Best Practices:Microsoft on AWS   Santanu Dutt (@san_dutt)      Solutions Architect    santanu@amazon.com
What we assume you already know:   EC2 Instance        +                  =Windows Server OS AWS provides pre-configured W...
Isn’t cloud Windows.. different?•   Full, real, licensed Windows Server OS    •   2003, 2008, 2008r2, all via our Microsof...
What’s Big & Easy, What’s New• Web Applications              • Media Applications   • WebMatrix                    • Trans...
What’s NewWindows Free Tier
What’s NewSQL Server Standard on more host types, and now SQL      Web Edition at a lower hourly price point
What’s New            Relational Database Service for SQL Server    Point and Click deployment in minutes with pre-configu...
What’s New      Elastic Beanstalk with support for .net and Visual Studio      IIS 7.5 with full .net support      Package...
More What’s New?!CloudFront support for IIS-MS 4.1 SmoothStreamingWindows HPC Cluster support  http://docs.amazonwebservic...
Security
Security: Shared Responsibility Model          AWS                         Customer•   Facilities                •   Opera...
So, what do                             you do about it?SAS 70 Type II Audit                                              ...
Networking and Security• No:  • Multicast, Broadcast, Anycast, IP spoofing, Clustering• VPC  • Statics, Routing, Network A...
Networking and Security• AWS Credentials  • IAM (hint: Try the policy wizard!)      • For your Staff      • For your Appli...
Amazon Virtual Private Cloud (VPC)•   Logically Isolated Environment•   Private IP address ranges•   Ingress and Egress Ne...
The New Enterprise ITNetwork Architecture                                                                          Availab...
New EC2 VPC feature:Elastic Network Interface•   Multiple Addresses•   Span Subnets•   Attach/Detach•   Public or Private
SQL Server
“With AWS and 2nd Watch, we have found a much more cost                                       effective way to keep the li...
SQL Server QnDInstance Type Matters!  m1.xlarge /= m2.xlarge  IO Throughput is, well, important  Cluster Compute for non-H...
Example:a fork-lifted app,with a fork-lifted               DB
Example:Fault-Tolerant
SQL on EC2 vs. SQL on RDSDo you have 3rd party applications on the DB host?Windows Authorization…Complex Replication Topol...
SharePoint
Case Study – SharePoint on AWS•   SharePoint migration and consolidation    projects with Recovery.gov, Treasury.gov,    A...
A little fault-tolerance exercise  Elastic Load     Balancer                                  How much load can           ...
A little fault-tolerance exercise  Elastic Load     BalancerSharePoint EC2   SharePoint EC2  Instance #1      Instance #2
A little fault-tolerance exerciseElastic Load   Balancer                                        How about now?    SharePoi...
A little fault-tolerance exerciseElastic Load   Balancer    SharePoint EC2     SharePoint EC2     Instance 1-5       Insta...
Licensing
Licensing• OEM aka Hourly Licensing via SPLA   • Windows OS, SQL Server Web and Standard Edition• License Mobility aka BYO...
License Mobility RequirementsMust be on active Software Assurance  Enterprise Agreement  Enterprise Subscription Agreement...
BizSpark•   Developing Software?•   Privately Held?•   Less than 3 years old?•   Making less than $1mm USD annually?• Join...
Extra Tricks
Cloudformationhttp://aws.amazon.com/cloudformation/aws-cloudformation-templates/
VM Import: Cloud Recovery  (this looks a lot like a migration, doesn’t it?)                          Windows              ...
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
Upcoming SlideShare
Loading in...5
×

Microsoft Best Practices - AWS India Summit 2012

806

Published on

Microsoft Best Practices from the AWS Summit in India Startup Track.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
806
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Security and Operational Excellence is the Top most priority. Its Priority 0. No exceptions allowed. We understand that Security and governance are often the top issues identified when we talk to our customers. Instead of tossing this over the fence, we really advice and highly recommend our customers to invest in security review early in the process. Get your security folks talk to our security folks and understand security and compliance. Security is really not on or off. It’s a spectrum of options that you can choose from that is right for your application.
  • Working with AWS solutions provider 2nd Watch to create hyper-local web and mobile platforms for travelersMigrating from co-location facility with limited flexibility, inadequate performance, and high operating expensesUtilizing Amazon EC2 with Elastic Load Balancing, Amazon S3, Amazon VPC, and Amazon CloudFront.
  • Three-Tier Web App has been “fork-lifted” to the cloudEverything in a single Availability ZoneLoad balanced at the Web tier and App tier using software load balancersMaster and Standby databaseElastic IP on front end load balancer onlyS3 used as DB backup instead of tapeHow can you use AWS features to make this app more highly available?
  • Three-Tier Web App has been “fork-lifted” to the cloudEverything in a single Availability ZoneLoad balanced at the Web tier and App tier using software load balancersMaster and Standby databaseElastic IP on front end load balancer onlyS3 used as DB backup instead of tapeHow can you use AWS features to make this app more highly available?
  • Microsoft Best Practices - AWS India Summit 2012

    1. 1. Best Practices:Microsoft on AWS Santanu Dutt (@san_dutt) Solutions Architect santanu@amazon.com
    2. 2. What we assume you already know: EC2 Instance + =Windows Server OS AWS provides pre-configured Windows AMI’s to start running fully supported Windows Server virtual machines in the cloud in minutes
    3. 3. Isn’t cloud Windows.. different?• Full, real, licensed Windows Server OS • 2003, 2008, 2008r2, all via our Microsoft SPLA licensing means no CAL’s required • SQL Server Web and Standard via SPLA as well• VPC for static, secure, user-defined networks• Security groups for easy-to-configure firewalls per VM• Easily install services and software that you know AD, ADFS, SCOM, WSUS, SQL, Exchange, SharePoint, Media Services, etc.• All the benefits of a cloud infrastructure without the… weird
    4. 4. What’s Big & Easy, What’s New• Web Applications • Media Applications • WebMatrix • Transcoding, Encoding • .net and IIS • Windows HPC Cluster• Microsoft Applications • Genomics • SharePoint • CFD, CAD • SQL Server • Financials • Exchange • Software Dev and Test • System Center • Windows Media Services • ADFS• 3rd Party Enterprise Applications • SAP, Sage, ESRI, etc
    5. 5. What’s NewWindows Free Tier
    6. 6. What’s NewSQL Server Standard on more host types, and now SQL Web Edition at a lower hourly price point
    7. 7. What’s New Relational Database Service for SQL Server Point and Click deployment in minutes with pre-configured Server, OS, and DB parameters Vertically scale with a few clicks or a single API call Automated backups and DR Managed database snapshots for backup or cloning Automatic Windows and SQL Server software patching #1: Fully Managed DiskPlus Free Tier!
    8. 8. What’s New Elastic Beanstalk with support for .net and Visual Studio IIS 7.5 with full .net support Package deployable code as a “Microsoft Web Deploy” and you’re done Or Use the AWS Toolkit for Visual Studio to publish builds from within your IDE Windows Server 2008r2 with auto-scaling and Elastic Load Balancer to distribute traffic Application level metrics like request count, average latency Zero lock-in or lock-out, open up the hood, RDP in, change it how you likePlus Free Tier!
    9. 9. More What’s New?!CloudFront support for IIS-MS 4.1 SmoothStreamingWindows HPC Cluster support http://docs.amazonwebservices.com/AWSEC2/latest/Windo wsGuide/ConfigWindowsHPC.htmlm1.medium instances, cc2.8xlarge instance
    10. 10. Security
    11. 11. Security: Shared Responsibility Model AWS Customer• Facilities • Operating System• Physical Security • Application• Physical Infrastructure • Security Groups• Network Infrastructure • OS Firewalls• Virtualization • Network Configuration Infrastructure • Account Management
    12. 12. So, what do you do about it?SAS 70 Type II Audit Encrypt data in transitISO 27001/2 Certification Encrypt data at restPCI DSS 2.0 Level 1-5 Protect your AWS CredentialsHIPAA/SOX Compliance Rotate your keysFISMA Moderate Infrastructure Application Secure your OS and applicationsFEDRamp / GSA ATO Security SecurityHow we measure that our How can you secure yourinfrastructure is secure application and what is your responsibility? Services Security What security options and features are Enforce IAM policies available to you? Use MFA, VPC, Leverage S3 bucket policies, EC2 Security groups, EFS in EC2 Etc..
    13. 13. Networking and Security• No: • Multicast, Broadcast, Anycast, IP spoofing, Clustering• VPC • Statics, Routing, Network ACL + Security Group, Ingress/Egress• VPN• Direct Connect
    14. 14. Networking and Security• AWS Credentials • IAM (hint: Try the policy wizard!) • For your Staff • For your Applications • MFA • Secure Delete!• Instance Credentials • Keypairs • Passwords
    15. 15. Amazon Virtual Private Cloud (VPC)• Logically Isolated Environment• Private IP address ranges• Ingress and Egress Network Access Control• Elastic IP addresses and Internet Gateway• Hardware encrypted VPN connections or Direct Connect 10G’s DirectConnect Amazon Virtual Corporate Location Private Cloud Data Center• Wizard-based setup
    16. 16. The New Enterprise ITNetwork Architecture Availability Zone 1 10G DirectConnect NAT Private Corporate Location Instance SubnetData Center VPN Gateway Customer Gateway Internet Gateway Public Subnet Amazon VPC Availability Zone 2 CorporateHeadquarters S3 SQS/SNS/SES SWF Elastic SimpleDB DynamoD Beanstalk B AWS RegionBranch Offices
    17. 17. New EC2 VPC feature:Elastic Network Interface• Multiple Addresses• Span Subnets• Attach/Detach• Public or Private
    18. 18. SQL Server
    19. 19. “With AWS and 2nd Watch, we have found a much more cost effective way to keep the lights on for a critical part of our infrastructure while reducing the risk of IT resources getting distracted from our core business strategies.” David Barbieri, SVP and CIO Business BenefitsInfra Cost Comparison • Big savings over existing infrastructure ~58% savings! • Faster network speeds AWS Cloud Infrastructure • Improved load times • Already planning future migrationsOld Infrastructure SW Apps: • SharePoint 2010 • SQL Server 2008 • Umbraco CMS
    20. 20. SQL Server QnDInstance Type Matters! m1.xlarge /= m2.xlarge IO Throughput is, well, important Cluster Compute for non-HPC: DB on CCEBS /= SAN Raid0 isn’t quite what you think on EC2 Snapshots!ENI for HA
    21. 21. Example:a fork-lifted app,with a fork-lifted DB
    22. 22. Example:Fault-Tolerant
    23. 23. SQL on EC2 vs. SQL on RDSDo you have 3rd party applications on the DB host?Windows Authorization…Complex Replication TopologiesManual update/patch control
    24. 24. SharePoint
    25. 25. Case Study – SharePoint on AWS• SharePoint migration and consolidation projects with Recovery.gov, Treasury.gov, Army Corp of Engineers and others• Team leveraged existing Windows skills and tool sets• Microsoft License Mobility program to license server applications on AWSSW Apps:• SharePoint 2010• SQL Server 2008• Forefront Infrastructure Cost Comparison 60%-70% savings! AWS Cloud Infrastructure Old Infrastructure
    26. 26. A little fault-tolerance exercise Elastic Load Balancer How much load can you safely put on each instance?SharePoint EC2 SharePoint EC2 Instance #1 Instance #2
    27. 27. A little fault-tolerance exercise Elastic Load BalancerSharePoint EC2 SharePoint EC2 Instance #1 Instance #2
    28. 28. A little fault-tolerance exerciseElastic Load Balancer How about now? SharePoint EC2 SharePoint EC2 Instance 1-5 Instance 6-10
    29. 29. A little fault-tolerance exerciseElastic Load Balancer SharePoint EC2 SharePoint EC2 Instance 1-5 Instance 6-10
    30. 30. Licensing
    31. 31. Licensing• OEM aka Hourly Licensing via SPLA • Windows OS, SQL Server Web and Standard Edition• License Mobility aka BYOL • Sharepoint, SQL Server, Lync, System Center, Exchange, Dynamics CRM• RDS aka Terminal Services • SAL via 3rd Party SPLA• BizSpark• Or the golden rule… Talk to your Microsoft Rep!
    32. 32. License Mobility RequirementsMust be on active Software Assurance Enterprise Agreement Enterprise Subscription Agreement Open Value Agreement Open License (with SA option) Select Plus (with SA option)For Licensed apps, need appropriate CALsNo migration for 90 days
    33. 33. BizSpark• Developing Software?• Privately Held?• Less than 3 years old?• Making less than $1mm USD annually?• Join BizSpark!
    34. 34. Extra Tricks
    35. 35. Cloudformationhttp://aws.amazon.com/cloudformation/aws-cloudformation-templates/
    36. 36. VM Import: Cloud Recovery (this looks a lot like a migration, doesn’t it?) Windows Server 2008 Boot Data Volume Drive C: D: Snapshots Amazon EBSVMware ESX VMDK Availability Zone #1Citrix Xen VHDMicrosoft Hyper-V VHD VM Import service

    ×