ENT201 Simplifying Microsoft Architectures with AWS Services

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Zlatan Dzinic
Senior Solutions Architect, Amazon Web Services
ENT201
Simplifying Microsoft Architectures
with AWS Services

Challenge
• Can AWS simplify the infrastructure environment that I already know well?
• Active Directory?
• Corporate applications
• Office 365
• Exchange
• SharePoint
• Dynamics
• System Center
• SQL?
• How do I deploy all of this?
• Any good migration suggestions for simplifying my Microsoft workloads?
• Can AWS help me simplify my legacy .NET architecture?
• I want to innovate!
• I want to use the latest architectural concepts and platforms!
• I want an efficient, fully supported CD/CI!
• Can AWS make management of my Windows workloads more simple?

Simplify Infrastructure Environment

Innovation for Windows on AWS
62
42
774
instance types, 14 instance families
different AMIs for Windows workloads
Windows ISV listings
in AWS marketplace
Windows Deep Learning AMI
Hyper-V support in SMS
Application-consistent Snapshots through VSS
WS 2008 & SQL Server 2008
Visual Studio Toolkit
Microsoft SCOM plug-in release
AWS Directory Service
EC2 Dedicated Hosts (BYOL)
Microsoft SharePoint 2016 (Marketplace)
Windows Server 2008 R2
SQL Server 2008 R2
Windows Server 2003
.NET SDK
Microsoft SCVMM Plug-in
Windows Server 2012
SQL Server 2012
AWS Tools for Windows PowerShell
Amazon RDS adds SQL Server
EC2 Run Command
EC2 Systems Manager
Windows Server & SQL Server 2016
EC2 Dedicated Instances (BYOL)
.NET on Lambda
NEW!
SAP instance on AWS 2012
Trusted Advisor
checks for Windows
SQL Server 2017
X-Ray .NET SDK
2008
Windows for Lightsail
Innovation
Today
SQL Server 2005

VPC Design Patterns: Single VPN—Multi-VPC
Shared Services VPC
Transit VPC

Private subnetPrivate subnet
Availability Zone 2
San Francisco
DC1
VPN / Direct
Connect
Availability Zone 1
DC3
Cost 10
Existing Active Directory domain extended to AWS; new
Active Directory sites configured in each AZ; domain
controllers on Amazon Elastic Compute Cloud (Amazon
EC2) Windows servers; site-link costs correctly configured;
and “try next closest site” configured
DC4
AD Domain: amazon.com
AD Replication
AD Site: AwsEastAZ1
AD Site: AwsEastAZ2
Cost 50
New York
AD Site: SanFran
DC2
AD Site: NewYork
AD Pattern: Extending Active Directory Domain to AWS
Corporate Network

Availability Zone 2Availability Zone 1
Federated
Trust
San Francisco
DC1
Cost 50
New York
AD Site: SanFran
DC2
AD Site: NewYork
Internet
ADFS2
ADFS1
AD Domain: Domain A
Identities mastered on premises; Federated Trust
(AD FS) configured between on-premises Active
Directory and domain controllers running on
Amazon EC2 Windows servers
DC1 or
ADF
S1
AD Domain: Domain A
DC2 or
ADF
S2
AD Pattern: Federated Trust
Corporate Network

Availability Zone 2
San Francisco
DC1
VPN / Direct
Connect
Availability Zone 1
Identities mastered on premises; Forest Trusts
configured between on-premises Active Directory and
AWS Directory Service for managed Active Directory
AD Domain: Domain A
AD Authentication
AD Domain: Domain A
Cost 50
New York
AD Domain: Domain B
AD Site: SanFran
DC2
AD Domain: Domain B
AD Site: NewYork
AD Trust
DC1 or DC2 or
AD Pattern: Forest Trusts
Corporate Network

Office 365 with AWS Microsoft Active Directory
Credentials

Configuration
• Add two containers to AWS
Microsoft Active Directory for
use by AD FS
• Install AD FS
• Integrate AD FS with Azure
Active Directory
• Synchronize users from AWS
Microsoft Active Directory to
Azure Active Directory with
Azure AD Connect
• Sign in to Office 365 using
your Microsoft Active Directory
identities

Options for Deploying SQL Server on AWS
Amazon RDS for SQL
Server
SQL Server on Amazon EC2
Customer-
managed
AWS managed
Power, HVAC, net
OS Install/Maintenance
OS Patching
DBMS Install/Maintenance
DBMS Patching
Database Backups
High Availability
Scaling
Power, HVAC, net
OS Install/Maintenance
OS Patching
DBMS Install/Maintenance
DBMS Patching
Database Backups
High Availability
Scaling
• Consider Amazon
RDS first
• Focus on business
value tasks
• High-level tuning
tasks
• Schema
optimization
• No in-house
database
expertise
• Need full control over
DB instance
• Backups
• Replication
• Clustering
• Options that are not
available in
Amazon RDS

Multi-AZ AlwaysOn Availability Group

Multi-Region AlwaysOn Availability Group

Failover Cluster Instance
SIOS DataKeeper
Cluster Edition
Windows Server 2016
Storage Replica

Simplify Infrastructure Deployment

Template AWS CloudFormation Stack
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration actions
Configured AWS resources
Comprehensive service support
Service event aware
Customizable
Framework
Stack creation
Stack updates
Error detection and rollback
AWS CloudFormation—Components and Technology

How AWS CloudFormation Works

AWS Quick Starts

Simplify Migration

Migration Tools from AWS and Partners
Data transfer
AWS Storage and
File Gateway
Amazon S3
Transfer
Acceleration
AWS Direct
Connect
Amazon Kinesis
Data Firehose
AWS Snowball
and
AWS Snowmobile
AWS Database
Migration Service
Server and database
migrations
AWS Server
Migration Service
Application
monitoring/profiling
Amazon
CloudWatch
AWS Config
Discovery and planning
AWS Application
Discovery Service

Example Migration Sequence
• Account structure
• Network/VPC
• Security
• Active Directory
Step 1. Landing zone
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
VPN /
DirectConnect
Security Prod
Root
Dev
Private Subnet, 10.0.0.64/18
10.0.0.0/16
Public Subnet, 10.0.0.0/18
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
VPN /
DirectConnect
AWS Shield AWS WAF
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
Security Group
Security Group
Security Group
Security Prod
Root
Dev
10.0.0.0/16
Private Subnet, 10.0.0.64/18
Public Subnet, 10.0.0.0/18
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
VPN /
DirectConnect
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
Security Prod
Root
Dev

Step 2. Database tier
• Build out your DBMS
infrastructure
• Choose a database
replication and
synchronization strategy
• One-step migration
(suitable for smaller
databases and good
connectivity)
• Full-diff migration (suitable
for larger databases and
good connectivity)
• Zero-downtime migration
(software tool-based
solution)
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
or
SQL Server
on EC2
SQL Server
on AWS RDS
VPN /
DirectConnect
Security Prod
Root
Dev
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config

Step 3. Server/app migration
• Perform extensive testing at
this stage
• Choose a server/app
migration strategy
• Manual migration (build
new servers—migrate app)
• Tool-based migration
(block-level migration and
synchronization)
• Always maintain rollback
capability On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
or
SQL Server
on EC2
SQL Server
on AWS RDS
VPN /
DirectConnect
App Server App Server
Web Server Web Server
Security Prod
Root
Dev
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config

Step 4. Production cutover
• Plan your final cutoff carefully
• Ensure any final replication
and/or synchronization
occurs
• Test your cutover mechanism
(DNS TTL, and so on)
• Maintain rollback after cutoff,
if possible
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
or
SQL Server
on EC2
SQL Server
on AWS RDS
VPN /
DirectConnect
App Server App Server
Web Server Web Server
Security Prod
Root
Dev
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config

AWS Server Migration Service Overview
• Support VMware virtual machine
migration (support for additional
hypervisors coming soon)
• Agentless VM migration
• Capture incremental change made
to on-premises VMs and
automatically transfer to AWS
• Migrate a group of VMs
simultaneously and orchestrate
multiple migrations
• AWS Management Console and
API/CLI access
Source: on-premises
server
AWS Server Migration
Service
Target: Amazon Machine
Image

AWS Migration Hub
Discover Migrate Track
Discover servers in
existing data centers
(optional)
Group servers as
applications
Track application
migration status
Migrate using tools
outside AWS Migration
Hub
• Better understand your application portfolio
• Streamline application portfolio migration planning and tracking
• Track migration progress from multiple tools in one place
• Reduce time spent determining current status and next steps

Tracking Status Made Easy

Simplify .NET Development

Running AWS Toolkit for Visual Studio

AWS Code Services
Source Build Test Production
Third-Party
Tooling
Software release steps:
AWS CodeCommit AWS CodeBuild AWS CodeDeploy
AWS CodePipeline

CI/CD Pipeline
Continuous integration/continuous deployment

AWS CodeStar

Brief introduction to the VSTS tools
• What are the AWS Tools for Microsoft Visual Studio Team Services (VSTS)?
• Where can I use them?
• Why would I use them?
Easy for existing VSTS and TFS users to add integration with and deployment to AWS
• Where do I get them?
https://aws.amazon.com/vsts
https://marketplace.visualstudio.com/items?itemName=AmazonWebServices.aws-vsts-tools
• Open source
https://github.com/aws/aws-vsts-tools

What’s included in the tools?
Tasks for deployment:
• AWS CodeDeploy
• AWS CloudFormation
• AWS Elastic Beanstalk
• .NET Core deployment to Lambda
AWS Elastic
Beanstalk
AWS
Lambda
AWS
CloudFormation
Amazon
S3
AWS
CodeDeploy
AWS
CLI
AWS Tools for
Windows PowerShell
Amazon
SNS
General purpose tasks:
• Amazon S3 uploads/downloads
• Invoking Lambda functions
• Send SNS messages
• Run cmdlets/scripts using the AWS PowerShell
Tools Module
• Run AWS CLI commands
+ AWS “Service Endpoint” credential type

New tasks!
Amazon ECR
Systems Manager
Parameter Store
• Push Docker image to EC2
Container Registry
• New general-purpose Lambda
deployment task
• Previous task targeted at .NET
Core-based functions and
serverless applications
• Supports deployment of functions
for all supported Lambda runtimes
• Read parameter values from store
into build variables
• Run command remotely against
Amazon EC2 and on-premises fleet
AWS
Lambda
Deployment
Systems Manager
Run Command

Current State of .NET and .NET Core
• .NET Core
• The .NET Core platform is maturing fast with the .NET Core 2.0 release
• AWS SDK for .NET supports .NET Core for all services with an SDK
• We believe it is the future for .NET development on the cloud/server
• Side-by-side runtime installations
• Cross-platform support
• ASP.NET Core and Entity Framework Core frequently receiving major feature updates
• .NET Framework
• Fully committed to supporting .NET Framework workloads
• ASP.NET MVC and Entity Framework last updated in 2015
• EC2 Windows
• Latest Windows OS and Latest SQL Server versions

AWS Tooling for .NET
• AWS SDK for .NET
• AWS Tools for Windows PowerShell
• AWS Tools for PowerShell Core
• AWS Toolkit for Visual Studio
• AWS Tools for Microsoft Visual Studio Team Services
• Extensions for the dotnet CLI

.NET Web Applications in AWS Elastic Beanstalk
• Enables you to quickly deploy and manage applications in the AWS Cloud without worrying about the
infrastructure
• Visual Studio 2013, 2015, and 2017 support application deployment to Elastic Beanstalk
• Support for deploying .NET Core 1.0, 1.1, and 2.0 web applications
• Support for deploying .NET Framework web applications

.NET Core 2.0 Lambda Support
• To update your existing .NET Core 1.0 Lambda functions
• Programming model stays the same
• Update Target Framework to netcoreapp2.0
• Optional update dependencies to .NET Standard 2.0 versions
• AWS SDK for .NET Targets .NET Standard 1.3, works in all versions of .NET Core
• Includes the Microsoft.AspNetCore.All package store
• ASP.NET Core and Entity Framework Core NuGet packages preinstalled
• ASP.NET Core bridge package Amazon.Lambda.AspNetCoreServer
• Retargeted to .NET Core 2.0
• Allows support for Razor Pages
• Plan on GA package with .NET Core 2.0 Lambda release

.NET Core and .NET Standard Versioning
• .NET Core 1.x versioning could be confusing
• Metapackage NETStandard.Library
• Represented the version of .NET Core runtime
• NETStandard.Library 1.6.0 -> .NET Core 1.0
• NETStandard.Library 1.6.1 -> .NET Core 1.1
• The new csproj format implicitly defaulted to NETStandard.Library 1.6.1
• Override the default in csproj for .NET Standard class libraries
<NetStandardImplicitPackageVersion>1.6.0</NetStandardImplicitPackageVersion>
• .NET Core 2.0 no longer requires a declared dependency on NETStandard.Library

Simplify .NET Architecture

Container-Based .NET Core Applications in ECS

New .NET Core Tooling Features
• Publish .NET Core application as an image on Amazon Elastic Container Registry
(Amazon ECR)
• Deploy .NET Core applications on an Amazon Elastic Container Service (Amazon ECS)
cluster
• Web applications
• Batch jobs
• Can be scheduled
• New container features only in Visual Studio 2017
• Requires Docker for Windows to be installed and running

Amazon ECS Cluster
• ECS cluster
• Container Instances -> EC2 instances
• Task definition
• Defines Docker images, memory, CPU, etc.
• Running tasks
• Transitory process
• Container Registry (Amazon ECR)
• Services
• Long-lived process
• Load balancer
• ECS registers tasks
• Traffic flows to tasks
Cluster
Container registry
(Amazon ECR, Docker hub)
Task definition
T1
T2
T4
T3
Service
Task definition
Service definition
T1
T2
T3
T4
T5
Load balancer
Container instances

What about Fargate?
• No managing of EC2 instances
• The compute capacity is auto provisioned
• Tasks reserve CPU and memory
• Billing based on CPU and memory allocated for cluster
• Cluster creation simplified
• Name
• Launch tasks with VPC configuration and EC2 security group
• Scheduled tasks with Fargate not currently supported

Fargate Cluster
Cluster
Container registry
(Amazon ECR, Docker hub)
Task definition
T1
T2
T4
T3
Service
Task definition
Service definition
T1
T2
T3
T4
T5
Load balancer
Container instances

• Stateless
• Highly scalable, self-healing,
available
• Containerized microservices
• AWS serverless platform
• AWS Lambda
• AWS Step Functions
• Amazon API Gateway
• Amazon DynamoDB
• Amazon Simple Notification
Service (Amazon SNS)
• Amazon Simple Queue
Service (Amazon SQS)
• Dynamic/managed allocation of
resources
• Amazon Route 53—DNS
Serverless Architecture

AWS CloudFormation Template
AWSTemplateFormatVersion: '2010-09-09'
Resources:
GetHtmlFunctionGetHtmlPermissionProd:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
ServerlessRestApiProdStage:
Type: AWS::ApiGateway::Stage
Properties:
DeploymentId:
Ref: ServerlessRestApiDeployment
RestApiId:
Ref: ServerlessRestApi
StageName: Prod
ListTable:
Type: AWS::DynamoDB::Table
Properties:
ProvisionedThroughput:
WriteCapacityUnits: 5
ReadCapacityUnits: 5
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- KeyType: HASH
AttributeName: id
GetHtmlFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.gethtml
Code:
S3Bucket: flourish-demo-bucket
S3Key: todo_list.zip
Role:
Fn::GetAtt:
- GetHtmlFunctionRole
- Arn
Runtime: nodejs4.3
GetHtmlFunctionRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
ServerlessRestApiDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId:
Ref: ServerlessRestApi
Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
StageName: Stage
GetHtmlFunctionGetHtmlPermissionTest:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
ServerlessRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
info:
version: '1.0'
title:
Ref: AWS::StackName
paths:
"/{proxy+}":
x-amazon-apigateway-any-method:
x-amazon-apigateway-integration:
httpMethod: ANY
type: aws_proxy
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
31/functions/${GetHtmlFunction.Arn}/invocations
responses: {}
swagger: '2.0'

AWS Serverless Application Model (SAM)
AWS CloudFormation extension optimized for
serverless
New serverless resource types: functions, APIs, and
tables
Supports anything AWS CloudFormation supports
Open specification (Apache 2.0)
https://github.com/awslabs/serverless-application-model

SAM Template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
Tells AWS CloudFormation that this
is a SAM template it needs to
“transform”
Creates a Lambda function with the
referenced managed IAM policy,
runtime, code at the referenced zip
location, and handler as defined.
Also creates an API Gateway and
takes care of all
mapping/permissions necessary
Creates a DynamoDB table with five
read and write units

Source
Source
CodeCommit
MyApplication
An Example Minimal Pipeline
Build
test-build-source
CodeBuild
Deploy Testing
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-stubs
AWS Lambda
Deploy Staging
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-API-test
Runscope
QA-Sign-off
Manual Approval
Review
Deploy Prod
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Post-Deploy-Slack
AWS Lambda
This pipeline:
• Five stages
• Builds code artifact
• Three deployed to “environments”
• Uses AWS CloudFormation to
deploy artifact and other AWS
resources
• Has Lambda custom actions for
running my own testing functions
• Integrates with a third-party
tool/service
• Has a manual approval before
deploying to production

Simplify Management

Systems Manager Capabilities
Run Command
Maintenance
Window
Inventory
State Manager Parameter Store
Patch Manager
Automation
Deploy, configure,
and administer
Track and
update
Shared
capabilities

Managing Your Environment with AWS Systems
Manager
Availability Zone
Web security group
Private subnet
Accept traffic from
SSM
WEB
2
WEB
1
AWS administrator
Corporate data center
EC2 Systems
Manager
Amazon S3
bucket
SNS topic CloudWatch
metric
IAM
policy

Monitor EC2 metrics
(CPU, disk usage, and so
on)
Monitor AWS resources
(EBS volumes, Elastic
Load Balancers, and so
on)a
Monitor logs and configure
alerts
Store logs and perform
analytics
Availability Zone
S SharePoint
Front-end
SQL Server Domain
Controller
CloudWatch /
CloudWatch Logs
Amazon Kinesis
Amazon
S3
Amazon
Redshift
AWS
Lambda
Availability Zone
S SharePoint
Front-end
SQL Server Domain
Controller
CloudWatch /
CloudWatch Logs
Email
Amazon
SMS
Workflow
CloudWatch
Alarms
Amazon CloudWatch and CloudWatch Logs

Monitoring
Amazon
CloudWatch
AWS
CloudTrail
AWS
Config
AWS Trusted
Advisor
Flow logsAmazon
VPC
AWS
Lambda
Amazon ES
Amazon
QuickSight
EC2
Amazon
Kinesis

Introducing two new programs that highlight
AWS trusted partners
Elite AWS Partner Network partners with demonstrated technical
proficiency and proven customer success in supporting Microsoft
Workloads on AWS
• Rigorous audits; multiple customer references
• Introducing a new competency category focused on Application
Modernization

Introducing two new programs that highlight
AWS trusted partners
Partners with a track record of delivering Amazon EC2 for Windows Server.
Introducing Amazon EC2 for Windows Server Service Delivery Program
with 21 global partner with a track record of delivering AWS Service:
North America - Centare, ClearScale, DevCare, i2m, Jelecos, Moser,
Netrix, Privo, SoftServe, Stelligent, Synoptek, Winxnet
Asia Pacific/Japan - Axcess, Cloud Comrade, Consegna Cloud, Fujisoft,
Japan Business Systems, TechData, Uberfusion
Europe – Microland, Zen Internet

Thank you!
Follow me: @ZlatanDzinic

Please complete the session survey in
the summit mobile app.

Submit Session Feedback
1. Tap the Schedule icon. 2. Select the session
you attended.
3. Tap Session
Evaluation to submit your
feedback.

ENT201 Simplifying Microsoft Architectures with AWS Services

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a ENT201 Simplifying Microsoft Architectures with AWS Services

Similar a ENT201 Simplifying Microsoft Architectures with AWS Services (20)

Más de Amazon Web Services

Más de Amazon Web Services (20)

ENT201 Simplifying Microsoft Architectures with AWS Services