Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016


Published on

Deploy, scale, and manage your Microsoft workloads on AWS. We start our session by discussing why customers want to deploy Microsoft Windows applications on AWS as a cloud platform. We talk about reference architectures and best practices for implementing Microsoft products and technologies including Active Directory, Remote Desktop Gateway, Exchange, SharePoint, and Lync in the AWS cloud. We conclude with best practices for managing and monitoring Microsoft technologies in the AWS cloud.

Published in: Technology
  • Be the first to comment

Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bill Jacobi, Solutions Architect June 20, 2016 Running Microsoft Workloads on AWS
  2. 2. Why Run Microsoft Servers on AWS? Amazon’s Migration to AWS Demo of Windows Architecture on AWS Cost, Licensing, & Performance Architecture and Technology Agenda
  3. 3. Why Run Microsoft Servers on AWS? Cloud Benefits Agility Vertical and horizontal scaling takes place in minutes. Experiment, optimize with simple clicks or CLI commands Cost You pay only for what you use, and you can turn up/down resources elastically according to demand or schedules Elasticity Resources are provisioned according to demand. Horizontal and vertical scalability are programs, clicks or CLI commands. Breadth of functionality Compute, Storage, Database, Networking, Dev Tools, Management tools, Security/Identity, Analytics, Mobile, App Services, Enterprise Apps Go global 12 Regions across Americas, Europe, Asia, Australia, South America. 33 Availability Zones.
  4. 4. Why Run Microsoft Servers on AWS? AWS-specific Benefits Add-On Compatibility ISV add-ons supported by Infrastructure as a Service platform Enabled for compliance Applications can run under NIST, PCI, or HIPAA Accelerators that provide baseline regulatory controls License management AWS Config can monitor license compliance of server- bound licenses on Amazon Dedicated Hosts Auditability enabled Every API call, network packet in/out, and infrastructure change is audited, both ALLOWS/DENIES DevOps enabled AWS CloudFormation builds infrastructure while Microsoft PowerShell builds applications, automating Windows on AWS deployments Optimization Monitor and optimize the specific resources needed
  5. 5. In 2013, Amazon IT decided to migrate the Microsoft stack to AWS Over 200K Amazon users access Exchange, SharePoint, and Lync through the corporate image Exchange data points: • There are 26 Exchange servers (4 per AZ) • 7,600 users per server • DAG Architecture for HA • Supports users in Americas, EMEA, and Asia Amazon’s Migration to AWS
  6. 6. Demo: SharePoint Pushbutton Launch SharePoint Deploys SharePoint Foundation running on Windows Server View View in Designer Launch Stack
  7. 7. Announcing
  8. 8. Accelerator for Microsoft Servers • Single VPC for integrated cross-server experience • Multiple AZs for high availability across all servers • DMZ subnet for management • Private subnet for app servers • 2 AD sites mapped to the 2 AZs for high availability • Connect to on-premises through AWS Direct Connect (not part of QuickStart)
  9. 9. • Exchange DAG architecture • Lync Paired Pool architecture • SQL Server Always On architecture for SharePoint • Brick architecture represents a 10 K modular pod • Add n pods for n-scale • Use the Microsoft capacity calculators and load- testing tools to validate Accelerator for Microsoft Servers
  10. 10. Accelerator for Microsoft Servers
  11. 11. • Exchange, SharePoint, Lync, SQL Server, and Active Directory on AWS • Deployed from single Master template • 14 Servers, 2 AZs, 10 K Users • Exchange users have 5 GB mailboxes • Lync users have VOIP, video, web conferencing, and desktop sharing • SharePoint Blog and Team Sites are “Everyone”-enabled • ~$14/hour to operate Demo: Microsoft Servers on AWS
  12. 12. Full Control of Infrastructure and Applications
  13. 13. $9,997 per Month or $13.70/Hour–Details • $1.00/user/month • Architecture supports 10 K Users • 5 GB Mailboxes • 1 TB SSD Storage for User Profiles
  14. 14. $9,997 per Month or $13.70/Hour–Details
  15. 15. Licensing Microsoft Products on AWS BYOL: Support for Microsoft servers • Exchange, Skype for Business, SharePoint, Systems Center • See AWS Microsoft Licensing page for details License-included: Windows Server and SQL Server AMIs available from AWS • Windows Server 2012 • Windows Server 2012 R2 • Windows Server 2008 • Windows Server 2008 R2 • Windows Server 2003 • SQL Server 2012 • SQL Server 2014
  16. 16. Architecture and Technology • Architectural Considerations • SharePoint and SQL Server on AWS • Performance and Latency • DevOps • Enabled for Compliance • Auditability
  17. 17. Architectural Considerations Amazon VPC • Configure IP ranges, public/private subnets, routing tables, Internet or private gateway Security groups, network ACLs, VPC flow logging Remote administration The principle of least privilege
  18. 18. SharePoint on AWS - link
  19. 19. SQL Server High Availability - link Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica Synchronous-commit Synchronous-commit Automatic Failover Primary: WSFC: AG Listener: Primary: WSFC: AG Listener: AG Listener:
  20. 20. Performance and Latency: Wash DC–Portland, OR 88 ms round trip via Internet 59 ms round trip via Direct Connect
  21. 21.  Basic standard in AWS for automating deployment of resources  CloudFormation template − JSON-formatted document which describes a configuration to be deployed in an AWS account − When deployed, refers to a “stack” of resources  PowerShell can be slipstreamed into UserData and run at instance start up AWS CloudFormation DevOps–CloudFormation
  22. 22. Create Lync FrontEnd1 Instance Embed PowerShell DevOps–PowerShell in CloudFormation
  23. 23. DevOps–AWS CodeCommit Version Control with Git
  24. 24. Enterprise Accelerator for Compliance–link
  25. 25. Auditability  Infrastructure: − AWS CloudTrail − AWS Config − Amazon Inspector  Network: − VPC flow logs − Elastic Load Balancing access logs  Application: − Amazon CloudWatch Logs CloudWatch Logs can integrate • Event logs • IIS logs • Event Tracing for Windows (ETW) logs • Any performance counter data • Exchange, Lync, SharePoint logs • Any text-based log files