Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Invent 2018

618 views

Published on

In this session, learn how to architect Microsoft solutions on AWS for both high availability and scalability. Discover how Microsoft solutions can leverage AWS services to achieve more resiliency, replace unnecessary complexity, and provide scalability. We explore hybrid architecture scenarios and common architecture patterns for Microsoft Active Directory and productivity solutions, such as Dynamics AX, CRM, and SharePoint. We also cover common design patterns for .NET applications, including approaches to CI/CD, DevOps, and containerizing .NET applications.

  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m77EgH } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... ACCESS WEBSITE for All Ebooks ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m77EgH } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Invent 2018

  1. 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Simplifying Microsoft Architectures with AWS Services Zlatan Dzinic Senior Solution Architect Amazon Web Services W I N 3 0 6
  2. 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. About me Cape Town-ian in Orange County 🇧🇦🇿🇦🇺🇸 Alma Mater – University of Cape Town zlatan@amazon.com, @ZlatanDzinic Senior Solution Architect – Amazon Web Services Zlatan Dzinic Focus Serverless Containers AI Machine Learning Previously Director – Consulting Services Worked with: Microsoft Ranger Teams Microsoft Research microsoft.com AWS – Professional services
  3. 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenge Can AWS simplify the infrastructure environment that I already know well? • Active Directory? • Corporate applications • Office 365 • Exchange • SharePoint • Dynamics • System Center • SQL? • How do I deploy all of this? Any good migration suggestions for simplifying my Microsoft workloads? Can AWS help me simplify my legacy .NET architecture? • I want to innovate! • I want to use the latest architectural concepts and platforms! • I want an efficient, fully supported CD/CI! Can AWS make management of my Windows workloads more simple?
  4. 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  5. 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon VPC Design Patterns Single VPN—Multi-VPC Shared Services Amazon VPC Corporate Data Center Shared Services Amazon VPC B Replicated Services Application Proxies CA B CA Corporate Data Center Transit Amazon VPC Transit Amazon VPC
  6. 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Transit Gateway
  7. 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AD Pattern Extending Active Directory Domain to AWS Existing Active Directory domain extended to AWS; new Active Directory sites configured in each AZ; domain controllers on Amazon Elastic Compute Cloud (Amazon EC2) Windows servers; site-link costs correctly configured; and “try next closest site” configured VPN/DX AD Replication Private subnet Availability Zone 1 DC3 AD Domain:amazon.com AZ1: AwsEastAZ1 Private subnet Availability Zone 2 DC4 AD Domain:amazon.com AZ2: AwsEastAZ2 Cost 10 Cost 50 San Francisco AD Domain: amazon.com AD Site: SanFran DC1 New York Corporate Network AD Domain: amazon.com AD Site: New York DC2 Cost 100 Cost 100 Cost 100 Cost 100
  8. 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AD Pattern Federated Trust Identities mastered on premises; Federated Trust (AD FS) configured between on-premises Active Directory and domain controllers running on Amazon EC2 Windows servers Private subnet Availability Zone 1 DC3 AD Domain Cloud Private subnet Availability Zone 2 DC4 AD Domain Cloud Cost 50 San Francisco AD Domain: amazon.com AD Site: SanFran ADFS1 New York Corporate Network AD Domain: amazon.com AD Site: New York ADFS2 ADFS1 ADFS2 or or Federated Trust Internet DC1 DC2 AWS SSO AWS SSO
  9. 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AD Pattern Forest Trusts Identities mastered on premises; Forest Trusts configured between on-premises Active Directory and AWS Directory Service for managed Active Directory Private subnet Availability Zone 1 DC3 AD Domain: Cloud A Private subnet Availability Zone 2 DC4 AD Domain: Cloud A Cost 50 San Francisco AD Domain: Domain B AD Site: SanFran New York Corporate Network AD Domain: Domain B AD Site: New York or or DC1 DC2VPN/DX AD Authentication AD Trust
  10. 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AD Trust AD Trust Corporate Data Center Shared Services Amazon VPC B Managed AD CA Managed AD B CA Corporate Data Center Support for multiple accounts and Amazon VPCs within a region
  11. 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key features Actual Microsoft Active Directory Trust support Group policy support Support multiple accounts and Amazon VPCs Seamless domain join
  12. 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key features (continued) Single directory for all cloud workloads High availability and daily snapshots AWS-managed infrastructure Federated access to the AWS Management Console
  13. 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Microsoft AD as a resource directory Amazon WorkSpaces RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect AWS Apps & Services AWS Microsoft AD Directory Enable, Authenticate, & Authorize Manage, Authenticate, & Authorize Manage, Authenticate, & Authorize .NET Applications Server SharePoint Server AD-aware Workloads SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing Enterprise Certificate Authority Certificate Services On-Premises Microsoft Active Directory On-Premises User Credentials Corporate Data Center SaaS Applications Azure AD SAML Authenticate Synchronize Users VPN DX or AD FS Server Azure AD Connect Server Amazon EC2 Amazon Windows EC2 Instances Amazon Linux EC2 Instances
  14. 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Manage, Authenticate, & Authorize AWS Microsoft AD as a primary directory Amazon WorkSpaces AWS Microsoft AD Directory RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect AWS Apps & Services .NET Applications Server SharePoint Server AD-aware Workloads SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing SaaS Applications Azure AD Enable, Authenticate, & Authorize SAML Authenticate Synchronize Users Manage, Authenticate, & Authorize Enterprise Certificate Authority Certificate Services Amazon Windows EC2 Instances Amazon Linux EC2 Instances Amazon EC2 AD FS Server Azure AD Connect Server Federate ADSync AD FS On-Premises Microsoft Active Directory On-Premises User Credentials Corporate Data CenterVPN DX or AD FS Server Azure AD Connect Server AWS SSO
  15. 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Organizations – Account management A6 Development Test Production A8A1 A5 A4A3 A2 A9 A7 OU Allows you to organize AWS accounts Controls access to AWS services Apply service control policies OU OU Root
  16. 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenges Managing access to multiple AWS accounts and business applications is expensive, hard, and time-consuming. Managing multiple AWS accounts requires effort Hard to set up, operate, and use SSO infrastructure Numerous credentials and no centralized security controls Access to business applications takes time and effort, and is expensive
  17. 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SSO Centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications. Centrally manage access to multiple AWS accounts Easy to enable and use Use your existing corporate identities Single sign-on access to business applications
  18. 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Centrally manage access to AWS accounts • Connects to AWS Organizations and lists your AWS accounts • Allows filtering accounts by OU • Automatic single sign-on setup to AWS accounts • Centralized management of account permission sets • Define, apply, and reapply permission sets to all AWS accounts AWS accounts managed in AWS Organizations AWS consoles OU = Development OU = Production Manage permissions to AWS accounts SSO access Permissions AWS SSO
  19. 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Access to business applications • Preintegrated with commonly used cloud applications • Set up using simple step-by-step instructions • Vendor changes to the application configuration are taken care by AWS • Nuances of SAML integration simplified • Configure any SAML 2.0 application using application configuration wizard Adobe Creative Cloud DruvalnSync NewRelic Syncplicity AppDynamics Egnyte Office 365 Tableau BambooHR Engagedly OpsGenie TalentLMS Bonusly Expensify PagerDuty Trello Box Freshdesk ProdPad UserEcho Citrix ShareFile G Suite PurelyHR UserVoice ClickTime GitHub Salesforce WeekDone Convo GoToMeeting Samanage Workplace by Facebook Deputy IdeaScale ScreenSteps ZenDesk Deskpro Igloo ServiceNow Zoho DigiCert Jitbit Slack Zoom DocuSign Keeper Security Sli.do 4me Dome9 Kudos SmartSheet Domo LiquidFiles SugarCRM Dropbox Lucidchart SumoLogic
  20. 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SSO – Application configuration wizard Pick a preintegrated application Follow step-by-step customized instructions for each application Configure single sign-on Assign access 1 + 1 = 2C H S E
  21. 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Options for Deploying SQL Server on AWS Amazon RDS for SQL Server SQL Server on Amazon EC2 Power, HVAC, net OS Install/Maintenance OS Patching DBMS Install/Maintenance DBMS Patching Database Backups High Availability Scaling Power, HVAC, net OS Install/Maintenance OS Patching DBMS Install/Maintenance DBMS Patching Database Backups High Availability Scaling
  22. 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-AZ AlwaysOn Availability Group AWS Region Amazon Virtual Private Cloud Private Subnet: DB 10.0.10.0/24 File Share Witness Private Subnet: DB 10.0.11.0/24 Active Directory DC1 Private Subnet: DB 10.0.20.0/24 1st SQL Replica Private Subnet: DB 10.0.21.0/24 Active Directory DC2 Private Subnet: DB 10.0.30.0/24 2nd SQL Replica AlwaysOn AG (Sync. Mode, Auto. Failover) AZ A AZ B AZ C
  23. 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-Region AlwaysOn Availability Group AWS Region Amazon Virtual Private Cloud Private Subnet: DB 10.0.10.0/24 File Share Witness Private Subnet: DB 10.0.11.0/24 Active Directory DC1 Private Subnet: DB 10.0.20.0/24 1st SQL Replica Private Subnet: DB 10.0.21.0/24 Active Directory DC2 Private Subnet: DB 10.0.30.0/24 2nd SQL Replica AZ A AZ B AZ C AWS Region Amazon Virtual Private Cloud Private Subnet: DB 10.1.10.0/24 Async Remote Replica Private Subnet: DB 10.1.11.0/24 Active Directory DC3 AZ A Multi-Region AlwaysOn Availability Group(Sync. Mode, Auto. Failover)
  24. 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Interoperability with Windows-based availability groups and replicas
  25. 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Failover Cluster Instance AWS Region Amazon Virtual Private Cloud Private Subnet: DB 10.0.10.0/24 1st SQL Replica Private Subnet: DB 10.0.11.0/24 Active Directory DC1 Private Subnet: DB 10.0.20.0/24 2nd SQL Replica Private Subnet: DB 10.0.21.0/24 Active Directory DC2 AZ A AZ B Volume Volume SIOS DataKeeper Cluster Edition Windows Server 2016 Storage Replica
  26. 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security, Certificate, and Key Management Configuration and Systems Management Storage and Archiving Monitoring, Auditing, and Logging DevOps Availability Zone 2 (AZ2) Availability Zone 1 (AZ1) Security Group Web Server AutoScaling AutoScaling Private Subnet Security Group App Server AutoScaling AutoScaling Security Group Security Group Domain Controller AWS Managed Active Directory SQL Server or RDS SQL Server (Secondary) or Replica Replica Replica Public Subnet NAT GW Security Group WAP/Proxy /RDGW Security Group Web Server AutoScaling AutoScaling Private Subnet Security Group App Server AutoScaling AutoScaling Security Group SQL Server Security Group Domain Controller AWS Managed Active Directory or RDS SQL Server (Secondary) or Replica Replica Replica Public Subnet NAT GW Security Group WAP/Proxy /RDGW Internet Gateway AlwaysOn AG (Synchronous) Domain Controller Domain Controller Denver Domain Controller Domain Controller New York VPN/ DX IAM Systems Manager S3 AWS CloudTrail AWS CodeDeploy AWS CodePipeline AWS CodeBuild AWS CodeCommit Amazon CloudWatch Amazon Glacier VPN Endpoint Amazon Inspector AWS Config Cloud HSM ACM CloudFront (Content Dist. Network) AWS Shield (DDOS) AWS WAF (Web Application Firewall Route 53 (DNS) Internet
  27. 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon FSx for Windows File Server Lift and shift your Windows file storage with fully managed windows file servers Fully managed Fast and flexible performance Native Windows compatibility Broad accessibility Enterprise-ready
  28. 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Native Windows compatibility and features Native Windows compatibility DFS Namespaces and DFS Replication Integrates with Microsoft AD and supports Windows ACLs AD NTFS Windows Server Native SMB 2.0 to 3.1.1 SMB
  29. 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  30. 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudFormation—Components and Technology Template AWS CloudFormation Stack JSON/YAML formatted file Parameter definition Resource creation Configuration actions Configured AWS resources Comprehensive service support Service event aware Customizable Framework Stack creation Stack updates Error detection and rollback
  31. 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How AWS CloudFormation Works 1 2 3
  32. 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Quick Starts Microsoft & SAP Microsoft servers Exchange Server Sharepoint Server SQL Server Lync Server WAP & AD FS DevOps PowerShell DSC Chef Server Puppet Ansible Tower Swift web apps Docker EE Databases & storage MongoDB SQL Server Oracle Database SAP HANA ONTAP Cloud SIOS DataKeeper
  33. 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  34. 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon CloudWatch AWS Config Data transfer Server and database migrations Application monitoring/profiling Discovery and planning AWS Application Discovery Service AWS Database Migration Service (AWS DMS) AWS Server Migration Service (AWS SMS) AWS Storage Gateway Amazon S3 Transfer Acceleration AWS Direct Connect Amazon Kinesis Data Firehose AWS Snowball and AWS Snowmobile Migration Tools from AWS and Partners
  35. 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example Migration Sequence Step 1 Landing zone Account structure Network/Amazon VPC Web Server Web Server Web Server Web Server Domain Controller Domain Controller SQL Server SQL Server On-Premises Data Center CloudTrail CloudWatch VPC Flow Logs Systems Manager Amazon Inspector AWS Config AWS WAFAWS Shield Amazon Route S3 Root Prod DevSecurity Private Subnet, 10.0.0.64/18 Public Subnet, 10.0.0.0/18 VPN/ DX 10.0.0.0/16
  36. 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example Migration Sequence Step 1 Landing zone Account structure Network/Amazon VPC Security Web Server Web Server Web Server Web Server Domain Controller Domain Controller SQL Server SQL Server On-Premises Data Center CloudTrail CloudWatch VPC Flow Logs Systems Manager Amazon Inspector AWS Config AWS WAFAWS Shield Amazon Route S3 Root Prod DevSecurity Security Group Security Group Private Subnet, 10.0.0.64/18 Security Group Public Subnet, 10.0.0.0/18 VPN/ DX 10.0.0.0/16
  37. 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example Migration Sequence Step 1 Landing zone Account structure Network/Amazon VPC Security Active Directory Web Server Web Server Web Server Web Server Domain Controller Domain Controller SQL Server SQL Server On-Premises Data Center CloudTrail CloudWatch VPC Flow Logs Systems Manager Amazon Inspector AWS Config AWS WAFAWS Shield Amazon Route S3 Root Prod DevSecurity Active Directory on EC2 AWS Managed Active Directory or VPN/ DX 10.0.0.0/16
  38. 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example Migration Sequence Step 2 Database tier Build out your DBMS infrastructure Choose a database replication and synchronization strategy One-step migration (suitable for smaller databases and good connectivity) Full-diff migration (suitable for larger databases and good connectivity) Zero-downtime migration (software tool-based solution) Web Server Web Server Web Server Web Server Domain Controller Domain Controller SQL Server SQL Server On-Premises Data Center CloudTrail CloudWatch VPC Flow Logs Systems Manager Amazon Inspector AWS Config AWS WAFAWS Shield Amazon Route S3 Root Prod DevSecurity Active Directory on EC2 AWS Managed Active Directory or VPN/ DX 10.0.0.0/16 SQL Server on EC2 SQL Server on Amazon RDS or
  39. 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example Migration Sequence Step 3 Server/app migration Choose a server/app migration strategy Manual migration (build new servers—migrate app) Tool-based migration (block-level migration and synchronization) Perform extensive testing at this stage Always maintain rollback capability Web Server Web Server Web Server Web Server Domain Controller Domain Controller SQL Server SQL Server On-Premises Data Center CloudTrail CloudWatch VPC Flow Logs Systems Manager Amazon Inspector AWS Config AWS WAFAWS Shield Amazon Route S3 Root Prod DevSecurity Active Directory on EC2 AWS Managed Active Directory or VPN/ DX 10.0.0.0/16 SQL Server on EC2 SQL Server on Amazon RDS or Web Server App Server Web Server App Server
  40. 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example Migration Sequence Step 4 Production cutover Plan your final cutoff carefully Ensure any final replication and/or synchronization occurs Test your cutover mechanism (DNS TTL, and so on) Maintain rollback after cutoff, if possible Web Server Web Server Web Server Web Server Domain Controller Domain Controller SQL Server SQL Server On-Premises Data Center CloudTrail CloudWatch VPC Flow Logs Systems Manager Amazon Inspector AWS Config AWS WAFAWS Shield Amazon Route S3 Root Prod DevSecurity Active Directory on EC2 AWS Managed Active Directory or VPN/ DX 10.0.0.0/16 SQL Server on EC2 SQL Server on Amazon RDS or Web Server App Server Web Server App Server
  41. 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Server Migration Service Overview HIPAA Eligible Service which makes it easier and faster for you to migrate on-premises workloads to AWS from VMware vSphere and Microsoft Hyper-V environments. Agentless VM migration Capture incremental change made to on-premises VMs and automatically transfer to AWS Supports Resuming Failed Replication Jobs, with Hourly Replication Intervals Migrate a group of VMs simultaneously and orchestrate multiple migrations AWS Management Console and API/CLI access Each replicated server volume is saved as a new Amazon Machine Image (AMI), which can be launched as an EC2 instance. AWS SMS uses AWS Key Management Service (AWS KMS) customer master keys (CMKs) to encrypt AMIs, providing you all the benefits associated with using AWS KMS. You can specify your own CMK identifier or leverage the default CMK used by Amazon Elastic Block Store (Amazon EBS). Source: on-premises server AWS Server Migration Service (AWS SMS) Target: Amazon Machine Image
  42. 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Migration Hub Better understand your application portfolio Streamline application portfolio migration planning and tracking Track migration progress from multiple tools in one place Reduce time spent determining current status and next steps Discover Migrate Track
  43. 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tracking Status Made Easy
  44. 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS DataSync
  45. 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  46. 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Code Services Software release steps: AWS CodeCommit AWS CodeBuild Third-Party Tooling AWS CodeDeploy AWS CodePipeline
  47. 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CI/CD Pipeline Continuous integration/continuous deployment Pull source code from: Build with: Test with: Deploy with: AWS CodePipeline Automated continuous integration and continuous delivery release workflow
  48. 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Tooling for .NET AWS SDK for .NET AWS Tools for PowerShell AWS Tools for PowerShell Core AWS Toolkit for Visual Studio AWS Tools for Microsoft Visual Studio Team Services Extensions for the .NET CLI
  49. 49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Running AWS Toolkit for Visual Studio
  50. 50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Tools for VSTS, what’s included AWS Elastic Beanstalk AWS Lambda AWS CloudFormation Amazon S3 AWS CodeDeploy AWS CLI AWS Tools for PowerShell Amazon SNS Amazon ECR Systems Manager Parameter Store Systems Manager Run Command AWS Lambda Deployment
  51. 51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. .NET Web Applications in AWS Elastic Beanstalk Enables you to quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure Visual Studio 2013, 2015, and 2017 support application deployment to Elastic Beanstalk Support for deploying .NET Core 1.0, 1.1, 2.0 and 2.1 web applications Support for deploying .NET Framework web applications
  52. 52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CodeStar
  53. 53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  54. 54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Container-Based .NET Core Applications in ECS 1 2
  55. 55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon ECS Cluster ECS cluster Container Instances → EC2 instances Task definition Defines Docker images, memory, CPU, etc. Running tasks Transitory process Container Registry (Amazon ECR) Services Long-lived process Load balancer ECS registers tasks Traffic flows to tasks Cluster Container registry (Amazon ECR, Docker hub) Task definition T1 T2 T4 T3 Service Task definition Service definition T1 T2 T3 T4 T5 Load balancer Container instances
  56. 56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What about AWS Fargate? No managing of EC2 instances The compute capacity is auto provisioned Tasks reserve CPU and memory Billing based on CPU and memory allocated for cluster Cluster creation simplified Name Launch tasks with Amazon VPC configuration and EC2 security group Supports Time and Event-Based Task Scheduling
  57. 57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Cluster Cluster Container registry (Amazon ECR, Docker hub) Task definition T1 T2 T4 T3 Service Task definition Service definition T1 T2 T3 T4 T5 Load balancer Container instances
  58. 58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Stateless Highly scalable, self-healing, available Containerized microservices AWS serverless platform • AWS Lambda • AWS Step Functions • Amazon API Gateway • Amazon DynamoDB • Amazon Simple Notification Service (Amazon SNS) • Amazon Simple Queue Service (Amazon SQS) Dynamic/managed allocation of resources Amazon Route 53—DNS Serverless Architecture C# C# C# User/Client Alexa Mobile Phone S3 HTTPS REST REST REST Workflow Steps SQS SNS Workflow Steps ElastiCache RDS DynamoDB S3CloudFront HTTP Step FunctionsWorker Process API Gateway Instance Workflow
  59. 59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudFormation Template AWSTemplateFormatVersion: '2010-09-09' Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0'
  60. 60. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudFormation Template AWSTemplateFormatVersion: '2010-09-09' Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0'
  61. 61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Serverless Application Model (AWS SAM) AWS CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything AWS CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application- model
  62. 62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SAM Template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells AWS CloudFormation that this is an AWS SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with five read and write units
  63. 63. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. This pipeline: Five stages Builds code artifact Three deployed to “environments” Uses AWS CloudFormation to deploy artifact and other AWS resources Has Lambda custom actions for running my own testing functions Integrates with a third-party tool/service Has a manual approval before deploying to production An Example Minimal Pipeline Source Source CodeCommit MyApplication Build test-build-source CodeBuild Deploy Testing create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-stubs AWS Lambda Deploy Staging create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-API-test Runscope QA-Sign-off Manual Approval Review Deploy Prod create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Post-Deploy-Slack AWS Lambda
  64. 64. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  65. 65. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Systems Manager Capabilities Run Command Maintenance Window Inventory State Manager Parameter Store Patch Manager Automation Deploy, configure, and administer Track and update Shared capabilities Distributor
  66. 66. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Managing Your Environment with AWS Systems Manager Availability Zone Web security group Private subnet Accept traffic from Systems Manager WEB2WEB1 AWS Systems Manager Amazon S3 bucket SNS topic CloudWatch metric AWS administrator Corporate data center IAM policy
  67. 67. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon CloudWatch and CloudWatch Logs Monitor EC2 metrics (CPU, disk usage, and so on) Monitor AWS resources (EBS volumes, Elastic Load Balancers, and so on) Monitor logs and configure alerts Store logs and perform analytics CloudWatch/ CloudWatch Logs Availability Zone SharePoint Front-end SQL Server Domain Controller Amazon Kinesis AWS Lambda Amazon S3 Amazon Redshift CloudWatch/ CloudWatch Logs Availability Zone SharePoint Front-end SQL Server Domain Controller CloudWatch Alarms Amazon SWF Emails Amazon SES
  68. 68. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring Amazon CloudWatch AWS CloudTrail AWS Config AWS Trusted Advisor Amazon VPC AWS Lambda Amazon ES EC2 Amazon Kinesis Flow logs Amazon QuickSight
  69. 69. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  70. 70. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

×