In this session you will learn two different methods for running SQL Server on AWS, rolling your own on EC2 or using AWS's platform as a service offering, Relational Database Service (RDS). You will also learn about the pro's and con's of each method as well as the security, scalability and migrating options for SQL Server to AWS.
The Codex of Business Writing Software for Real-World Solutions 2.pptx
AWS APAC Webinar Week - Running Microsoft SQL server on AWS
1. Running Microsoft SQL on AWS
Chris Fleischmann - Enterprise Solutions Architect
fchris@amazon.com
2. Amazon Web Services Confidential
Agenda
SQL Server deployment options
SQL Server on RDS on AWS
SQL Server on EC2 on AWS
High Availability options on AWS for SQL Server
Security options on AWS for SQL Server
Migrating SQL Server to AWS
3. More Functionality Than Any
Other Infrastructure Provider
AWS
Marketplace
Enterprise
Applications
Platform as
A Service
Administration &
Security
Core Services
Infrastructure
4. Microsoft SQL Server deployment options
There are two ways to run SQL Server 2008 R2 and 2012 in AWS. One is to use the
Amazon Relational Database Service (Amazon RDS, or RDS). The other is to run SQL
Server on the Amazon Elastic Compute Cloud (Amazon EC2, or EC2). The latter option is
also available for other versions of SQL Server, such as 2014, subject to Microsoft
licensing.
5. Amazon Web Services Confidential
SQL Server Support on AWS
• Microsoft workloads are supported on AWS
• Our customers have successfully deployed in the AWS cloud virtually
every Microsoft application available, including Microsoft Exchange,
SharePoint, Lync, Dynamics, and Remote Desktop Services
• If you have support related issues you should contact AWS Support
• If you have an existing Microsoft support agreement you can contact
Microsoft Support
• Support for Microsoft workloads on AWS can be a collaborative effort
between you, AWS Support, and Microsoft Support.
6. Amazon Web Services Confidential
EC2 Dedicated Hosts on AWS
EC2 Dedicated Hosts physical servers with EC2 capacity fully dedicated to a customer’s use.
Using a Dedicated Host, you can see how many sockets or physical cores are installed on a
physical server and can granularly control the placement of their instances on their hosts.
Allows customers to effectively use server-bound licenses in EC2, while adding visibility and control
in compliance, or highly regulated scenarios (Dedicated Hosts are supported in the BAA).
Under BYOL you may need to report the usage of your licenses back to your ISV. This is where AWS
Config lends a hand. When activated, AWS Config records host and instance level information relevant to
software licensing and can be used as data source for our customers to self-report license usage.
Dedicated Hosts are available for M3, M4, C3, C4, I2, D2, G2, and R3 instance families in all public
regions where these instance families are currently supported, excluding China (Beijing) and GovCloud
(US).
For more information on Dedicated Host availability and pricing, visit the Dedicated Hosts pricing page.
7. Amazon Web Services Confidential
SQL Server License Mobility on AWS
You are responsible for obtaining the licenses required for eligible Microsoft
applications running in the AWS cloud using the License Mobility through Software
Assurance benefit, and for complying with all applicable Microsoft licensing
requirements. Under the PUR, the number of licenses required varies based on the
instance type, version of SQL Server, and the Microsoft licensing model you choose.
For “Licensing by Individual Virtual OSE” of Microsoft SQL Server 2014 (and permitted
instances of Microsoft SQL Server 2012), the July 2014 version of the PUR states,
“The number of licenses required equals the number of Virtual Cores in each Virtual
OSE in which you will run the server software, subject to a minimum of four licenses
per Virtual OSE.” The July 2014 version of the PUR defines a “Virtual Core” as “the
unit of processing power in a virtual hardware system. A Virtual Core is the virtual
representation of one or more hardware threads.”
http://aws.amazon.com/windows/resources/licensemobility/sql/
8. Amazon Web Services Confidential
SQL Server Licensing on EC2
• EC2 BYOL/LI: Licensed by vCPU (minimum of 4), all mirrors require licensing
• EC2 Dedicated Instances BYOL: Licensed by vCPU (minimum of 4), mirrors do not
require licensing
• EC2 Dedicated Instances LI: Licensed by vCPU (minimum of 4), all mirrors require
licensing
9. Amazon Web Services Confidential
SQL Server Licensing on RDS
RDS BYOL: Licensed by vCPU (minimum of 4), all mirrors require licensing
RDS LI: Licensed by vCPU (minimum of 4), all mirrors require licensing
10. Amazon Web Services Confidential
SQL Server Licensing Cloud vs On-Prem
• SQL Server is twice as expensive on both AWS and Azure for a
single server with the same number of cores
• It can be four times as expensive if a passive mirror is included
• These are standard Microsoft terms under the PUR
• Counteract by:
® Optimizing licenses to use SE or other editions instead of EE
® Reduce vCPUs to right size the instance (new hardware)
® Add a caching tier, move components to NoSQL or migrate to
MySQL/PostgreSQL
11. Amazon Web Services Confidential
Engine/Edition Versions License Included BYOL
SQL Server 2008 R2
2012
Express Edition
Web Edition
Standard Edition
Enterprise Edition1
Standard Edition
Enterprise Edition
* Requires Software
Assurance/License Mobility
Versions and Licensing
1. Virginia, Oregon and Dublin
12. Amazon Web Services Confidential
SQL Server on RDS on AWS
Amazon RDS takes care of the undifferentiated heavy lifting of
your SQL Server Database.
Installation
Disk provisioning and management
Patching and minor version upgrades
Failed instance replacement
Backup and recovery
Automated Multi-AZ (Availability Zone) synchronous replication
13. Amazon Web Services Confidential
SQL Server on EC2 on AWS
Running SQL Server on EC2, you have full control over the
operating system, database installation and configuration.
You are responsible for administering the database, including
backups and recovery, patching the operating system and the
database, tuning of the operating system and database
parameters, managing security, and configuring high
availability or replication
Running your own relational database on Amazon EC2 is the
ideal scenario if you require a maximum level of control and
configurability. You can also use SQL Server services and
features that are not available in Amazon RDS.
14. Amazon Web Services Confidential
Features
Core Database Engine Features Partially Contained Databases
SQL Server Management Tools Columnstore Indexes
Full text search UTF-16
SSL Advanced Security/TDE
Spatial Safe CLR
Change Tracking Target for SSRS, SSIS, etc.
RDS SQL – Supported Features
15. Amazon Web Services Confidential
Features
>30 Databases per Instance SQL Server Analysis Services
Windows Authentication* SQL Server Integration Services
Database Mail SQL Server Reporting Services
CDC Data Quality Services
Distributed Queries Master Data Services
SQL Server Audit Always On
Performance Data Collector File Tables
RDS SQL Server – Unsupported Features
17. Amazon Web Services Confidential
High Availability options on AWS for SQL Server
RDS offers Multi-AZ support for Amazon RDS for SQL Server*
This high availability (HA) option leverages SQL Server
Mirroring technology with additional improvements, to meet
the requirements of enterprise-grade production workloads
running on SQL Server.
Replicates synchronously across Availability Zones.
SQL Server On AWS EC2;
Use Microsoft's AlwaysOn technology with 2 or more
Availability Zones, see whitepaper:
https://s3.amazonaws.com/quickstart-
reference/microsoft/sql/latest/doc/Microsoft_WSFC_and_SQL
_AlwaysOn_Quick_Start.pdf
*Except for the following regions: Sydney
18. Amazon Web Services Confidential
High Availability options on AWS for SQL Server
Amazon RDS automatically performs a failover in the event of any
of the following:
Loss of availability in the primary Availability Zone
Loss of network connectivity to the primary DB node
Compute unit failure on the primary DB node
Storage failure on the primary DB node
Amazon RDS Multi-AZ deployments do not failover automatically
in response to database operations such as long running queries,
deadlocks or database corruption errors.
19. Amazon Web Services Confidential
High Availability options on AWS for SQL Server
Instance
Failure
Storage
Failure
AZ Failure
Region
Failure
RDS
RDS MAZ
Failover options vary in capabilities and on the specific event. For example, Storage
failure could be a single disk or all access to EBS. Regional failover is customer driven
and thus highly variable
Using AWS's Relational Database Service (RDS) offering provides:
20. Amazon Web Services Confidential
High Availability options on AWS for SQL Server
Instance
Failure
Storage
Failure
AZ Failure
Region
Failure
RDS <5 mins+ <5 mins+ User driven
RDS MAZ <60 sec+ <60 sec+ <60 sec+ User driven
Times are estimates and will vary. For example, caches need to be
warmed, DBs recovered, etc. PLEASE TEST!
Using AWS's Relational Database Service (RDS) offering provides:
22. Amazon Web Services Confidential
Security options on AWS for SQL Server
Use a VPC
Run your DB in a private subnet
Use a separate Security Group
(SG) for your DB
Connect through the CNAME
Use for Data in Transit
23. Amazon Web Services Confidential
Security options on AWS for SQL Server
AWS Identity and Access Management (IAM)
DO NOT share AWS account credentials
Create IAM users
Minimum permissions
Use groups for common permissions
Tag resources
Delegate access
Rotate credentials
24. Amazon Web Services Confidential
Security options on AWS for SQL Server
Secure Data at Rest
• There are several options for protecting data-at-rest in a DB
instance:
Encrypted Amazon RDS DB instances using Amazon KMS
SQL Server Transparent Data Encryption (TDE)
SQL Server column-level;
Encrypting data in the application before it is saved to the
database instance.
25. Amazon Web Services Confidential
Security options on AWS for SQL Server
There are several features and sets of controls available to manage
the security of your Amazon RDS database instance. These controls
are as follows:
Network controls, which determine the network configuration
underlying your DB instance
DB instance access controls, which determine administrative
and management access to your RDS resources
Data access controls, which determine access to the data
stored in your RDS DB instance databases
Data-at-rest protection, which affects the security of the data
stored in your RDS DB instance
Data-in-transit protection, which affects the security of data
connections to and from your RDS DB instance
27. Start your first migration in 10 minutes or less
Keep your apps running during the migration
Replicate within, to or from Amazon EC2 or RDS
Move data to the same or different database engine
Sign up for preview at aws.amazon.com/dms
AWS
Database Migration
Service
28. Amazon Web Services Confidential
Customer
Premises
Application Users
AWS
Internet
VPN
Keep your apps running during the migration
Start a replication instance
Connect to source and target databases
Select tables, schemas, or databases
AWS
Database Migration Service
Let AWS Database Migration Service
create tables, load data, and keep them
in sync
Switch applications over to the target at
your convenience
29. Amazon Web Services Confidential
Migrate and replicate between database engines
30. Amazon Web Services Confidential
Sign Up for AWS Database Migration Service
Sign up for AWS Database Migration Service Preview now:
aws.amazon.com/dms
Download the AWS Schema Conversion Tool:
aws.amazon.com/dms