In this session you will learn best practices for customers migrating Microsoft workloads to AWS. We will discuss Active Directory, Sharepoint & application migrations running on the windows server, and the impending End of Support of 2008 r2 and how AWS can help. Additionally, you will learn how AWS can help reduce costs by reusing licensing, incorporating Amazon Relational Database Service (RDS), Amazon FSx, AWS License Manager, and AWS Systems Manager to help you manage those workloads. We will also demo a server migration using AWS Server Migration Service (SMS).
14. Auto Scaling group
VPC
Public subnet
Availability zone 1
NAT gateway
IIS Web/App
Public subnet
Availability zone 2
NAT gateway
Always On Availability Group
Instance InstanceRDGW RDGW
VPN Connection
On-Premise
Client
VPC
Endpoint
Private subnet Private subnet
VPN
Gateway
Internet
gateway
Users
IIS Web/App
Microsoft
Workload
Sample
Reference
Architecture
33. All-in on AWS!
• Continuous Compliance
• Scalability
• Zero Down Time Migration
• Improved Security
• Turnkey High Availability
• Optimized Performance
• Improved Agility
• Lower TCO
• Improved Developer Productivity
H
AZ1 AZ2
34. AlwaysOn
AG (Synchronous)
Final State Architecture
Security, Certificate,
and Key Management
Configuration and
Systems Management
Storage
and Archiving
Monitoring,
Auditing, and
Logging
DevOps
Availability Zone 2 (AZ2)
Availability Zone 1 (AZ1)
Security Group
Web Server
AutoScaling
AutoScaling
Private Subnet
Security Group
App Server
AutoScaling
AutoScaling
Security Group Security Group
Domain
Controller
AWS Managed
Active Directory
SQL
Server
or
RDS SQL Server
(Secondary)
or
Replica
Replica
Replica
Public Subnet
NAT
GW
Security Group
WAP/Proxy
/RDGW
Security Group
Web Server
AutoScaling
AutoScaling
Private Subnet
Security Group
App Server
AutoScaling
AutoScaling
Security Group
SQL
Server
Security Group
Domain
Controller
AWS Managed
Active Directory
or
RDS SQL Server
(Secondary)
or
Replica
Replica
Replica
Public Subnet
NAT
GW
Security Group
WAP/Proxy
/RDGW
Internet
Gateway
Domain
Controller
Domain
Controller
Denver
Domain
Controller
Domain
Controller
New York
VPN/
Direct C0nnect
IAM Systems Manager S3 AWS CloudTrail AWS
CodeDeploy
AWS
CodePipeline
AWS
CodeBuild
AWS
CodeCOmmit
Amazon
CloudWatch
Amazon
Glacier
VPN
Endpoint
InspectorAWS
Config
Cloud
HSM
Certificate
Manager
CloudFront
(Content Dist.
Network)
AWS Shield
(DDOS)
WAF (Web
Application
Firewall
Route53 (DNS)
Internet
39. Putting It All Together
Microsoft Windows
EC2 Instances
AMI
Inspector
Golden
AMI
AMI Factory with
Inspector
ADFS SAML
Token
Users
On-Premises AD
Integration
L2, L3, L4, & L7
Native Security
Maintenance
windows
Patch
manager
Run
command
State
manager
Parameter
Store
Native Windows
Security Management
Tools
Detective,
Corrective
Controls
Logging,
Monitoring
Controls
Automate
Migration
H