Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

583 views

Published on

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

  • Be the first to comment

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

  1. 1. Windows on AWS Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads Simone Cheli Microsoft Specialist
  2. 2. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AGENDA: • Why Windows on AWS • Active Directory • OLA Program
  3. 3. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Why Windows on AWS?
  4. 4. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. B R E A DT H & D E P T H R E L I A B L E & S E C U R E B E S T P E R F O R M A N C E I N N O VAT I O N & E X P E R I E N C E Why Windows on AWS? LOWER TCO
  5. 5. https://zkresearch.com/blog/2018/11/comparing-sql-server-deployments-on-microsoft-azure-and-amazon-web-services MOST CAPABILITIES AWS has the more capabilities than any other cloud provider, including 48 services where comparable options are simply not available on the next largest cloud provider. ECO SYSTEM SUPPORT AWS supports a full range of business-critical services for Microsoft Workloads like Visual Studio, Active Directory, Windows Server, SQL Server, AWS SDK for .NET, AWS Elastic Beanstalk, and AWS Database Migration Service. AWS also offers the first and only fully managed native-Windows file service, Amazon FSx for Windows File Server, which is built on Windows and integrates with Active Directory. AWS services where the next largest cloud provider does not have comparable options 48 Breadth & Depth 43% 57% 28% 113% M O R E C O M P U T E S E R V I C E S M O R E D A T A B A S E S E R V I C E S M O R E N E T W O R K I N G S E R V I C E S M O R E M A N A G E M E N T S E R V I C E S T H A N T H E N E X T L A R G E S T C L O U D P R O V I D E R
  6. 6. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. https://zkresearch.com/blog/2018/11/comparing-sql-server-deployments-on-microsoft-azure-and-amazon-web-services 12 YEARS OF INNOVATING FOR OUR CUSTOMERS Years of migration experience 12+ Innovation & Experience .NET Core & PowerShell on AL2/Ubuntu Windows Deep Learning AMI .NET Core on Linux AMIs Lambda Support for PowerShell Core Amazon ECS for Windows Containers Amazon EKS for Windows Mono support on AL2 App Modernization AWS Tools for Windows PowerShell .NET SDK DynamoDB Accelerator SDK for .NET .NET on Lambda & AWS CodeBuild .NET Core 2.1 Support with Lambda & X-Ray X-Ray .NET SDK .NET Developer Hub AWS X-Ray .NET Core Support CloudWatch AppInsights for .NET and SQL .NET Developer Hub Joined .NET Foundation .NET SQL 2017 AMI AL2/Ubuntu SQL Server 2008 R2 Amazon RDS adds SQL Server SQL Server 2017 SQL Server 2012 SQL Server 2008 R2 SQL Server 2016 SQL Server 2008 Upgrade AWS Launch Wizard for SQL Server SQL Server 2019 on EC2 SQL Server AWS Directory Service Visual Studio Toolkit Microsoft SCOM plug-in release. Microsoft SharePoint 2016 (Marketplace) Microsoft SCVMM Plug-in SAP instance on AWS 2012 Trusted Advisor checks for Windows Hyper-V support in SMS Windows for Lightsail Application-consistent Snapshots through VSS Sessions Manager Dedicated Host Enhancement Tag-On EC2 Dedicated Hosts (BYOL) EC2 Run Command EC2 Systems Manager EC2 Dedicated Instances (BYOL) EC2 Windows on Bare Metal/Hyper-V AMI WS 2008 & SQL Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2016 Windows Server 1803 Windows Server 2003 Application migration using AWS SMS Active Directory Cross VPC Support AWS License Manager Amazon FSx for Windows File Server Azure to AWS Migration Support Windows Server & EC2 2008 2010 2012 2014 2016 2018 Today
  7. 7. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. F E A T U R E S R E L E A S E D
  8. 8. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. https://reprints.forrester.com/#/assets/2/374/RES144415/reports Containers on AWS
  9. 9. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. https://zkresearch.com/blog/2018/11/comparing-sql-server-deployments-on-microsoft-azure-and-amazon-web-services Reliable & Secure Number of regions with multiple Availability Zones 2x Security, compliance, and governance key features 210 Stockholm Bahrain Cape Town Hong Kong Milan Announced Regions THE NEXT LARGEST CLOUD PROVIDER HAD 7X MORE DOWNTIME HOURS THAN AWS IN 2018 24 Launched Regions 3 Announced Regions 76 Availability Zones 1 Local Zone 2x More Regions with multiple AZ’s 245 Countries and Territories Served 97 Direct Connect Locations 216 Points of Presence
  10. 10. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. On April, 28th AWS expanded its global footprint with the opening of the AWS Infrastructure Region in Italy. The new Region AWS Europe (Milano) brings advanced cloud technologies that enable opportunities for innovation, entrepreneurship, and digital transformation. For additional information about services and characteristics of an AWS Region, you can check the website: aws.amazon.com/local/italy/milan/ AWS Europe (Milan) Region
  11. 11. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. "Non c'è un solo carico di lavoro Windows che non siamo stati in grado di eseguire su AWS e di farlo meglio, compreso Windows Server, con tempi di inattività pari a zero." B i l l R o t h e , Vi c e p r e s i d e n t e p e r i s i s t e m i d ' i m p r e s a , H e s s C o r p o ra t i o n
  12. 12. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. 0 500 1000 1500 3 5 8 13 21 34 55 89 144 233 AWS Azure $0 $200 $400 $600 Small Medium Large AWS Azure https://zkresearch.com/blog/2018/11/comparing-sql-server-deployments-on-microsoft-azure-and-amazon-web-services BETTER PRICE/ PERFORMANCE THAN AZURE Performance advantage 2–3x Best Performance Costs per 1 Billion Transactions Per Month AWS versus Azure Large* Configuration (TPM)
  13. 13. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. "Le istanze z1d di Amazon EC2 sono molto più veloci delle soluzioni Azure equivalenti con un costo pressappoco uguale. Utilizzando le istanze z1d di Amazon EC2, forniamo ai clienti un'esperienza migliore elaborando le notifiche di prezzo più rapidamente e adeguando i prezzi più spesso." D a m i a n E l d e r, I n g e g n e r e D e v O p s , R e p r i c e r E x p r e s s , u n ' a z i e n d a L u c i d I n t e ra c t i v e
  14. 14. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. https://zkresearch.com/blog/2018/11/comparing-sql-server-deployments-on-microsoft-azure-and-amazon-web-services SAVE ON INFRASTRUCTURE Research firm, International Data Corp. (IDC), estimates that customers will realize an average return on investment of 442% over five years, when they bring their Windows workloads to AWS. OPTIMIZE LICENSING FOOTPRINT The Optimization and Licensing Assessment (OLA) is intended to accelerate Windows migration opportunities by providing a business justification based on resource consumption, optimized licensing and provisioning. 5-year return on investment 442% Lower TCO
  15. 15. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. SSP risparmia oltre 2 milioni l'anno utilizzando AWS. Parte di questi risparmi deriva dalla riduzione del 40% dei costi di licenzaWindows grazie all'utilizzo di Amazon Relational Database Service (RDS) eWindows Server su Amazon Elastic Compute Cloud (Amazon EC2). SSP utilizza i soldi così risparmiati per creare nuove offerte innovative.
  16. 16. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Active Directory on AWS
  17. 17. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Why do customers deploy Active Directory on AWS? Support Windows workloads running on AWS Integrate with AWS applications and services Provide low latency to applications
  18. 18. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What challenges are customers facing? Deploying a self-managed highly available AD to support workloads Required to integrate AD and cloud native AWS services Must design and build automation, deployments, monitoring, recovery and availability Undifferentiated heavy lifting CustomizationLow-business value operations
  19. 19. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Active Directory (AD) is an enterprise standard Active Directory is the most widely used enterprise repository for digital identities1 of Fortune 1000 use Active Directory2 (on-premises) 95% Sources: 1The State Of Microsoft Active Directory 2018, Forrester 2 Success with Enterprise Mobility: Identity, 2014, Microsoft This is on-premises specific
  20. 20. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. The cloud is an opportunity to modernizeAD “Organizations must prepare Windows Active Directory for the new era of hybrid, cloud, and multi-cloud IT.”1 “AWS’s long-term engagement with at-scale customers has enabled it to develop advanced tooling in many IAM areas, including managed/virtual AD and authorization capabilities.” 2 “AWS is the only vendor to run Active Directory as a managed service in a multitenant environment — AWS Managed Microsoft AD (typically shorted to Managed AD). As a result, it provides the broadest set of capabilities for workloads that require Active Directory.” 2 - Gartner Accelerate adoption of single sign-on (SSO) services Reduce TCO and admin costs of running AD Sources: 1 Active Directory:TheTime to Modernize is Now, 2018, Gartner 2 Solution Comparison of the IAM CapabilitiesWithin AWS, Azure and GCP, August 2019, Gartner analysis
  21. 21. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Options for running AD on AWS Self-managed, Amazon EC2 AWS Managed Microsoft AD
  22. 22. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Managed Microsoft AD
  23. 23. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS has the most experience delivering AD as a service Preserves AD-aware apps SSO experience, on-premises and the cloud so users don’t have to sign in separately High compatibility Richest set of features and delegation capability The first cloud to use actual Active Directory and is set up in minutes Preserves SSO Most features of any managed Active Directory, and the broadest range of AD aware apps. Ability to sub-delegate admin tasks across the org
  24. 24. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AD on AWS in the modern enterprise AWS SSO Integration Existing Directory Connectivity App Integration With AWS Managed AD Web or AWS apps1-way / 2-way trusts AWS Managed AD & Self-managed AD
  25. 25. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Managed Microsoft AD • High availability • Increased security • Reduce management overhead • Deploy workloads faster • Automate deployments using APIs • Create managed instances in AWS using the AWS Management Console, CLI, or API • Connect to on-prem Active Directory using trusts or utilize as a stand alone directory • Seamlessly domain join your EC2 instances, and use on-prem identities for AWS apps • Pros: Managed service, better AWS integration, focus on directory vs. infrastructure • Cons: Certain AD functions not available
  26. 26. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Key Features of AWS Managed Microsoft AD Actual Microsoft AD Trust support Seamless domain join High availability and daily snapshots AWS-managed infrastructure Support multiple accounts and VPCs
  27. 27. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Managed Microsoft AD: What’s in the box? • Actual Microsoft Active Directory (2012 R2) • Single tenant, managed service • Default of two domain controllers (expandable) • Provides delegated administrative authority over directory objects in your OU • Supports standard AD management tools • AWS managed infrastructure, including availability, patching, and backups • Seamless integration with AWS services • AWS SSO, Amazon FSx for Windows File Server, Amazon Workspaces, Amazon RDS for: SQL Server, Oracle, PostgreSQL
  28. 28. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Available Editions • Two editions: Standard Edition & Enterprise Edition • Both - • Can be used as your organization’s primary directory • Can be used to create resource forests • Support the creation of additional domain controllers • Standard Edition: Optimized to be a primary directory for small and midsize businesses • Enterprise Edition: Designed to support enterprise organizations with up to 500,000* directory objects
  29. 29. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Recent key feature launches • Support for multiple accounts and VPCs within a region • Standard Edition optimized for SMBs • LDAPS support and LDAP Signing • PCI & HIPAA eligibility, inclusion in the SOC reports • User password reset API • Add additional domain controllers • Additional application enablement • via managed service accounts, kerberos constrained delegation. • Sharepoint, SQL Server always on, .NET applications. F E A T U R E S R E L E A S E D
  30. 30. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Active Directory Designed
  31. 31. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS applications Amazon WorkSpaces Amazon AppStream 2.0 Amazon EC2 .NET apps SharePoint Server SQL Server Always- On Amazon QuickSight Amazon Connect Amazon Chime AWS services commonly used with AD Amazon RDS and Amazon FSx Amazon RDS for PostgreSQL Amazon FSx for Windows File Server Amazon RDS for Oracle AWS SSO integrated applications AWS SSO Amazon SageMaker Studio AWS IoT SiteWise (Preview) AWS Management Console AWS Client VPN Amazon EC2 Linux Amazon WorkDocs Amazon WorkMail SAML Amazon RDS for SQL Server
  32. 32. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use cases at all stages of the cloud journey Migration Multi-region True Hybrid AD AD Connector links new BI platform on AWS to on-prem AD Certified to protect sensitive data Integrated Managed AD for global enterprise Enabling migration to RDS Consistent global credentials after migration, integrated with on-prem AD Lower cost and complexity
  33. 33. Resources https://aws.amazon.com/it/directoryservice/getting-started/?nc=sn&loc=4
  34. 34. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. The OLA Program
  35. 35. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
  36. 36. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. A S S E S S M E N T If you are not assessing, You are guessing!
  37. 37. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Optimization & Licensing Assessment Customer challenges • Know the baseline • Understand costs • Build a plan OLA benefits • Gather data & insights • Create aTCO • Plan & Accelerate migrations
  38. 38. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. D I R E C T M AT C H V S . R I G H T S I Z E D TO AW S Understand how your environment and Microsoft licenses would translate to AWS in an optimized state. Optimization and Licensing Assessment F E A T U R E D T O O L 36% savings Annual on-prem cost Rightsized to AWS
  39. 39. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Anticipate potential savings Migration Planning 1. Identify infrastructure optimization opportunities • Over-provisioning for peak • Over-specified / under-utilised resources • Outdated hardware requiring significant licensing investments 2. Identify Microsoft license savings • Reduce cores requirement • Leverage existing investments using BYOL • Downgrade SQL Enterprise to SQL Standard
  40. 40. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Infrastructure & License optimization - example
  41. 41. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Understand application dependencies
  42. 42. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Resources https://pages.awscloud.com/windows-ola-contact-us.html
  43. 43. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. • Brainstorm use cases and test the services with your own data and understand how it works POC in a Box • Let AWS certified partners help you with the POC AWS Partner Network Define and run POCs with AWS
  44. 44. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Define your Licensing Strategy License Included • AWS manages licensing compliance • Supports current and many legacy versions of Microsoft software • Windows Server Client Access Licenses (CALs) are not required Bring your Own License (BYOL) • Take advantage of the efficiencies of the cloud while using your existing perpetual licenses • Extend the lifecycle of your software without additional hardware costs • Expedite your migration to the cloud by using existing virtual machine images
  45. 45. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. "Trasferendo le nostre licenze SQL Server agli Host dedicati e alle Istanze dedicate di Amazon EC2, abbiamo risparmiato il 15 percento sui costi di licenza per SQL." C r i s C a r l i n , V P d e l l e O p e ra z i o n i c l o u d g l o b a l i , D e l t e k
  46. 46. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. END-OF-SUPPORT MIGRATION PROGRAM OPTIMIZATION AND LICENSING ASSESSMENT MIGRATION ACCELERATION PROGRAM Helps customers upgrade legacy applications to run on newer, supported versions of Windows Server without any code changes. Understand how to optimize your environment and licensing assets when migration to the cloud. AWS services, best practices, and tools to help customers save costs and accelerate migrations ofWindows workloads to AWS. How we help: Programs
  47. 47. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS and Partner Tools AWS Partners Migration Methodology AWS Training AWS Professional Services AWS Investment Migration Acceleration Program - Windows https://aws.amazon.com/windows/map-for-windows/

×