Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Running Microsoft Workloads on AWS

4,575 views

Published on

Notes on the "Running Microsoft Workloads on AWS" presentation.

Published in: Technology
  • Holistic clear skin Secrets, Eliminate blemishes in weeks acne cure e-book reveals all ★★★ http://scamcb.com/buk028959/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • SECRET: Men usually out of emotion, not logic. Take advantage of this and get your Ex back today! See how at: ●●● http://goo.gl/nkXEkK
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Running Microsoft Workloads on AWS

  1. 1. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Running Microsoft Workloads on AWS Bill Jacobi bjacobi@amazon.com Manager, Solutions Architecture June 25, 2015 ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  2. 2. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Session abstract Deploy, scale and manage your Microsoft workloads on AWS. We will start with why customers want to deploy Windows applications on AWS as a cloud platform. We will discuss reference architectures and best practices for implementing Microsoft products including Active Directory, Remote Desktop Gateway, Exchange, SharePoint, and Lync on AWS. We will conclude with best practices for managing and monitoring Microsoft technologies on AWS.
  3. 3. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Agenda • Why run Windows on AWS • New Announcements • Windows architecture – Security and remote administration – Active Directory Domain Services – Microsoft SharePoint 2013 – Microsoft Exchange Server 2013 – Microsoft Lync 2013 – Microsoft SQL Server 2014 – Managing and monitoring Windows instances and applications
  4. 4. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 flexible What is AWS for Windows? secure reliable high-performance familiar cost-effective extensive Optimization for Windows-based workloads Wide range of scalable services Alignment with business needs
  5. 5. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS for Windows is secure “Amazon Virtual Private Cloud (Amazon VPC) gives us a secure environment in the AWS cloud with the flexibility and scalability we need to manage our SharePoint environment with zero impact to our on-premises datacenter” - Jeremy Fuchs, Vice President of Financial and BI Systems, Lionsgate  Security-in-layers approach  Isolated infrastructure and workloads  Identity and access controls  Tracking and logging  Optimized for regulatory compliance
  6. 6. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS for Windows is reliable “Before migrating to AWS, we experienced 10 to 20 hours of downtime a month. With AWS, our downtime is significantly reduced. Our average uptime increased rapidly from 98.8 percent to 99.9 percent without re-architecting applications.” - Augusto Rosa, Server Operations Manager, Shaw Media  99.95% SLA (EC2, EBS, RDS)  Multi-region asynchronous replication  Uptime and performance monitoring  Low network variability
  7. 7. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS for Windows is high-performance “Using AWS, we decreased average network latency from 700 milliseconds to less than 50 milliseconds… Fundamentally, running in AWS enables a 230 percent CPU consumption efficiency in data processing.” - Murari Gopalan, Technology Director, Expedia.com  Enterprise-grade computing on demand  Automation for both complex and routine tasks  Dedicated, low-latency network connections  Automated scaling  Monitoring tools with user-defined thresholds
  8. 8. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS for Windows is familiar “We didn’t have time to redesign applications. AWS could support our legacy 32-bit applications on Windows Server 2003, a variety of SQL Server and Oracle databases, and a robust Citrix environment.” - Jim McDonald, Lead Architect, Hess Corporation  Windows-based application support  Your own cloud servers  Use existing VMs  License flexibility  Same tools as on-premises environments
  9. 9. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS for Windows is cost-effective “Had we built our SharePoint 2013 farm in our other data center, we would have increased costs by almost 50 percent. When you compare our SharePoint 2012 farm to our SharePoint 2013 farm, AWS allowed us to increase our computing power while also reducing costs by 14 percent.” - Michael Cierkowski, Development Manager, Slalom Consulting  No hardware procurement/deployment costs  Improved hardware utilization  Bring your own licenses  Value-oriented culture  No long-term commitments
  10. 10. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS for Windows is extensive “As our company continued to grow, so did our reliance on the AWS cloud and now, we’ve adopted almost all of the features AWS provides. AWS is the easy answer for any Internet business that wants to scale to the next level.” - Nathan Blecharczyk, Co-founder & CTO, Airbnb  More than 40 services available  Broad ecosystem of partners  Third-party application marketplace  Continuous service improvement  Technical certifications for multiple skill levels
  11. 11. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS for Windows is flexible  Highly customizable infrastructure  Variety of instance types  Maintain availability at the lowest cost  Wide variety of storage options “By deploying their on premise Microsoft solutions like SharePoint and Exchange into the AWS platform – combined with InfoReliance’s fully managed service options -- our customers find the best of both worlds and the flexibility they require to meet their evolving requirements.” - John Sankovich, VP Cloud Solutions, InfoReliance
  12. 12. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Why AWS for Windows? secure reliable high-performance familiar cost-effective extensive flexible
  13. 13. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Common AWS Services used with Windows Applications
  14. 14. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 New Announcements https://aws.amazon.com/quickstarts https://aws.amazon.com/blogs/aws/now-available-sql- server-enterprise-edition-ami-for-ec2/
  15. 15. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Windows architecture on AWS • Place application servers in private subnets to prevent direct access from the Internet • Deploy Bastion hosts, reverse proxies, and other Internet-facing servers in public subnets • Install critical workloads in at least two Availability Zones to provide high availability
  16. 16. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Availability Zone 1 private subnetpublic subnet NAT 10.0.10.0/24 10.0.2.0/24 DCDBAPPWEB domain controller SQL Server app server IIS Server RDG Availability Zone 2 private subnetpublic subnet NAT 10.0.100.0/24 10.0.2.0/24 DCDBAPPWEB domain controller SQL Server app server IIS Server RDG Remote Users / Admins Windows architecture on AWS 10.0.11.0/24 10.0.110.0/24 Virtual Private Cloud (VPC) is the foundation
  17. 17. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Architectural considerations • Amazon Virtual Private Cloud – Configure IP ranges, public/private subnets, routing tables, Internet or private gateway • Security groups, network ACLs, VPC Flow Logging • Remote administration • The principle of least privilege
  18. 18. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Security groups Availability Zone web security group SQL security group private subnetpublic subnet accept TCP port 80 from Internet accept TCP port 1433 from web security group User WEB SQL TCP 80 TCP 1433 10.0.0.0/24 10.0.1.0/24
  19. 19. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Remote administration • Place RD Gateway in DMZ subnet • Clients can use the Remote Desktop Protocol (RDP) over HTTPS to establish an encrypted connection • Pro tip: Use Remote Desktop Connection Manager • Bastion hosts can run Windows PowerShell Web Access for remote command-line administration Deploying a Bastion host (Remote Desktop Gateway) in each Availability Zone can provide highly available and secure remote access over the Internet
  20. 20. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Secure remote administration architecture Availability Zone gateway security group web security group private subnetpublic subnet accept TCP port 443 from admin IP address accept TCP port 3389 from gateway security group AWS administrator corporate data center WEB2 TCP 443 Connect to the Remote Desktop Gateway over https which proxies the RDP connection to the back-end instance WEB1 RDG
  21. 21. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Remote Desktop Connection Manager (RDCMan 2.7)
  22. 22. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Managing Active Directory • Use AD Domain Controllers in the cloud and/or on-premise • No different in cloud: AD provides security boundary, IP addressing and DNS • AWS VPC provides DHCP and “static” IPs for DCs and servers • Global catalog servers • Read-only and writeable domain controllers
  23. 23. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS Directory Service • Simple AD  Managed directory powered by Samba 4 Active Directory Compatible Server  Supports user accounts, group memberships, domain-joining Amazon EC2 instances • AD Connector  Proxies directory requests to on-premises environment  Users can access AWS resources and applications with existing corporate credentials https://aws.amazon.com/blogs/aws/new-aws-directory-service/
  24. 24. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Active Directory hybrid deployments • Properly define AD sites and subnets • Configure site-link costs • Enable domain members for Try Next Closest Site Group Policy setting • Connectivity from cloud to corporate data center via VPN or Direct Connect • Security groups must allow traffic to and from DCs on-premises
  25. 25. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Availability Zone private subnet DC3 corporate network New York DC1 VPN or Direct Connect AD forest spanning AWS and corporate data center Washington, D.C. DC2 AWS region
  26. 26. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Availability Zone private subnet DC3 corporate network New York DC1 AD forest spanning AWS and corporate data center Washington, D.C. DC2 X VPN or Direct Connect If DC1 goes down, where does NY client go to authenticate?
  27. 27. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 private subnet DC3 corporate network New York/AD site 1 DC1 VPN or DX AD forest spanning AWS and corporate data center Washington, D.C./AD site 2 DC2 AD site 3 Cost 50 With Try Next Closest Site policy enabled, clients use least cost path to a domain controller. Applies to on-prem and cloud sites. X
  28. 28. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 SQL Server high availability • Amazon RDS Multi-AZ deployments – Fully managed by AWS – No administrative intervention – Uses SQL Server mirroring • SQL Server Enterprise 2012/2014 – Managed by you – High availability achieved using Windows Server Failover Clusters (WSFC) and AlwaysOn Availability Groups – SQL Server Enterprise Edition AMI available (as of June 16)
  29. 29. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 SQL Server high availability Availability Zone 1 private subnet primary replica Availability Zone 2 private subnet secondary replica synchronous-commit synchronous-commit Primary: 10.0.2.100 WSFC: 10.0.2.101 AG Listener: 10.0.2.102 Primary: 10.0.3.100 WSFC: 10.0.3.101 AG Listener: 10.0.3.102 AG Listener: ag.awslabs.net automatic failover
  30. 30. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 WSFC Quorum Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica Synchronous-commit Synchronous-commit Automatic Failover Witness Server
  31. 31. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 WSFC Quorum Availability Zone 1 Primary Replica Availability Zone 2 Secondary Replica Automatic Failover Witness Server Availability Zone 3
  32. 32. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 SharePoint 2013 reference architecture • General guidelines – Critical workloads are placed in two Availability Zones – Examples: AD domain controllers, SharePoint servers, RD gateways, Forefront TMG gateways, NAT gateways – Internal application servers are placed in private subnets – RD gateways are deployed into public subnets in each Availability Zone • Web tier is made highly available through load balancing • Application-tier load balancing is native to SharePoint (crawl servers, query servers, etc. installed cross-farm) • High availability on database tier can be achieved with SQL Server AlwaysOn
  33. 33. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 private subnet private subnet 10.0.2.0/24 Availability Zone 2 Availability Zone 1 public subnet NAT 10.0.0.0/24 DC DB primaryAPPWEB domain controller app server web front end RDG public subnet NAT 10.0.0.0/24 10.0.2.0/24 DC DB secondaryAPPWEB domain controller app server web front end RDG Users Internet-facing SharePoint farm on AWS SQL Server AlwaysOn Availability Group SQL Server SQL Server
  34. 34. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Exchange 2013 reference architecture • Critical workloads are placed in two Availability Zones – AD domain controllers, Exchange servers, RD gateways, Edge Transport servers, NAT gateways • Internal application servers are placed in private subnets • RD gateways are deployed into public subnets in each Availability Zone • High availability provided within the data center with site resilience between data centers • Supports multiple copies of each database • Optimize around failure domains
  35. 35. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 private subnet private subnet 10.0.2.0/24 Availability Zone 2 Availability Zone 1 public subnet NAT 10.0.1.0/24 DMZ DC1Exch1 domain controller mailbox server RDG public subnet NAT 10.0.10.0/24 DMZ 10.0.20.0/24 DC2Exch2 domain controller mailbox server RDG Users Exchange 2013 reference architecture
  36. 36. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Availability Zone 1/AD site 1 private subnetpublic subnet 10.0.0.0/24 10.0.2.0/24 DC1 domain controller Exchange 2013 CAS+MBX Availability Zone 2/AD site 2 private subnetpublic subnet 10.0.1.0/24 10.0.3.0/24 DC2EXCH2 domain controller Exchange 2013 CAS+MBX remote mail server Adding the Edge Transport server EDGE1 Exchange 2013 Edge Transport EDGE2 Exchange 2013 Edge Transport EXCH1
  37. 37. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Lync 2013 reference architecture • Critical workloads are placed in two Availability Zones – AD domain controllers, Lync Front End Server, RD gateways, Mediation Server, NAT gateways – Lync Edge Server (if needed) placed in DMZ subnets • Internal Lync servers and supporting servers (OWA, PC, Mediation, etc.) are placed in private subnets • RD gateways are deployed to public subnets in each Availability Zone • Paired Lync Server 2013 pools in each Availability Zone support DR and pool failover
  38. 38. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 private subnet private subnet 10.0.2.0/24 Availability Zone 2 Availability Zone 1 public subnet NAT 10.0.1.0/24 DMZ DCFE01 domain controller front end RDG public subnet NAT 10.0.10.0/24 DMZ 10.0.20.0/24 DCFE02 domain controller front endRDG Users Lync SE 2013 reference architecture
  39. 39. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Lync Server 2013 EE architecture VPC Content 10.0.0.0/16 AD1 Front End Pool ADCS NATRDGW DB1-FE Mirrored Mediation SRV1 Mediation SRV2 Persistent chat pool DB1-PC Mirrored Stress Test Servers OWA App SRV1 OWA App SRV2 AD2 DB2-FE Mirror DB2-PC Mirror Witness Monitor Elastic IP Elastic IP Internet gateway router LoadSim Tier App Tier DB Tier AD Tier Public 10.0.15.0/24 DMZ Private 10.0.14.0/24 AZ-1
  40. 40. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 49% Lower Latency with Direct Connect versus Internet (VA-OR) 88 ms roundtrip via Internet 59 ms roundtrip via Direct Connect East coast – West coast latency well within Lync latency envelope
  41. 41. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Managing and monitoring your Windows instances and applications Log types: • Event logs • IIS logs • Event Tracing for Windows (ETW) logs • Any performance counter data • Any text-based log files To learn more: http://amzn.to/1qVKKkI • Recommend running Systems Center Operations Manager and management packs for AD, Exchange, SharePoint, SQL Server, and Lync • Amazon CloudWatch Logs enable monitoring instance activity in real time with custom alarms on events
  42. 42. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Quick Start reference deployments • Active Directory Domain Services • Remote Desktop Gateway on AWS • SharePoint 2013 • Exchange Server 2013 • Lync Server 2013 • SQL Server 2014 AlwaysOn • PowerShell Desired State Configuration (DSC) aws.amazon.com/quickstart
  43. 43. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Thank You. This presentation will be loaded to SlideShare the week following the Symposium. http://www.slideshare.net/AmazonWebServices AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015

×