Running Microsoft Workloads on AWS

2. What will we cover today? • Microsoft and AWS • Why run MS workloads on AWS • How do you start? • MS Server Products • Considerations for migration • Licensing options This is a 200 Level session. Assumes an introductory level knowledge of AWS and Microsoft technologies.

3. Microsoft and AWS Secure Reliable High- Performance Cost- Effective Familiar Extensive Flexible Optimization for Windows-based workloads Wide range of scalable services Alignment with business needs

4. Supportability on AWS Microsoft workloads are supported on AWS. Amazon Web Services fully supports Microsoft Windows Server as both infrastructure and a platform. Our customers have successfully deployed in the AWS cloud virtually every Microsoft application available, including Microsoft Exchange, SharePoint, Lync, Dynamics, and Remote Desktop Services. If you have support related issues you should contact AWS Support.

5. Every imaginable use case Full/Partial Migration Web / Mobile / Media Productivity & Collaboration CRM and ERP Virtual Desktops BI, Big Data and Analytics https://aws.amazon.com/windows/case-studies/

6. Why run MS workloads on AWS?

7. Why run workloads on AWS Building and managing cloud since 2006 13 regions, 35 availability zones, 55 edge locations Tens of Thousands of partners; 2,700+ Marketplace products Security & Reliability Performance Experience Scale Ecosystem Extensive VM and network performance options Security in layers approach and 99.95% application SLA

8. Regions & Availability Zones AZ AZ AZ AZ AZ Transit Transit 13 Regions (+ Ohio, UK & Canada) 35 Availability Zones 55 Edge Locations

9. Why run Microsoft workloads on AWS? Compliance Not just of the platform… Enterprise Accelerators for NIST, NIST high-impact and PCI DSS compliance License management AWS Config can monitor license compliance of server-bound licenses on Amazon Dedicated Hosts Auditability Inspector analyses your resources for issues and at the AWS level you can log API calls, network flows, configuration changes, consolidate system logs and events DevOps enabled AWS CloudFormation builds infrastructure, Microsoft PowerShell builds applications, +CodeDeploy, +BeanStalk etc. Reduce risk Building blocks, e.g. Region & Availability Zones, the Elastic Load Balancer, Amazon S3 and others, make excellent durability and availability possible at a very low cost. Use AWS Config to Monitor License Compliance on Amazon EC2 Dedicated Hosts https://d0.awsstatic.com/whitepapers/aws_config_dh_whitepaper_v1_editcb_editsm_final.pdf

10. Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Customers Security: AWS Shared Responsibility Model Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud AWS CloudTrail AWS CloudHSM AWS IAM AWS KMS AWS Config Amazon Inspector

11. Reliability Reliability starts with building blocks. Examples: The AWS Region and Zone model, Amazon S3 & EC2, Auto-Scaling Groups, Elastic Load Balancer Used by AWS and customers to build low-cost, highly-available, scalable systems. Enable levels of reliability previously cost prohibitive or not achievable. Questions: • What has changed in terms of the TCO of availability? • What should a business now expect? • What is needed to achieve this? • What DR/BCP plan changes might this allow with what benefits?

12. Availability Zone A Availability Zone C Users Reliability example IIS Web IIS Web IIS App IIS App CloudFront Route 53 ELB EC2 Instance EC2 Instance RDS ELB NAT Gateway IGW

13. Users IIS Web IIS App IIS App CloudFront Route 53 ELB EC2 Instance EC2 Instance RDS ELB IGW Availability Zone A IIS Web Availability Zone C NAT Gateway Certificate Manager Machine Images S3 Auto Scaling Group Reliability example

14. How would you build an MS platform on AWS?

15. Quick Starts • Single-click deployments • Highly-available • Extensive documentation • Based on customer deployments & AWS best practices • Fully functional, not demos • Included: • SQL Server with WSFC • SharePoint, Lync, Exchange • PowerShell DSC, RD Gateway • Active Directory, ADFS • NIST and NIST high-impact • PCI-DSS http://aws.amazon.com/quickstart

16. Let’s step back…. Corporate Data Center AWS Cloud Internet

17. Extending your Corporate Data Network to AWS • IP SEC VPN Tunnel connects over the public Internet but has a variable performance • Supports Static and BGP Routing • Supports varying multi-Mbps speeds Corporate Data Center AWS Cloud VPN TUNNEL1 Telco Direct Connect Link2 1 • AWS Direct Connect (DX) service allows for dedicated telco links from your location • Telco provides SLAs and predictable performance • AWS provides multiple 1 Gbps & 10 Gbps links • BGP for dynamic routing + AWS API endpoints 2 Internet

18. Remote Desktop Gateway Reference Architecture Detailed instructions available in the “Deploy Remote Desktop Gateway on the AWS Cloud” White paper http://aws.amazon.com/windows/resources/whitepapers/rdgateway

19. Availability Zone Private SubnetPublic Subnet DC Domain Controller RDGW Availability Zone Private SubnetPublic Subnet DC Domain Controller RDGW Remote Users / Admins Isolated VPC with RD GW UseRoute53,HealthCheck& DNSFailover Amazon Route 53

20. Use the tools available MonitoringConfiguration AWS CloudWatch AWS CloudTrailAWS Config Amazon EC2 Run Command AWS Tools for PowerShell Develop and Deploy AWS OpsWorks AWS Toolkit for Visual Studio .NET SDK AWS CodeDeploy AWS CloudFormation AWS Elastic Beanstalk

21. AWS Simple Systems Manager (SSM) Also known as, “EC2 Run Command”… Manage: Reduce the direct access of staff to servers Familiar: Uses the already included EC2Config Windows Service Automate: Common admin tasks at scale. EC2Config polls every 5 minutes, or force it through an API call. Control: Integrates with AWS IAM – manage which users can do what. Auditable: Visibility and tracking of configuration changes with AWS CloudTrail Customizable: Create custom actions to automate common tasks *NEW*: Now can manage servers outside of AWS

22. Microsoft Active Directory on AWS

23. Microsoft Active Directory Create a new AD or extend? • Lots of customers create a new “fresh” AD in AWS on EC2 • Extend trusts to existing AD for Single Sign On (SSO) experience • Bring a replica of AD into AWS for resilience If you run your own AD servers • Treat each Availability Zone as an AD Site… • Read Only Domain Controllers still need network connectivity

24. A Microsoft Windows compatible directory service as a managed AWS service. Usage options are: 1. Use the AWS AD Connector to simplify connecting to your existing on- premises Microsoft Active Directory 2. AWS Simple AD allows you to set up and operate a new Samba-based directory in the AWS Cloud 3. AWS Directory Service for Microsoft Active Directory (Enterprise Edition) provides a feature-rich managed Microsoft Active Directory hosted on the AWS Cloud. AWS DS is easy to manage: use the standard Windows AD admin tools Use AWS Directory Service

25. Which option should you choose? • AD Connector : The best option if you want to use your existing on premises AD with AWS services without extending your domain to the cloud • Simple AD : In most cases, Simple AD is the least expensive option and your best choice if you have 5,000 or less users and don’t need the more advanced Microsoft Active Directory features. • Directory Service for Microsoft Active Directory (Enterprise Edition) : This is your best choice if you have more than 5,000 users and need a trust relationship set up between an AWS hosted directory and your on-premises directories. Use AWS Directory Service

26. Microsoft SQL Server on AWS

27. SQL Server on AWS Wide array of choices Fully managed services Enterprise-grade security 99.95% availability Flexible and scalable

28. File Server Witness SQL Server High Availability – Quick Start Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica Synchronous-commit Synchronous-commit Primary: 10.0.2.100 WSFC: 10.0.2.101 AG Listener: 10.0.2.102 Primary: 10.0.3.100 WSFC: 10.0.3.101 AG Listener: 10.0.3.102 AG Listener: ag.awslabs.net Automatic Failover

29. File Server Witness SQL Server HA with Readable Replica Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica 1 Synchronous-commit Synchronous-commit AG Listener: ag.awslabs.net Automatic Failover Asynchronous-commit Secondary Replica 2 (Readable) Reporting Application

30. ■ Automated failover across Availability Zones ■ and host replacement ■ Automated patching ■ Automated backups ■ Point-in-time recovery ■ Managed encryption ■ Import and Export with SQL Backup *NEW* ■ Integrated Windows Authentication Amazon RDS for SQL Server Amazon RDS

31. Amazon RDS for SQL Server • Consider RDS first • Focus on: • Business value tasks • High-level tuning tasks • Schema optimization • No in-house database expertise Choosing the right solution • Need full control over: • DB instance • Backups • Replication • Clustering • Use options not in Amazon RDS SQL Server on Amazon EC2

32. Putting it all together…

33. Availability Zone Private SubnetPublic Subnet Availability Zone Private SubnetPublic Subnet Remote Users Virtual Private Gateway Corporate Office IIS App IIS Web IIS App IIS Web VPN AWS Direct Connect Internet Gateway RDGW VPC NAT Gateway RDGW VPC NAT Gateway AWS Directory Service AWS Directory Service MS SQL MS SQL Always On Availability Group VPC Endpoint Amazon S3

34. Server Products

35. Corporate Apps in AWS Deploy highly available applications BYOL or pay per use Security in layers approach helps with compliance Leverage multi-AZ architectures for reliability & availability

36. MS Server – Enterprise Accelerator • Exchange, SharePoint, Lync, SQL Server, and Active Directory on AWS • Deployed from single master template • 14 Servers, 2 AZs, 10K Users • Exchange users have 5 GB mailboxes • 1 TB SSD Storage for User Profiles • Lync users have VOIP, video, web conferencing and desktop sharing • SharePoint Blog and Team Sites are “Everyone”-enabled • ~$14/hour (Oregon Region Pricing) to operate

37. Amazon’s Migration to AWS In 2013, Amazon IT decided to migrate its Microsoft stack to AWS Over 200K Amazon users access Exchange, SharePoint, and Lync Exchange data points: • There are 26 Exchange servers (4 per AZ) • 7,600 users per server • DAG Architecture for HA • Supports users in Americas, EMEA, and Asia

38. Migration Considerations

39. Windows Server 2003: Options on AWS Import and stay with Windows Server 2003 – until… • You upgrade, when you are ready • You re-write the application • You replace, possibly with an AWS managed service OR Keep a replica of a legacy environment

40. Migration Options • AWS VM Import/Export • AWS Import/Export Snowball • AWS Database Migration Service • AWS Management Portal for vCenter • AWS Systems Manager for Microsoft System Center VMM • AWS Data Pipeline Partner Tools

41. AWS Cloud Adoption Framework Planning, creation, management, and support for your cloud environment. Guidance for establishing, developing and running AWS environments. Structure where business and IT can work together toward a common strategy and vision. People Perspective Process Perspective Security Perspective Maturity Perspective Platform Perspective Operations Perspective Business Perspective AWS Cloud Adoption Framework: https://d0.awsstatic.com/whitepapers/aws_cloud_adoption_framework.pdf

42. AWS Migration Patterns (Path to Cloud) Discover, Assess (Enterprise Architecture and Applications) Lift and Shift (Minimal Change) Migration and UAT Testing Operate Refactor for AWS Application Lift and Shift Move the App Infrastructure Plan Migration and Sequencing Determine Migration Path Decommission Do Not Move Design, Build AWS Environment Move the Application Determine Migration Process Manually Move App and Data 3rd Party Tools AWS VM Import Refactor for AWS Rebuild Application Architecture Vendor S/PaaS (if available) 3rd Party Migration Tool Manually Move App and Data Determine Migration Process Replatform (typically legacy applications) Recode App Components Rearchitect Application Recode Application Architect AWS Environment and Deploy App, Migrate Data Signoff Tuning Cutover Org/Ops Impact Analysis Identify Ops Changes Change Management Plan

43. MS Licensing on AWS

44. EC2 Dedicated Host • A physical EC2 server dedicated to your use • Specified in terms of physical processors and cores • Allocate and Release On-Demand • Reserve capacity for a term What is it?

45. EC2 Dedicated Hosts Benefits: Licensing and Compliance Host ID = h-123abc Sockets = 2 Physical Cores = 20 • Use per-socket or per-core licenses • AWS Config: data source for license reporting • Tagging your instances helps • Enable compliance through controlling instance placement on hosts over time • Enables BYOL Microsoft licenses without Software Assurance

46. Licensing Microsoft Products on AWS BYOL: Support for Microsoft Servers • Exchange, Skype for Business, SharePoint, • Systems Center etc. • See AWS Microsoft Licensing page for details http://aws.amazon.com/windows/resources/licensing License-included Amazon Machine Images: • Windows Server 2012 R2 • Windows Server 2012 • Windows Server 2008 R2 • Windows Server 2008 • Windows Server 2003 R2 • SQL Server 2016 • SQL Server 2014 • SQL Server 2012 http://aws.amazon.com/windows/resources/amis/

47. Microsoft Products on Amazon EC2 AWS provided License costs included in EC2 costs Leverage MS License Mobility Program Leverage EC2 Dedicated Host - Software Assurance & License Mobility not required AWS Provides: Microsoft Windows Server (various) BYOL: Microsoft SQL Server Microsoft Remote Desktop Services (CALs) Microsoft Exchange Server Microsoft SharePoint Server Microsoft System Center Microsoft Dynamics products Plus others ** Microsoft Windows Server 2003R2, 2008, 2008R2 2012, 2012 R2 Microsoft SQL Server - 2012, 2014, 2016 - Standard, Web - Enterprise* * Some AWS Regions and SQL Server versions only ** See the licensing section of aws.amazon.com/windows/faq for full details Microsoft Windows Server Microsoft Windows Desktop (7, 10 etc.) Microsoft Office Pro Plus MSDN Microsoft SQL Server Microsoft Remote Desktop Services CALs Microsoft Exchange Server Microsoft SharePoint Server Microsoft System Center Microsoft Dynamics products Plus others ** AWS + BYOL Full BYOL

48. Licensing Continuum AWS Provided AWS + BYOL Full BYOL • Import and use your own MS software • Software Assurance & License Mobility not needed • Use Dedicated Hosts • You manage all licensing costs and compliance • Save through re-use of existing licenses • EC2 manages Windows Server licensing and compliance • PAYG or reserved pricing • Import and use your own MS licenses & CALs • Requires active Software Assurance and License Mobility • You manage licensing costs and compliance for your software • Save through re-use of existing licenses • EC2 manages licensing compliance & cost • No CALs required • PAYG or reserved pricing • Save with right-sizing • Save with variable workloads • Save with efficiencies • Save on transient Customers always retain responsibility for managing compliance with the terms of their licenses.

49. We are here to help

50. Resources Solution Architects Professional Services Premium Support AWS Partner Network (APN)

51. AWS Training & Certification Intro Videos & Labs Free videos and labs to help you learn to work with 30+ AWS services – in minutes! Training Classes In-person and online courses to build technical skills – taught by accredited AWS instructors Online Labs Practice working with AWS services in live environment – Learn how related services work together AWS Certification Validate technical skills and expertise - identify qualified IT talent or show you are AWS cloud ready Learn more: aws.amazon.com/training

52. Next Steps Contact your AWS Account Team. Schedule a follow-up assessment for your organization. Determine the most important outcomes for your business. Visit the AWS Marketplace to see whether software you’re using today is available for immediate deployment in the AWS cloud. Contact us: microsoft@amazon.com Learn more at http://aws.amazon.com/windows Take a free Test Drive http://aws.amazon.com/testdrive Use Free Tier for a Year http://aws.amazon.com/free Sign up for free at http://aws.amazon.com/getting-started

Running Microsoft Workloads on AWS

Estás leyendo una previsualización.

Eche un vistazo a continuación

Running Microsoft Workloads on AWS

Más Contenido Relacionado

Presentaciones para usted (20)

A los espectadores también les gustó (20)

Similares a Running Microsoft Workloads on AWS (20)

Más de Amazon Web Services (20)

Más reciente (20)