Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Presenter(s) George Churchill
Date 12th April 20...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Agenda
1
2
3
The benefits of hosting Windows bas...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliat...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Windows on AWS
Experience & Innovation
10Years r...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Windows Momentum on AWS
400%
Growth
AWS enterpri...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliat...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pilot App
Portfolio
Analysis
Security
Strategy &...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CCOE
Security
Development
Architecture Operation...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
A Landing Zone is a baseline AWS environment tha...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Billing
Security
and Audit
Shared
Services
Dev &...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Shared Services
• Domain Controllers
• Monitorin...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security in your VPC
• Security Groups
• Network...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Direct FederationCross Account Switch Role
dev@e...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Direct Federation Demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affilia...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Application
Availability Zone
Private Subnet
10....
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Availability Zone
Private Subnet
10.0.2.0/24
DBA...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Auth/
LDAP
Auth/
LDAP
DB
RDS for
SQL Server
Avai...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Foundation: Active Directory
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Migration
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Discover/Assess/Prioritize
Applications
Use Migr...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Server
Migration Service
AWS Database
Migrat...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliat...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Windows Operations on AWS
Change
Management
Conf...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Change Management
 Silo’ed Teams
 Deep Technic...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Configuration Management: Deployment
• Infrastru...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Configuration Management
Systems Manager
Run Com...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Operations Management: Backups
Compliance
S3
Gla...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.aws.amazon.com/backup-recovery/partner-solutions/...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Governance and Compliance
AWS Organizations
AWS ...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliat...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Dev/Test on AWS
© 2017, Amazon Web Services, Inc...
Upcoming SlideShare
Loading in …5
×

Systems Operations for Windows Workloads

139 views

Published on

Systems Operations for Windows Workloads

  • Be the first to comment

  • Be the first to like this

Systems Operations for Windows Workloads

  1. 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Presenter(s) George Churchill Date 12th April 2018 Windows Operations on AWS Amazon Web Services for Microsoft Windows Server
  2. 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda 1 2 3 The benefits of hosting Windows based applications in the AWS cloud Migrating Windows workloads to the Cloud Operating Windows in the Cloud - AKA Governance
  3. 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why Amazon Web Services for Windows?
  4. 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Windows on AWS Experience & Innovation 10Years running windows workloads Service offerings 100 Over Availability & Performance 54Availability zones spanning 18 geographic regions With consistency 48,000 Capable of delivering Security, Compliance & Customer Obsession IOPS/ instance FISMA, ITAR, EU Model Clauses 52Compliance Certifications SOC-1,2,3 FIPS, ISO 65price reductions since 2006
  5. 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Windows Momentum on AWS 400% Growth AWS enterprise customers using Amazon EC2 for Microsoft Windows Server 20172014
  6. 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Migrating Windows Workloads to the Cloud
  7. 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pilot App Portfolio Analysis Security Strategy & Playbook/ Runbook Establish CCoE Skills Assess& Training Plan Migration Planning Migration Acceleration Design CCoE Cloud Strategy POC Platform Jumpstart Draft Business Case Pilot Mode 1 & 2 Apps Health Checks / Quality Assurance Operating Model Maturity Foundation Platform Landing Zone Design Discovery Workshops Project One or more PoCs Foundation 2 – 5 Production workloads in AWS Migration All workloads in AWS Optimization Value to Customer Business Value MVP Hybrid Operating Model Journey to the Cloud
  8. 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CCOE Security Development Architecture Operations Leadership Finance Foundation: Cloud Center of Excellence
  9. 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A Landing Zone is a baseline AWS environment that includes the following components: Multiple accounts Identity and access management Network design Data security Centralized logging Governance H Foundation: Landing Zone
  10. 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Billing Security and Audit Shared Services Dev & Test Mobile IoT Production Generic Production Critical Central Accounts Application Accounts Dev & Test Analytics DigitalBusiness Applications Foundation: Landing Zone: Multi-Accounts
  11. 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shared Services • Domain Controllers • Monitoring • Logging • Remote administration • Scanning Foundation: Landing Zone: Multi-Accounts
  12. 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security in your VPC • Security Groups • Network Access Control Lists • Active Directory Instance Security Group Subnet Routing Network ACLs VPC IAM Security of your VPC • IAM • Federation Foundation: Identity and Access Management
  13. 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Direct FederationCross Account Switch Role dev@example.com IAM User Jeff Acc ID: 123456789012 Prod@example.com Acc ID: 111122223333 DBA-Role Amazon RDS Authenticate Jeff with access keys Get temp security credentials for DBA-Role Foundation: Landing Zone Identity and Access Management
  14. 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Direct Federation Demo
  15. 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AD On-premises Windows Server DC AD You Manage 1 VPC EC2 for Windows Server DC AD You Manage 2 VPC Endpoint AWS Microsoft AD AWS Manages 3 AWS Directory Service for Microsoft Active Directory a.k.a. MAD Foundation: Active Directory
  16. 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Application Availability Zone Private Subnet 10.0.2.0/24 SQL Server App Server IIS Server Availability Zone Private Subnet 10.0.3.0/24 SQL Server App Server IIS Server Remote Users/Admins Domain Controllers Corporate data center DBAPPWEB DBAPPWEB Auth/ LDAP Auth/ LDAP VPN Direct Connect Example: On-premises AD AD
  17. 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone Private Subnet 10.0.2.0/24 DBAPPWEB SQL Server App Server IIS Server Availability Zone Private Subnet 10.0.3.0/24 DBAPPWEB SQL Server App Server IIS Server Remote Users/Admins Domain Controllers Corporate data center Example: AD on EC2 with replication or AD trust Domain Controller Domain Controller Trust or Replication Auth/ LDAP Auth/ LDAP Application Auth/ LDAP VPN Direct Connect AD EC2 AD EC2 AD
  18. 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auth/ LDAP Auth/ LDAP DB RDS for SQL Server Availability Zone Private Subnet 10.0.2.0/24 APPWEB App Server IIS Server Availability Zone Private Subnet 10.0.3.0/24 APPWEB App Server IIS Server Remote Users/Admins Domain Controllers Corporate data center Example: AWS Microsoft AD trust to on-premises DB RDS SQL Server AWS Managed Services AWS Managed Services AWS Managed Microsoft AD DC AWS Managed Microsoft AD Trust Application Auth/ LDAP VPN Direct Connect AD DC DC
  19. 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Foundation: Active Directory
  20. 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Migration
  21. 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Discover/Assess/Prioritize Applications Use Migration Tools Transition Production Retain / Not Moving Redesign Application/ Infrastructure Architecture App Code Development Purchase COTS/ SaaS & licensing Validation Modify underlying Infrastructure Full ALM / SDLC Manual Config Manual Deploy Manual Install Retire / Decommissi on Determine Migration Path Automate Manual Install & Setup Integration Determine new platform 3. Migration: Application Paths
  22. 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Server Migration Service AWS Database Migration Service AWS Migration Hub 3. Migration: AWS Migration HUB
  23. 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Operations on AWS
  24. 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Windows Operations on AWS Change Management Configuration Management Governance & Compliance Operations Management
  25. 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Change Management  Silo’ed Teams  Deep Technical Expertise  Manual Processes  Infrastructure Centric  CMDB inaccuracies  Dev-Ops  Broad Technical Expertise  Infrastructure as code  Application Centric  CMDB 100% accuracy Cloud Native Traditional
  26. 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configuration Management: Deployment • Infrastructure as Code • Terraform • Cloud Formation • … • Deployment platforms • Ops Works • Elastic Beanstalk • ECS / EKS • Fargate • Publish • Visual Studio
  27. 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configuration Management Systems Manager Run Command State Manager Inventory Maintenance Window Patch Manager Automation Parameter Store
  28. 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Operations Management: Backups Compliance S3 Glacier and the Vault Lock feature Active Archive S3 and the S-IA tier Glacier (with Bulk and Expedited retrieval tiers) Backup and Restore S3 & Glacier Storage Gateway Snow family EFS • File Level Backups • Volume Level Backups • Database Backups • AD Backups • Hybrid Backups
  29. 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.aws.amazon.com/backup-recovery/partner-solutions/ Note: Represents a sample of storage partners Backup and RecoveryPrimary Storage Archive BCDR Solutions that leverage file, block, object, and streamed data formats as an extension to on-premises storage Solutions that leverage Amazon S3 for durable data backup Solutions that leverage Amazon Glacier for durable and cost-effective long-term data backup Solutions that utilize AWS to enable recovery strategies focused on RTO and RPO requirements Operations Management: Storage
  30. 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Governance and Compliance AWS Organizations AWS Service Catalog & CloudFormation AWS Config & Config Rules Policy-based management for multiple AWS accounts AWS tools to manage approved services AWS resource inventory, configuration history, and configuration change notifications & preventive rules.
  31. 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Summary
  32. 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dev/Test on AWS © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

×