Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Microsoft on AWS - AWS Summit SG 2017

237 views

Published on

Learn how to architect fully available and scalable Microsoft solutions and environments in AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, and introduce DevOps concepts, automation and repeatability. Plan authentication and authorization, various hybrid scenarios with other cloud environment and on premise solutions/infrastructure. Learn about common architecture patterns for Active Directory and business productivity solutions like SharePoint, Exchange and Skype for Business, also common scenarios for SQL deployments and System Center.

Published in: Technology
  • Be the first to comment

Microsoft on AWS - AWS Summit SG 2017

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Microsoft on AWS Paul Chen Head of Solutions Architect, Amazon Web Services, ASEAN
  2. 2. What to Expect from the Session • Simplicity and Automation • Microsoft Architectures on AWS and how to build them • Identity and Access Management • SQL Server • Developers • Administration
  3. 3. Developer platform and tools Corporate applications Line of business applications End-user computing
  4. 4. Information security Corporate applications End-user computingBusiness applications Amazon EC2 for Windows, Amazon RDS, AWS CloudFormation, Amazon CloudFront EC2 for Windows, AWS Directory Service, RDS, Marketplace Amazon WorkSpaces, Amazon AppStream, Marketplace, AWS Mobile Services, SaaS AWS Identity and Access Management (IAM), AWS CloudHSM, AWS Key Management Service (KMS), security groups, AWS Marketplace EC2, Amazon S3, RDS, Amazon VPC, AWS Direct Connect, Directory Service, IAM, AWS Service Catalog Infrastructure AWS service offerings for Windows workloads AWS Elastic Beanstalk, AWS CodeDeploy, CloudFormation DevOps
  5. 5. Architecture
  6. 6. Availability Zone Private SubnetPublic Subnet Availability Zone Private SubnetPublic Subnet Remote Users Sample Microsoft Architecture Virtual Private Gateway Corporate Office IIS App IIS Web IIS App IIS Web VPN AWS Direct Connect Internet Gateway RDGW VPC NAT Gateway RDGW VPC NAT Gateway AWS Directory Service AWS Directory Service MS SQL MS SQL Always On Availability Group VPC Endpoint Amazon S3 Auto Scaling
  7. 7. Microsoft Enterprise Applications
  8. 8. Shared Service VPC • Best suited for: • The majority of your infrastructure on AWS • Required on-premises resources are easy to replicate or proxy (e.g., Active Directory, System Center, central SQL farm) • You prefer to limit VPN traffic • Strong security or compliance programs require additional application-level controls and proxy servers between their AWS and on-premises resources (e.g., application- layer firewalls)
  9. 9. CloudFormation – Infrastructure as a Code Basic standard in AWS for automating deployment of resources CloudFormation template • JSON-formatted document that describes a configuration to be deployed in an AWS account • When deployed, refers to a “stack” of resources • Bootstrapping AWS CloudFormation Windows Stacks, http://tinyurl.com/aws- win-boot AWS CloudFormation
  10. 10. How CloudFormation Works
  11. 11. AWS CloudFormation Designer • Visualize template resources • Modify template with drag- and-drop gestures • Customize sample templates
  12. 12. The Work* Services WorkDocs Secure enterprise document collaboration WorkSpaces Virtual desktops Secure access from anywhere Monthly pricing Central sync, document feedback Secure access from anywhere S3 WorkSpaces Application Manager Virtual applications Centralized application deployment Monthly subscription options WorkMail Secure email and calendaring Strong security controls Existing desktop, mobile support Directory Service Managed directories Simple AD, AD Connector, Microsoft AD
  13. 13. Run Windows Server 2016 on Amazon EC2 • Windows Server 2016 Datacenter with Desktop Experience • Windows Server 2016 Nano Server • Windows Server 2016 with Containers • docker run microsoft/sample-dotnet • Windows Server 2016 with SQL Server 2016
  14. 14. Identity and Access Management
  15. 15. AWS Identity and Access Management (IAM) Role-based access control Multi-factor authentication Integrated with all AWS services IAM roles
  16. 16. Active Directory Deployments - Isolated domains Availability Zone B Private subnet DC4 Corporate Network Munich DC1 Berlin DC2Availability Zone A Private subnet DC3 company.cloud company.local Federation/ synchronization Separate identities with synchronization/federation à solutions such as AD FS, Okta, PingFederate AWS Directory Service company.cloud VPN AWS Direct Connect
  17. 17. Single domain extended to multiple sites Availability Zone B Private subnet DC4 Corporate Network Munich DC1 Berlin DC2 Cost 50 Availability Zone A Private subnet DC3 Cost 10 company.local company.local One single identity, data center extension mode (rely on Active Directory sites, read-only or not) VPN AWS Direct Connect
  18. 18. One subdomain per site Availability Zone B Private subnet DC4 Corporate Network Munich DC1 Berlin DC2 company.local Availability Zone A Private subnet DC3 cloud.company.local Isolated subset of the directory, single identity for users (Active Directory domains in a single forest) VPN AWS Direct Connect
  19. 19. One forest per site and trust Availability Zone B Private subnet DC4 Corporate Network Munich DC1 Berlin DC2Availability Zone A Private subnet DC3 company.local company.cloud Separate directories, single identity (Cross-forest/resource forest with trust) AWS Directory Service company.cloud VPN AWS Direct Connect
  20. 20. User identity federation with AWS IAM AD Users Enterprise Applications Corporate Systems AWS IAM IAM roles EC2 Amazon DynamoDB S3
  21. 21. SQL Server
  22. 22. SQL Server on Amazon EC2 § Licensing Options § Purchase an Amazon Machine Instance (AMI) that includes Windows and SQL Server § Purchase a Windows AMI and install SQL Server yourself (BYOL) § Windows or Mixed Authentication § You manage the virtual machine security, storage, network ports, etc. § Full SQL Server sysadmin privileges
  23. 23. Multi-AZ AlwaysOn Availability Group Availability Zone 1 Private Subnet EC2 Primary Replica Availability Zone 2 Private Subnet EC2 Secondary Replica Synchronous Commit Automatic Failover AWS Region
  24. 24. Multi-Region AlwaysOn Availability Group Availability Zone 1 Private Subnet EC2 Primary Replica Primary: 10.0.2.100 WSFC: 10.0.2.101 AG Listener: 10.0.2.102 AWS Region A Availability Zone 2 Private Subnet EC2 Secondary Replica Primary: 10.0.3.100 WSFC: 10.0.3.101 AG Listener: 10.0.3.102 Availability Zone 1 Private Subnet EC2 Secondary Replica Primary: 10.1.2.100 WSFC: 10.1.2.101 AG Listener: 10.1.2.102 Synchronous Commit Automatic Failover AWS Region B Asynchronous Commit Manual Failover Elastic IP Elastic IP VPN
  25. 25. What is Amazon RDS? § Managed database service § Automatic patching, backups, mirroring, etc. § Automatic Host Replacement protects you in the event of a hardware failure. § 6 database engines to choose from: Amazon Aurora, Oracle, PostgreSQL, MySQL, MariaDB, and SQL Server § License-included and BYOL options available
  26. 26. SQL Server on Amazon RDS § Up to 30 databases per instance § Windows or Mixed Authentication § Optional managed Multi-AZ deployment for high availability § Transparent Data Encryption for encryption at rest and the use of SSL to secure data in transit § Native backup and restore for Microsoft SQL Server databases using full backup files (.bak files)
  27. 27. SQL Server HA/DR on RDS § Spans Availability Zones § Automatic Failover § Automatic Host Replacement § Automatic Backups § Automatic Software Patching (can be disabled)
  28. 28. Multi-AZ SQL Server on Amazon RDS Availability Zone 1 Private Subnet Availability Zone 2 Private Subnet Synchronous Commit Automatic Failover AWS Region Amazon RDS Primary Amazon RDS Secondary Managed Service
  29. 29. SQL Server EC2 vs. RDS: Which should I use? EC2 RDS License included ü ü BYOL ü ü Full control over the instance ü Automated backups ü Self-managed AlwaysOn Availability Groups ü AWS-managed Multi-AZ deployment ü
  30. 30. What about the rest of SQL Server? § Integration Services (SSIS) § Reporting Services (SSRS) § Analysis Services (SSAS) § SQL Agent § Service Broker § Data Quality Service § Master Data Service
  31. 31. What about the rest of SQL Server? § Remember: RDS is a managed database engine. § Most tools or drivers (OLE DB, ODBC, or ADO.NET) that connect to SQL Server can connect to an RDS instance. § For example, SSIS running on EC2 or on-premises can use a connection to an RDS SQL Server (or other engine) instance as long as the network ports are properly configured.
  32. 32. Developers
  33. 33. AWS SDK and Tools for .NET ArchitectureEXECUTION PLATFORM AWSSDK LOW- LEVEL SERVICE APIS AWS TOOLS HIGHER- LEVEL UTILITY APIS .NET 3.5 .NET 4.5 PHONE STORE SERVICE CLIENTS AMAZON S3 TRANSFER UTILITY AMAZON DYNAMODB OBJECT PERSISTENCE VM IMPORT RESOURCE API AWS TOOLS FOR WINDOWS POWERSHELL AWS TOOLKIT FOR VISUAL STUDIO ASP.NET SESSION PROVIDER TRACE LISTENER … AWS ENDPOINTS: REST API ASP.NET 5
  34. 34. AWS Toolkit for Visual Studio Full integration in Visual Studio AWS Toolkit for Visual Studio .NET SDK
  35. 35. AWS also provides extended support AWS Elastic Beanstalk • Deploy from within Visual Studio/automatic log rotation to Amazon S3 AWS CodeCommit/CodePipeline/CodeDeploy • Manage a large fleet (on-premises and cloud-based) .NET SDK and PowerShell cmdlets • Integration in custom build pipelines in TFS or CruiseControl.NET AWS native integrations • Jenkins, Bamboo have native integration to AWS • Other IDE support AWS (Unity, Xamarin Studio, Eclipse…)
  36. 36. Administration
  37. 37. Secure remote administration architecture Availability Zone Gateway Security Group Web Security Group Private SubnetPublic Subnet Accept TCP Port 443 from Admin IP Accept traffic from Gateway SG AWS Administrator Corporate Data Center WEB2 TCP 443 WEB1 RDGW Requires one connection: • Connect to the RD Gateway, and the gateway proxies the RDP or PowerShell connection to the back- end instance.
  38. 38. Amazon EC2 Systems Manager • EC2 Run Commands • AWS Tools for Windows PowerShell • Automation, Customizable, Auditable, Delegated Administration • Leverage Amazon EC2 Systems Manager • Auto domain join • No machine access • Full traceability • Fine-grained control • http://tinyurl.com/AWS-SSM-Home PowerShell Integration Amazon EC2 Run Commands SSM
  39. 39. Monitoring • CloudWatch • CloudTrail • Config • VPC Flow Logs • Trusted Advisor Amazon CloudWatch AWS CloudTrail AWS Config AWS Trusted Advisor Flow logs Amazon VPC AWS Lambda Amazon Kinesis AWS Service Catalog Amazon Elasticsearch Service Amazon QuickSight
  40. 40. Thank you!

×