Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Migration of Microsoft Workloads

1,052 views

Published on

Microsoft technologies form the backbone of many Enterprise IT Infrastructures. Whether you are running Microsoft Exchange, SharePoint, SQL Server or Active Directory; chances are you rely upon you these services for your mission critical needs. Solutions Architects and IT professionals will get an overview of the common Microsoft workloads running on AWS including approaches for server migrations, design and deployment of infrastructure services and maintenance and monitoring of those services once they are in production.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Migration of Microsoft Workloads

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Wayne Saxe AWS Ecosystem Solutions Architect 29 July 2015 AWS Summit Chicago Migration of Microsoft Workloads
  2. 2. Agenda Architecture Overview Design and Deployment of Infrastructure Services Instance Migration and Upgrade Management and Maintenance
  3. 3. Architecture Best Practices Design for failure and nothing fails Loose coupling sets you free Implement elasticity Build security in every layer Leverage different storage options
  4. 4. Design Considerations Your VPC is Your Home •  Transition from Subnet Based Design to Security Groups and NACLs The Principals of Security Don’t Change Much Remember You’re Always Working Remote
  5. 5. Availability Zone Private Subnet Public Subnet NAT 10.0.0.0/24 10.0.2.0/24 DCDBAPPWEB Domain Controller SQL Server App Server IIS Server RDGW Availability Zone Private Subnet Public Subnet NAT 10.0.0.0/24 10.0.2.0/24 DCDBAPPWEB Domain Controller SQL Server App Server IIS Server RDGW Remote 
 Users / Admins Your VPC Is Your Home
  6. 6. The Principals of Security Don’t Change Much •  Roles Based Access Control and Least Privilege Apply •  Use Security Groups Availability Zone Web Security Group SQL Security Group Private Subnet Public Subnet Accept TCP Port 80 from Internet Accept TCP Port 1433 from Web SG User WEB SQL TCP 80 TCP 1433 10.0.0.0/24 10.0.1.0/24
  7. 7. Remember, You’re Always Working Remote Clients can use the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection Bastion hosts can run Windows PowerShell Web Access for remote command line administration Deploying a bastion host in each Availability Zone can provide highly available and secure remote access over the Internet
  8. 8. SQL Server on AWS Two primary deployment paths: Amazon RDS Amazon EC2 •  You Manage Your Infrastructure •  Advanced Deployments: WSFC + Always On Availability Groups •  Fully Managed by AWS •  No Administrative Intervention •  Uses SQL Server Mirroring Many Versions and Editions of SQL Server including Express, Web, Standard and Enterprise and SQL 2005, 2008 and 2012 and more
  9. 9. Highly Available SQL Server Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica Synchronous-commit Synchronous-commit Primary: 10.0.2.100 WSFC: 10.0.2.101 AG Listener: 10.0.2.102 Primary: 10.0.3.100 WSFC: 10.0.3.101 AG Listener: 10.0.3.102 AG Listener: ag.awslabs.net Automatic Failover
  10. 10. SQL Server WSFC Failover: The Quorum Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica Synchronous-commit Synchronous-commit Automatic Failover Witness Server
  11. 11. SQL Server HA With Read Replica Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica 1 Synchronous-commit Synchronous-commit AG Listener: ag.awslabs.net Automatic Failover Asynchronous-commit Secondary Replica 2 (Readable) Reporting Application
  12. 12. Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Secondary Replica 1 Private Subnet AG Listener: ag.awslabs.net Corporate Network VPN Automatic Failover Secondary Replica 2 (Readable) Reporting Application Backups Manual Failover SQL Server HA With Disaster Recovery
  13. 13. Web tier is made highly available through load balancing Application-tier load balancing is native to SharePoint •  Database-tier high availability can be achieved with SQL AlwaysOn •  Install SharePoint using SQL Client Alias •  Update alias after making DBs highly available, and point to an Availability Group Listener fully qualified domain name (FQDN) SharePoint 2013 on AWS
  14. 14. 10.0.2.0/24 Availability Zone Availability Zone Public Subnet NAT 10.0.0.0/24 DC DB PrimaryAPPWEB Domain Controller App Server Web Front-End RDGW Public Subnet NAT 10.0.0.0/24 10.0.2.0/24 DC DB SecondaryAPPWEB Domain Controller App Server Web Front-End RDGW Users Availability Group SQL Server SQL Server Private Subnet Private Subnet SharePoint 2013 on AWS: Example Architecture
  15. 15. SharePoint Migration Strategies Create SharePoint Farm •  Create the New Target Farm to Spec Copy Database to the Target Farm •  Place Source Farm and Database in Read-Only Mode •  Backup Content and Service Application Database •  Restore the Databases to the Target Farm Upgrade Service Applications •  Configure Service Applications for the Target Farm •  Create New Web Applications matching the Source Farm Upgrade Content Databases •  Upgrade and Mount the New Content Databases Upgrade Site Collections •  Site Owners Responsibility
  16. 16. Active Directory on AWS Two High Level Deployment Paths Amazon EC2 AWS Directory Services •  Fully Managed by You •  Isolated, Stretched or Federated •  Managed By AWS •  Simple AD and AD Connector
  17. 17. AD Connector Connect to your on-premises Active Directory •  Via existing VPC VPN connection, or AWS Direct Connect Users access AWS applications with existing credentials Administrators can access AWS Management Console with existing credentials Integrate with existing RADIUS MFA solutions
  18. 18. Simple AD Launch managed stand-alone directories Powered by Samba 4 Active Directory Compatible Server Supports common AD features •  User accounts/group memberships/domain-joining EC2 instances running Windows, Kerberos based SSO, and Group Policies Use existing AD management tools with Simple AD Simple AD accounts can access AWS applications •  Amazon WorkSpaces •  Amazon Zocalo
  19. 19. Directories Managed For You AWS does the heavy lifting directory management tasks •  Patch management •  Host monitoring Simple AD includes snapshot backups and point-in-time recovery Directories are deployed multi-AZ for availability
  20. 20. Hybrid Active Directory •  Connectivity via VPN or Direct Connect •  Security groups must allow traffic to and from DCs on-premises •  Properly define AD sites and subnets •  Configure site-link costs •  Enable domain members for "Try Next Closest Site“ group policy setting
  21. 21. Hybrid Active Directory Architecture Availability Zone Private Subnet DC3 Corporate Network Virginia DC1 VPN Washington DC DC2
  22. 22. Instance Migration and Upgrade •  Two primary paths: Migrate and Upgrade •  A fleet migration is a more complex task that may take longer but better for a complex production environment •  A variety of Technology Partner tools and techniques can help here •  A system upgrade is suitable for a smaller number of instances or to get moving quickly •  Native AWS tools apply
  23. 23. Management and Maintenance: CloudWatch Log Types: •  Event Logs •  IIS Logs •  Any Event Tracing for Windows(ETW) Logs •  Any Performance Counter data •  Any text-based log files Enables customers to easily monitor instance activity in real time and create alarms on these events
  24. 24. Management and Maintenance: Simple Systems Manager Simple Systems Manager provides native AWS tools to manage your Windows EC2 Instances •  Join an AWS Directory •  Install software using MSI packages •  Run PowerShell Scripts •  Configure CloudWatch Logs
  25. 25. Management and Maintenance: Simple Systems Manager Simple Systems Manger manages instances while they are running •  Create a configuration document describing tasks (install software) •  Attach document to instance and either run it manually or schedule a task •  Disassociate a document when you no longer need it – but the configuration doesn’t go away!
  26. 26. Thank you! Wayne Saxe AWS Ecosystem Solutions Architect wsaxe@amazon.com

×