AWS Solution Architect discusses high availability features for Microsoft Windows Server and SQL Server running on the AWS Cloud. Windows Server Failover Clustering (WSFC) and SQL AlwaysOn Availability Groups are part of the underpinnings for many enterprise-class solutions, including Microsoft SharePoint and .NET applications. You will learn to: • Deploy the virtual network infrastructure on multiple subnets • Launch Amazon Machine Images (AMIs) of Windows Server 2008 R2 • Set up Active Directory and DNS • Launch and configure the WSFC nodes • Create a SQL Server AlwaysOn Availability Group
Exploring the Future Potential of AI-Enabled Smartphone Processors
AWS Webinar: How to architect and deploy a multi tier share point server farm on AWS
1. Microsoft SharePoint Server on AWS
Deploying a SharePoint 2010 Server Farm on the AWS Cloud
Ulf Schoo
AWS Solution Architect
1
2. Agenda
• Introduction
• Running Microsoft Workloads on AWS
• SharePoint Server Architecture on AWS
• Common SharePoint Server Scenarios in the AWS cloud
• Mapping SharePoint Server scenarios to AWS
– Network and Security Setup
– Server Setup and Configuration
– Deployment
• Resources
2
3. Meeting Business Growth
• Time to obtain new hardware
• Scalability, elasticity
Data Center Limitations
Inflexible Architecture
DR & HA
Finding & Retiring IT talent
Enterprise IT Challenges
3
4. Key Benefits to Running in the AWS Cloud
No Up-Front
Investment
Apps not Ops
Flexible Capacity
Speed and Agility
Low Ongoing Cost
Deploy
Global Reach
4
5. The AWS Cloud
Low-level building
blocks
High-level building
blocks
Tools to access
services
Cross Service
features
5
7. Key AWS Services
AMI
Virtual Machine
Configuration
Instance
Running or
Stopped VM
VPC
EC2 “Classic”
Availability Zone Availability Zone
S3
EBS EBS EBS
VPC
EC2 “Classic”
EBS EBS EBS
EBS
Snapshots
S3 Buckets
Region
7
8. AWS “Virtual Private Cloud”
• Launch AWS resources in a virtual network that you define
• Environment closely resembles a traditional network
• Control over IP address ranges, subnets, routes, gateways
and security settings
• Create encrypted VPN connections between your branch
offices or corporate headquarters and use VPC as an
extension of your corporate data center
8
10. Microsoft Platform on AWS
• Partnership to support running Windows
Server-based workloads on AWS
• Amazon Machine Images (AMIs) with
Windows Server and SQL Server today that
were jointly developed by Microsoft and
AWS
• SharePoint Server and other Microsoft
server products can be licensed to run on
AWS
Two licensing models:
•Windows Server
•SQL Server Standard
Pay-as-you-go – AMI
pricing includes
software
•SQL Server Enterprise
•SharePoint Server
•Other qualifying Microsoft Windows Server
products*
BYOL – use existing
licenses on AWS
*General info on AWS and License Mobility for a variety of MS server products:
http://aws.amazon.com/windows/mslicensemobility/
Detail on AWS and License Mobility with SQL Server:
http://aws.amazon.com/windows/mslicensemobility/sql/
Microsoft “License Mobility through Software Assurance” gives Microsoft Volume Licensing
customers the flexibility to deploy Windows Server applications with active Software
Assurance (SA) on Amazon Web Services.
10
11. SharePoint Server Common Workloads
• Enterprise collaboration, content management,
and team/project sites
• Web Applications:
– ASP.NET++ documents/team, SharePoint services, social
computing workflow, backend connectivity, web-part
personalization, etc.
• Search services – SharePoint Search Server
• MS Office services – Excel, Word, etc.
11
12. Two SharePoint Scenarios
• Enterprise internal deployment of SharePoint:
– All or partial deployment of corporate SharePoint infrastructure
on AWS
– Intranet only – user experience identical to running on-premise
SharePoint
• Public-accessible Web Application/Website
– Web-based application built on SharePoint Server
– For instance: Customer service portal
12
13. Intranet SharePoint on AWS
• Enterprise (Intranet) SharePoint farm:
– Completely or partial (hybrid) hosted in AWS
– Extension of enterprise infrastructure into AWS
• Key points:
– Typically for corporate group collaboration, content sharing, team sites
– Internal only – access only from within corporate
– Active Directory on premise – authenticate using corporate credentials
14. Microsoft SharePoint Architecture Intranet On-Premises
Application Server Tier
Web Server
Group
Web Server
Group
App Server
Group
App Server
Group
Web Server Tier Database Server Tier
Database
Group
Database
Group
Load
Balancer
Primary DB
Secondary DB
Domain
Controller
Witness
On-Premises Data Center
15. Public Website on AWS
• Public Website
– Hosted public website/application on AWS
– Leverage SharePoint Server capabilities for web-
based application (content, workflow)
• Key points:
– Complete solution deployed within AWS
– Accessible via public internet
– DMZ for threat management
15
16. Microsoft SharePoint Architecture Pubic Facing Website
Application Server Tier
Threat Management
Gateways
SharePoint
Servers
Threat Management
(DMZ)
Database Server Tier
Secondary DB
Load
Balancer
Primary DB
Domain
Controller
Witness
Application Hosting
Web Server Tier
Web Server
Group
Mirrored
Web Server
Group
SharePoint
Servers
Firewall
Threat Management
Gateways
On-Premises Data Center
16
17. Implementing SharePoint Server Farm on AWS
Done in a step-wise sequential approach
similar to a setup on-premises:
1. Create foundational infrastructure:
• Network, Routing, Security
• 2nd Datacenter for High Availability (2nd AWS Availability Zone)
2. Setup AD, Sites, Subnets, Sitelinks
3. Set up MS SQL Server – primary, secondary, (witness)
4. Set up Application Servers
5. Set up Web Front End (WFE) servers
17
18. SharePoint Architecture in AWS Intranet – Network
On Premises
Data Center
Customer
Gateway
(VPN)
Active Directory
Domain Controllers
Availability Zone 1
Availability Zone 2
AWS Region
VPN
Connection
Virtual
Private
Gateway
Web Tier Application Tier Database Tier
Web Tier Application Tier
Active Directory
Database Tier
Active Directory
Private Subnet Private Subnet Private Subnet
Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
Elastic
Load
Balancer
18
19. SharePoint Architecture in AWS Public Facing Site – Network
Availability Zone 1
Availability Zone 2
Region
Internet
Gateway
Internet
Web Tier Application Tier Database Tier
Web Tier Application Tier
Active Directory
Database Tier
Active Directory
DMZ
DMZ
NAT
NAT
HTTP/S
Public Subnet Private Subnet Private Subnet Private Subnet
Public Subnet Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
RDGW
RDGW
19
20. Identity and Authorization
• Active Directory setup in VPC to provide user
authentication for SharePoint farm on AWS
– For the intranet scenario, AWS AD contents are replicated from the
AD on-premises via VPN (periodic refresh)
– For website scenario, users are created and maintained in AWS AD
• If on-premises alternate directory exists (LDAP etc),
then ADFS should be considered to federate those
with SharePoint
20
21. SharePoint Architecture in AWS Active Directory On AWS
VPN
Connection
Active Directory
Domain Controllers
Availability Zone 1
Availability Zone 2
Virtual
Private
Gateway
Customer
Gateway
(VPN)
Active Directory Replication
Active Directory
Active Directory
Private Subnet
Private Subnet
On Premise
Data Center
21
22. SharePoint Architecture in AWS Public Facing Website – AD Setup
Availability Zone 1
Availability Zone 2
Region
Internet
Gateway
Internet
Web Tier
Application Tier
Database Tier
Web Tier Application Tier
Active Directory
Database Tier
Active Directory
DMZ
DMZ
NAT
NAT
HTTP/S
Public Subnet Private Subnet Private Subnet Private Subnet
Public Subnet Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
RDGW
RDGW
22
23. Server Setup
• Map Microsoft guidance for on-premise and virtualized
SharePoint Server setups to EC2
• For each distinct server type/role:
o Select (or create/derive) AMI for the role – Windows, MS SQL, etc.
o Select EC2 Instance Type – pivot around CPU, RAM, storage, and
networking performance
• Serves as an initial starting point for sizing/testing
• Test/tweak against your metrics and usage patterns, e.g.
number of concurrent users, type and amounts of
content, etc
23
24. Server Sizing
24
Tier / Role Scenario Processor RAM Hard Disk
Web/Application Tier All 64-bit, 4 core 8 GB 80 GB
Database server Small deployment 64-bit, 4 core 8 GB 80 GB
Database server Medium deployment 64-bit, 8 core 16 GB 80 GB
Domain controller All 64-bit, 4 core 8 GB 80 GB
Tier Applicable EC2 Instance Type and Range AMI to Use
Web front end Extra Large (m1.xl) Windows Server 2008 R2 + IIS
Application server Extra Large: High Memory Quad Extra Large (m2.xl–m2.4xl) Windows Server 2008 R2
Database server High Memory Quadruple Extra Large (m2.4xl) Optimized SQL Server 2008 R2 AMIs from Microsoft
Domain controller Extra Large (m1.xl) Windows Server (in the role of a domain controller)
Microsoft recommended server requirements for on-premises SharePoint farm:
Suggested mapping to AWS instance types:
25. Security Setup
• To enable appropriate access in and out of the VPC,
subnets, and the instances running each subnet
• Two core components in security setup:
Security Groups
Act as a firewall that controls the traffic allowed in and out of a AWS resource.
Security groups act at the instance level, not the subnet level.
Network ACLs
Acts as a firewall for controlling traffic in and out of a subnet. Network ACLs act
at the subnet level, not the instance level.
25
26. SharePoint Architecture in AWS Intranet – Server Setup
On Premise
Data Center
Customer
Gateway
(VPN)
Active Directory
Domain Controllers
Availability Zone 1
Availability Zone 2
AWS Region
VPN
Connection
Virtual
Private
Gateway
Web Tier Application Tier Primary Database
Web Tier Application Tier
Active Directory
Secondary Database
Active Directory
Private Subnet Private Subnet Private Subnet
Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
Elastic
Load
Balancer
M1.xl M2.2xl-4xl
M2.4xl
M1.small
26
27. SharePoint Architecture in AWS Public Website – Server Setup
Availability Zone 1
Availability Zone 2
Region
Internet
Gateway
Internet
Web Tier Application Tier
Primary Database
Web Tier Application Tier
Active Directory
Secondary Database
Active Directory
DMZ
DMZ
NAT
NAT
HTTP/S
Public Subnet Private Subnet Private Subnet Private Subnet
Public Subnet Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
RDGW
RDGW
M1.xl M2.2xl-4xl
M2.4xl
M1.small
27
28. Deployment Tools
• AWS CloudFormation
– Specify creation and configuration of AWS resources in a JSON-
based template
– Deploy template using AWS CloudFormation to create a ‘stack’ of
running resources
– Integrates with other deployment scripts/tools
• Private AMI Creation
• Windows Powershell
– Execute on instance at provisioning time via instance Metadata
– Use PowerShell to orchestrate CloudFormation template launches
28
29. SharePoint Architecture Whitepaper
• The whitepaper describes all of this in much
greater detail and is available for download at:
http://aws.amazon.com/windows/sharepoint/
• Presents and discusses how the SharePoint
Server architecture scenarios can be configured
and deployed to run on AWS
– Enterprise internal deployment of SharePoint
– Public-accessible Web Application/Website
• Targeted to IT decision-makers and administrators
29
30. Tutorial Article and New Video Tutorial
Article
http://aws.amazon.com/articles/9982940049271604
Video
http://aws.amazon.com/windows/sharepoint/gsg-sharepoint-2010/
“Deploy a Microsoft SharePoint 2010 Server Farm in the AWS Cloud in 6 Simple Steps”:
– Builds upon the SharePoint Architecture White Paper
– Configure your SharePoint Server farm and test by creating a sample site
AWS CloudFormation Templates for each step: network/AD
stack
Db
stack
app
stack
web
stack
30
31. Advanced Implementation Guide
• Available in pdf format here:
https://aws.amazon.com/whitepapers/
sharepoint-implementation-guide/
• Comprehensive guide detailing all of the
components of the AWS CloudFormation
templates, AMI and instance configuration,
parameters that can be varied, etc
• Walks through ALL of the AWS CloudFormation details,
Powershell scripts, cfn-init details, etc
• Targeted to customers and systems integrators that want to
understand all the details, to customize, extend, etc
31
32. 32
Further Reading
Web Pages
Microsoft on AWS
http://aws.amazon.com/microsoft/
Amazon EC2 Windows Guide
http://aws.amazon.com/sharepoint/
Amazon EC2 Windows Guide
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/
Microsoft AMIs for Windows and SQL Server
http://aws.amazon.com/windows/ (includes pricing)
https://aws.amazon.com/amis?ami_provider_id=1&platform=Windows
&selection=ami_provider_id%2Bplatform
Microsoft License Mobility
http://aws.amazon.com/windows/mslicensemobility/
Covers Microsoft Exchange, SharePoint, SQL Server, Lync Server,
System Center Operations Manager, and Dynamics CRM. See page
for specific details including which versions are covered.
Whitepapers
Microsoft SharePoint Server on AWS: Reference Architecture
Secure Microsoft Applications on AWS
Implementing Microsoft Windows Server Failover Clustering (WSFC)
and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud
Contact Us
Microsoft (general)
https://aws.amazon.com/microsoft/contact-us/
SharePoint
https://aws.amazon.com/sharepoint/contact-us/