In this session, we will examine how to use AWS Tools for Windows PowerShell to move a typical in-house application, housed on a "server under someone's desk", to the cloud. We will cover importing the server as a virtual machine image running an Amazon Virtual Private Cloud (Amazon VPC) in Amazon Elastic Compute Cloud (Amazon EC2). We will then show how to configure, maintain, and monitor the running instances by automating AWS infrastructure, including the provisioning of the AWS resources, Amazon EC2 Simple Systems Manager (SSM), and Amazon CloudWatch.

1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Steve Roberts and Norm Johanson
October 2015
DEV202
Under the Desk to the AWS Cloud
with Windows PowerShell

2. What to expect from this session
• How to move a physical server into the cloud:
• Launch the virtualized server in a private network.
• Connect the private network back to on premise
network/domain.
• Set up monitoring of the virtualized server.
Focus on repeatable, scriptable automation -
no button-clicking!

3. Why automate?
• Consistency
• Easy to revise and extend
• Versioning
• Scalable

4. Session tools and technologies
AWS Tools for Windows PowerShell
Using Amazon S3 and Amazon EC2 to import our server
Creating and configuring a private network with Virtual Private Cloud
Launching and configuring our server in Amazon EC2

5. Meet Norm.A.Developer

6. Norm’s Options
• Attempt to fix the broken hardware, in place.
• Purchase and provision replacement hardware.
• Or capture the machine in a virtual image and host in the
cloud.

7. Session code
• Created a script module wrapping the required steps.
• GitHub link: https://github.com/awslabs/aws-sdk-net-samples
• Invite you to follow along!
• Includes single command that can coordinate whole
process.
• This session will use the individual commands.
• Take the code, modify it to your needs.

8. Process steps
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration

9. Let’s get started…
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration

10. AWS Tools for Windows PowerShell
Installation options
• Windows installer includes AWS SDK for .NET and AWS Toolkit for
Visual Studio
http://aws.amazon.com/powershell/
• PowerShell Gallery (WMF 5 preview+ & Windows 10)
https://www.powershellgallery.com/packages/AWSPowerShell/
Pre-installed on public Amazon EC2 Windows images

11. PowerShell Gallery

12. Demo: Getting started with AWS Tools for PowerShell

13. Where are we?
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration

14. Virtualizing the hardware
Some tools:
• SysInternals Disk2Vhd
• P2V migration tools (part of SCVMM)
• http://blogs.technet.com/b/chrad/archive/2011/09/09/vhdcapture-amp-vhdprep-using-these-tools-to-p2v-
your-physical-server-to-usb-network-share.aspx
EC2 Import prerequisites
• http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/VMImportPrerequisites.html

15. Importing the virtual machine
(1) virtualize
(2) upload
(4) request conversion
(5) EC2 downloads VHD
using temporary role credentials
(6) VHD conversion -> new private image
Amazon EC2
Private Public Market
place
Amazon S3
Bucket
Disk
image
Machine Images (AMIs)
(3) Setup role and
permissions

16. Demo: Import and convert

17. What we learned: Importing virtual machines
• How to upload VM image to Amazon S3
• Configuring role access for EC2
- could be a one-time operation
• How to start import conversion
- wait for conversion to be complete

18. Where are we?
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration

19. Virtual Private Cloud (VPC)
Our new server needs to be in a private network
VPC allows us to:
• Set up a private network in the cloud
• Configure inbound & outbound access
• Bridge securely with onsite network, extending it to the cloud
Whitepapers:
https://d36cz9buwru1tt.cloudfront.net/Extend_your_IT_infrastructure_with_Amazon_VPC.pdf
http://media.amazonwebservices.com/AWS_Amazon_VPC_Connectivity_Options.pdf

20. An example VPC setup
10.0.0.0/16
Region
Availability Zone A
Availability Zone B
Subnet 1: 10.0.0.0/24
Subnet 2: 10.0.1.0/24
10.0.0.1
10.0.0.2
10.0.0.3
10.0.1.1
10.0.1.2
10.0.1.3
corporate data center
No access to/from wider internet
– all non-local traffic is routed to private
gateway and onto corporate network
Applicable to our demo scenario except
we don’t have a real domain today!
Router VPN Connection
Virtual Private
Gateway
Customer
Gateway

21. Demo network setup
us-west-2 us-west-2
VPC: 10.0.0.0/16 VPC: 172.0.0.0/16
Subnet 1:
10.0.0.0/24 Subnet 1:
172.0.0.0/24
Subnet 2:
10.0.1.0/24
RouterRouter VPC
Peering
Imported
Server
Simulated on-premises network
Simple AD
(AWS Directory
Service) Subnet 2 etc…
New network

22. Demo: Create and configure VPC

23. What we learned: Creating VPCs
• How to construct and configure a basic VPC
• Demo: connecting two VPCs using VPC peering
• Real-world: use virtual private gateway linked to
customer gateway

24. Where are we?
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration

25. Demo: Launch server image in VPC

26. What we learned: Launching images
• Creating and configuring access via security group
• Launching images into VPC using subnet association
• How to run PowerShell script on the instance at launch

27. Where are we?
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration

28. Post-launch server configuration
With the virtualized server running, some final steps:
1. We want to connect the server back to the corporate
domain.
2. We want to enable monitoring of logs and metrics.

29. Post-launch configuration with Amazon EC2 Simple
Systems Manager
Thin automation bootstrap layer
• Auto-domain join when launching Windows instances
• Supports joining in AWS Directory Service through Simple AD and AD
Connector
• Installation of PowerShell modules
• Installation of MSI packages
• Configure CloudWatch metrics and logs
Complementary to PowerShell DSC/Chef, etc.
• Use SSM to bootstrap
• Optionally, hand over to other tools for more in-depth
configuration

30. Configuration steps for Norm
1. Create configuration document in JSON format.
2. Apply document to launched instances.
• Instances must be launched with IAM role.
3. Check status.
4. (Optional) Automatically reapply to prevent
configuration drift.
• Use Windows Task Scheduler and EC2Config-cli.

31. Demo: Post-launch server configuration

32. What we learned: Configuring instances
• SSM enables simple bootstrap configuration
• Simple configuration document to apply to instances
-Document can be constructed at runtime or version-controlled
• How to use SSM to:
• Join to a domain
• Set up CloudWatch monitoring

33. Process completed
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration

34. Where does Norm go from here?
Continue running with server in the cloud
• Decommission physical hardware
• Assuming app compatibility, we can scale out, if needed
Launch additional instance(s) for investigation
• Use these to tease-apart the installed applications
Improve availability by running in multiple AZs

35. What we’ve learned
How to use the AWS Tools for Windows PowerShell to:
• Easily virtualize and import a server into the cloud
• Construct a virtual private network and allow access to/from
the corporate on-premises network
• Configure running instances in a repeatable, consistent, and
scalable manner
All using automation – no button clicks!

36. Links
• GitHub for script module
https://github.com/awslabs/aws-sdk-net-samples
• AWS .NET blog
https://blogs.aws.amazon.com/net/
• Managing Windows Instance Configuration
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-
configuration-manage.html

37. Thank you!

38. Remember to complete
your evaluations!