More Related Content Similar to Migrating & Operating Microsoft Applications in AWS (20) More from Amazon Web Services (20) Migrating & Operating Microsoft Applications in AWS1. P U B L I C S E C T O R
S U M M I T
O T T A W A
2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Migrating and Operating Microsoft
Applications in AWS
Imran Mahmood
Cloud Infrastructure Architect
AWS
3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Key takeaways from this session
Patterns, Practices, &
Tools
for migrating Microsoft
Applications to Amazon
Web Services (AWS)
Continuous
compliance
with automated
controls and process
to build your landing
zone
Building repeatable
architecture
with automation and
infrastructure-as-a-code
approach
4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Typical questions ...
Why AWS for
Microsoft
applications?
What are the
migration
accelerators?
How can I
move fast and
stay secure?
5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Public Cloud Leaders – Windows (IaaS Market)
6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Most Experience
10
Years running Windows
workloads
Global Reach & High Availability
64
Availability Zones spanning 21
geographic regions
Security & Compliance
HIPAA, FISMA, ITAR, EU Model Clauses
50+
Compliance Certifications
SOC-1,2,3 FIPS, ISO
Why customers choose AWS for their Microsoft applications
7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Innovation for Windows on AWS
Key Windows launches since 2008
Windows Deep Learning AMI
Hyper-V support in AWS SMS
Application-consistent Snapshots through VSS
WS 2008 & SQL Server 2008
Visual Studio Toolkit
Microsoft SCOM plug-in release
AWS Directory Service
EC2 Dedicated Hosts (BYOL)
Microsoft SharePoint 2016 (Marketplace)
Windows Server 2008 R2
SQL Server 2008 R2
Windows Server 2003
SQL Server 2005
.NET SDK
Microsoft SCVMM Plug-in
Windows Server 2012
SQL Server 2012
AWS Tools for Windows PowerShell
Amazon RDS adds SQL Server
EC2 Run Command
EC2 Systems Manager
Windows Server & SQL Server 2016
Dedicated EC2 Instances (BYOL)
.NET on AWS Lambda &
AWS CodeBuild
SAP instance on AWS 2012
Trusted Advisor
checks for Windows
SQL Server 2017 on EC2/RDS
AWS X-Ray .NET SDK
CustomerAdoption
Windows for Amazon Lightsail
.NET Core & PowerShell
on AL2/Ubuntu
2008 Today
.NET Core 2.0 Support
with Lambda & X-Ray
Windows Containers
.NET Core 2.1 Support
90+ Instance types, 22 instance families
40+ AMIs for Windows workloads
700+ Windows ISV listings in AWS marketplace
8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Why AWS for
Microsoft
applications?
What are the
Migration
accelerators?
How can I move
fast and stay
secure?
9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
The MAP migration journey as you know it
Security &
Compliance
Landing
Zone
Skills / CoE
Operating
Model
Discovery
& Planning
Migration
Expertise
Business
Case
Migration
Plan
Migration Readiness
Assessment
Rapid
Discovery
TCO Report
Total Cost of
Ownership
Migrate
Operate Optimize
Migration Assessment Migration Readiness & Planning (MRP) Migrations & Operations
Discover Inventory &
Business case
Migration, DR &
Continuous Backup
Supported by our recently acquired tools, TSO Logic and CloudEndure…..
10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
But, mind the Gap
Security &
Compliance
Landing
Zone
Skills / CoE
Operating
Model
Discovery
& Planning
Migration
Expertise
Business
Case
Migration
Plan
Migration Readiness
Assessment
Rapid
Discovery
TCO Report
Total Cost of
Ownership
Migrate
Operate Optimize
Migration Assessment Migration Readiness & Planning (MRP) Migrations & Operations
Discover Inventory &
Business case
Migration, DR &
Continuous Backup
GAP
• “Not comfortable
yet”
• “Need more insights”
• “Still debating…….”
• “Not sure how to
start”
• “We need a lot of
support…..”
• Not comfortable to
sign up for a MRP at
this stage….
In some cases the migration plan stalls…..
11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Business
Governance
People
Operations
Security
Platform
We created specific Pre MRP Accelerators
Migration
Readiness
Assessment*
Migration Assessment
Amazon Web Services Confidential - Shared Under NDA
Readiness Activities Summary Observations Actions & Next Steps
High Level Business Case Pre-MRP The team has built a business case, however, it's
qualitative vs quantitative so there is a desire to build a
better and more specific business case to articulate
benefits and help define budgets and savings.
The team was able to articulate the near term strategy
and mentioned that they are working on the long term
strategy. Strategic look ahead is a yearly process and
this year they are building a 3 year look.
q Engage AWS Cloud Economics Team for a Rapid Opportunity
Calculator
q State a specific goal around migration to drive alignment and
momentum
q Select an automated discovery tool to aid in the building of a
business case
q Document the strategic vision of why cloud and why now so
others can buy-in and help deliver the vision
Key Stakeholder Sign-off Pre-MRP The cloud initiative is generally supported. Additional
input on the details of the plan, economics and how we
get there is still needed.
q Create a communications plan to include stakeholder buy-in and
updates
q Build out and document the security RACI and compliance
matrices to further solidify security support
q Build a strategic vision and purpose for the cloud activities to
align under
Workstream: Business Case
9
Amazon Web Services Confidential - Shared Under NDA
Readiness Activities Summary Observations Actions & Next Steps
Determine Delivery Model & Approach Pre-MRP A specific choice has not been made to approach.
Currently leaning toward internal resources but open to
understanding ROI.
q Determine Delivery Model (Select a Partner)
q Determine the partner selection criteria
Project Management Capability Pre-MRP There is a PMO in place and business and IT are
working to align on process discipline around Project
Management and Agile.
q Agree that Agile approach will be used during MRP
Migration Plan MRP A migration plan has not been established. The MRP
effort will be used to build the plan.
q Refine the overall startegy. The Migration Plan will be built during
MRP
q Build technical and business criteria to be used for application
rationalization against the 6R's
Workstream: Customer Migration Project Plan
12
Amazon Web Services Confidential - Shared Under NDA
Readiness Activities Summary Observations Actions & Next Steps
Current Operations Model Pre-MRP The team stated that there is a very low tolerance for
operational issues so everything is handled at the
"highest level". SLA's aren't well defined or adhered to.
q Document the current operating model (Runbook, SLA's, OLA's,
etc)
q Formalize the incident response process
q Determine SLA's and OLA's for all critical applications
q Performance requirements need to be established and
benchmarked to show improvement after moving to cloud
q Consider refining OLA's and SLA's for the cloud (i.e. provisioning
will be much faster)
Future Requirements Pre-MRP Cloud first was declared in 2017 and the last purchase of
a physical server was in June 2016. There is a formal
architecture review that includes push back if not
selecting cloud as destination.
q Share with customer the DevOps and OI Best Practices to help
create a shared future vision
q Enage AWS to share DevOps practices and leverage AWS best
practices around code pipleines CI/CD and general DevOps
practices to further improve team capability.
Managed Service Provider Identified Pre-MRP There are MSPs and Co-los in use today. It's a large
blend of solution providers based on technology and
team.
q Determine if workloads will be operated by an MSP. Share the
AMS "training wheels" option
q Evaluate AWS Managed Services (AMS) to see if it makes sense
to offload mundane activities/infrastructure ops to that and keep
resources focused on innovation and differentiating activities.
q Get specific around vision and drive roles and responsibilities
accordingly
Workstream: Operating Model
19
Amazon Web Services Confidential - Shared Under NDA
Readiness Activities Summary Observations Actions & Next Steps
Shared Responsibility Model Understood Pre-MRP In general the security portions need to be enhanced
and documented. The shared responsibility model is not
documented.
q Run the Security workshop with the customer's security
community
q Document the Security RACI
Security RACI Pre-MRP The team stated that the RACI is in work. q Run the Security workshop with the customer's security
community
q Document the Security RACI
Security Cartography Pre-MRP Mapping controls needs to be done. The team should
map the controls that they are required to have to what
AWS provides and then find solutions for the remaining
gaps.
q Run the Security workshop with the customer's security
community
q Map controls to standards and then use AWS mapping to
standards to show compliance
3rd Party Risk Pre-MRP Yes there are requirements for 3rd Party Risk
assessment and the team was comfortable that they had
audited AWS and there are no open action items.
q No action required.
Identity & Access Management MRP SAML is in use and there are a few roles (read-only, dev,
admin, power)
Managing access with Active Directory roles.
q This will be completed during MRP - establish best practices for
this area
Workstream: Security & Compliance
24
MRA Report*
Cloud Economics & Business case
Cloud Value briefing* Migration business case*
Migration Governance
Migration Program Governance Briefing (coming soon)*
Cloud Centre of Excellence
Cloud Centre of Excellence workshop*
Operating Model
Operating model briefing and workshop*
Security
Security briefing and workshop*
Landing zone
Landing zone workshop* Migration Immersion day*
MRP
Security &
Compliance
Landing
Zone
Skills / CoE
Operating
Model
Discovery
& Planning
Migration
Expertise
Business
Case
Migration
Plan
Cloud Training Academy*
Help bridge the Gap and enable our customers to decide on their cloud journey…..
Exec*
proposal
MAPAccelerators
Note: The Pre MRP accelerators are marked with an *
12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
AWS Organizations
Shared Services Log Archive Security
Parameter
store
Account
Creation
Product
AWS Landing Zone
Application Account(s)
Applications
13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Internet
Development Testing
AWS
Organizations
Log Archive
Security
Edge/FW/Common
Svc. VPC Routes
AWS Transit
Gateway
Production
On-Prem Routes
Shared Services Account
x.x.x.x x.x.x.x x.x.x.x
Core Accounts
App Accounts
Application Routes
On-Premises
Network
Network
Architecture
AWS Landing Zone
14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Internet
Development Testing
AWS
Organizations
Log Archive
SecurityProduction
Shared Services Account/VPCs
x.x.x.x x.x.x.x x.x.x.x
Core Accounts
App Accounts/VPCs
On-Premises
Network
AWS Microsoft
AD
Azure AD
Connect
Server
AWS SSO
AD on EC2
Azure AD
Connect Server
Active
Directory
ADFS
ADFS
Azure
AD
SAML
AWS Transit
Gateway
Active Directory
Migration Options
AWS Landing Zone
15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Data Migration – SQL Server
Target Options Optimization
Initial Data load or Full Restore
S3
Incremental changes
MS SQL Server
on EC2
MS SQL Server
Distributed Always On Availability
Group replication over Direct
Connect
MS SQL Server
SQL Server
with Initial
Seed
Incremental changes
RDS
i3 instances with BFE on NVMe
instance store to save costs
AWS Snowball
Migration Option/Pattern
Optimized vCPUs
R4.4XL 16 8 50%
MS SQL
instance
Storage Optimization
MS SQL
Server
MS SQL instance
AWS DMS
16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Application Migration Strategy & Rationalization
Retire
Retain
Repurchase
Replatform
Refactor
Rehost
17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Application migration
Start
Replication
Deploy AWS
SMS Connector
Tag
AMIs
Deploy using AWS
CloudFormation
(CF)
Swap Blue-
Green
Use ECR for
storing images
Create / Extend
code build to AWS
Deploy
using CF
RefactorSelect AWS
Serverless
services
Deploy using
SAM
ReplatformRehost Refactor
Fastest
Cloud economies
Adopt cloud-
native services
18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
AWS Migration Hub
Better understand your application portfolio
Streamline application portfolio migration planning and tracking
Track migration progress from multiple tools in one place
Reduce time spent determining current status and next steps
Discover Migrate Track
19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Amazon
CloudWatch
AWS Config
Data
transfer
Server and database
migrations
Application
monitoring/profiling
Discovery
and planning
AWS Application
Discovery Service
AWS Database
Migration Service
(AWS DMS)
AWS Server
Migration Service
(AWS SMS)
AWS Storage
Gateway
Amazon S3 Transfer
Acceleration
AWS Direct
Connect
Amazon Kinesis
Data Firehose
AWS Snowball and
AWS Snowmobile
Migration Accelerators – Tools/Services
20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Simplify and Accelerate Migration with
• Designed for rapid, mass-scale migrations
• Simple setup lets you start in minutes
• Same highly automated process for any workload
(regardless of OS type/version, application, or DBs)
• Eliminates complexity and reduces risk
• Migrate with minimal business disruption
Highly Automated
Migrate From
Any Source
Short Cutover
Windows With
Minimal Downtime
Minimal Skill Set
Required to Operate
Easily Plugs Into
Migration Factories
and Cloud COEs
Easy, Non-
Disruptive Tests
Prior to Cutover
ReliableFlexible
Option to
Migrate Back
Robust, Predictable,
Non-Disruptive
Continuous Replication
Wide Range of OS,
Application, and
Database Support
Highly Secure
for Regulated
Environments
21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
How CloudEndure Migration Works
Lightweight Staging Area in
Target Region
Source
Data Center
Target Subnet(s)
Continuous data
replication traffic
(compressed and
encrypted)
Lightweight Linux
Replication Server
Low-Cost
Block Storage
Orchestration &
system conversion
ready to run
workloads in minutes
regardless of disk
size
22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Target Account/VPC
AWS Transit
Gateway
Source Account/VPC
EC2 AD
AWS
Route 53
RDGW
BooksOnline
ASP.NET Migrated App
MS SQL Server
on EC2
Distributed Always On Availability
Group replication – synchronous
commit
MS SQL Server
on EC2
CloudEndure
Replication
On-Prem AD
MS SQL Server
on EC2
Internet
1
2
24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Why AWS for
Microsoft
applications?
What are the
Migration
accelerators?
How can I move
fast and stay
secure?
25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Building Repeatable Architectures
AWS CloudFormation
Template AWS CloudFormation Stack
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration actions
Configured AWS resources
Comprehensive service support
Service event aware
Customizable
Framework
Stack creation
Stack updates
Error detection and rollback
26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Continuous Compliance
AWS Organizations - Security & Compliance @ Scale
AWS Organizations AWS Landing Zone
27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Growing AWS adoption
28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Centralized governance
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*",
"cloudwatch:*"
],
"Resource": "*"
}
]
}
A1 A2 A4
M
A3
Dev Prod Prod
PCI
AWS
Organizations
& SCPs for
Centralized
Account
Management
29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Your Admins
Admin role
Admin role
Dev Account
Prod Account
Identity Account
Cross account roles
Protective controls - AWS Identity and
Access Management (IAM)
30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Identity Account
StackSet
Protective controls – IAM at scale
31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Continuous Compliance & Security Monitoring
• Checking security only once before launch is not enough
• Continuous security check is necessary even after launch
Threats
More sophisticated
and persistent attacks
Vulnerabilities
Security vulnerabilities
are found 24x7
Changing
infrastructure
Infrastructure is
changing on a daily
basis to meet business
demands
32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Detective controls - Amazon GuardDuty
aws events put-rule --name Test --event-pattern "{"source":["aws.guardduty"]}“
aws events put-rule --name Test --event-pattern
"{"source":["aws.guardduty"],"detail-type":["GuardDuty
Finding"],"detail":{"severity":[5.0,8.0]}}“
aws events put-targets --rule Test --targets Id=1,Arn=arn:aws:lambda:us-east-
1:111122223333:function:<your_function>
Amazon GuardDuty
33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Why AWS for
Microsoft
workload?
What are the
Migration
accelerators?
How can I move
fast and stay
secure?
34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
35. Thank you!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Cloud Infrastructure Architect
Imran Mahmood