WIN204-Simplifying Microsoft Architectures with AWS Services

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Simplifying Microsoft Architectures with AWS Services Z l a t a n D z i n i c — S o l u t i o n A r c h i t e c t A W S W I N 2 0 4 N o v e m b e r 2 7 , 2 0 1 7

2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenge • Can Amazon Web Services (AWS) simplify the infrastructure environment that I already know well? • Active Directory? • Corporate Applications • Office 365 • Exchange • SharePoint • Dynamics • System Center • SQL? • How do I deploy all of this? • Any good migration suggestions for simplifying my Microsoft workloads? • Can AWS help me simplify my legacy .NET architecture? • I want to innovate! • I want to use the latest architectural concepts and platforms! • I want an efficient, fully supported CD/CI! • Can AWS make management of my Windows workloads more simple?

4. Innovation: Windows on AWS

5. VPC Design Patterns: Single VPN—Multi-VPC Shared Services VPC Transit VPC

6. Private subnetPrivate subnet Availability Zone 2 Corporate Network San Francisco DC1 VPN / Direct Connect Availability Zone 1 DC3 Cost 10 Existing Active Directory domain extended to AWS; new Active Directory sites configured in each AZ; domain controllers on Amazon Elastic Compute Cloud (Amazon EC2) Windows servers; site-link costs correctly configured; and “try next closest site” configured DC4 AD Domain: abc.com AD Replication AD Site: AwsEastAZ1 AD Domain: abc.com AD Site: AwsEastAZ2 Cost 50 New York AD Domain: abc.com AD Site: SanFran DC2 AD Domain: abc.com AD Site: NewYork Active Directory Pattern: Extending Active Directory Domain to AWS

7. Private subnetPrivate subnet Availability Zone 2 Corporate Network Availability Zone 1 Federated Trust Corporate Network San Francisco DC1 Cost 50 New York AD Domain: abc.com AD Site: SanFran DC2 AD Domain: abc.com AD Site: NewYork Internet ADFS2 ADFS1 AD Domain: abc.aws.com Identities mastered on premises; Federated Trust (AD FS) configured between on-premises Active Directory and domain controllers running on Amazon EC2 Windows servers DC3DC1 or ADFS 1 AD Domain: abc.aws.com DC3DC2 or ADFS 2 Active Directory Pattern: Federated Trust

8. Private subnetPrivate subnet Availability Zone 2 Corporate Network San Francisco DC1 VPN / Direct Connect Availability Zone 1 DC3 Identities mastered on premises; Forest Trusts configured between on-premises Active Directory and AWS Directory Service for managed Active Directory DC4 AD Domain: abc.aws.com AD Authentication AD Domain: abc.aws.com Cost 50 New York AD Domain: abc.com AD Site: SanFran DC2 AD Domain: abc.com AD Site: NewYork AD Trust DC1 or DC3DC2 or Active Directory Pattern: Forest Trusts

9. Office 365 with AWS Microsoft Active Directory Credentials

10. Configuration • Add two containers to AWS Microsoft Active Directory for use by AD FS • Install AD FS • Integrate AD FS with Azure Active Directory • Synchronize users from AWS Microsoft Active Directory to Azure Active Directory with Azure AD Connect • Sign in to Office 365 by using your Microsoft Active Directory identities

11. Options for Deploying SQL Server on AWS Amazon RDS for SQL Server SQL Server on Amazon EC2 Customer-managedAWS-managed Power, HVAC, net OS Install/Maintenance OS Patching DBMS Install/Maintenance DBMS Patching Database Backups High Availability Scaling Power, HVAC, net OS Install/Maintenance OS Patching DBMS Install/Maintenance DBMS Patching Database Backups High Availability Scaling • Consider Amazon Relational Database Service (Amazon RDS) first • Focus on business value tasks • High-level tuning tasks • Schema optimization • No in-house database expertise • Need full control over DB instance • Backups • Replication • Clustering • Options that are not available in Amazon RDS

12. Multi-AZ AlwaysOn Availability Group

13. Multi-Region AlwaysOn Availability Group

14. Failover Cluster Instance SIOS DataKeeper Cluster Edition Windows Server 2016 Storage Replica

16. Template AWS CloudFormation Stack JSON/YAML formatted file Parameter definition Resource creation Configuration actions Configured AWS resources Comprehensive service support Service event aware Customizable Framework Stack creation Stack updates Error detection and rollback AWS CloudFormation—Components and Technology

17. How AWS CloudFormation Works

18. AWS Quick Starts

20. Migration Tools from AWS and Partners Data transfer AWS Storage and File Gateway Amazon S3 Transfer Acceleration AWS Direct Connect Amazon Kinesis Firehose AWS Snowball and Snowmobile AWS Database Migration Service (AWS DMS) Server and database migrations AWS Server Migration Service Application monitoring/profiling Amazon CloudWatch AWS Config Discovery and planning AWS Application Discovery Service

21. Example Migration Sequence • Account structure • Network/VPC • Security • Active Directory Step 1. Landing zone On-Premises Data Center Domain Controller Amazon Route 53 Domain Controller SQL Server SQL Server App Server App Server Web Server Web Server VPN / DirectConnect Security Prod Root Dev Private Subnet, 10.0.0.64/18 10.0.0.0/16 Public Subnet, 10.0.0.0/18 On-Premises Data Center Domain Controller Amazon Route 53 Domain Controller SQL Server SQL Server App Server App Server Web Server Web Server VPN / DirectConnect AWS Shield AWS WAF CloudTrail CloudWatch VPC Flow Logs Systems Mgr Inspector Config Security Group Security Group Security Group Security Prod Root Dev 10.0.0.0/16 Private Subnet, 10.0.0.64/18 Public Subnet, 10.0.0.0/18 On-Premises Data Center Domain Controller Amazon Route 53 Domain Controller SQL Server SQL Server App Server App Server Web Server Web Server or Active Directory on EC2 VPN / DirectConnect AWS Shield AWS WAF AWS Managed Active Directory CloudTrail CloudWatch VPC Flow Logs Systems Mgr Inspector Config Security Prod Root Dev

22. Example Migration Sequence Step 2. Database tier • Build out your DBMS infrastructure • Choose a database replication and synchronization strategy • One-step migration (suitable for smaller databases and good connectivity) • Full-diff migration (suitable for larger databases and good connectivity) • Zero-downtime migration (software tool based solution) On-Premises Data Center Domain Controller Amazon Route 53 Domain Controller SQL Server SQL Server App Server App Server Web Server Web Server or Active Directory on EC2 or SQL Server on EC2 SQL Server on AWS RDS VPN / DirectConnect Security Prod Root Dev AWS Shield AWS WAF AWS Managed Active Directory CloudTrail CloudWatch VPC Flow Logs Systems Mgr Inspector Config

23. Example Migration Sequence Step 3. Server/app migration • Perform extensive testing at this stage • Choose a server/app migration strategy • Manual migration (build new servers—migrate app) • Tool based migration (block- level migration and synchronization) • Always maintain rollback capability On-Premises Data Center Domain Controller Amazon Route 53 Domain Controller SQL Server SQL Server App Server App Server Web Server Web Server or Active Directory on EC2 or SQL Server on EC2 SQL Server on AWS RDS VPN / DirectConnect App Server App Server Web Server Web Server Security Prod Root Dev AWS Shield AWS WAF AWS Managed Active Directory CloudTrail CloudWatch VPC Flow Logs Systems Mgr Inspector Config

24. Example Migration Sequence Step 4. Production cutover • Plan your final cutoff carefully • Ensure any final replication and/or synchronization occurs • Test your cutover mechanism (DNS TTL, and so on) • Maintain rollback after cutoff, if possible On-Premises Data Center Domain Controller Amazon Route 53 Domain Controller SQL Server SQL Server App Server App Server Web Server Web Server or Active Directory on EC2 or SQL Server on EC2 SQL Server on AWS RDS VPN / DirectConnect App Server App Server Web Server Web Server Security Prod Root Dev AWS Shield AWS WAF AWS Managed Active Directory CloudTrail CloudWatch VPC Flow Logs Systems Mgr Inspector Config

25. AWS Server Migration Service Overview • Support VMware virtual machine migration (support for additional hypervisors coming soon) • Agentless VM migration • Capture incremental change made to on-premises VMs and automatically transfer to AWS • Migrate a group of VMs simultaneously and orchestrate multiple migrations • AWS Management Console and API/CLI access Source: on-premises server AWS Server Migration Service Target: Amazon Machine Image

26. AWS Migration Hub Discover Migrate Track Discover servers in existing data centers (optional) Group servers as applications Track application migration status Migrate using tools outside AWS Migration Hub • Better understand your application portfolio • Streamline application portfolio migration planning and tracking • Track migration progress from multiple tools in one place • Reduce time spent determining current status and next steps

27. Tracking Status Made Easy

28. Migration via AlwaysOn Availability Groups

30. Running AWS Toolkit for Visual Studio

31. AWS Code Services Source Build Test Production Third-Party Tooling Software release steps: AWS CodeCommit AWS CodeBuild AWS CodeDeploy AWS CodePipeline

32. CI/CD Pipeline Continuous integration/continuous deployment

33. AWS CodeStar

35. Continuous scaling No servers to manage Never pay for idle—no cold servers AWS Lambda With AWS Lambda, you are charged for every 100 ms your code executes and the number of times your code is triggered Java Python .NET Node.js

36. AWS Lambda: Run Code in Response to Events Function Changes in data state Requests to endpoints Changes in resource state C# NodeJS Python Java Event source 2 + 2 = 4

37. Amazon S3 Amazon DynamoDB Amazon Kinesis AWS CloudFormation AWS CloudTrail Amazon CloudWatch Amazon Cognito Amazon SNSAmazon SES Cron events Data stores Endpoints Development and management tools Event/message services Example of Services Used for Serverless Architecture … and a few more on the way! AWS CodeCommit Amazon API Gateway Amazon Alexa AWS IoT AWS Step Functions

38. • Stateless • Highly scalable, self-healing, available • Containerized microservices • AWS serverless platform • Lambda • AWS Step Functions • Amazon API Gateway • Amazon DynamoDB • Amazon Simple Notification Service (Amazon SNS) • Amazon Simple Queue Service (Amazon SQS) • Dynamic/managed allocation of resources • Amazon Route 53—DNS Serverless Architecture

39. AWS CloudFormation template AWSTemplateFormatVersion: '2010-09-09' Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03- 31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0'

40. AWS CloudFormation template AWSTemplateFormatVersion: '2010-09-09' Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03- 31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0'

41. AWS Serverless Application Model (SAM) AWS CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything AWS CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model

42. SAM Template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells AWS CloudFormation that this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with five read and write units

43. Source Source CodeCommit MyApplication An Example Minimal Pipeline: Build test-build-source CodeBuild Deploy Testing create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-stubs AWS Lambda Deploy Staging create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-API-test Runscope QA-Sign-off Manual Approval Review Deploy Prod create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Post-Deploy-Slack AWS Lambda This pipeline: • Five stages • Builds code artifact • Three deployed to “environments” • Uses AWS CloudFormation to deploy artifact and other AWS resources • Has Lambda custom actions for running my own testing functions • Integrates with a third-party tool/service • Has a manual approval before deploying to production

45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Systems Manager Capabilities Run Command Maintenance Window Inventory State Manager Parameter Store Patch Manager Automation Deploy, configure, and administer Track and update Shared capabilities

46. Amazon EC2 Systems Manager—Components Run Command State Manager Inventory Maintenance Window Patch Manager Automation Parameter Store Documents

47. Managing Your Environment with Systems Manager Availability Zone Web security group Private subnet Accept traffic from SSM WEB2 WEB1 AWS administrator Corporate data center EC2 Systems Manager Amazon S3 bucket SNS topic CloudWatch metric IAM policy

48. Monitor EC2 metrics (CPU, disk usage, and so on) Monitor AWS resources (EBS volumes, Elastic Load Balancers, and so on)a Monitor logs and configure alerts Store logs and perform analytics Availability Zone S SharePoint Front-end SQL Server Domain Controller CloudWatch / CloudWatch Logs Amazon Kinesis Amazon S3 Amazon Redshift AWS Lambda Availability Zone S SharePoint Front-end SQL Server Domain Controller CloudWatch / CloudWatch Logs Email Amazon SMS Workflow CloudWatch Alarms CloudWatch and Amazon CloudWatch Logs

49. Monitoring Amazon CloudWatch AWS CloudTrail AWS Config AWS Trusted Advisor Flow logsAmazon VPC AWS Lambda Amazon Elasticsearch Service Amazon QuickSight EC2 Amazon Kinesis

WIN204-Simplifying Microsoft Architectures with AWS Services

Estás leyendo una previsualización.

Eche un vistazo a continuación

WIN204-Simplifying Microsoft Architectures with AWS Services

Más Contenido Relacionado

Presentaciones para usted (20)

Similares a WIN204-Simplifying Microsoft Architectures with AWS Services (20)

Más de Amazon Web Services (20)