AWS security group settings for Windows AD servers Edit on GitHub Request doc changes

If you use Windows Active Directory (AD) servers with cloud volumes, you should familiarize yourself with the guidance on AWS security group settings. The settings enable cloud volumes to integrate with AD correctly.

By default, the AWS security group applied to an EC2 Windows instance does not contain inbound rules for any protocol except for RDP. You must add rules to the security groups that are attached to each Windows AD instance to enable inbound communication from Cloud Volumes Service. The required ports are as follows:

Service Port Protocol

AD Web Services

9389

TCP

DNS

53

TCP

DNS

53

UDP

ICMPv4

N/A

Echo Reply

Kerberos

464

TCP

Kerberos

464

UDP

Kerberos

88

TCP

Kerberos

88

UDP

LDAP

389

TCP

LDAP

389

UDP

LDAP

3268

TCP

NetBIOS name

138

UDP

SAM/LSA

445

TCP

SAM/LSA

445

UDP

Secure LDAP

636

TCP

Secure LDAP

3269

TCP

w32time

123

UDP