Microsoft Best Practices from the AWS Summit in India Startup Track.

1. Best Practices:
Microsoft on AWS
Santanu Dutt (@san_dutt)
Solutions Architect
santanu@amazon.com

2. What we assume you already know:
EC2 Instance
+ =
Windows Server OS
AWS provides pre-configured Windows AMI’s to start running
fully supported Windows Server virtual machines in the cloud
in minutes

3. Isn’t cloud Windows.. different?
• Full, real, licensed Windows Server OS
• 2003, 2008, 2008r2, all via our Microsoft SPLA licensing means no CAL’s required
• SQL Server Web and Standard via SPLA as well
• VPC for static, secure, user-defined networks
• Security groups for easy-to-configure firewalls per VM
• Easily install services and software that you know
AD, ADFS, SCOM, WSUS, SQL, Exchange, SharePoint, Media Services, etc.
• All the benefits of a cloud infrastructure without the… weird

4. What’s Big & Easy, What’s New
• Web Applications • Media Applications
• WebMatrix • Transcoding, Encoding
• .net and IIS • Windows HPC Cluster
• Microsoft Applications • Genomics
• SharePoint • CFD, CAD
• SQL Server • Financials
• Exchange • Software Dev and Test
• System Center
• Windows Media Services
• ADFS
• 3rd Party Enterprise
Applications
• SAP, Sage, ESRI, etc

5. What’s New
Windows Free Tier

6. What’s New
SQL Server Standard on more host types, and now SQL
Web Edition at a lower hourly price point

7. What’s New
Relational Database Service for SQL Server
Point and Click deployment in minutes with pre-configured
Server, OS, and DB parameters
Vertically scale with a few clicks or a single API call
Automated backups and DR
Managed database snapshots for backup or cloning
Automatic Windows and SQL Server software patching
#1: Fully Managed Disk
Plus Free Tier!

8. What’s New
Elastic Beanstalk with support for .net and Visual Studio
IIS 7.5 with full .net support
Package deployable code as a “Microsoft Web Deploy” and you’re done
Or
Use the AWS Toolkit for Visual Studio to publish builds from within your IDE
Windows Server 2008r2 with auto-scaling and Elastic Load Balancer to
distribute traffic
Application level metrics like request count, average latency
Zero lock-in or lock-out, open up the hood, RDP in, change it how you like
Plus Free Tier!

9. More What’s New?!
CloudFront support for IIS-MS 4.1 Smooth
Streaming
Windows HPC Cluster support
http://docs.amazonwebservices.com/AWSEC2/latest/Windo
wsGuide/ConfigWindowsHPC.html
m1.medium instances, cc2.8xlarge instance

10. Security

11. Security: Shared Responsibility Model
AWS Customer
• Facilities • Operating System
• Physical Security • Application
• Physical Infrastructure • Security Groups
• Network Infrastructure • OS Firewalls
• Virtualization • Network Configuration
Infrastructure • Account Management

12. So, what do
you do about it?
SAS 70 Type II Audit
Encrypt data in transit
ISO 27001/2 Certification
Encrypt data at rest
PCI DSS 2.0 Level 1-5
Protect your AWS Credentials
HIPAA/SOX Compliance
Rotate your keys
FISMA Moderate Infrastructure Application Secure your OS and applications
FEDRamp / GSA ATO Security Security
How we measure that our How can you secure your
infrastructure is secure application and what is your
responsibility?
Services Security
What security options
and features are Enforce IAM policies
available to you? Use MFA, VPC, Leverage S3 bucket
policies, EC2 Security groups, EFS in EC2 Etc..

13. Networking and Security
• No:
• Multicast, Broadcast, Anycast, IP spoofing, Clustering
• VPC
• Statics, Routing, Network ACL + Security Group, Ingress/Egress
• VPN
• Direct Connect

14. Networking and Security
• AWS Credentials
• IAM (hint: Try the policy wizard!)
• For your Staff
• For your Applications
• MFA
• Secure Delete!
• Instance Credentials
• Keypairs
• Passwords

15. Amazon Virtual Private Cloud (VPC)
• Logically Isolated Environment
• Private IP address ranges
• Ingress and Egress Network Access Control
• Elastic IP addresses and Internet Gateway
• Hardware encrypted VPN connections or Direct Connect
10G’s
DirectConnect Amazon Virtual
Corporate Location Private Cloud
Data Center
• Wizard-based setup

16. The New Enterprise IT
Network Architecture
Availability Zone 1
10G
DirectConnect NAT Private
Corporate Location Instance Subnet
Data Center VPN Gateway
Customer
Gateway
Internet Gateway Public Subnet
Amazon VPC
Availability Zone 2
Corporate
Headquarters
S3 SQS/SNS/SES SWF Elastic SimpleDB DynamoD
Beanstalk B
AWS Region
Branch Offices

17. New EC2 VPC feature:
Elastic Network Interface
• Multiple Addresses
• Span Subnets
• Attach/Detach
• Public or Private

18. SQL Server

19. “With AWS and 2nd Watch, we have found a much more cost
effective way to keep the lights on for a critical part of our
infrastructure while reducing the risk of IT resources getting
distracted from our core business strategies.”
David Barbieri, SVP and CIO
Business Benefits
Infra Cost Comparison • Big savings over existing infrastructure
~58% savings!
• Faster network speeds
AWS Cloud
Infrastructure • Improved load times
• Already planning future migrations
Old Infrastructure
SW Apps:
• SharePoint 2010
• SQL Server 2008
• Umbraco CMS

20. SQL Server QnD
Instance Type Matters!
m1.xlarge /= m2.xlarge
IO Throughput is, well, important
Cluster Compute for non-HPC: DB on CC
EBS /= SAN
Raid0 isn’t quite what you think on EC2
Snapshots!
ENI for HA

21. Example:
a fork-lifted app,
with a fork-lifted
DB

22. Example:
Fault-Tolerant

23. SQL on EC2 vs. SQL on RDS
Do you have 3rd party applications on the DB host?
Windows Authorization…
Complex Replication Topologies
Manual update/patch control

24. SharePoint

25. Case Study – SharePoint on AWS
• SharePoint migration and consolidation
projects with Recovery.gov, Treasury.gov,
Army Corp of Engineers and others
• Team leveraged existing Windows skills and
tool sets
• Microsoft License Mobility program to license
server applications on AWS
SW Apps:
• SharePoint 2010
• SQL Server 2008
• Forefront Infrastructure Cost Comparison
60%-70% savings!
AWS Cloud
Infrastructure
Old Infrastructure

26. A little fault-tolerance exercise
Elastic Load
Balancer
How much load can
you safely put on
each instance?
SharePoint EC2 SharePoint EC2
Instance #1 Instance #2

27. A little fault-tolerance exercise
Elastic Load
Balancer
SharePoint EC2 SharePoint EC2
Instance #1 Instance #2

28. A little fault-tolerance exercise
Elastic Load
Balancer
How about now?
SharePoint EC2 SharePoint EC2
Instance 1-5 Instance 6-10

29. A little fault-tolerance exercise
Elastic Load
Balancer
SharePoint EC2 SharePoint EC2
Instance 1-5 Instance 6-10

31. Licensing

32. Licensing
• OEM aka Hourly Licensing via SPLA
• Windows OS, SQL Server Web and Standard Edition
• License Mobility aka BYOL
• Sharepoint, SQL Server, Lync, System Center, Exchange, Dynamics CRM
• RDS aka Terminal Services
• SAL via 3rd Party SPLA
• BizSpark
• Or the golden rule… Talk to your Microsoft Rep!

33. License Mobility Requirements
Must be on active Software Assurance
Enterprise Agreement
Enterprise Subscription Agreement
Open Value Agreement
Open License (with SA option)
Select Plus (with SA option)
For Licensed apps, need appropriate CALs
No migration for 90 days

34. BizSpark
• Developing Software?
• Privately Held?
• Less than 3 years old?
• Making less than $1mm USD annually?
• Join BizSpark!

35. Extra Tricks

36. Cloudformation
http://aws.amazon.com/cloudformation/aws-cloudformation-templates/

40. VM Import: Cloud Recovery
(this looks a lot like a migration, doesn’t it?) Windows
Server 2008
Boot Data
Volume Drive
C: D:
Snapshots Amazon EBS
VMware ESX VMDK
Availability Zone #1
Citrix Xen VHD
Microsoft Hyper-V VHD VM Import
service