This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Setup Wizard

You can choose to configure the Ohlala Operations for Amazon EC2 to user either:

  • Active Directory as the main authentication system
  • Local Authentication i.e. username and password set at first run.

Ohlala Operations - Automate Windows Server Management on AWS!

1 - Active Directory prerequisites

To ensure proper integration with Active Directory, configure a dedicated service account with the required permissions.

1. Create the Service Account

  1. Open Active Directory Users and Computers.
  2. Navigate to the desired Organizational Unit (OU).
  3. Right-click and select New > User.
  4. Provide a username (e.g., OhlalaOpsService).
  5. Set a secure password and check Password never expires (if applicable).
  6. Complete the wizard to create the account.

2. Assign Required Permissions

  1. Open Active Directory Users and Computers.
  2. Right-click the OU where your EC2 instances reside and select Delegate Control.
  3. In the wizard, click Next, then Add the newly created service account.
  4. Select Create a custom task to delegate and click Next.
  5. Choose Only the following objects in the folder and select:
    • Computer objects
    • Check Create selected objects in this folder
    • Check Delete selected objects in this folder
  6. Click Next and assign the following permissions:
    • Reset password
    • Write
    • Validated write to DNS host name
    • Validated write to service principal name
  7. Click Finish to apply the changes.

3. Verify the Configuration

  • Ensure the service account can create and manage computer objects in the designated OU.
  • Test authentication with the configured credentials.

Ohlala Operations - Automate Windows Server Management on AWS!

2 - Active Directory authentication setup

This guide walks you through configuring the setup wizard for Active Directory authentication in Ohlala Operations for Amazon EC2.

Prerequisites

  • An Active Directory domain
  • AD service account credentials to configure authentication settings
  • Network connectivity to Ohlala Operations for Amazon EC2 web console.

Step 1: Access the Authentication Settings

  1. Open Ohlala Operations for Amazon EC2 URL.
  2. Navigate to the wizard on /wizard url. It should bring you there by default on first launch.
  3. Read and accept the disclaimer.

Step 1

Step 2: Enable Active Directory Authentication

  1. Select Active Directory as the authentication method.
  2. Click Next to proceed.

Step 2

Step 3: Configure Domain Information

  1. Provide the IP adresses of your Domain Controller address. They must be reachable from within your VPC.
  2. Enter your Domain Name (e.g., example.local).
  3. Enter the username of the AD service account
  4. Enter the password of the AD service account
  5. Click Next. We will test connection to Active Directory before moving to the next screen.

Step 3

Step 4: Bind Credentials

  1. Select the distinguished name of the AD group you want as admnistrators of Ohlala Operations for Amazon EC2
  2. Select the distinguished name of the Organisational Unit where you will join EC2
  3. Click Next.

Step 4

Step 5: Default setting

  1. Enable Default Host Management Configuration. This is recommended to simplify your EC2 administration. Feel free to disable it if you wish to manage the SSM permissions of your instances. Please note that DHMC requires SSM Agent version > 3.2.582.0.
  2. Set the default refresh interval of your EC2 data. We recommend setting it between 30 and 120 seconds.
  3. Proceed by clicking Next.

Step 5

Step 6: Finalize Configuration

  1. Review the configuration summary.
  2. Click Save to apply the settings.
  3. Authentication is now configured!

Step 6

Troubleshooting

If you encounter any issues:

  • Ensure the domain controller is reachable.
  • Verify the credentials are correct.
  • Confirm the service account has the necessary permissions.
  • Restart the Ohlala Operations for Amazon EC2 EC2 if changes don’t take effect.

For further assistance, refer to the official documentation or contact support.

Ohlala Operations - Automate Windows Server Management on AWS!

3 - Local authentication setup

This guide walks you through configuring Local Authentication in Ohlala Operations for Amazon EC2.

Prerequisites

  • Ohlala Operations for Amazon EC2 installed and running
  • Network connectivity to Ohlala Operations for Amazon EC2 web console.

Step 1: Access the Authentication Settings

  1. Open Ohlala Operations for Amazon EC2 URL.
  2. Navigate to the wizard on /wizard url. It should bring you there by default on first launch.
  3. Read and accept the disclaimer.

Step 1

Step 2: Select Local Authentication

  1. Choose Local Authentication as the authentication method.
  2. Click Next to proceed.

Step 2

Step 3: Create a Local Administrator Account

  1. Enter the Username for the local admin account.
  2. Set a password.
  3. Confirm the password.
  4. Click Next.

Step 3

Step 4: Active Directory integration (optional)

  1. Enable or disable Active Directory integration. This will allow you to join your Microsoft Windows EC2 to your Active Directory domain from the Ohlala Operations for Amazon EC2 console.
  2. If you choose to enable it, go to step 5. Otherwise, go to step 7

Step 4

Step 5: Active Directory parameters

  1. Provide the IP adresses of your Domain Controller address. They must be reachable from within your VPC.
  2. Enter your Domain Name (e.g., example.local).
  3. Enter the username of the AD service account
  4. Enter the password of the AD service account
  5. Click Next. We will test connection to Active Directory before moving to the next screen.

Step 5

Step 6: Default Organizational Unit

  1. Select the distinguished name of the Organisational Unit where you will join EC2
  2. Click Next.

Step 6

Step 7: Default setting

  1. Enable Default Host Management Configuration. This is recommended to simplify your EC2 administration. Feel free to disable it if you wish to managethe SSM permissions of your instances.
  2. Set the default refresh interval of your EC2 data. We recommend setting it between 30 and 120 seconds.
  3. Proceed by clicking Next.

Step 7

Step 8: Review and Confirm

  1. Verify the entered details.
  2. Click Save to apply the configuration.
  3. Local authentication is now enabled!

Without Active Directory integration: Step 8 - without Active Directory integration

With Active Directory integration: Step 8 - with Active Directory integration

Troubleshooting

If you encounter issues:

  • Ensure the entered credentials meet security requirements.
  • Restart the Ohlala Operations for Amazon EC2 EC2 if changes don’t take effect.
  • Check system logs for authentication errors.

For additional support, refer to the official documentation or contact support.

Ohlala Operations - Automate Windows Server Management on AWS!