Best Practices: Microsoft on AWS - Miles Ward - AWS Summit 2012 Australia

AWS Summit 2012 | Melbourne Welcome Best Practices: Microsoft on AWS

AWS Summit 2012 | Melbourne Welcome Miles Ward – Solutions Architect @milesward

Today’s Agenda Microsoft on AWS 201 What’s Big, What’s Easy, What’s New Networking and Security Licensing SQL Server on AWS EBS, RDS, Web, oh my! SharePoint on AWS WFE’s, How the US Treasury does it Advanced Tips Cloudformation VM Import

What we assume you already know: EC2 Instance +Windows Server OS =AWS provides pre-configured Windows AMI’s to start running fully supported Windows Server virtual machines in the cloud in minutes

Isn’t cloud Windows.. different?• Full, real, licensed Windows Server OS • 2003, 2008, 2008r2, all via our Microsoft SPLA licensing means no CAL’s required • SQL Server Web and Standard via SPLA as well• VPC for static, secure, user-defined networks• Security groups for easy-to-configure firewalls per VM• Easily install services and software that you know AD, ADFS, SCOM, WSUS, SQL, Exchange, SharePoint, Media Services, etc.• All the benefits of a cloud infrastructure without the… weird

What’s Big, What’s Easy, What’s New• Web Applications Applications • WebMatrix • SAP, Sage, ESRI, etc • .net and IIS • Media Applications• Microsoft Applications • Transcoding, Encoding • SharePoint • Windows HPC Cluster • SQL Server • Genomics • Exchange • CFD, CAD • System Center • Financials • Windows Media Services • Software Dev and Test • ADFS

What’s NewWindows Free Tier

What’s NewSQL Server Standard on more host types, and now SQL Web Edition at a lower hourly price point

What’s New Relational Database Service for SQL Server Point and Click deployment in minutes with pre-configured Server, OS, and DB parameters Vertically scale with a few clicks or a single API call Automated backups and DR Managed database snapshots for backup or cloning Automatic Windows and SQL Server software patching #1: Fully Managed DiskPlus Free Tier!

What’s New Elastic Beanstalk with support for .net and Visual Studio IIS 7.5 with full .net support Package deployable code as a “Microsoft Web Deploy” and you’re done Or Use the AWS Toolkit for Visual Studio to publish builds from within your IDE Windows Server 2008r2 with auto-scaling and Elastic Load Balancer to distribute traffic Application level metrics like request count, average latency Zero lock-in or lock-out, open up the hood, RDP in, change it how you likePlus Free Tier!

More What’s New?!CloudFront support for IIS-MS 4.1 SmoothStreamingWindows HPC Cluster support http://docs.amazonwebservices.com/AWSEC2/latest/Windo wsGuide/ConfigWindowsHPC.htmlm1.medium instances, cc2.8xlarge instance

Even more new! Storage Gateway Your Datacenter Amazon Elastic Compute Cloud (EC2) AWS Storage Gateway Clients VM SSL Internet On-premises Host or Direct AWS Storage Amazon Simple Connect Gateway Service Storage Service (S3)Application Servers Amazon Elastic Block Storage (EBS) Direct Attached or Storage Area Network Disks

Security

Security: Shared Responsibility Model AWS Customer• Facilities • Operating System• Physical Security • Application• Physical Infrastructure • Security Groups• Network Infrastructure • OS Firewalls• Virtualization • Network Configuration Infrastructure • Account Management

So, what do you do about it?SAS 70 Type II Audit Encrypt data in transitISO 27001/2 Certification Encrypt data at restPCI DSS 2.0 Level 1-5 Protect your AWS CredentialsHIPAA/SOX Compliance Infrastructure Application Rotate your keysFISMA Moderate Security Security Secure your OS and applicationsFEDRamp / GSA ATOHow we measure that our How can you secure yourinfrastructure is secure application and what is your responsibility? Services Security What security options Enforce IAM policies and features are Use MFA, VPC, Leverage S3 bucket policies, available to you? EC2 Security groups, EFS in EC2 Etc..

Networking and Security• No: • Multicast, Broadcast, Anycast, IP spoofing, Clustering• VPC • Statics, Routing, Network ACL + Security Group, Ingress/Egress• VPN• Direct Connect

Networking and Security• AWS Credentials • IAM (hint: Try the policy wizard!) • For your Staff • For your Applications • MFA • Secure Delete!• Instance Credentials • Keypairs • Passwords

Amazon Virtual Private Cloud (VPC)• Logically Isolated Environment• Private IP address ranges• Ingress and Egress Network Access Control• Elastic IP addresses and Internet Gateway• Hardware encrypted VPN connections or Direct Connect 10G’s DirectConnect Amazon Virtual Corporate Location Private Cloud Data Center• Wizard-based setup

VPC is part of the Autodesk internal networkSource: Autodesk

The New Enterprise IT Availability Zone 1Network Architecture 10G DirectConnect NAT Private Corporate Location Instance SubnetData Center VPN Gateway Customer Gateway Internet Gateway Public Subnet Amazon VPC Availability Zone 2 CorporateHeadquarters S3 SQS/SNS/SES SWF Elastic SimpleDB DynamoD Beanstalk B AWS RegionBranch Offices

New EC2 VPC feature:Elastic Network Interface• Up to 2 Addresses• Span Subnets• Attach/Detach• Public or Private

SQL Server

“With AWS and 2nd Watch, we have found a much more cost effective way to keep the lights on for a critical part of our infrastructure while reducing the risk of IT resources getting distracted from our core business strategies.” David Barbieri, SVP and CIO Business BenefitsInfra Cost Comparison • Big savings over existing infrastructure ~58% savings! AWS Cloud • Faster network speeds Infrastructure • Improved load timesOld Infrastructure • Already planning future migrations SW Apps: • SharePoint 2010 • SQL Server 2008 • Umbraco CMS

SQL Server QnDInstance Type Matters! m1.xlarge /= m2.xlarge IO Throughput is, well, important Cluster Compute for non-HPC: DB on CCEBS /= SAN Raid0 isn’t quite what you think on EC2 Snapshots!ENI for HA

Example:a fork-lifted app, with a fork-lifted DB

Example:Fault-Tolerant

Replication

Replication Architectures

Storage Architecture Microsoft SQL Server 2008 r2 Web, Standard or Enterprise Data Data Data Data EphemeralFileGroup1 FileGroup2 FileGroup3 FileGroup4 TempDB Raid0 Data Data Data DataFileGroup5 FileGroup6 FileGroup7 FileGroup8 MS SQL Instance m2.4xlarge EC2M2.4xlarge Log Log Backup BackupFileGroups FileGroups 1,2,3,4 5,6,7,8 FileGroups FileGroups 1,2,3,4 5,6,7,8 Instance

SQL on EC2 vs. SQL on RDSDo you have 3rd party applications on the DB host?Windows Authorization…Complex Replication TopologiesManual update/patch control

SharePoint

Case Study – SharePoint on AWS• SharePoint migration and consolidation projects with Recovery.gov, Treasury.gov, Army Corp of Engineers and others• Team leveraged existing Windows skills and tool sets• Microsoft License Mobility program to license server applications on AWSSW Apps: Infrastructure Cost Comparison 60%-70% savings!• SharePoint 2010• SQL Server 2008 AWS Cloud…• Forefront Old Infrastructure

A little fault-tolerance exercise Elastic Load Balancer How much load can you safely put on each instance?SharePoint EC2 SharePoint EC2 Instance #1 Instance #2

A little fault-tolerance exercise Elastic Load BalancerSharePoint EC2 SharePoint EC2 Instance #1 Instance #2

A little fault-tolerance exerciseElastic Load Balancer How about now? SharePoint EC2 SharePoint EC2 Instance 1-5 Instance 6-10

A little fault-tolerance exerciseElastic Load Balancer SharePoint EC2 SharePoint EC2 Instance 1-5 Instance 6-10

Licensing

Case Study – BizSpark• Mobile Application Developer• “Scales to the moon” based on mobile campaign demand• Up and running with complete infrastructure migration – in days• Cost savings: “servers costs are 1/3 the cost… for 4 x times server power.”SW Apps:• IIS• SQL Server 2008 Video Presentation: http://tinyurl.com/78uhp83

Licensing• OEM aka Hourly Licensing via SPLA • Windows OS, SQL Server Web and Standard Edition• License Mobility aka BYOL • Sharepoint, SQL Server, Lync, System Center, Exchange, Dynamics CRM• RDS aka Terminal Services • SAL via 3rd Party SPLA• BizSpark• Or the golden rule… Talk to your Microsoft Rep!

License Mobility RequirementsMust be on active Software Assurance Enterprise Agreement Enterprise Subscription Agreement Open Value Agreement Open License (with SA option) Select Plus (with SA option)For Licensed apps, need appropriate CALsNo migration for 90 days

BizSpark• Developing Software?• Privately Held?• Less than 3 years old?• Making less than $1mm USD annually?• Join BizSpark!

Extra Tricks

Cloudformationhttp://aws.amazon.com/cloudformation/aws-cloudformation-templates/

VM Import: Cloud Recovery (this looks a lot like a migration, doesn’t it?) Windows Server 2008 Boot Data Volume Drive C: D:VMware ESX VMDK Snapshots Amazon EBS Availability Zone #1Citrix Xen VHD VM ImportMicrosoft Hyper-V VHD service

Getting Started• Simply sign up for AWS at http://aws.amazon.com/• Start a Windows Server, RDP in, kick the tires.• Take advantage of the Free Tier to experiment with more advanced services

Best Practices: Microsoft on AWS - Miles Ward - AWS Summit 2012 Australia

by Amazon Web Services

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 20

Statistics

Best Practices: Microsoft on AWS - Miles Ward - AWS Summit 2012 Australia Presentation Transcript