for the group, not to Jklimber user. Let's put Dev and it's a test email. Let's send, and I would expect to receive it right away. Yeah, our email is here, our group is working. Nice. That's what we want.
Another thing that we can add in here is resources. For people familiar with Microsoft Exchange, that's the same thing you can add resources in here. Resource could be a printer, for example, a projector. Things that you want to have in this schedule to it. You could create, for example, a meeting room resource and you could create schedules for these meeting rooms, so the users could schedule times to use this meeting room, for example. I will not show you that, it's very basic. It's just a concept.
Let's move forward to domains. In here we can add domains. Let's say that we want to have our own domain, our custom domain. That's really what the company, what an enterprise company, would expect from this service. We could go here, add a domain. We could put domain here, add domain, and we would have to insert in the DNS configuration these entries in order to authenticate this domain as ours. This is, again, basic stuff that every domain admin would expect to do. There is nothing new in here, I'm just showing you that this is also possible with the WorkMail service. Let me delete it, remove this domain, and as I mentioned earlier, we can define some mobile policies. In this case, we are requiring password with our allowing simple password, and we have a few more options that we could specify to our mobile devices. For example, as I mentioned it earlier, we could require encryption on the device. That's an additional layer of security that you can provide to your email service meeting, sometimes, their organization needs. In here we have the organization settings. We have our organization ID, our alias, our directory ID, and the directory type.
About the Author
Eric Magalhães has a strong background as a Systems Engineer for both Windows and Linux systems and, currently, work as a DevOps Consultant for Embratel. Lazy by nature, he is passionate about automation and anything that can make his job painless, thus his interest in topics like coding, configuration management, containers, CI/CD and cloud computing went from a hobby to an obsession. Currently, he holds multiple AWS certifications and, as a DevOps Consultant, helps clients to understand and implement the DevOps culture in their environments, besides that, he play a key role in the company developing pieces of automation using tools such as Ansible, Chef, Packer, Jenkins and Docker.