2. Why Customers Choose AWS for their Microsoft Workloads
Most Experience
10Years runningWindows
workloads
Service offerings
100+
Global Reach & High Availability
55Availability zones spanning 18
geographic regions
With consistency
80,000
Capable of delivering up to
Security & Compliance
IOPS/
instance
HIPAA, FISMA, ITAR, EU Model Clauses
50+Compliance Certifications
SOC-1,2,3 FIPS, ISO
67price reductions since 2006
Customer Obsession &
Innovation
ImproveTCO
3. Innovation for Windows on AWS
Key Windows launches since 2008
98
25
795
instance types, 19 instance families
different AMIs for Windows workloads
Windows ISV listings
in AWS marketplace
Windows Deep Learning AMI
Hyper-V support in SMS
Application-consistent Snapshots through VSS
WS 2008 & SQL Server 2008
Visual StudioToolkit
MicrosoftSCOM plug-in release
AWS Directory Service
EC2 DedicatedHosts (BYOL)
MicrosoftSharePoint2016 (Marketplace)
Windows Server 2008 R2
SQL Server 2008 R2
Windows Server 2003
SQL Server 2005
.NET SDK
MicrosoftSCVMMPlug-in
Windows Server 2012
SQL Server 2012
AWS Toolsfor WindowsPowerShell
Amazon RDS adds SQL Server
EC2 Run Command
EC2 Systems Manager
Windows Server & SQL Server 2016
EC2 DedicatedInstances (BYOL)
.NET on Lambda&
Codebuild
SAP instance on AWS 2012
Trusted Advisor
checksfor Windows
SQL Server 2017
X-Ray .NET SDK
CustomerAdoption
Windows for Lightsail
.NET Core & Powershell
on AL2/Ubuntu
2008 Today
.NET Core 2.0 Support
with Lambda & X-Ray
EC2 Windows on Bare Metal/Hyper-V
AMI
SQL 2017 AMI
AL2/Ubuntu.NET Developer Hub
4. 400%
Growth
Between 2014 and 2017 of AWS
enterprise customers using Amazon
EC2 for Windows Server
10+
Years
Helping customers run and scale
Windows Workloads in the cloud
Robust experience and a growing customer base
6. Availability Zone
Private subnetPublic subnet
Availability Zone
Private subnetPublic subnet
Remote
users
Sample
Microsoft
architecture
Virtual private
gateway
Corporate
Office
IIS
App
IIS
Web
IIS
App
IIS
Web
VPN
AWS Direct
Connect
Internet
gateway
RDGW
VPC NAT
gateway
RDGW
VPC NAT
gateway
AWS
Directory
Service
AWS
Directory
Service
MS
SQL
MS
SQL
Always On
availability
group
VPC endpoint Amazon S3
Auto Scaling
7. Secure remote administration architecture
Availability Zone
Gateway security group Web security group
Private subnetPublic subnet
Accept TCP port
443 from admin IP
Accept traffic from
gateway security group
AWS administrator
Corporate data center
WEB2
TCP 443 WEB1
RDGW
Requires one connection:
• Connect to the RD Gateway, and the gateway proxies the RDP or PowerShell connection to the
backend instance.
8. Alternative solution using Systems Manager
Availability Zone
Web security group
Private subnet
Accept traffic from
EC2 Systems Manager
WEB2
WEB1
AWS administrator
Corporate data center
EC2 Systems Manager
S3 bucket SNS topic CloudWatch metric
IAM policy
9. Extend/migrateVMware workloads withVMware cloud
on AWS
• Consistent operations and live
migrations from on-premises to AWS
• Microsoft apps can move to VMware
Cloud on AWS without any change to
MS licensing
11. Active Directory : On-premises
• Create VPN or AWS Direct Connect
link to your VPC
• Manually domain join EC2 instances to
on-premises
• Use VPC as an extension of your
network
• Security considerations
• Latency considerations?
On-premises
Windows Server DC
AD
You Manage
1
DC – Active Directory Domain Controller
VPC – Amazon Virtual Private Cloud
Endpoint – Accessed via IP address in your VPC
12. Active Directory : EC2 self-managed
On-premises
Windows Server
DC
AD
You Manage
1
VPC
EC2 for Windows
Server DC
AD
You Manage
2
DC – Active Directory Domain Controller
VPC – Amazon Virtual Private Cloud
Endpoint – Accessed via IP address in your VPC
13. Active Directory : EC2 self-managed
Your responsibilities
• Availability deployment strategy
• EC2 DC configuration
• DNS configuration
• Sites and Services configuration
• Monitoring
• DC recovery
• Backup
• Restore
• Security group configuration
• Manual EC2 domain joining
• Patch Tuesday management
AWS Directory Service required for AWS enterprise applications and services
to authenticate to your self-managed AD
On-premises
Windows Server
DC
AD
You Manage
1
VPC
EC2 for Windows
Server DC
AD
You Manage
2
14. Single domain extended to multiple sites
Availability Zone B
Private subnet
DC4
Corporate network
Munich
DC1
Berlin
DC2
Cost 50
Availability Zone A
Private subnet
DC3
Cost 10
company.local
company.local
One single identity, data center extension mode
(rely on Active Directory sites, read-only or not)
VPN
AWS Direct
Connect
15. One subdomain per site
Availability Zone B
Private subnet
DC4
Corporate network
Munich
DC1
Berlin
DC2
company.local
Availability Zone A
Private subnet
DC3
cloud.company.local
Isolated subset of the directory, single identity for users
(Active Directory domains in a single forest)
VPN
AWS Direct
Connect
16. One forest per site and trust
Availability Zone B
Private subnet
DC4
Corporate network
Munich
DC1
Berlin
DC2Availability Zone A
Private subnet
DC3 company.local
company.cloud
Separate directories, single identity
(Cross-forest/resource forest with trust)
AWS Directory Service
company.cloud
VPN
AWS Direct
Connect
17. Active Directory – Connecting AD in cloud to on-premises
1
Replication
Your DCs only
On-premises
Windows Server
DC
AD
VPC
EC2 for Windows
Server DC
AD
On-premises
Windows Server
DC
AD
VPC
EC2 for Windows
Server DC
AD2
1-way Trust
2-way Trust
Your DCs or
AWS Managed
Microsoft AD
On-premises
Windows Server
DC
AD
VPC
EC2 for Windows
Server DC
AD3
Sync Users Depends
(third-party sync)
18. Active Directory : AWS Directory Service
On-premises
Windows Server
DC
AD
You manage
1
VPC
EC2 for Windows
Server DC
AD
You manage
2
VPC Endpoint
AWS Microsoft AD
AWS manages
3
AWS Directory Service
for Microsoft Active Directory
also known as AWS Managed Microsoft AD
19. Active Directory – AWS Microsoft AD
Windows 2012 R2 domain controllers (DC)
• ~3-click setup
• 2 DCs each in a different Availability Zone
(AZ)
Standalone or connected to your AD with
trusts
AWS apps and services integration
• EC2 seamless domain join
• RDS for SQL Server authentication,
authorization
• Amazon WorkSpaces, Amazon QuickSight
Enterprise, Chime Plus/Pro provisioning
and authentication
VPC Endpoint
AWS Microsoft AD
AWS Directory Service
for Microsoft Active Directory
(Enterprise Edition)
a.k.a. AWS Microsoft AD
20. Active Directory – AWS Microsoft AD
Some constraints
• AWS is domain admin
• You get an OU and delegated
admin over the OU
• Conservative delegated permissions1 to
your OU admin account
• Application enablement blocks some apps
• Some admin functions unavailable
1Delegations are being expanded over time
VPC Endpoint
AWS Microsoft AD
AWS Directory Service
for Microsoft Active Directory
(Enterprise Edition)
a.k.a. AWS Microsoft AD
21. Active Directory – AWS Microsoft AD
Amazon responsibilities - Operate
• Multi-AZ deploy, patch, monitor,
DC recovery, snapshot, restore
Your responsibilities - Administer
• Administration via Active Directory Users
and Computers (ADUC) and other standard
AD tools
• Administer users, groups, GPOs, other AD
content
VPC Endpoint
AWS Microsoft AD
AWS Directory Service
for Microsoft Active Directory
(Enterprise Edition)
a.k.a. AWS Microsoft AD
23. Options for Running SQL Server on AWS
SQL Server on Amazon EC2
License Included or (BYOL)
Use provided AMIs or install on EC2 (same
licensing)
Full SQL setup, tools, administration, etc.
User will need to do all the work such as EBS
configuration/tuning, Patch management, DR
(snapshots, recovery), HA setup and
Maintenance
Amazon Relational Database Service – SQL
License Included
Fully managed RDBMS service
Automated maintenance, patch management
Built-in DR – Automated backup & recovery
EBS tuned – up to 30,000 IOPS using PIOPS EBS
Support for SQL Agent & Tuning Advisor
Diagnostics, CloudWatch metrics
Tune engine parameters
No shell, super user, or direct file system access
24. Multi-AZ AlwaysOn Availability Group
Availability Zone 1
Private Subnet
EC2
Primary
Replica
Availability Zone 2
Private Subnet
EC2
Secondary
Replica
Synchronous Commit
Automatic Failover
AWS Region
25. Multi-region AlwaysOn Availability Group
Availability Zone 1
Private Subnet
EC2
Primary
Replica
Primary: 10.0.2.100
WSFC: 10.0.2.101
AG Listener: 10.0.2.102
AWS Region A
Availability Zone 2
Private Subnet
EC2
Secondary
Replica
Primary: 10.0.3.100
WSFC: 10.0.3.101
AG Listener: 10.0.3.102
Availability Zone 1
Private Subnet
EC2
Secondary
Replica
Primary: 10.1.2.100
WSFC: 10.1.2.101
AG Listener: 10.1.2.102
Synchronous Commit
Automatic Failover
AWS Region B
Asynchronous Commit
Manual Failover
Elastic IP Elastic IP
VPN
26. Failover cluster instance
Amazon EBS Amazon EBS
Availability Zone 1
Private Subnet
EC2
Primary
Node
Availability Zone 2
Private Subnet
EC2
Secondary
Node
AWS Region
Data Replication
SoftNAS / SIOS
28. End of Support is coming. Action needed!
July 9, 2019 January 14, 2020
SQL Server 2008 and 2008 R2
End of Support
Windows Server 2008 & 2008
R2 End of Support
29. Compelling options to match your objectives
Objective Path
Move virtualized workloads fast Lift and shift on-prem workloads to VMware Cloud on
AWS
Migrate databases to AWS without
impacting essential applications
Move to AWS and run undisturbed in 2016
Compatibility mode
Upgrade databases on AWS and
capitalize on enhancements and
security updates
Move to AWS and upgrade to 2016 to exploit
enhancements and security updates
Modernize on a modern/open
platform
Move to Aurora to leverage performance, capabilities
and cost
Shift operation of stack to proven
provider
Employ AWS Managed Services to operate your
AWS infrastructure
30. Migrate and Upgrade with AWS
Amazon
RDS
1
Amazon
RDS
2
• 2008 database running in SQL Server 2016 on
AWS
• Application run undisturbed and security
updates are applied
• 2008 database upgraded to SQL Server
2016/2017 onAWS
• Benefit from SQL Server 2016/2017
enhancements and security updates
On Prem Running 2008 in compatibility mode in 2016
Migrate and Upgrade in 2016
31. Modernize with AWS Aurora
Amazon
RDS
On Prem Performance &
scalability
Availability &
durability
Highly secure
Fully managed
33. A cost-effective, managed cloud desktop
Secure
Pay-as-you-go
Simple management
Highly interactive cloud desktops
your users will love
Scale consistently
36. Customer success runningWindows on AWS
”We’ve seen much stronger
performance for our database-
backup workloads and we’re also
saving 75% on our monthly
backup costs.”
Richard Sharp,
Director of Databases
“We haven’t met a workload we
can’t run in AWS, and run better
including Windows Server. With
zero downtime”
Bill Rothe,
VP Enterprise Systems
“We chose AWS for our data center
workloads, including Windows, based
on our assessment of [its] security,
availability and performance...”
Rajeev Bhajwardi,
Sr. Director Enterprise Technology