In this session, we will examine how to use AWS Tools for Windows PowerShell to move a typical in-house application, housed on a "server under someone's desk", to the cloud. We will cover importing the server as a virtual machine image running an Amazon Virtual Private Cloud (Amazon VPC) in Amazon Elastic Compute Cloud (Amazon EC2). We will then show how to configure, maintain, and monitor the running instances by automating AWS infrastructure, including the provisioning of the AWS resources, Amazon EC2 Simple Systems Manager (SSM), and Amazon CloudWatch.
2. What to expect from this session
• How to move a physical server into the cloud:
• Launch the virtualized server in a private network.
• Connect the private network back to on premise
network/domain.
• Set up monitoring of the virtualized server.
Focus on repeatable, scriptable automation -
no button-clicking!
4. Session tools and technologies
AWS Tools for Windows PowerShell
Using Amazon S3 and Amazon EC2 to import our server
Creating and configuring a private network with Virtual Private Cloud
Launching and configuring our server in Amazon EC2
6. Norm’s Options
• Attempt to fix the broken hardware, in place.
• Purchase and provision replacement hardware.
• Or capture the machine in a virtual image and host in the
cloud.
7. Session code
• Created a script module wrapping the required steps.
• GitHub link: https://github.com/awslabs/aws-sdk-net-samples
• Invite you to follow along!
• Includes single command that can coordinate whole
process.
• This session will use the individual commands.
• Take the code, modify it to your needs.
9. Let’s get started…
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration
10. AWS Tools for Windows PowerShell
Installation options
• Windows installer includes AWS SDK for .NET and AWS Toolkit for
Visual Studio
http://aws.amazon.com/powershell/
• PowerShell Gallery (WMF 5 preview+ & Windows 10)
https://www.powershellgallery.com/packages/AWSPowerShell/
Pre-installed on public Amazon EC2 Windows images
17. What we learned: Importing virtual machines
• How to upload VM image to Amazon S3
• Configuring role access for EC2
- could be a one-time operation
• How to start import conversion
- wait for conversion to be complete
18. Where are we?
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration
19. Virtual Private Cloud (VPC)
Our new server needs to be in a private network
VPC allows us to:
• Set up a private network in the cloud
• Configure inbound & outbound access
• Bridge securely with onsite network, extending it to the cloud
Whitepapers:
https://d36cz9buwru1tt.cloudfront.net/Extend_your_IT_infrastructure_with_Amazon_VPC.pdf
http://media.amazonwebservices.com/AWS_Amazon_VPC_Connectivity_Options.pdf
20. An example VPC setup
10.0.0.0/16
Region
Availability Zone A
Availability Zone B
Subnet 1: 10.0.0.0/24
Subnet 2: 10.0.1.0/24
10.0.0.1
10.0.0.2
10.0.0.3
10.0.1.1
10.0.1.2
10.0.1.3
corporate data center
No access to/from wider internet
– all non-local traffic is routed to private
gateway and onto corporate network
Applicable to our demo scenario except
we don’t have a real domain today!
Router VPN Connection
Virtual Private
Gateway
Customer
Gateway
23. What we learned: Creating VPCs
• How to construct and configure a basic VPC
• Demo: connecting two VPCs using VPC peering
• Real-world: use virtual private gateway linked to
customer gateway
24. Where are we?
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration
26. What we learned: Launching images
• Creating and configuring access via security group
• Launching images into VPC using subnet association
• How to run PowerShell script on the instance at launch
27. Where are we?
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration
28. Post-launch server configuration
With the virtualized server running, some final steps:
1. We want to connect the server back to the corporate
domain.
2. We want to enable monitoring of logs and metrics.
29. Post-launch configuration with Amazon EC2 Simple
Systems Manager
Thin automation bootstrap layer
• Auto-domain join when launching Windows instances
• Supports joining in AWS Directory Service through Simple AD and AD
Connector
• Installation of PowerShell modules
• Installation of MSI packages
• Configure CloudWatch metrics and logs
Complementary to PowerShell DSC/Chef, etc.
• Use SSM to bootstrap
• Optionally, hand over to other tools for more in-depth
configuration
30. Configuration steps for Norm
1. Create configuration document in JSON format.
2. Apply document to launched instances.
• Instances must be launched with IAM role.
3. Check status.
4. (Optional) Automatically reapply to prevent
configuration drift.
• Use Windows Task Scheduler and EC2Config-cli.
32. What we learned: Configuring instances
• SSM enables simple bootstrap configuration
• Simple configuration document to apply to instances
-Document can be constructed at runtime or version-controlled
• How to use SSM to:
• Join to a domain
• Set up CloudWatch monitoring
34. Where does Norm go from here?
Continue running with server in the cloud
• Decommission physical hardware
• Assuming app compatibility, we can scale out, if needed
Launch additional instance(s) for investigation
• Use these to tease-apart the installed applications
Improve availability by running in multiple AZs
35. What we’ve learned
How to use the AWS Tools for Windows PowerShell to:
• Easily virtualize and import a server into the cloud
• Construct a virtual private network and allow access to/from
the corporate on-premises network
• Configure running instances in a repeatable, consistent, and
scalable manner
All using automation – no button clicks!
36. Links
• GitHub for script module
https://github.com/awslabs/aws-sdk-net-samples
• AWS .NET blog
https://blogs.aws.amazon.com/net/
• Managing Windows Instance Configuration
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-
configuration-manage.html