Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Best Practices: Microsoft on AWS - Miles Ward - AWS Summit 2012 Australia

Miles Ward's presentation at the Australian AWS Summit, Sydney 2012 - Ninja Track

  • Be the first to comment

Best Practices: Microsoft on AWS - Miles Ward - AWS Summit 2012 Australia

  1. 1. AWS Summit 2012 | Melbourne Welcome Best Practices: Microsoft on AWS
  2. 2. AWS Summit 2012 | Melbourne Welcome Miles Ward – Solutions Architect @milesward
  3. 3. Today’s Agenda Microsoft on AWS 201 What’s Big, What’s Easy, What’s New Networking and Security Licensing SQL Server on AWS EBS, RDS, Web, oh my! SharePoint on AWS WFE’s, How the US Treasury does it Advanced Tips Cloudformation VM Import
  4. 4. What we assume you already know: EC2 Instance +Windows Server OS =AWS provides pre-configured Windows AMI’s to start running fully supported Windows Server virtual machines in the cloud in minutes
  5. 5. Isn’t cloud Windows.. different?• Full, real, licensed Windows Server OS • 2003, 2008, 2008r2, all via our Microsoft SPLA licensing means no CAL’s required • SQL Server Web and Standard via SPLA as well• VPC for static, secure, user-defined networks• Security groups for easy-to-configure firewalls per VM• Easily install services and software that you know AD, ADFS, SCOM, WSUS, SQL, Exchange, SharePoint, Media Services, etc.• All the benefits of a cloud infrastructure without the… weird
  6. 6. What’s Big, What’s Easy, What’s New• Web Applications Applications • WebMatrix • SAP, Sage, ESRI, etc • .net and IIS • Media Applications• Microsoft Applications • Transcoding, Encoding • SharePoint • Windows HPC Cluster • SQL Server • Genomics • Exchange • CFD, CAD • System Center • Financials • Windows Media Services • Software Dev and Test • ADFS
  7. 7. What’s Big, What’s Easy, What’s New• Web Applications Applications • WebMatrix • SAP, Sage, ESRI, etc • .net and IIS • Media Applications• Microsoft Applications • Transcoding, Encoding • SharePoint • Windows HPC Cluster • SQL Server • Genomics • Exchange • CFD, CAD • System Center • Financials • Windows Media Services • Software Dev and Test • ADFS
  8. 8. What’s NewWindows Free Tier
  9. 9. What’s NewSQL Server Standard on more host types, and now SQL Web Edition at a lower hourly price point
  10. 10. What’s New Relational Database Service for SQL Server Point and Click deployment in minutes with pre-configured Server, OS, and DB parameters Vertically scale with a few clicks or a single API call Automated backups and DR Managed database snapshots for backup or cloning Automatic Windows and SQL Server software patching #1: Fully Managed DiskPlus Free Tier!
  11. 11. What’s New Elastic Beanstalk with support for .net and Visual Studio IIS 7.5 with full .net support Package deployable code as a “Microsoft Web Deploy” and you’re done Or Use the AWS Toolkit for Visual Studio to publish builds from within your IDE Windows Server 2008r2 with auto-scaling and Elastic Load Balancer to distribute traffic Application level metrics like request count, average latency Zero lock-in or lock-out, open up the hood, RDP in, change it how you likePlus Free Tier!
  12. 12. More What’s New?!CloudFront support for IIS-MS 4.1 SmoothStreamingWindows HPC Cluster support wsGuide/ConfigWindowsHPC.htmlm1.medium instances, cc2.8xlarge instance
  13. 13. Even more new! Storage Gateway Your Datacenter Amazon Elastic Compute Cloud (EC2) AWS Storage Gateway Clients VM SSL Internet On-premises Host or Direct AWS Storage Amazon Simple Connect Gateway Service Storage Service (S3)Application Servers Amazon Elastic Block Storage (EBS) Direct Attached or Storage Area Network Disks
  14. 14. Security
  15. 15. Security: Shared Responsibility Model AWS Customer• Facilities • Operating System• Physical Security • Application• Physical Infrastructure • Security Groups• Network Infrastructure • OS Firewalls• Virtualization • Network Configuration Infrastructure • Account Management
  16. 16. So, what do you do about it?SAS 70 Type II Audit Encrypt data in transitISO 27001/2 Certification Encrypt data at restPCI DSS 2.0 Level 1-5 Protect your AWS CredentialsHIPAA/SOX Compliance Infrastructure Application Rotate your keysFISMA Moderate Security Security Secure your OS and applicationsFEDRamp / GSA ATOHow we measure that our How can you secure yourinfrastructure is secure application and what is your responsibility? Services Security What security options Enforce IAM policies and features are Use MFA, VPC, Leverage S3 bucket policies, available to you? EC2 Security groups, EFS in EC2 Etc..
  17. 17. Networking and Security• No: • Multicast, Broadcast, Anycast, IP spoofing, Clustering• VPC • Statics, Routing, Network ACL + Security Group, Ingress/Egress• VPN• Direct Connect
  18. 18. Networking and Security• AWS Credentials • IAM (hint: Try the policy wizard!) • For your Staff • For your Applications • MFA • Secure Delete!• Instance Credentials • Keypairs • Passwords
  19. 19. Amazon Virtual Private Cloud (VPC)• Logically Isolated Environment• Private IP address ranges• Ingress and Egress Network Access Control• Elastic IP addresses and Internet Gateway• Hardware encrypted VPN connections or Direct Connect 10G’s DirectConnect Amazon Virtual Corporate Location Private Cloud Data Center• Wizard-based setup
  20. 20. VPC is part of the Autodesk internal networkSource: Autodesk
  21. 21. The New Enterprise IT Availability Zone 1Network Architecture 10G DirectConnect NAT Private Corporate Location Instance SubnetData Center VPN Gateway Customer Gateway Internet Gateway Public Subnet Amazon VPC Availability Zone 2 CorporateHeadquarters S3 SQS/SNS/SES SWF Elastic SimpleDB DynamoD Beanstalk B AWS RegionBranch Offices
  22. 22. New EC2 VPC feature:Elastic Network Interface• Up to 2 Addresses• Span Subnets• Attach/Detach• Public or Private
  23. 23. SQL Server
  24. 24. “With AWS and 2nd Watch, we have found a much more cost effective way to keep the lights on for a critical part of our infrastructure while reducing the risk of IT resources getting distracted from our core business strategies.” David Barbieri, SVP and CIO Business BenefitsInfra Cost Comparison • Big savings over existing infrastructure ~58% savings! AWS Cloud • Faster network speeds Infrastructure • Improved load timesOld Infrastructure • Already planning future migrations SW Apps: • SharePoint 2010 • SQL Server 2008 • Umbraco CMS
  25. 25. SQL Server QnDInstance Type Matters! m1.xlarge /= m2.xlarge IO Throughput is, well, important Cluster Compute for non-HPC: DB on CCEBS /= SAN Raid0 isn’t quite what you think on EC2 Snapshots!ENI for HA
  26. 26. Example:a fork-lifted app, with a fork-lifted DB
  27. 27. Example:Fault-Tolerant
  28. 28. Replication
  29. 29. Replication Architectures
  30. 30. Storage Architecture Microsoft SQL Server 2008 r2 Web, Standard or Enterprise Data Data Data Data EphemeralFileGroup1 FileGroup2 FileGroup3 FileGroup4 TempDB Raid0 Data Data Data DataFileGroup5 FileGroup6 FileGroup7 FileGroup8 MS SQL Instance m2.4xlarge EC2M2.4xlarge Log Log Backup BackupFileGroups FileGroups 1,2,3,4 5,6,7,8 FileGroups FileGroups 1,2,3,4 5,6,7,8 Instance
  31. 31. SQL on EC2 vs. SQL on RDSDo you have 3rd party applications on the DB host?Windows Authorization…Complex Replication TopologiesManual update/patch control
  32. 32. SharePoint
  33. 33. Case Study – SharePoint on AWS• SharePoint migration and consolidation projects with,, Army Corp of Engineers and others• Team leveraged existing Windows skills and tool sets• Microsoft License Mobility program to license server applications on AWSSW Apps: Infrastructure Cost Comparison 60%-70% savings!• SharePoint 2010• SQL Server 2008 AWS Cloud…• Forefront Old Infrastructure
  34. 34. A little fault-tolerance exercise Elastic Load Balancer How much load can you safely put on each instance?SharePoint EC2 SharePoint EC2 Instance #1 Instance #2
  35. 35. A little fault-tolerance exercise Elastic Load BalancerSharePoint EC2 SharePoint EC2 Instance #1 Instance #2
  36. 36. A little fault-tolerance exerciseElastic Load Balancer How about now? SharePoint EC2 SharePoint EC2 Instance 1-5 Instance 6-10
  37. 37. A little fault-tolerance exerciseElastic Load Balancer SharePoint EC2 SharePoint EC2 Instance 1-5 Instance 6-10
  38. 38. Licensing
  39. 39. Case Study – BizSpark• Mobile Application Developer• “Scales to the moon” based on mobile campaign demand• Up and running with complete infrastructure migration – in days• Cost savings: “servers costs are 1/3 the cost… for 4 x times server power.”SW Apps:• IIS• SQL Server 2008 Video Presentation:
  40. 40. Licensing• OEM aka Hourly Licensing via SPLA • Windows OS, SQL Server Web and Standard Edition• License Mobility aka BYOL • Sharepoint, SQL Server, Lync, System Center, Exchange, Dynamics CRM• RDS aka Terminal Services • SAL via 3rd Party SPLA• BizSpark• Or the golden rule… Talk to your Microsoft Rep!
  41. 41. License Mobility RequirementsMust be on active Software Assurance Enterprise Agreement Enterprise Subscription Agreement Open Value Agreement Open License (with SA option) Select Plus (with SA option)For Licensed apps, need appropriate CALsNo migration for 90 days
  42. 42. BizSpark• Developing Software?• Privately Held?• Less than 3 years old?• Making less than $1mm USD annually?• Join BizSpark!
  43. 43. Extra Tricks
  44. 44. Cloudformation
  45. 45. VM Import: Cloud Recovery (this looks a lot like a migration, doesn’t it?) Windows Server 2008 Boot Data Volume Drive C: D:VMware ESX VMDK Snapshots Amazon EBS Availability Zone #1Citrix Xen VHD VM ImportMicrosoft Hyper-V VHD service
  46. 46. Getting Started• Simply sign up for AWS at• Start a Windows Server, RDP in, kick the tires.• Take advantage of the Free Tier to experiment with more advanced services