Únase a nuestros arquitectos de soluciones en este workshop de medio día para comenzar con las cargas de trabajo de Microsoft en AWS. En esta sesión de 4 horas, aprenderá cómo extender su Active Directory a AWS, cómo crear una base de datos administrada de SQL Server con RDS y cómo compartir archivos y carpetas a través de SMB.
38. Integrandodiversosfileserverssobreunúnicodominio
Con DFS Namespace, podemos utilizar diversos Amazon FSx para la estructura &
jerarquía (data sharding).
fs-0123456789.example.comSales
fs-9876543210.example.comProjects
fs-5678901234.example.comMarketing
example.comcorp
Sales
Marketing
Projects
39. EjemplodecostoAmazonFSxSãoPaulocon30%,sinbackup
• 100TB SSD 128MB throughput en example.corp Multi-Az FSx
= Total ~20.4k USD mes, ~244.8k USD año
• 100TB en example.corpPrivate con diferentes FSx usando DFS Namespace:
20TB Sales SSD 128MB Throughput Multi-AZ (4.6k*12 = 55.200)
20TB Marketing SSD 32MB Throughput Single-AZ (2.3k*12 = 27.600)
30TB Marketing HDD 128MB Throughput Multi-AZ (1296*12 = 15.552)
30TB TI HDD 128MB Throughput Single-AZ (661*12 = 7.932)
= Total ~106.284 año + 2x EC2 DFS en multi-az
40. IntegracióntransparentedanubeAWSconlainfraestructuraon-
premises
AWS Brasil
São Paulo
Storage Híbrido para las aplicaciones on-premises o AWS (.net/ERP/CRM)
Ofrece compatibilidad para apps (SMB file locking, file leasing para local caching)
Throughput & IOPS alto, habilitando acceso concurrente + data sharding para acceso “customizado”
Throughput Customizable
Benefícios
Application
Belo Horizonte
Application
Brasília
Application
RJ
Application
AWS Direct
Connect
ou VPN
AWS Direct
Connect
ou VPN
Application
Customers have been running Windows workloads on AWS for over a decade. We run nearly 2x more Windows Server instances than the next largest cloud provider, according to an IDC report. Our experience running Windows applications has earned our customers’ trust and the number of AWS enterprise customers using Amazon EC2 for Windows Server has grown 5x since 2015. You can select from a number of Windows Server versions including the latest version, Windows Server 2019. In addition, AWS supports everything you need to build and run Windows applications including Active Directory, .NET, System Center, Microsoft SQL Server, Visual Studio and Windows desktop-as-a-service. AWS also has the first and only fully managed native-Windows file system available in the cloud with Amazon FSx for Windows File Server and is the only cloud provider to provide production support for Kubernetes on Windows.
Here are the key reasons why AWS is the best cloud to run Microsoft workloads:1. Breadth and Depth of Service: AWS supports the full Windows stack, including Active Directory, .NET, SQL Server, and Visual Studio. We offer unique capabilities such as FSx for Windows File Server and Managed Active Directory. We are also the only cloud to provide a cloud-like Dedicated Host experience!2. Reliability: With over 2x as many regions with multiple availability zones, AWS had 7x less downtime hours compared to Azure in 2018 and 2019!3. Performance: AWS’ extensive compute selection, coupled with the best-in-class storage and networking features, allow us to deliver nearly 2x better performance, and up to 40% better price-performance for running SQL Server on AWS, over Azure!4. Lower Total Cost of Ownership (TCO): Research firm, International Data Corp. (IDC), estimates that customers will realize an average return on investment of 442% over five years, when they bring their Windows workloads to AWS. Customers can bring their existing licenses to AWS, and save even more with Savings Plans and EC2 Spot Instances. Optimization and Licensing Assessments help provide AWS right-sized recommendations based on the customers’ on-premises utilization and Microsoft license consumption.Business Value of Efficiently Running High-Performing Windows Workloads in the AWS Cloud
5. Migration experience: Our unmatched migration experience has helped thousands of organizations, such as Hess, Ancestry, and Expedia easily migrate and modernize their Windows workloads on AWS. AWS has been running Windows for over 11 years, longer than Azure has existed, and we host nearly 2x more Windows Server Instances than Azure. Our programs, such as MAP and re:Think for Windows, have helped our customers reduce the risk and cost of moving to AWS. We are also offering a new Windows variant for MAP starting April 1st.
AWS has over a decade of unmatched experience, helping thousands of organizations, including global enterprises such as Sysco, Hess, Sony DADC, Ancestry and Expedia migrate and modernize their Windows workloads on AWS. AWS has translated this experience in our new Migration Acceleration Program (MAP) for Windows, which is based on our proven MAP methodology of best practices that is recognized by IDC** as the most extensive library of cases covering thousands of successful migrations. MAP for Windows also helps customers modernize their Windows, SQL, and .NET workloads on cloud native, Linux, and open source solutions.
Traditional enterprise customers host their Active Directory (AD) environments in their datacenter. When moving to the AWS cloud, many customers choose to extend their on-premise AD environments with self-managed Amazon EC2 instances running Windows Server. While this solution offers the flexibility and high availability of the AWS cloud, customers still have to maintain the domain controllers, patch the domain controllers, develop complex backup and restore procedures, and build appropriate safe-guards. Customers have asked for an easier way to address all of this and leverage existing and proven administrative tools to manage their AD objects.
[CLICK] This is where AWS Managed Microsoft AD comes in. With Managed Microsoft AD, customers can launch an AWS-managed directory in the cloud, leveraging the scalability and high-availability of an enterprise directory service while adding seamless integration into other AWS services. In addition, customers and administrators alike can access their Managed Microsoft AD using existing administrative tools and techniques!
Core benefits of using the service:
Easily migrate your directory dependent workloads by leveraging a managed service.
Provide single sign-on (SSO) and manage access to your AWS services and applications without syncing identity data.
Use actual Microsoft Active Directory that’s integrated with other AWS services and applications.
Use standard Active Directory administrative tools and take advantage of built-in Active Directory features such as 1-way and 2-way domain trusts and Group Policy objects.
Amazon EC2 instances running Windows Server can seamlessly join a Managed Microsoft AD. By sharing your Managed Microsoft AD directory, customers can perform seamless domain joins from multiple accounts and VPCs.
Managed Microsoft AD is highly available and can be used with your on-premise Active Directory over a VPN or AWS Direct Connect.
Managed Microsoft AD can easily be shared with multiple accounts with AWS Organizations or manually.
Single AD domains running in Enterprise Edition can be deployed to multiple regions
With daily snapshots, your Managed Microsoft AD is backed up automatically and enables easy restore.
When you launch an Managed Microsoft AD, you get actual Microsoft Active Directory running on Windows Server 2012 R2. (Note: Microsoft Windows Server 2012 R2 has an extended support date of 10/10/2023.) You get two domain controllers with the option of launching additional domain controllers as needed. Managed Microsoft AD provides a delegated directory administrator account with the user name Admin and a password your specify, with authority over an Organizational Units (OU) created by AWS.
And because Managed Microsoft AD is running actual Microsoft AD, you can leverage standard AD management tools to administer your AD users, computers, and groups. All of this while leveraging the AWS cloud to manage the infrastructure, maintenance/patching, and backups of your directory.
As of December 2020, customers can replicate Managed Microsoft AD Enterprise Edition to multiple regions. This configuration is fast and easy and eliminates the undifferentiated heavy lifting required to manage multiple domain controllers in different regions. Multi-region replication allows customers to scale a single directory easily, improve local performance of EC2 instances or RDS for SQL Server, and add resiliency to their Managed Microsoft AD.
Finally, Managed Microsoft AD seamlessly integrates with many AWS services. Run highly-available and scalable directory-aware workloads, provide users and groups access to resources with AWS SSO, or launch Amazon FSx for Windows File Server, Amazon RDS for SQL Server, or an Amazon WorkSpaces within minutes.
Limitations:
Default limit of 20 directories
5 manual snapshots
Max of 20 domain controllers per directory
5 max number of registered CA per directory
** It is possible to request a limit increase via support case
Resources:
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_limits.html
With Managed Microsoft AD, you can manage EC2 instances running Windows Server and Linux.
Deploy group policy objects for consistency of configuration, scripts, security settings, etc.
Delegate administrative access on the AWS created organizational unit to admins.
Assign Active Directory users to security groups and to control access to AWS resources (via RBAC or ABAC). For example: remote desktop access, file or folder permissions, application access, administrative access.
Amazon RDS for SQL Server
Administrators can take advantage of SSO or active directory authentication for Amazon RDS databases.
Enable access to Amazon RDS databases on different VPCs.
Because the DB instance is joined to the Managed Microsoft AD domain, you can provision SQL Server logins and users.
You can use the console, AWS CLI, or the Amazon RDS API to manage your DB instance and its relationship with your domain.
Amazon RDS for PostgreSQL and Amazon RDS for Oracle
Use Kerberos authentication to authenticate users when they connect to your DB instance running PostgreSQL or Oracle. In this case, your DB instance works with Managed Microsoft AD to enable Kerberos authentication.
Amazon FSx for Windows file server
Organizations can reduce administrative overhead by using Amazon FSx fully managed file server service. FSx provides high level of reliability and scalability as a file storage service that is accessible over SMB. User quotas, end-user file restore, and Microsoft Active Directory (AD) integration is fully supported.
Managed Microsoft AD is the ideal Identity store for central AD user access
Leverage proven and time-tested AD security groups for controlled access
Control access to Windows Server with Remote Desktop or define file/folder permissions for NTFS file shares
Provide access to the growing list of AWS applications
You can use Managed Microsoft AD to provide SSO for cloud applications.
By using ADFS, you can SSO into Microsoft Office 365 and sync your users into AzureAD.
Through a two-way AD trust between your on-premise AD and Managed Microsoft AD, or by leveraging an AD connector you can SSO into various AWS services and business applications from your on-premise location.
Best practice: make sure users configure the email address attribute in AWS SSO
Resources
https://d1.awsstatic.com/events/reinvent/2019/Managing_user_permissions_at_scale_with_AWS_SSO_SEC308.pdf
https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-automatically.html
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/usecase4.html
Managed Microsoft AD is compatible with multiple AWS services.
AWS Services use Managed Microsoft AD as the central management Identity store.
Users and group access is controlled in Active Directory using familiar administrative tools like AD Computers and Users
NOTE: to better understand forest/domain trusts, review the following documentation from AWS and Microsoft.
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731335(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730798(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731404(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732859(v%3dws.10)
NOTE: to better understand forest/domain trusts, review the following documentation from AWS and Microsoft.
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731335(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730798(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731404(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732859(v%3dws.10)
NOTE: to better understand forest/domain trusts, review the following documentation from AWS and Microsoft.
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731335(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730798(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731404(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732859(v%3dws.10)
You can configure one-way and two-way external and forest trust relationships between your Managed Microsoft AD and on-premises directories. Managed Microsoft AD supports all three trust relationship directions: Incoming, Outgoing and Two-way (Bi-directional).
[CLICK] For example, the diagram shows a one-way outgoing trust which allows on-premise AD users access to AWS hosted resources.
[CLICK] This allows an on-premise AD user access to AWS-managed resources such as RDS for SQL Server.
[CLICK] Similarly, the same on-premise AD user can be part of an on-premise AD security group, which can be given access to AWS-managed resources.
NOTE: to better understand forest/domain trusts, review the following documentation from AWS and Microsoft.
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731335(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730798(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731404(v%3dws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732859(v%3dws.10)
The benefits of the trust model:
Native AD connectivity mechanism that is tried and true.
Does not replicate or transfer identify information across domains.
Administrators have control over who has access to which resources.
More secure since there are not as many network ports needed.
This solution is well-documented, helping organizations choose the right communication flow and security configurations.
When designing your domain trust, here are a few considerations.
Do you need a 1-way trust (incoming or outgoing) or 2-way (bi-directional) trust?
Most AWS-managed services work with a 1-way trust and it is the most restrictive of the two.
Amazon WorkSpaces, Amazon Chime, and Amazon QuickSight require a 2-way trust
Here are some best practices to secure your trusts.
Ensure to leave SID filter on to prevent malicious users who have domain or enterprise administrator level access in a trusted forest from gaining (to themselves or other user accounts in the forest) elevated user rights to a trusting forest.
Turn on selective authentication in your on-premise AD. This security setting adds more control over which groups of users in a trusted forest can access shared resources in a trusting forest.
Only permit the authentication ports when configuring AWS-to-On-Premises AD connectivity. These are TCP and UDP ports allowing access to services such as LDAP, LDAPS, DNS, Kerberos, SMB, and RPC.
More information below:
Selective auth: https://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx#w2k3tr_trust_security_zyzk
Trust ports: https://technet.microsoft.com/en-us/library/cc756944(v=ws.10).aspx
Authentication ports: https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
In this model, we have a single resource domain running in a single AWS region.
The on-premise AD is configured with a trust (one-way or two-way) to the Managed Microsoft AD either by an AWS Direct Connect or VPN. Applications that are AD aware run on EC2 instances (.NET applications, SharePoint, SQL Server, and Amazon EC2 Linux). Managed services such as RDS for SQL Server can be made accessible by on-premise AD users.
Let’s take a look at additional network design considerations.
AWS recommends that you create a DHCP options set for your Managed Microsoft AD or on-premise AD and assign the DHCP options set to the VPC that your directory is in. This allows any instances in that VPC to point to the specified domain and DNS servers to resolve their domain name.
Here we can see how hybrid customers can utilize DHCP options set to access an on-premise Active Directory.
[CLICK] A custom DHCP options set is created with the settings for the on-premise Active Directory DNS. This passes configuration information to the EC2 instances, assigning the AD DNS suffix and DNS server IP addresses as the name servers within the VPC via DHCP.
[CLICK] A custom DHCP options set can also be configured if the on-premise AD has been extended onto domain controllers running on EC2 instances running Windows Server. In this case, the custom DHCP options set is configured with the DNS server IP addresses of the EC2 instances rather than on-premise DNS server IP addresses.
File System Nativo do Windows que utiliza o protocolo SMB…Ou seja, com ele eu posso ter o armazenamento de arquivos compartilhado oferecido pelo Windows (NTFS) e que usam SMB.
FSx for Windows File Server supports up to 300 PB (65 TB per file system
Nao preciso gerenciar hardware e software como Windows Updates, Backups e Seguranca
Tenho a opcao de FSx para Lustre em HPC (high performance computing)
Pode ser configurado em SingleAZ, MultiAZ.
Storage de 32GB ate 64TB
Throughput de 8 megabytes por Segundo ate 2 gigabytes por Segundo
Posso utilizar o Managed AD ou AD Connector com meus DCs em EC2 ou onpremises como source of authority para identidade (lembrando grupo NTFS), volume shadow copy ;; quando eu crio um FSx, voce esta dando um join no seu AD
Janela de manutencao (autobackup) Backup armazenado noS3 e retencao (quanto tempo quero reter dados de 0-35 dias)
Data dedup que ajdua a reduzir o custo
Ele possui um caching de memoria para throughput adicional. Pensando em Windows, se eu estou pensando em capacidade de tput adicional, recomendacao é segmentar os dados em diferentes file systems
SSD e HD
Custo contabilizado por capacidade (tamanho do storage) interessante falar que eh o provisionado, nao o utilizado + throughput + backups
Posso acessar esses shares via Windows, Linux, MAcoS
Criptografia at rest e in transit
AWS monitora o hardware e faz o replace automatic se um componente falha
Cenarios
Cluster ativo passivo MS de Fileserver – migracao para FSx
FSR (2008) DFSR , Storage Replica, CAFS – migracao para FSx
Posso acessar o FSx para servers onprem utilizando VPN ou DirectConnect
CRM, ERP, aplicacao .net que utiliza File Server, diretorio compartilhado, analise de dados, media,conteudo web e existe ate cenario de utilizacao para o SQL por exemploem um Windows Server Failover Cluster em que cada node precisa de acesso para um storage ,nesse caso o FSx pode ser o storage parao SMB File Share Witness – queria ressaltar aqui que é um cenário pouco utilizado, existem clientes dos EUA fazendo isso mas eu esperaria o servico ficar maduro aqui em GRU para testar... Por exemplo perofmance troubleshooting do SQL fica um pouco dificil se o servico de FSx nao possui uma ferramenta Windows especifica para pegar IOPS..logicamente consigo usar CloudWatch
Home Directories: end-user shares, departmental data, information worker apps
Business Apps: Sharepoint, Dynamics, Exchange, CRM, ERP
Web Environments: IIS, .NET-based web apps
Data Analytics: business intelligence analytics, grid computing
Media and Entertainment workflows: transcoding, media streaming, video editing
Databases: Clustered databases needing shared file storage (SQL, Oracle)
No modelo de Multi-AZ, tenho um FSx em duas Azs
Entao o Windows file server é criado em duas availability zones e os dados sao replicados (synchoronous replica). Entao temos os clientes apontando para a ENI do AZ primario. Digamos que aconteca uma falha nesta AZ ou no servidor (clique 2x).
O que acontece é que as conexoes reconectam automaticamente em questao de segundos (geralmente abaixo de 30s) para o ENI da segunda AZ que possui os dados replicados. Quando o servidor volta ao ar, o fallback acontece automaticamente (clique).
Ou seja, temos aqui um modelo ativo/passivo em que os clientes estao usando o DNS name do share map. Um servidor cai e devido a esta confguracao nao tenho indisponibilidade de dados.
Se existir um problema com o storage, a AWS faz a troca deste storage e com a replica, ele fica atualizado.
O DFS Namespaces é uma função no Windows Server que permite agrupar pastas compartilhadas localizadas em servidores diferentes em um ou mais namespaces estruturados logicamente. Isso torna possível dar aos usuários uma visão virtual das pastas compartilhadas, onde um único caminho leva a arquivos localizados em vários servidores.
Sobre o HA de DFS-N, ele pode ser hospedado por um cluster de failover para aumentar a disponibilidade do namespace entao para isso adicionei o custo de mais 2EC2, Basicamente para este HA, você pode localizar o namespace em um servidor que também funciona como um nó em um cluster de failover se voce configurar o namespace para usar apenas recursos locais nesse servidor.
Entao duas máquinas parrudas aí por exemplo uma m5.xlarge com 4 vCPU, 16RAM em Sao Paulo custaria cada 4.3k dolares ou seja um custo total final de 114k, 130k dolares a menos por ano do que um único FSx para tudo. Eu chamo isso do custo da arquitetura certa.
This is a “decision matrix” to assist you in selecting appropriate service.
Before Just SA OUT 2019 Assurance any tipe of instance, after just dedicated host without SA
After just with SA
Let’s talk about the options available for running SQL Server on AWS
x1e.32xlarge 128 3,904
We have an exhaustive user-guide, here are some highlights
EC2 is supported with either bring your own software or pre-configured AMIs (virtual machines). The pre-configured options will not have as many versions or editions supported as a custom-built solution that you build yourself.
How many of you have struggled, either because of expense or just the technical challenges, in setting up a multi-site high availability option for your SQL Server instance?
With Amazon RDS for SQL Server it is a simple as checking a checkbox when you launch an Amazon RDS instance, to setup a multi-AZ SQL Server cluster, that leverages synchronous replication between to AZs using database mirroring.
If you need a different HA solution like AlwaysOn, or log shipping, then choose SQL Server on Amazon EC2 and manage that yourself.
Both platforms support storage encryption for all editions using KMS. And for those of you running enterprise edition, you can use transparent data encryption on both platforms.
If you need to install 3rd party tools or run specific database maintenance plans, then run SQL Server on Amazon EC2, otherwise we take care of all of that for you.
If you want to take advantage of automated software patching, then choose Amazon RDS for SQL Server otherwise you need to manage these tedious maintenance tasks yourself with SQL Server on Amazon EC2.
Ver o maxino de IOPS para RDS
Ver se tem em GRU
With storage autoscaling enabled, when Amazon RDS detects that you are running out of free database space it automatically scales up your storage. Amazon RDS starts a storage modification for an autoscaling-enabled DB instance when these factors apply:
Free available space is less than 10 percent of the allocated storage.
The low-storage condition lasts at least five minutes.
At least six hours have passed since the last storage modification.
The additional storage is in increments of whichever of the following is greater:
5 GiB
10 percent of currently allocated storage
Starting today, Amazon RDS for SQL Server supports joining DB instances to an AWS Managed Microsoft AD directory residing in a different AWS account or VPC. This makes it easier and cost-effective for you to deploy your directory-aware database workloads by reducing the manual configuration to domain join your DB instances and, the need to deploy directories in each account and VPC. Amazon RDS for SQL Server DB instances can now seamlessly join to a directory from any AWS account and any Amazon VPC within an AWS Region.
SSAS- Analisis Services
SSRS - Reporting Services
MSDTC- Microsoft Distributed Transaction Coordinator
SSIS – Integration Service
Amazon RDS for SQL Server expands support for Windows authentication using the AWS Managed Microsoft AD service in more AWS Regions. You can now use Windows authentication in these additional Regions: US West (N. California), South America (São Paulo), Asia Pacific (Mumbai), EU (Paris), and Asia Pacific (Hong Kong).
Verficar desde de quadno está disponível Multi Az
Amazon RDS supports Multi-AZ with Always On AGs for the following SQL Server versions and editions:
SQL Server 2017: Enterprise Edition 14.00.3049.1 or later
SQL Server 2016: Enterprise Edition 13.00.5216.0 or later
Amazon RDS supports Multi-AZ with DBM for the following SQL Server versions and editions, except for the versions of Enterprise Edition noted previously:
SQL Server 2017: Standard and Enterprise Editions
SQL Server 2016: Standard and Enterprise Editions
SQL Server 2014: Standard and Enterprise Editions
SQL Server 2012: Standard and Enterprise Editions
Instance types differ in:
Range of available memory
Range of available storage
Types of available storage (Instance Storage vs. EBS)
Number of CPUs
Amount of RAM
Many businesses have chosen SQL Server Enterprise Edition because of their HA requirements
Enterprise Edition could cost as much as 10x of Standard Edition
SQL Server 2016+ provide HA options for Standard Edition that previously used to be exclusive to Enterprise Edition
These features can potentially be leveraged to reduce costs
Replication
Merge replication adds the column rowguid to every table, unless the table already has a column of data type uniqueidentifier with the ROWGUIDCOL property set
If a transactional publication supports queued updating subscriptions, replication adds the column msrepl_tran_version to every table.
The NOT FOR REPLICATION option is specified by default for foreign key constraints and check constraints
Limit use of some statement, like Truncate Table
AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. You can use the service for backup and archiving, disaster recovery, cloud data processing, storage tiering, and migration. Your applications connect to the service through a virtual machine or hardware gateway appliance using standard storage protocols, such as NFS, SMB and iSCSI.
In this scenario, your SQL Serer backups would be stored in Storage Gateway, Volume Gateway, which exposes the storage from the Storage Gateway appliance via file shale. Once the backup files are in Storage Gateway, the service automatically copies the files and puts as objects in S3, which can then be downloaded and restored to SQL Server on EC2 or RDS for SQL Server.
AWS Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Customers today use Snowball to migrate analytics data, video libraries, image repositories, backups, and to archive part of data center shutdowns, tape replacement or application migration projects.
Cloud Migration
If you have large quantities of data you need to migrate into AWS – as part of an application server, file server, database, or backup/archive migration – AWS Snowball is often much faster and more cost-effective than transferring that data over the Internet.
Disaster Recovery
In the event that you need to quickly retrieve a large quantity of data stored in Amazon S3, AWS Snowball appliances can help retrieve the data much quicker than high-bandwidth Internet.
Datacenter Decommission
There are many steps involved to decommissioning a datacenter to ensure valuable data is not lost. AWS Snowball can help ensure that your data is securely and cost-effectively transferred to AWS during this process.
Content Distribution
Use AWS Snowball appliances if you regularly receive or need to share large amounts of data with clients, customers, or business associates. Appliances can be sent directly from AWS to client or customer locations.
Reliable
The AWS Database Migration Service is highly resilient and self–healing.
It continually monitors source and target databases, network connectivity, and the replication instance.
In case of interruption, it automatically restarts the process and continues the migration from where it was halted.
Initial Load is table-by-table
DMS RI need to be properly scaled for the amount of work
No other cloud platform offers flexible cost optimization choices for customers than AWS. We’ll dive into each option that best fits your needs.
Bring your own licenses
If you have already purchased Microsoft licenses, you can bring your own licenses (BYOL) to AWS. The BYOL approach allows you to capitalize on both your existing license investments and all the benefits of running Microsoft workloads on AWS. There are two ways to bring your licenses to AWS: by running your Windows workloads on Amazon EC2 Dedicated Infrastructure (EC2 Dedicated Hosts and EC2 Dedicated Instances), or by using Microsoft License Mobility through Software Assurance on shared or default tenant EC2. It is important to note that if you choose to bring your own licenses to AWS, you are responsible for ensuring you follow the stipulations of your licensing agreement with Microsoft. If you have questions about your licensing or rights to Microsoft software, please consult your legal team, Microsoft (including the Microsoft product terms), or your Microsoft reseller.
License Mobility through Software Assurance
If you have active Software Assurance for eligible Microsoft software, you can take advantage of your existing Microsoft license investments to move to shared or default tenant EC2. You can use AWS VM Import to bring virtual machine images from your on-premises environment to AWS, including both Microsoft software licenses and virtual machine configurations. Customers who wish to use license mobility can purchase Amazon EC2 instances with licensed Microsoft Windows Server pre-installed and bring existing licenses for products like Microsoft SQL Server, Microsoft SharePoint, and more.
Dedicated Options for licenses not eligible for License Mobility
Amazon EC2 Dedicated Hosts and EC2 Dedicated Instances give you access to hardware that's fully dedicated for your use. This allows you to use your own licensed Microsoft software, including Microsoft Windows Server, on dedicated infrastructure, even without Software Assurance. Amazon EC2 Dedicated Hosts and Dedicated Instances may also enable you to use an active MSDN subscription on AWS for development and testing.
Microsoft@amazon.com – for all licensing questions