One of customer’s migration point to Amazon Web Services was turning on SSO (Single Sign On) – as it’s quite convenient. After fast verification of the possibilities we have, it turned out that we can leverage ADFS. The customer already has ADFS deployed for other services, so there’s no need to convince Security Team that it is basically supposed to be used.

After a few days of a struggle with a complexity of Ping Federate, we managed to turn on SSO, make a nice redirection loop via mentioned ADFS. Returned SAML had everything we needed and Windchill said ”Error 500”.

A more thorough study of documents revealed that SSO with ADFS is definitely supported by Windchill, but creating a new user based on ADFS SAML response is not. Windchill needs user base for comparison, and this can be provided by querying domain’s controller with Idap, best with SSL.

We’ve got infrastructure deployed in AWS and domain controllers in customer’s server rooms. Exposing the controller to the world is not going to work with Security Team, but we have to query them somehow.

Let’s connect to a customer with VPN and query controllers through the tunnel with secure Idaps. But not to make things too easy, a few environments are already deployed in AWS, each of them in different VPC and each of them has to get to AD with its query. Each VPC with different subnet, overlapping customers on-prem networks.

 

What to do? How to manage?

There were a lot of options (the following are just a few of them):

  • Use Transit Gateway and make NAT on the customer’s side

Unfortunately, already deployed VPCs have the same IP addresses as customer had in their network. It’s not that it cannot be dealt with, but the time was running out and playing with routing in a global organization could take years.

  • Add a new VPC with network IP address range, which the customer does not have yet, do the routing, peering between already deployed VPSs to new one, add VPN Gateway to this VPC and voila.

A short presentation in PowerPoint, which shed some light to the problem in the customer’s eyes, resulted in making a decision about creating a new VPC, doing the routing, peering VPCs, connecting VPN and deploy AWS Directory Service in Shared VPC.

The great mystery of querying one domain for objects from another one with established Trust Relationship is still mystery. A little failure. Not even mentioning settings in Trust Relationship between the domains.

In the meantime, not to block the development of some additional tools, we set standard Amazon Linux in Shared VPC, and using a simple SSH tunneling, we skipped a few limitations related with the lack of transit VPC in AWS.

Another try was setting a read-only domain controller in AWS. This solution provided the access to the application even in case of problems with VPN tunnels. Organizing VPN went surprisingly well and, basically, it worked with the first one so it was left this way.

We have already had it, read-only domain controller, it could be queried with Idap and everything was fine, but not for the customer’s Security, which had agreed for this scenario before. What to do, Security knows better and they will not give us a public key for the internal CA, because it’s not a public key, just the internal one – ohh, the great PKI mystery.

Driven by some emotions, we decided that we’ve had enough of this ‘dance’. Fast review of the situation:

  • VPC connected via VPN with customer’s network – check
  • Credentials to log on to AD through ldap – check

 

What’s missing?

Something like ldap proxy for Active Direcotry. We’re setting something like that in Shared, we’re throwing ldap queries into this proxy, it redirects us smoothly to customer’s AD and we’re successful.

Another 5 hours of attempts and ta-dah! – it’s working! OpenLDAP works. Verification in Windchill and the problem’s gone. EC2 with OpenLdap works and… actually it’s boring.

Hmm, maybe we should put it into a docker container?

Hmm, maybe we should run the container in ECS?

Hmm, generally wd don’t need persistent storage, so maybe Fargate?

Building a container with LDAP Proxy on CentOS is basically just a few lines. Later on, a quick upload to ECR, task definition and service can be created.
But how to direct the traffic to the service? IP will be different every time container restarts. Maybe through LoadBalancer? – nope.

Defining Service, „Service Discovery” option can be used, which creates Hosted Zone in Route53 and updates A record, leading to the service – brilliant.

Now, it’s enough to associate VPC with Hosted Zone and shoot with Idaps queries to the name registered there.

Finally, not to pay special attention to that later on, it’s just enough to define an simple healthcheck, which will make ECS replace a broken container with a new one – within a minute.

What about the cost (without VPN)?

  • First option with AWS AD Service – approximately $90/month
  • Second option with EC2, which was the domain’s Controler in Read-Only mode – approximately $80/month
  • Third option with a container in Fargate run mode – approximately $10 (0,25CPU of 1GB RAM)

 

_All posts in this category

blogpost
Articles

How to leverage AWS key benefits to get real business value with Cloud Application Modernization

It's not rocket science, and it's pretty obvious that businesses need to keep up with the fast-changing digital landscape to remain competitive. Cloud application modernization is a critical strategy for updating outdated and legacy systems to leverage cloud computing benefits like those offered by Amazon Web Services(AWS). With this blog post, I decided to explore ones directly related to application modernization and the overall advantages of the cloud. Also, I will address the most common question of whether it is worth to modernize existing apps?

Read more
blogpost
Articles

Cloud Native Approach: Modernize or build cloud applications from scratch?

Everyone probably knows about applications. But how about the concept of Cloud Native? Perhaps many of you, well almost everybody, have heard something and will have an opinion. Okay, then, what are native applications and the Cloud Native Approach really? Is it worth developing new applications or upgrading existing ones to the Cloud Native model to overcome technology debt and improve legacy system?In this article, I will try to answer the above questions and show why the Cloud Native approach can be a key element in the success of any organization's digital transformation.

Read more
blogpost
Articles

How can artificial intelligence influence the vision of the future and cloud computing development?

The beginning of the year is a time of intensified summary of the past months, as well as preparation of plans for the upcoming ones. During this period, there are many more or less accurate predictions about what we can expect shortly in the multiple cloud providers offer.

Read more
blogpost
Articles

Navigating Cloud Disaster Recovery Realities

In the ever-changing landscape of cloud technologies, the advent of AWS over a decade ago marked the onset of a transformative era. The intricacies of disaster recovery have gained unprecedented prominence in this dynamic realm. As organizations progressively shift to the cloud, the necessity of a robust disaster recovery strategy is frequently undervalued.

Read more
blogpost
Articles

Azure Cloud Security: How to ensure the Zero Trust Model and use AI to our advantage?

Since the global popularization of remote work in recent years, IT security teams are facing ever-increasing challenges to ensure effective and secure access to organizations’ critical assets, resources, and data.Elaborate phishing attacks, through which user credentials are being exposed, allowing for lateral movement attacks or installing ransomware on mission-critical infrastructure. Zero-day vulnerabilities enable malicious actors to disrupt accessed services.

Read more
blogpost
Articles

Is the Edge a new Cloud?

Nowadays, many organizations that adopted the cloud are looking into the Edge as a natural extension for their cloud-based solutions. On the other hand, the ones at the very beginning of the Cloud journey are way more aware of the Edge and the Cloud, so they are considering the usage of both technologies at the very beginning.

Read more
blogpost
Articles

Quantum Computing: Where Schrödinger’s Cat gets cozy in the Cloud

Join me for a journey that will take us from the realm of reality as we know it to a world where a cat can be both: dead and alive, and a particle can be in two places at once. Fasten your seatbelts as we explore the fascinating world of quantum computing and its role in cloud computing.

Read more
blogpost
Articles

Will hybrid cloud and multi-cloud defend you from vendor lock-in? Do you really need to be wary of it?

Vendor lock-in is a concept overly often associated with the IT industry, and in recent years, especially with cloud computing, although it is not inextricably linked with them. Economists considered it in a broader context long before the world first heard of AWS or Azure. From a customer and user perspective, it has tended to be viewed negatively, often creating reluctance and fear of using a particular service or product.At first glance, the problem is not trivial in the public cloud area. Even the main beneficiaries of the phenomenon, i.e. the largest cloud providers, have decided to raise the issue on their official websites, so clearly something must be...And whether it actually is, we will check in this article. We'll look at the risks of vendor lock-in for organizations planning cloud adoption. We'll also consider whether using multiple vendors (multi-cloud ) simultaneously can be a good recipe for improvement. In addition, we will take a look at the hybrid cloud.

Read more
blogpost
Articles

The critical role of cloud-based data platforms. Reshaping manufacturing data management

Cloud-based data platforms revolutionize manufacturing data management by efficiently handling vast amounts of data in real-time. Manufacturers can collect data from various processes, analyze it with advanced tools like AI/ML algorithms and BI, and make informed decisions. These platforms offer key benefits, vital elements, and integration with Data Strategy.

Read more
blogpost
Articles

How can AI Data Discovery help manufacturing companies?

We are all blessed to live in very exciting times. Exponential technological progress over the last couple of decades has influenced not only our personal lives but also heavily impacted business. Trends are obviously evolving occasionally, but it is safe to say that now is the time of advanced analytics.

Read more
blogpost
Articles

Airline Rewards App: Mapping requirements to architecture for application migration and modernization

In this article, I'll guide you through the steps, technical choices, and trade-offs of migrating and modernizing apps to the public cloud, emphasizing beyond lift & shift and PaaS approaches. Using a real-life example, we'll consider business goals, architecture, and functional/non-functional needs. Business factors will be discussed in the next article.

Read more
blogpost
Articles

How to properly understand the public cloud in 2023? And why is it so difficult?

Cloud computing is constantly changing and evolving. What we see today is different from what it was yesterday and not the same as it will be tomorrow. The only constant is change. Today, conversations about change are not only with IT departments but also, before all, with the business, including marketing, HR, or finance departments. Each has different needs, which can be addressed by the cloud.

Read more
blogpost
Articles

Become a top example of a complete transition to Industry 4.0

Digital transformation and moving towards the idea of Industry 4.0 (I4.0) & Smart Factory (in AWS) are not easy. There are many obstacles waiting for the implementers. The most common are pilot purgatory and scale purgatory.

Read more
blogpost
Articles

Automated testing of serverless applications: 6 key takeaways from AWS re:Invent Dev Chat

The long-awaited 11th AWS re: Invent has just come to an end. Transition Technologies PSC marked its presence, among others, thanks to the active participation of our cloud experts. Paweł Zubkiewicz gave a fascinating lecture entitled " Automated testing of serverless applications," which was extremely popular. Many people had the opportunity to talk about cloud-related topics.

Read more
blogpost
Articles

How to get closer towards Industry 4.0?

Ensure business growth in the digital age. Dive into #digitaltransformation to find new opportunities, business models, make changes in your organization and bring a new level of value. Reinforcing your digital adoption strategy, supported by the right AWS cloud strategy, gives you the chance to achieve the expected results. In our second article in the series, you will find out how to prepare your employees for what may come on the road towards Industry 4.0. Get tips on approaching the Smart Factory in AWS from the plan through implementation to achieving the first value.

Read more
blogpost
Articles

How to implement Industry 4.0 smarter, faster, and easier?

The concept associated with Industry 4.0 is Smart Factory – in other words “intelligent factory”. This type of plant is based on integrated systems with the use of the industrial Internet of Things and new methods of production organization. It is intended to enable a high level of product personalization and run production processes with minimal labor input. The idea and activities within Smart Industry allow companies to shift market competition from offering a simple product to providing value-added products and competing with process excellence. This applies to cooperation with potential customers from the stage of virtual product design, through simulations, production optimization and real-time monitoring, to after-sales service.

Read more
blogpost
Articles

ThingWorx AWS Connector

The ubiquitous fourth industrial revolution, named Industry 4.0, is now one of the fastest growing IoT markets. The digital transformation journey is more than bragging about smart innovations and gadgets. It's often one of the best solutions for dealing with serious bottlenecks in the industry, such as frequent downtime and complete shutdowns of production lines. ThingWorx, as part of Industry 4.0 and the rich catalog of tools supporting it, is a comprehensive IoT product that enables the rapid creation and development of IoT solutions. Combining ThingWorx's capabilities with AWS cloud can add new features to these solutions. Having ThingWorx running in the cloud (Connector) translates into, among other things, the ability to preprocess IoT data before it even enters ThingWorx. This feature is particularly useful for real-time data, which could otherwise overwhelm ThingWorx if sent directly to it.

Read more
blogpost
Articles

How to achieve AWS cloud cost optimization with FinOps?

The cloud is not on-premise, which means that IT purchases don't happen according to a strategic plan, but immediately when the architect provisions new resources in the cloud. So how to deal with excessive costs in the AWS cloud? The first and quick solution is cost optimizations, which start by analyzing the accounts and seeing which and how AWS cloud services are used. Based on this, recommendations are made for optimization measures. These actions are part of the long-term adoption of the FinOps culture, which engages finance, technology, and business together to build a process of continuous cloud cost control in the organization.

Read more
blogpost
Articles

Driving digital transformation in the cloud

The cloud is a key success factor in digital transformation. It provides companies with many decisive advantages. However, the prerequisite for this is the right cloud strategy. The interview with Christian Thiem, Senior Business Analyst at TT PSC Germany GmbH, covers questions such as: What needs to be considered in the roadmap to the cloud? What strategies can be adopted for the implementation?

Read more
blogpost
Articles

What should you know about serverless computing?

Serverless cmputing still raises a lot of doubts, especially among those environments that are just starting to use cloud services or are just planning to migrate their systems to the cloud. We will try to answer the most important questions about this solution in this article.

Read more
blogpost
Articles

What is DevOps as a service and how you can benefit from it?

DevOps is an innovative methodology that introduced a new quality of work on IT projects. It is based on the cooperation of autonomous areas: software engineering, system administration, and issues related to safety and quality. The result is a combination of developer competence (Dev), system management (Ops), and most importantly,  operating culture. The DevOps concept assumes close cooperation between the programming team and the operational team.

Read more
blogpost
Articles

9 reasons why you should use the cloud in your business

According to "2019 State of the Cloud Report from Flexera" RightScale's report, 94% of companies use the cloud. It is no coincidence that so many enterprises are switching to cloud computing solutions. In this article, you will learn why it's such a popular concept, how your business will benefit from cloud adoption, and why those who don't use it yet are lagging behind the competition.

Read more
blogpost
Articles

How to start your journey with Azure and prepare for the AZ-900 exam

The demand for Cloud specialists is dynamically growing. How to get a wide range of competences and quickly familiarize yourself with the subject of Cloud computing? Start with a solid foundation- the AZ-900 certificate.

Read more
blogpost
Articles

Cloud in a time of crisis – how to improve work in your company

The world we've known in recent years is changing a lot. It forces us to change our habits as well as the ways in which we work and carry out our daily duties. Both professional and private. The circumstances in which we have to live meant that many people now work remotely. It's great comfort in these crazy times, and the Home office has become a full-fledged place to work.

Read more
blogpost
Articles

How to take care of the security of serverless applications in AWS?

The AWS re:Invent 2019 conference, similarly to previous editions, was full of interesting lectures, such as breakout sessions, which aimed at familiarizing the participants with a particular technical problem regarding the Amazon Web Services cloud. One of these presentations inspired me to write a few words about the security of applications created in the serverless model.

Read more
blogpost
Articles

SSM parameters in AWS automation

Some time ago I was involved in a project that was to provide HA Windchill Cluster - actually, nothing new, the cluster itself does the job and basically I could end the topic here, but ...

Read more
blogpost
Articles

How we touched the clouds – AWS re:invent 2019 seen with our eyes

Apart from the funding, participation in the AWS conference re:Invent requires engagement and a bit of persistence on the participants’ side. In our case, the long process of preparation and making plans for the participation in the conference started in August with buying tickets to the event.

Read more
blogpost
Articles

How to make use of Talend Open Studio in the medical industry?

The use of modern technologies in medicine is getting more and more popular. Paper patient records are becoming obsolete and are being replaced by electronic forms of data storage. The digitalisation process of the health service is under way! In what areas? The answer to this question can be found below in this article.

Read more
blogpost
Articles

What is Amazon Web Services cloud?

Cloud computing is one of the world’s most rapidly developing technologies. It is successively replacing traditional server solutions, obtaining a larger and larger market share. The research company Gartner predicts that in 2019, total public cloud spending will increase by 17.5% to as much as USD 214 billion. For comparison, the expected revenue in the Polish budget for 2019 is assumed to amount to PLN 387.7 billion, which is nearly USD 100 billion. It is undoubtedly a large and attractive market.

Read more
blogpost
Articles

Why serverless is the future of software and apps

Every few years there is a new big thing in IT. Nowadays, all eyes are focused on Machine Learning (ML) and Artificial Intelligence (AI). At the same time, it seems that everyone got used to containers as the best way to deliver enterprise applications.

Read more
blogpost
Articles

We build our own AWS Echo (with AWS Alexa on board)

How do you turn your (not so) ordinary Raspberry Pi into AWS Echo device – communicating with its surroundings using the AWS Alexa module? How to ask her about the weather in London, to remotely turn lights off at home, or make an appointment with a dentist? How to extend Alexa (in practice) to any […]

Read more
blogpost
Articles

Why Cloud Computing?

Cloud solutions, i.e. so-called Cloud Computing, are much less popular in Poland than in Western Europe and the United States. The market is new and is just taking shape. Customers are gradually gaining confidence in this type of solutions.   The fears of Polish companies related to the security / “cloud” experiences of businesses from […]

Read more
blogpost
Articles

Serverless is the new black!

Not so long ago at DevOps Days Warsaw 2016, predictions were being made about containerization and Docker as a technology that represents the future and will surely conquer the world. Anyone who invested their time in learning Docker at that time certainly does not regret it today. At TTPSC, we believe that containerization is not […]

Read more
blogpost
Articles

The Cloud is the future

The cloud solutions are the future that is slowly becoming reality and the present. This solution has many advantages. Currently, as much as 63% of companies are undergoing digital transformation. Classic, paper documents are being replaced by their electronic counterparts. Thanks to this, departments such as administration or accounting have significantly reduced their expenses and […]

Read more
blogpost
Articles

Partnership between Transition Technologies PSC and Amazon Web Services has grown to another level!

It is with great pleasure that we announce that the partnership between Transition Technologies PSC and Amazon Web Services has grown to another level. We are currently an AWS Standard Consulting Partner in Poland.   Amazon has recognized us as certified experts, who can efficiently help their customers design, build, migrate and administer resources and […]

Read more

Let’s get in touch

Contact us