Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Migrating & Operating Microsoft Applications in AWS

143 views

Published on

This session outlines recommended – and perhaps, not previously considered – strategies for migrating to AWS. We aim to equip you with a strong, security-focused plan, and to remove undifferentiated heavy lifting. Join us for a deep-dive discussion on migrating Microsoft workloads into a highly automated and secure landing zone on the AWS Cloud. Discover options for migrating business productivity systems, Microsoft SQL servers, and a number of .NET applications. Also learn about the journey of creating an enterprise-grade landing zone and fully automated compliance controls – before embarking on your migration journey.

  • Be the first to comment

  • Be the first to like this

Migrating & Operating Microsoft Applications in AWS

  1. 1. P U B L I C S E C T O R S U M M I T O T T A W A
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Migrating and Operating Microsoft Applications in AWS Imran Mahmood Cloud Infrastructure Architect AWS
  3. 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Key takeaways from this session Patterns, Practices, & Tools for migrating Microsoft Applications to Amazon Web Services (AWS) Continuous compliance with automated controls and process to build your landing zone Building repeatable architecture with automation and infrastructure-as-a-code approach
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Typical questions ... Why AWS for Microsoft applications? What are the migration accelerators? How can I move fast and stay secure?
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Public Cloud Leaders – Windows (IaaS Market)
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Most Experience 10 Years running Windows workloads Global Reach & High Availability 64 Availability Zones spanning 21 geographic regions Security & Compliance HIPAA, FISMA, ITAR, EU Model Clauses 50+ Compliance Certifications SOC-1,2,3 FIPS, ISO Why customers choose AWS for their Microsoft applications
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Innovation for Windows on AWS Key Windows launches since 2008 Windows Deep Learning AMI Hyper-V support in AWS SMS Application-consistent Snapshots through VSS WS 2008 & SQL Server 2008 Visual Studio Toolkit Microsoft SCOM plug-in release AWS Directory Service EC2 Dedicated Hosts (BYOL) Microsoft SharePoint 2016 (Marketplace) Windows Server 2008 R2 SQL Server 2008 R2 Windows Server 2003 SQL Server 2005 .NET SDK Microsoft SCVMM Plug-in Windows Server 2012 SQL Server 2012 AWS Tools for Windows PowerShell Amazon RDS adds SQL Server EC2 Run Command EC2 Systems Manager Windows Server & SQL Server 2016 Dedicated EC2 Instances (BYOL) .NET on AWS Lambda & AWS CodeBuild SAP instance on AWS 2012 Trusted Advisor checks for Windows SQL Server 2017 on EC2/RDS AWS X-Ray .NET SDK CustomerAdoption Windows for Amazon Lightsail .NET Core & PowerShell on AL2/Ubuntu 2008 Today .NET Core 2.0 Support with Lambda & X-Ray Windows Containers .NET Core 2.1 Support 90+ Instance types, 22 instance families 40+ AMIs for Windows workloads 700+ Windows ISV listings in AWS marketplace
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Why AWS for Microsoft applications? What are the Migration accelerators? How can I move fast and stay secure?
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T The MAP migration journey as you know it Security & Compliance Landing Zone Skills / CoE Operating Model Discovery & Planning Migration Expertise Business Case Migration Plan Migration Readiness Assessment Rapid Discovery TCO Report Total Cost of Ownership Migrate Operate Optimize Migration Assessment Migration Readiness & Planning (MRP) Migrations & Operations Discover Inventory & Business case Migration, DR & Continuous Backup Supported by our recently acquired tools, TSO Logic and CloudEndure…..
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T But, mind the Gap Security & Compliance Landing Zone Skills / CoE Operating Model Discovery & Planning Migration Expertise Business Case Migration Plan Migration Readiness Assessment Rapid Discovery TCO Report Total Cost of Ownership Migrate Operate Optimize Migration Assessment Migration Readiness & Planning (MRP) Migrations & Operations Discover Inventory & Business case Migration, DR & Continuous Backup GAP • “Not comfortable yet” • “Need more insights” • “Still debating…….” • “Not sure how to start” • “We need a lot of support…..” • Not comfortable to sign up for a MRP at this stage…. In some cases the migration plan stalls…..
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Business Governance People Operations Security Platform We created specific Pre MRP Accelerators Migration Readiness Assessment* Migration Assessment Amazon Web Services Confidential - Shared Under NDA Readiness Activities Summary Observations Actions & Next Steps High Level Business Case Pre-MRP The team has built a business case, however, it's qualitative vs quantitative so there is a desire to build a better and more specific business case to articulate benefits and help define budgets and savings. The team was able to articulate the near term strategy and mentioned that they are working on the long term strategy. Strategic look ahead is a yearly process and this year they are building a 3 year look. q Engage AWS Cloud Economics Team for a Rapid Opportunity Calculator q State a specific goal around migration to drive alignment and momentum q Select an automated discovery tool to aid in the building of a business case q Document the strategic vision of why cloud and why now so others can buy-in and help deliver the vision Key Stakeholder Sign-off Pre-MRP The cloud initiative is generally supported. Additional input on the details of the plan, economics and how we get there is still needed. q Create a communications plan to include stakeholder buy-in and updates q Build out and document the security RACI and compliance matrices to further solidify security support q Build a strategic vision and purpose for the cloud activities to align under Workstream: Business Case 9 Amazon Web Services Confidential - Shared Under NDA Readiness Activities Summary Observations Actions & Next Steps Determine Delivery Model & Approach Pre-MRP A specific choice has not been made to approach. Currently leaning toward internal resources but open to understanding ROI. q Determine Delivery Model (Select a Partner) q Determine the partner selection criteria Project Management Capability Pre-MRP There is a PMO in place and business and IT are working to align on process discipline around Project Management and Agile. q Agree that Agile approach will be used during MRP Migration Plan MRP A migration plan has not been established. The MRP effort will be used to build the plan. q Refine the overall startegy. The Migration Plan will be built during MRP q Build technical and business criteria to be used for application rationalization against the 6R's Workstream: Customer Migration Project Plan 12 Amazon Web Services Confidential - Shared Under NDA Readiness Activities Summary Observations Actions & Next Steps Current Operations Model Pre-MRP The team stated that there is a very low tolerance for operational issues so everything is handled at the "highest level". SLA's aren't well defined or adhered to. q Document the current operating model (Runbook, SLA's, OLA's, etc) q Formalize the incident response process q Determine SLA's and OLA's for all critical applications q Performance requirements need to be established and benchmarked to show improvement after moving to cloud q Consider refining OLA's and SLA's for the cloud (i.e. provisioning will be much faster) Future Requirements Pre-MRP Cloud first was declared in 2017 and the last purchase of a physical server was in June 2016. There is a formal architecture review that includes push back if not selecting cloud as destination. q Share with customer the DevOps and OI Best Practices to help create a shared future vision q Enage AWS to share DevOps practices and leverage AWS best practices around code pipleines CI/CD and general DevOps practices to further improve team capability. Managed Service Provider Identified Pre-MRP There are MSPs and Co-los in use today. It's a large blend of solution providers based on technology and team. q Determine if workloads will be operated by an MSP. Share the AMS "training wheels" option q Evaluate AWS Managed Services (AMS) to see if it makes sense to offload mundane activities/infrastructure ops to that and keep resources focused on innovation and differentiating activities. q Get specific around vision and drive roles and responsibilities accordingly Workstream: Operating Model 19 Amazon Web Services Confidential - Shared Under NDA Readiness Activities Summary Observations Actions & Next Steps Shared Responsibility Model Understood Pre-MRP In general the security portions need to be enhanced and documented. The shared responsibility model is not documented. q Run the Security workshop with the customer's security community q Document the Security RACI Security RACI Pre-MRP The team stated that the RACI is in work. q Run the Security workshop with the customer's security community q Document the Security RACI Security Cartography Pre-MRP Mapping controls needs to be done. The team should map the controls that they are required to have to what AWS provides and then find solutions for the remaining gaps. q Run the Security workshop with the customer's security community q Map controls to standards and then use AWS mapping to standards to show compliance 3rd Party Risk Pre-MRP Yes there are requirements for 3rd Party Risk assessment and the team was comfortable that they had audited AWS and there are no open action items. q No action required. Identity & Access Management MRP SAML is in use and there are a few roles (read-only, dev, admin, power) Managing access with Active Directory roles. q This will be completed during MRP - establish best practices for this area Workstream: Security & Compliance 24 MRA Report* Cloud Economics & Business case Cloud Value briefing* Migration business case* Migration Governance Migration Program Governance Briefing (coming soon)* Cloud Centre of Excellence Cloud Centre of Excellence workshop* Operating Model Operating model briefing and workshop* Security Security briefing and workshop* Landing zone Landing zone workshop* Migration Immersion day* MRP Security & Compliance Landing Zone Skills / CoE Operating Model Discovery & Planning Migration Expertise Business Case Migration Plan Cloud Training Academy* Help bridge the Gap and enable our customers to decide on their cloud journey….. Exec* proposal MAPAccelerators Note: The Pre MRP accelerators are marked with an *
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Organizations Shared Services Log Archive Security Parameter store Account Creation Product AWS Landing Zone Application Account(s) Applications
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Internet Development Testing AWS Organizations Log Archive Security Edge/FW/Common Svc. VPC Routes AWS Transit Gateway Production On-Prem Routes Shared Services Account x.x.x.x x.x.x.x x.x.x.x Core Accounts App Accounts Application Routes On-Premises Network Network Architecture AWS Landing Zone
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Internet Development Testing AWS Organizations Log Archive SecurityProduction Shared Services Account/VPCs x.x.x.x x.x.x.x x.x.x.x Core Accounts App Accounts/VPCs On-Premises Network AWS Microsoft AD Azure AD Connect Server AWS SSO AD on EC2 Azure AD Connect Server Active Directory ADFS ADFS Azure AD SAML AWS Transit Gateway Active Directory Migration Options AWS Landing Zone
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Data Migration – SQL Server Target Options Optimization Initial Data load or Full Restore S3 Incremental changes MS SQL Server on EC2 MS SQL Server Distributed Always On Availability Group replication over Direct Connect MS SQL Server SQL Server with Initial Seed Incremental changes RDS i3 instances with BFE on NVMe instance store to save costs AWS Snowball Migration Option/Pattern Optimized vCPUs R4.4XL 16 8 50% MS SQL instance Storage Optimization MS SQL Server MS SQL instance AWS DMS
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Application Migration Strategy & Rationalization Retire Retain Repurchase Replatform Refactor Rehost
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Application migration Start Replication Deploy AWS SMS Connector Tag AMIs Deploy using AWS CloudFormation (CF) Swap Blue- Green Use ECR for storing images Create / Extend code build to AWS Deploy using CF RefactorSelect AWS Serverless services Deploy using SAM ReplatformRehost Refactor Fastest Cloud economies Adopt cloud- native services
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Migration Hub Better understand your application portfolio Streamline application portfolio migration planning and tracking Track migration progress from multiple tools in one place Reduce time spent determining current status and next steps Discover Migrate Track
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Amazon CloudWatch AWS Config Data transfer Server and database migrations Application monitoring/profiling Discovery and planning AWS Application Discovery Service AWS Database Migration Service (AWS DMS) AWS Server Migration Service (AWS SMS) AWS Storage Gateway Amazon S3 Transfer Acceleration AWS Direct Connect Amazon Kinesis Data Firehose AWS Snowball and AWS Snowmobile Migration Accelerators – Tools/Services
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Simplify and Accelerate Migration with • Designed for rapid, mass-scale migrations • Simple setup lets you start in minutes • Same highly automated process for any workload (regardless of OS type/version, application, or DBs) • Eliminates complexity and reduces risk • Migrate with minimal business disruption Highly Automated Migrate From Any Source Short Cutover Windows With Minimal Downtime Minimal Skill Set Required to Operate Easily Plugs Into Migration Factories and Cloud COEs Easy, Non- Disruptive Tests Prior to Cutover ReliableFlexible Option to Migrate Back Robust, Predictable, Non-Disruptive Continuous Replication Wide Range of OS, Application, and Database Support Highly Secure for Regulated Environments
  21. 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T How CloudEndure Migration Works Lightweight Staging Area in Target Region Source Data Center Target Subnet(s) Continuous data replication traffic (compressed and encrypted) Lightweight Linux Replication Server Low-Cost Block Storage Orchestration & system conversion ready to run workloads in minutes regardless of disk size
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Target Account/VPC AWS Transit Gateway Source Account/VPC EC2 AD AWS Route 53 RDGW BooksOnline ASP.NET Migrated App MS SQL Server on EC2 Distributed Always On Availability Group replication – synchronous commit MS SQL Server on EC2 CloudEndure Replication On-Prem AD MS SQL Server on EC2 Internet 1 2
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Why AWS for Microsoft applications? What are the Migration accelerators? How can I move fast and stay secure?
  25. 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Building Repeatable Architectures AWS CloudFormation Template AWS CloudFormation Stack JSON/YAML formatted file Parameter definition Resource creation Configuration actions Configured AWS resources Comprehensive service support Service event aware Customizable Framework Stack creation Stack updates Error detection and rollback
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Continuous Compliance AWS Organizations - Security & Compliance @ Scale AWS Organizations AWS Landing Zone
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Growing AWS adoption
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Centralized governance { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:*", "cloudwatch:*" ], "Resource": "*" } ] } A1 A2 A4 M A3 Dev Prod Prod PCI AWS Organizations & SCPs for Centralized Account Management
  29. 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Your Admins Admin role Admin role Dev Account Prod Account Identity Account Cross account roles Protective controls - AWS Identity and Access Management (IAM)
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Identity Account StackSet Protective controls – IAM at scale
  31. 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Continuous Compliance & Security Monitoring • Checking security only once before launch is not enough • Continuous security check is necessary even after launch Threats More sophisticated and persistent attacks Vulnerabilities Security vulnerabilities are found 24x7 Changing infrastructure Infrastructure is changing on a daily basis to meet business demands
  32. 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Detective controls - Amazon GuardDuty aws events put-rule --name Test --event-pattern "{"source":["aws.guardduty"]}“ aws events put-rule --name Test --event-pattern "{"source":["aws.guardduty"],"detail-type":["GuardDuty Finding"],"detail":{"severity":[5.0,8.0]}}“ aws events put-targets --rule Test --targets Id=1,Arn=arn:aws:lambda:us-east- 1:111122223333:function:<your_function> Amazon GuardDuty
  33. 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Why AWS for Microsoft workload? What are the Migration accelerators? How can I move fast and stay secure?
  34. 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T
  35. 35. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Cloud Infrastructure Architect Imran Mahmood

×