amazon                   web services    Lunch and Learn SeriesDeploy, Scale and Manage yourMicrosoft Investments with AWS
Please silence your phonesYour presenter:Joe Ziegler, zieglerj@amazon.comTechnical Evangelist          @jiyosub       [   ...
• Overview           • SQL Server• Licensing          • SharePoint• Networking & • Tips & Tricks Security   [     Our plan...
• Overview         • SQL Server• Licensing        • SharePoint• Networking & • Tips & Tricks Security               4
What we assume you already          know:AWS provides pre-configured Windows AMI’s to start running fully supported Window...
Isn’t cloud Windows different?•   Full, real, licensed Windows      •   Security groups for easy-to-    Server OS         ...
What’s Big & Easy•   Web Applications        •   Windows              •   Transcoding, E    •   WebMatrix                 ...
What’s New                       Windows Free Tier•   750 hours of Amazon EC2 Linux† Micro Instance usage•   750 hours of ...
What’s NewSQL Server Standard on more host types, and now  SQL Web Edition at a lower hourly price point
What’s New            Relational Database Service (RDS)                      for SQL Server   • Point and Click     deploy...
What’s New   Elastic Beanstalk with support for .Net and Visual                         Studio • IIS 7.5 with full .net su...
Elastic Bean Stalk        12
Even more NewCloudFront support for IIS-MS 4.1 Smooth StreamingWindows HPC Cluster support http://docs.amazonwebservices.c...
• Overview      • SQL Server• Licensing     • SharePoint• Networking & • Tips & Tricks Security               14
Licensing• OEM aka Hourly                • RDS aka Terminal  Licensing via SPLA              Services •   Windows OS, SQL ...
License Mobility Requirements• Must be on active Software Assurance  •Enterprise Agreement  •Enterprise Subscription Agree...
BizSpark• Developing Software?• Privately Held?• Less than 3 years old?• Making less than $1mm USD annually?• Join BizSpark!
• Overview       • SQL Server• Licensing      • SharePoint• Networking &   • Tips & Tricks Security                 18
Security: Shared Responsibility Model     AWS              Customer• Facilities                • Operating System• Physica...
So what do you do about it?      SAS 70 Type II Audit                                                                     ...
Networking and Security • No  • Multicast, Broadcast, Anycast, IP     spoofing, Clustering  • VPC   • Statics, Routing, Ne...
Networking and Security•   AWS Credentials    •   IAM (hint: Try the policy        wizard!)        •   For your Staff     ...
Amazon Virtual Private Cloud (VPC)•   Logically Isolated Environment•   Private IP address ranges•   Ingress and Egress Ne...
The New Enterprise ITNetwork Architecture                                                  Availability Zone 1            ...
New EC2 VPC feature:Elastic Network Interface                 • Multiple                   Addresses                 • Spa...
• Overview       • SQL Server• Licensing      • SharePoint• Networking &   • Tips & Tricks Security                 26
“With AWS and 2nd Watch, we have found a much more                                            cost effective way to keep t...
SQL Server Quick and Dirty• Instance Type           • Raid0 isn’t quite what  Matters!                  you think on EC2 •...
Example:a fork-lifted app,with a fork-lifted               DB
Example:Fault-Tolerant
SQL on EC2 vs. SQL on• Do you have 3 RDS               rd party applications on  the DB host?• Windows Authorization…• Com...
• Overview       • SQL Server• Licensing      • SharePoint• Networking &   • Tips & Tricks Security                 32
Case Study – SharePoint on AWS•   SharePoint migration and consolidation    projects with Recovery.gov, Treasury.gov,    A...
A little fault-tolerance                      exercise Elastic  LoadBalancer                            How much load can ...
A little fault-tolerance                      exercise Elastic  LoadBalancer                            35%-45%SharePoint ...
A little fault-tolerance                             exerciseElastic Load Balancer                                    How ...
A little fault-tolerance                             exerciseElastic Load Balancer                                    ~80%...
• Overview       • SQL Server• Licensing      • SharePoint• Networking &   • Tips & Tricks Security                 39
CloudFormationhttp://aws.amazon.com/cloudformation/aws-cloudformation-templates/
VM Import / Export                    • VMware ESX VMDK                             * Currently for Windows OnlyImport• VM...
VM Import: Cloud Recovery (this looks a lot like a                                          Windows migration, doesn’t it?...
• Overview       • SQL Server• Licensing      • SharePoint• Networking &   • Tips & Tricks Security                 47
Further Reading• http://aws.amazon.com/microsoft/• http://aws.amazon.com/cloudformation/aws-  cloudformation-templates/• h...
Shameless Plug      49
amazon                           web serviceshttp://aws.amazon.com  Joe Ziegler, Technical Evangelist      zieglerj@amazon...
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
Upcoming SlideShare
Loading in...5
×

Deploy, Scale and Manage your Microsoft Investments with AWS

1,395

Published on

The AWS Lunch and Learn Series with the topic of Deploy, Scale and Manage your Microsoft Investments with AWS as presented by Joe Ziegler

Published in: Technology
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,395
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide
  • SPLA Licenses. Service Providers Licensing Agreement Program
  • Client Access License
  • 3.7 Gigs of RAM. M1.medium just perfect size for running windows applications. 16 core multithreaded, see 32 cores in the windows task manager
  • Security and Operational Excellence is the Top most priority. Its Priority 0. No exceptions allowed. We understand that Security and governance are often the top issues identified when we talk to our customers. Instead of tossing this over the fence, we really advice and highly recommend our customers to invest in security review early in the process. Get your security folks talk to our security folks and understand security and compliance. Security is really not on or off. It’s a spectrum of options that you can choose from that is right for your application.
  • Windows Clustering does not work on us. All windows services that depend on windows clustering, SharePoint Clustering, SQL Clustering not available.
  • You will need this to run active directory. To give windows the same feel as the traditional environment.
  • Working with AWS solutions provider 2nd Watch to create hyper-local web and mobile platforms for travelersMigrating from co-location facility with limited flexibility, inadequate performance, and high operating expensesUtilizing Amazon EC2 with Elastic Load Balancing, Amazon S3, Amazon VPC, and Amazon CloudFront. 4 days to do the migration of SQL to EC258% off a CMS application
  • Three-Tier Web App has been “fork-lifted” to the cloudEverything in a single Availability ZoneLoad balanced at the Web tier and App tier using software load balancersMaster and Standby databaseElastic IP on front end load balancer onlyS3 used as DB backup instead of tapeHow can you use AWS features to make this app more highly available?
  • Three-Tier Web App has been “fork-lifted” to the cloudEverything in a single Availability ZoneLoad balanced at the Web tier and App tier using software load balancersMaster and Standby databaseElastic IP on front end load balancer onlyS3 used as DB backup instead of tapeHow can you use AWS features to make this app more highly available?
  • Can remote in. Can’t join them to a domain. SQL Server Authentication
  • 100 departments
  • Sharepoint reference architecture available online with the whitepaper.
  • BRIAN MARICK
  • Transcript of "Deploy, Scale and Manage your Microsoft Investments with AWS"

    1. 1. amazon web services Lunch and Learn SeriesDeploy, Scale and Manage yourMicrosoft Investments with AWS
    2. 2. Please silence your phonesYour presenter:Joe Ziegler, zieglerj@amazon.comTechnical Evangelist @jiyosub [ House Keeping ] 2
    3. 3. • Overview • SQL Server• Licensing • SharePoint• Networking & • Tips & Tricks Security [ Our plan for today ] 3
    4. 4. • Overview • SQL Server• Licensing • SharePoint• Networking & • Tips & Tricks Security 4
    5. 5. What we assume you already know:AWS provides pre-configured Windows AMI’s to start running fully supported Windows Server virtual machines in the cloud in minutes
    6. 6. Isn’t cloud Windows different?• Full, real, licensed Windows • Security groups for easy-to- Server OS configure firewalls per VM • 2003, 2008, 2008r2, all via • Easily install services and our Microsoft SPLA software that you know: AD, licensing means no CAL’s ADFS, SCOM, WSUS, SQL, required Exchange, SharePoint, Media Services, etc. • SQL Server Web and Standard via SPLA as well • All the benefits of a cloud infrastructure without the…• VPC for static, secure, user- weird defined networks
    7. 7. What’s Big & Easy• Web Applications • Windows • Transcoding, E • WebMatrix Media Services ncoding • .net and IIS • ADFS • Windows HPC• • 3rd Party Cluster Microsoft Applications Enterprise • Genomics • Applications • CFD, CAD SharePoint • SAP, Sage, ES • • SQL Server RI, etc Financials • Exchange • Media • Software Dev Applications and Test • System Center
    8. 8. What’s New Windows Free Tier• 750 hours of Amazon EC2 Linux† Micro Instance usage• 750 hours of Amazon EC2 Microsoft Windows Server‡ Micro Instance• 750 hours of an Elastic Load Balancer plus 15 GB data processing*• 30 GB of Amazon Elastic Block Storage, plus 2 million I/Os and 1 GB of snapshot storage*• 750 hours of Amazon RDS Single-AZ Micro DB Instances, for running MySQL, Oracle BYOL or SQL Server (running SQL Server Express Edition)‡‡
    9. 9. What’s NewSQL Server Standard on more host types, and now SQL Web Edition at a lower hourly price point
    10. 10. What’s New Relational Database Service (RDS) for SQL Server • Point and Click deployment in minutes • Managed database with pre-configured snapshots for backup or Server, OS, and DB cloning parameters • Automatic Windows and • Vertically scale with a few SQL Server software clicks or a single API call patching • Automated backups and • Fully Managed Disk DRPlus Free Tier!
    11. 11. What’s New Elastic Beanstalk with support for .Net and Visual Studio • IIS 7.5 with full .net support auto-scaling and Elastic • Package deployable code as Load Balancer to distribute a “Microsoft Web Deploy” traffic and you’re done • Application level metrics like • Use the AWS Toolkit for request count, average Visual Studio to publish latency builds from within your IDE • Zero lock-in or lock-out, open up the hood, RDP in, change • Windows Server 2008r2 with it how you likePlus Free Tier!
    12. 12. Elastic Bean Stalk 12
    13. 13. Even more NewCloudFront support for IIS-MS 4.1 Smooth StreamingWindows HPC Cluster support http://docs.amazonwebservices.com/AWSEC2/latest /WindowsGuide/ConfigWindowsHPC.html2 New Instances: m1.medium instances, cc2.8xlargeinstance
    14. 14. • Overview • SQL Server• Licensing • SharePoint• Networking & • Tips & Tricks Security 14
    15. 15. Licensing• OEM aka Hourly • RDS aka Terminal Licensing via SPLA Services • Windows OS, SQL Server • SAL via 3rd Party SPLA Web and Standard Edition • BizSpark• License Mobility aka • Or the golden rule… Talk BYOL to your Microsoft Rep! • Sharepoint, SQL Server, Lync, System Center, Exchange, Dyna mics CRM
    16. 16. License Mobility Requirements• Must be on active Software Assurance •Enterprise Agreement •Enterprise Subscription Agreement •Open Value Agreement •Open License (with SA option) •Select Plus (with SA option)• For Licensed apps, need appropriate CALs• No migration for 90 days
    17. 17. BizSpark• Developing Software?• Privately Held?• Less than 3 years old?• Making less than $1mm USD annually?• Join BizSpark!
    18. 18. • Overview • SQL Server• Licensing • SharePoint• Networking & • Tips & Tricks Security 18
    19. 19. Security: Shared Responsibility Model AWS Customer• Facilities • Operating System• Physical Security • Application• Physical Infrastructure • Security Groups• Network Infrastructure • OS Firewalls• Virtualization • Network Configuration Infrastructure • Account Management
    20. 20. So what do you do about it? SAS 70 Type II Audit Encrypt data in transit ISO 27001/2 Certification Encrypt data at rest PCI DSS 2.0 Level 1-5 Protect your AWS Credentials HIPAA/SOX Compliance Rotate your keys FISMA Moderate Infrastructure Application Secure your OS and applications FEDRamp / GSA ATO Security SecurityHow we measure that our How can you secure your infrastructure is secure application and what is your responsibility? Services Security What security options and features are available Enforce IAM policies to you? Use MFA, VPC, Leverage S3 bucket policies, EC2 Security groups, EFS in EC2 Etc..
    21. 21. Networking and Security • No • Multicast, Broadcast, Anycast, IP spoofing, Clustering • VPC • Statics, Routing, Network ACL + Security Group, Ingress/Egress • VPN • Direct Connect
    22. 22. Networking and Security• AWS Credentials • IAM (hint: Try the policy wizard!) • For your Staff • For your Applications • MFA • Secure Delete!• Instance Credentials • Keypairs • Passwords
    23. 23. Amazon Virtual Private Cloud (VPC)• Logically Isolated Environment• Private IP address ranges• Ingress and Egress Network Access Control• Elastic IP addresses and Internet Gateway• Hardware encrypted VPN connections or Direct ConnectWizard-based setup 10G’s DirectConnect Amazon Virtual Corporate Location Private Cloud Data Center
    24. 24. The New Enterprise ITNetwork Architecture Availability Zone 1 10G DirectConnect Corporate Location NAT Instance PrivateData Center VPN Gateway Subnet Customer Gateway Internet Gateway Public Subnet Amazon VPC Availability Zone 2 CorporateHeadquarters S3 SQS/SNS/SES SWF Elastic SimpleDB DynamoDB Beanstalk AWS RegionBranch Offices
    25. 25. New EC2 VPC feature:Elastic Network Interface • Multiple Addresses • Span Subnets • Attach/Detach • Public or Private
    26. 26. • Overview • SQL Server• Licensing • SharePoint• Networking & • Tips & Tricks Security 26
    27. 27. “With AWS and 2nd Watch, we have found a much more cost effective way to keep the lights on for a critical part of our infrastructure while reducing the risk of IT resources getting distracted from our core business strategies.” David Barbieri, SVP and CIO Business BenefitsInfra Cost Comparison ~58% savings! • Big savings over existing infrastructure • Faster network speedsAWS Cloud Infrastructure • Improved load times • Already planning future migrations Old Infrastructure SW Apps: • SharePoint 2010 • SQL Server 2008 • Umbraco CMS
    28. 28. SQL Server Quick and Dirty• Instance Type • Raid0 isn’t quite what Matters! you think on EC2 • m1.xlarge /= m2.xlarge • Snapshots!• IO Throughput • ENI for HA is, well, important• Cluster Compute for non-HPC: DB on CC• EBS /= SAN
    29. 29. Example:a fork-lifted app,with a fork-lifted DB
    30. 30. Example:Fault-Tolerant
    31. 31. SQL on EC2 vs. SQL on• Do you have 3 RDS rd party applications on the DB host?• Windows Authorization…• Complex Replication Topologies• Manual update/patch control
    32. 32. • Overview • SQL Server• Licensing • SharePoint• Networking & • Tips & Tricks Security 32
    33. 33. Case Study – SharePoint on AWS• SharePoint migration and consolidation projects with Recovery.gov, Treasury.gov, Army Corp of Engineers and others• Team leveraged existing Windows skills and tool sets• Microsoft License Mobility program to license server applications on AWSSW Apps:• SharePoint 2010• SQL Server 2008 Infrastructure Cost Comparison• Forefront 60%-70% savings! AWS Cloud Infrastructure Old Infrastructure
    34. 34. A little fault-tolerance exercise Elastic LoadBalancer How much load can you safely put on each instance?SharePoint SharePoint EC2 EC2Instance #1 Instance #2
    35. 35. A little fault-tolerance exercise Elastic LoadBalancer 35%-45%SharePoint SharePoint EC2 EC2Instance #1 Instance #2
    36. 36. A little fault-tolerance exerciseElastic Load Balancer How about now? SharePoint SharePoint EC2 EC2 Instance 1-5 Instance 6- 10
    37. 37. A little fault-tolerance exerciseElastic Load Balancer ~80% SharePoint SharePoint EC2 EC2 Instance 1-5 Instance 6- 10
    38. 38. • Overview • SQL Server• Licensing • SharePoint• Networking & • Tips & Tricks Security 39
    39. 39. CloudFormationhttp://aws.amazon.com/cloudformation/aws-cloudformation-templates/
    40. 40. VM Import / Export • VMware ESX VMDK * Currently for Windows OnlyImport• VMware ESX VMDK • VMware ESX OVA images • Microsoft Hyper-V• Citrix Xen VHD VHD images • Citrix Xen VHD file• Microsoft Hyper-V formats VHD imagesExport 45
    41. 41. VM Import: Cloud Recovery (this looks a lot like a Windows migration, doesn’t it?) Server 2008 Boot Data Volume Drive C: D: Amazon EBS Snapshots VMware ESX VMDK Citrix Xen VHD Availability Zone #1Microsoft Hyper-V VHD VM Import service
    42. 42. • Overview • SQL Server• Licensing • SharePoint• Networking & • Tips & Tricks Security 47
    43. 43. Further Reading• http://aws.amazon.com/microsoft/• http://aws.amazon.com/cloudformation/aws- cloudformation-templates/• http://media.amazonwebservices.com/AWS_Microsoft _Platform_Security.pdf• http://awsmedia.s3.amazonaws.com/SharePoint_on_A WS_Reference_Architecture_White_Paper.pdf• http://media.amazonwebservices.com/AWS_RDBMS_ MS_SQLServer.pdf 48
    44. 44. Shameless Plug 49
    45. 45. amazon web serviceshttp://aws.amazon.com Joe Ziegler, Technical Evangelist zieglerj@amazon.com Please Fill out the @jiyosub Feedback Form 50

    ×