Best Practices for Migrating your Microsoft Workloads to AWS

P U B L I C S E C T O R
S U M M I T
WASH INGTON, DC

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Best Practices for Migrating
your Microsoft Workloads to
AWS
Michael Hall
Senior Solutions Architect
Amazon Web Services
2 9 5 5 0 4
Milty Brizan
Solutions Architect
Amazon Web Services

S U M M I T
The focus of this session is on migrating your existing Microsoft
applications to Amazon Web Services (AWS)
• Holistic approach to migrating typical Microsoft Applications on AWS
• Process for building your landing zone on AWS with security first
approach, including fully automated compliance controls, before
embarking on your migration
• Approach to build repeatable architectures
In this session

S U M M I T

S U M M I T
Most Experience
11Years running Windows
workloads
Service offerings
165+
Global Reach & High
Availability
66Availability zones spanning 21
geographic regions
With consistency
80,000
Capable of delivering up to
Security & Compliance
IOPS/
instance
HIPAA, FISMA, ITAR, EU Model Clauses
50+Compliance Certifications
SOC-1,2,3 FIPS, ISO
72price reductions since 2006
Customer Obsession &
Innovation
Improve TCO
Why Customers Choose AWS for their Microsoft Applications

S U M M I T
Innovation for Windows on AWS
Key Windows launches since 2008
90+
40+
750+
instance types, 22 instance families
different AMIs for Windows workloads
Windows ISV listings
in AWS Marketplace
Windows Deep Learning AMI
Hyper-V support in SMS
Application-consistent Snapshots through VSS
WS 2008 & SQL Server 2008
Visual Studio Toolkit
Microsoft SCOM plug-in release
AWS Directory Service
EC2 Dedicated Hosts (BYOL)
Microsoft SharePoint 2016 (Marketplace)
Windows Server 2008 R2
SQL Server 2008 R2
Windows Server 2003
SQL Server 2005
.NET SDK
Microsoft SCVMM Plug-in
Windows Server 2012
SQL Server 2012
AWS Tools for Windows PowerShell
Amazon RDS adds SQL Server
EC2 Run Command
EC2 Systems Manager
Windows Server & SQL Server 2016
EC2 Dedicated Instances (BYOL)
.NET on Lambda &
Codebuild
SAP instance on AWS 2012
Trusted Advisor
checks for Windows
SQL Server 2017 on EC2/RDS
X-Ray .NET SDK
CustomerAdoption
Windows for Lightsail
.NET Core & Powershell
on AL2/Ubuntu
2008 Today
.NET Core 2.0 Support
with Lambda & X-Ray
Windows Containers
.NET Core 2.1 Support

S U M M I T
AWS Tools for Windows Development
Visual Studio
PowerShell
NuGet
Command line
Visual Studio Team
Services (VSTS)
AWS Toolkit for
Visual Studio
AWS SDK for
.NET
AWS Tools for
Powershell
AWS Command Line
Interface (AWS CLI)
AWS Tools for VSTS

S U M M I T
Flexible options for Microsoft licenses in the
AWS Cloud
1. Flexible pay-as-you-go
licensing choices
2. Bring your license mobility
benefits to AWS
3. Bring licenses to AWS without
paying software assurance
Dedicated options for
licenses not eligible for
License Mobility
Default tenancy
for License Mobility
eligible products with
Software Assurance
AWS licensing
Buy license-included
instances from AWS
(Windows Server, SQL
Server)
Bring licenses to AWS

S U M M I T
Network Design
VPC
Design
Subnet
Design
Access Control Lists
&
Security Groups
Logging and
Monitoring
VPN /
AWS Direct
Connect
AWS Cloud

S U M M I T
What Does Every Enterprise Microsoft Service
Depend On?
• Active Directory!
• With Active Directory, identify your AD architecture
• You can choose to extend your existing domain or domains into
AWS or deploy a new domain in AWS—with or without trust
relationships
• Bring your existing group policies

S U M M I T
AWS Managed Directory Service for Microsoft AD
AWS Managed
Microsoft AD
Directory
SaaS Applications
Azure AD
Amazon
WorKSpaces
RDS for SQL
Server
Amazon
WorkDocs
Amazon
WorkMail
Amazon
QuickSight
AWS
Management
Console
Amazon
Chime
Amazon
Connect
AWS Apps & Services
Enable, authenticate, & authorize
Manage, authenticate,
& authorize
.NET
Applications
Server
SharePoint
Server
AD-aware Workloads
SQL ServerRemote
Desktop
Licensing
Manager
.NET SharePoint
SQL
Server
RD
Licensing
Enterprise
Certificate
Authority
Certificate
Services
Domain join &
manage
Amazon
Windows EC2
instances
Amazon
Linux EC2
instances
Amazon EC2
SAML
authenticate
Synchronize
users
AD FS
Server
AD FS
Azure AD
Connect
Server
Federate
ADSync
On-premises
Microsoft Active
Directory
On-premises user
credentials
Departmen
t data
center

S U M M I T
Microsoft Active Directory migration using ADMT
Availability Zone B
Department Network
Trust relationship
Availability Zone A
department.local
VPNDomain
client
AWS Managed Directory Service
PES Install
ADMT
DC1
Direct
Connect

Auto Scaling group
VPC
Public subnet
Availability zone 1
NAT gateway
IIS Web/App
Public subnet
Availability zone 2
NAT gateway
Always On Availability Group
Instance InstanceRDGW RDGW
VPN Connection
On-Premise
Client
VPC
Endpoint
Private subnet Private subnet
VPN
Gateway
Internet
gateway
Users
IIS Web/App
Microsoft
Workload
Sample
Reference
Architecture

S U M M I T
Where can I run SQL Server workloads on AWS?
Amazon Relational Database Service
(Amazon RDS)
Amazon Elastic Compute Cloud
(Amazon EC2)
Managed service with up to 64 vCPU, 488 -GB RAM, and 16-TB storage
Self-managed virtual machine with up to 128 vCPU, 4-TB RAM, and 400-TB storage
MS SQL instance

S U M M I T
SQL Server Amazon EC2 vs. Amazon RDS:
Which should I use?
EC2 RDS
License included  
BYOL 
Full control over the instance 
Automated backups 
Self-managed AlwaysOn Availability Groups 
AWS-managed Multi-AZ deployment 

S U M M I T
SQL Server Storage Optimization
Storage I/O contention is one of
the main causes for poor SQL
Server performance
• Use EBS Optimized Amazon EC2
Instances
• Match storage technology with I/O
pattern of workload components
• Match instance type to IOPS and
throughput needs of workload
• Create a single volume for data
and logs

S U M M I T
SQL Server Migration Options
* Network bandwidth and latency considerations
Migration method Amazon
RDS Target
Amazon EC2
Target
Downtime DB Objects Cross-
Engine
Backup/Restore Yes Yes
Yes
(hrs)
Data, Schemas, Stored
Procedures, Triggers, Indexes
No
Import/Export
Bulk Copy
Yes Yes
Yes
(mins-hrs)
Data, Schemas, Stored
Procedures, Triggers, Indexes
No
SQL Log
Shipping*
No Yes
Minimal
(secs-mins)
Pre-create the DB, Sync No
Hybrid
Architecture*
No Yes
Minimal
(secs-mins)
Pre-create the DB, Sync No
AWS DMS* Yes Yes
Minimal
(secs-mins)
With SCT (Data, Schemas, Stored
Procedures, Triggers, Indexes)
Yes (SCT)

S U M M I T
Application users
AWS Database Migration Service for Live Migration
Start a replication instance
Connect to source and target
databases
Select tables, schemas, or
databases
Let AWS Data Migration
Service (AWS DMS) create
tables, load data, and keep
them in sync
Switch applications over to
the target at your
convenience
Customer
premises
AWS
Internet
VPN

S U M M I T
AWS
Direct
Connect
A private
connection
between your
data center, office,
or colocation
environment and
AWS
AWS Snow
family
(Snowball, Snowball
Edge, Snowmobile)
Secure, physical
transport
appliances that
move up to
Exabytes of data
into and out of
AWS
AWS
Storage
Gateways
Hybrid storage that
seamlessly connects
on-premises
applications to AWS
storage. Ideal for
backup, DR,
bursting, tiering or
migration
Amazon
Kinesis
Firehose
Capture, trans-
form, & load
streaming data
into S3 for use
with Amazon
business
intelligence and
analytics tools
Amazon EFS
File
Sync
Up to 5x faster file
transfers than
open source tools.
Ideal for
migrating data
into EFS or
moving between
cloud file systems
Amazon S3
Transfer
Acceleration
Up to 300%
faster transfers
into and out of
S3. Ideal when
working with
long geographic
distances
APN
competency
partners
Integrations
between 3rd party
vendors and AWS
services. Ideal for
leveraging
existing software
licenses and skills
Networks Shipping Hybrid
Many ways to move data to AWS

S U M M I T
AWS Snowball AWS Snowball Edge AWS Snowmobile
• 80 TB capacity/10 G network
• Data encryption end-to-end
• Rugged 8.5 G impact case
• Rain and dust resistant
• 100 TB capacity/10 Gb network
• Rugged 8.5 G impact case
• Rain and dust resistant
• Compute and storage for
hybrid/edge workloads
• Rack-mountable, clusterable
• Exabyte-scale 45ft container
• Dedicated security personnel
• GPS tracking, alarm monitoring,
24/7 surveillance, and optional
additional security
AWS Snow family

S U M M I T
Application Migration Options
Start
Replication
Deploy AWS
SMS Connector
Tag AMIs Deploy using
CloudFormation
(CF)
Swap Blue-
Green
Use ECR for
storing images
Create/ Extend
code build to AWS
Deploy
using CF
RefactorSelect AWS
Serverless
services
Deploy using
SAM
ReplatformRehost Refactor
Fastest
Cloud economies
Adopt Cloud native
services

S U M M I T
Rehost using AWS Server Migration Service
vSphere
ESXi
HOST
ESXi
HOST
ESXi
HOST AWS SMS
SMS VM
Web AMI
App AMI
AMI
AMI

S U M M I T
.NET Application Migration Strategies
 Deploy .NET Framework apps “as is” to EC2
 Every app can have custom server configuration, different .NET
Framework versions, IIS configuration, dependencies, etc.
 Containerize in Windows Containers and orchestrate with ECS
 Supports different .NET Framework versions, IIS configurations,
dependencies
 Reduces $$ for OS licensing costs (host only)
 Port to .NET Core, and run in ECS or Fargate as Linux
Containers, Windows Nano containers, or serverless
 No OS licensing costs, smaller containers
 Enables deploying apps to Lambda
LevelofEffort
Level of
effort

S U M M I T
Replatform using Amazon ECS
Developers Version Control
Repository
Test &
Deployment
Manager
Infrastructure
Provisioning
Container
Scheduling &
Orchestration
Image Build
Service
Container Image
Repository
AWS Toolkit
for
Visual Studio

S U M M I T
Replatform Windows File Servers using File Gateway
Customer Premises
HTTPS
SMB or
NFS
File Gateway Objects in your
S3 bucket
Application
Server
• Supports SMB & NFS protocols
• Fully-managed local cache for low
latency access
• Ownership, permissions and timestamps
are preserved
• Files stored as native Amazon S3
objects
• Apply versioning, lifecycle
management, and cross-region
replication (CRR) policies
Store and access objects in Amazon Simple Storage Service (Amazon S3) from file-based
applications with local caching

S U M M I T
Refactor using AWS Lambda
VPC private
subnet
Pull data from CSV file
Perform ETL
Insert data into SQL
table
Upload Users
Data dropped in S3
Schedule / event triggered
DB in private subnet
DB on Instance
Web 01 Web 02 Web 03
App 01 App 02 App03
SQL 01 SQL 02
Batch
Jobs
Department Website
Profile # 1
Regulatory Apps (PCI)
with Batch Jobs
Implement scheduled tasks with AWS Lambda

S U M M I T
Building repeatable architecture
Automate- Automate- Automate!

S U M M I T
Repeatable Windows stacks using Cloud Formation
Template File
Defining Stack
CodeCommit,
Git, etc…
Dev
Test
Prod
The entire Windows stack can be
represented in a CloudFormation
template.
Use the version control
system of your choice
to store and track
changes to templates.
Build out multiple
Windows stacks for
Dev, Test, and
Production using
templates.

S U M M I T
AWS WAF • PCI
• OWASP Top 10
• Bot protection
• SQLi/XSS
• IP reputation
• CMS protection
AWS WAF – Working with Managed Rulesets

All-in on AWS!
• Continuous Compliance
• Scalability
• Zero Down Time Migration
• Improved Security
• Turnkey High Availability
• Optimized Performance
• Improved Agility
• Lower TCO
• Improved Developer Productivity
H
AZ1 AZ2

AlwaysOn
AG (Synchronous)
Final State Architecture
Security, Certificate,
and Key Management
Configuration and
Systems Management
Storage
and Archiving
Monitoring,
Auditing, and
Logging
DevOps
Availability Zone 2 (AZ2)
Availability Zone 1 (AZ1)
Security Group
Web Server
AutoScaling
AutoScaling
Private Subnet
Security Group
App Server
AutoScaling
AutoScaling
Security Group Security Group
Domain
Controller
AWS Managed
Active Directory
SQL
Server
or
RDS SQL Server
(Secondary)
or
Replica
Replica
Replica
Public Subnet
NAT
GW
Security Group
WAP/Proxy
/RDGW
Security Group
Web Server
AutoScaling
AutoScaling
Private Subnet
Security Group
App Server
AutoScaling
AutoScaling
Security Group
SQL
Server
Security Group
Domain
Controller
AWS Managed
Active Directory
or
RDS SQL Server
(Secondary)
or
Replica
Replica
Replica
Public Subnet
NAT
GW
Security Group
WAP/Proxy
/RDGW
Internet
Gateway
Domain
Controller
Domain
Controller
Denver
Domain
Controller
Domain
Controller
New York
VPN/
Direct C0nnect
IAM Systems Manager S3 AWS CloudTrail AWS
CodeDeploy
AWS
CodePipeline
AWS
CodeBuild
AWS
CodeCOmmit
Amazon
CloudWatch
Amazon
Glacier
VPN
Endpoint
InspectorAWS
Config
Cloud
HSM
Certificate
Manager
CloudFront
(Content Dist.
Network)
AWS Shield
(DDOS)
WAF (Web
Application
Firewall
Route53 (DNS)
Internet

S U M M I T
Automation Is Key, How Do I Automate Updates?
Start temporary
instance
AWS latest
Windows
AMI
Update EC2 Config
or EC2 Launch
Update PV drivers and run
Windows updates
Invoke user provided
scripts
Run a sysprep /
Generalise
Stop
temporary
instance
Custom AMI ready for
deployment

S U M M I T
Life without RDP - Session Manager
VPC
IAM
Permissions Session
Manager
SSM
Endpoint

S U M M I T
Operating your cloud
Self-Managed
• AWS Service Catalog
• AWS Systems Manager
• AWS Management Tools & Services
• Modeling and Provisioning
• Automation and Operations
• Monitoring and Logging
• 3rd Party Tools
AWS Managed Services (AMS) Partner Managed
•40+ curated services
•“Month-to-Month” terms
•Addresses Security & Compliance (PCI /
SOC / ISO / HIPAA / NIST certified /
compliant)
•7 Management services provided
•100+ Managed Service Partners (MSP)
•Certification Program
•Third-Party Audit
•Full Lifecycle Services
https://aws.amazon.com/partners/msp/
Multiple operational models to fit your needs

Putting It All Together
Microsoft Windows
EC2 Instances
AMI
Inspector
Golden
AMI
AMI Factory with
Inspector
ADFS SAML
Token
Users
On-Premises AD
Integration
L2, L3, L4, & L7
Native Security
Maintenance
windows
Patch
manager
Run
command
State
manager
Parameter
Store
Native Windows
Security Management
Tools
Detective,
Corrective
Controls
Logging,
Monitoring
Controls
Automate
Migration
H

S U M M I T
Migration Summary
• Seamlessly migrated Core business applications, Active Directory, SQL Server and .Net
applications to AWS!
• Built Highly Available Application architecture using Multiple Availability Zones (Is HA = DR?)
• Implemented Centralized governance and compliance using AWS Landing Zone solution
• Minimized downtime and risks with AWS Server Migration Service & AWS Data Migration Service
• Used AWS CloudFormation service to deploy infrastructure as a code
• Used Amazon Elastic Container Service to simplify deployment of containerized .Net applications
• Modernize .Net applications with AWS Lambda serverless functions
• Leveraged flexible licensing options
• Simplified operations with cloud native tools like AWS Systems Manager

S U M M I T
Tools to help you migrate
AWS MIGRATION SERVICES
AWS Server Migration Service
AWS Database Migration Service
VMware Cloud on AWS
AWS Schema Conversion Tool
AWS Application Discovery Service S3 Transfer Acceleration
AWS Storage & File Gateway
AWS Direct Connect
AWS Snowball & Snowmobile
Amazon Kinesis Firehose
AWS DATA TRANSFER
Inventory Business Case
App Dependency
Mapping
Validation
Workload & Data
Migration
Deep Discovery &
Planning
Found on
AWS MIGRATION HUB
A single location to track the
progress of application migrations
across AWS and partner solutions
Partner migration tools are vetted by AWS
Deloitte
Deloitte
DeloitteDeloitte

S U M M I T
Key Takeaways

S U M M I T
Resources
Amazon Web Services and Microsoft FAQ
https://aws.amazon.com/windows/faq/
Microsoft Licensing on AWS
https://aws.amazon.com/windows/resources/licensing/
Microsoft Servers on the AWS Cloud—Quick Start
https://docs.aws.amazon.com/quickstart/latest/accelerator-msservers/welcome.html
Short Video Series on How to run Windows workloads on AWS
https://www.youtube.com/playlist?list=PLhr1KZpdzukcZEpM1wap9dkr3zgTRdRrD
Explore .Net on AWS
https://aws.amazon.com/developer/language/net/
AWS Landing Zone solution
https://aws.amazon.com/answers/aws-landing-zone/
Whitepapers
http://aws.amazon.com/microsoft/whitepapers

Thank you!
S U M M I T

Best Practices for Migrating your Microsoft Workloads to AWS

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Best Practices for Migrating your Microsoft Workloads to AWS

Similar a Best Practices for Migrating your Microsoft Workloads to AWS (20)

Más de Amazon Web Services

Más de Amazon Web Services (20)

Best Practices for Migrating your Microsoft Workloads to AWS