Launching your first Microsoft workloads on AWS
•Download as PPTX, PDF•
0 likes•128 views
Únase a nuestros arquitectos de soluciones en este workshop de medio día para comenzar con las cargas de trabajo de Microsoft en AWS. En esta sesión de 4 horas, aprenderá cómo extender su Active Directory a AWS, cómo crear una base de datos administrada de SQL Server con RDS y cómo compartir archivos y carpetas a través de SMB.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Launching your first Microsoft workloads on AWS
Similar to Launching your first Microsoft workloads on AWS (20)
More from Amazon Web Services LATAM
More from Amazon Web Services LATAM (20)
Recently uploaded
Recently uploaded (20)
Launching your first Microsoft workloads on AWS
- 1. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Gaston Lyons, Solutions Architect Daniel Maldonado, Solutions Architect Abril, 2021 Lanzando tus primeras cargas de trabajo Microsoft en AWS
- 2. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. ¿Qué vamos a aprender hoy? • Cómo gestionar la identidad en AWS utilizando Directorio Activo • Cómo integrar mi dominio de Directorio Activo on-premises a AWS • Cómo crear y gerenciar sistemas de archivos compartidos en AWS • Cómo crear y gerenciar bases de datos SQL Server en AWS.
- 3. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. W I N D O W S E N AW S LA NUBE MÁS POPULAR, SEGURA, Y FIABLE PARA WINDOWS
- 4. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Windows en AWS A M P L I T U D Y P R O F U N C I D A D D E S E R V I C I O S C O N F I A B L E & S E G U R A M E J O R R E N D I M I E N TO M E N O R TC O I N N O VAC I Ó N Y E X P E R I E N C I A
- 5. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. https://zkresearch.com/blog/2018/11/comparing-sql-server-deployments-on-microsoft-azure-and-amazon-web-services 12 AÑOS INNOVANDO PARA NUESTROS CLIENTES Años de experiencia en migraciones 12+ Innovación y Experiencia .NET Core & PowerShell on AL2/Ubuntu Windows Deep Learning AMI .NET Core on Linux AMIs Lambda Support for PowerShell Core Amazon ECS for Windows Containers Amazon EKS for Windows Mono support on AL2 App Modernization AWS Tools for Windows PowerShell .NET SDK DynamoDB Accelerator SDK for .NET .NET on Lambda & AWS CodeBuild .NET Core 2.1 Support with Lambda & X-Ray X-Ray .NET SDK .NET Developer Hub AWS X-Ray .NET Core Support CloudWatch AppInsights for .NET and SQL .NET Developer Hub Joined .NET Foundation .NET SQL 2017 AMI AL2/Ubuntu SQL Server 2008 R2 Amazon RDS adds SQL Server SQL Server 2017 SQL Server 2012 SQL Server 2008 R2 SQL Server 2016 SQL Server 2008 Upgrade AWS Launch Wizard for SQL Server SQL Server 2019 on EC2 SQL Server AWS Directory Service Visual Studio Toolkit Microsoft SCOM plug-in release. Microsoft SharePoint 2016 (Marketplace) Microsoft SCVMM Plug-in SAP instance on AWS 2012 Trusted Advisor checks for Windows Hyper-V support in SMS Windows for Lightsail Application-consistent Snapshots through VSS Sessions Manager Dedicated Host Enhancement Tag-On EC2 Dedicated Hosts (BYOL) EC2 Run Command EC2 Systems Manager EC2 Dedicated Instances (BYOL) EC2 Windows on Bare Metal/Hyper-V AMI WS 2008 & SQL Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2016 Windows Server 1803 Windows Server 2003 Application migration using AWS SMS Active Directory Cross VPC Support AWS License Manager Amazon FSx for Windows File Server Azure to AWS Migration Support Windows Server & EC2 2008 2010 2012 2014 2016 2018 Today
- 6. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Entonces, ¿cómo comienzo?
- 7. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Gaston Lyons, Solutions Architect Abril, 2021 Directorio Activo en AWS
- 8. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. ¿Cómo desplegar Active Directory en AWS? Gestionado por AWS, AWS Cloud Gestionado manualmente, Amazon EC2 Gestionado manualmente, On-premises AWS Managed Microsoft AD
- 9. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. ¿Qué es AWS Managed Active Directory? Directorio Activo de Microsoft, integrado con otros servicios y aplicaciones en AWS. Facilidad de migrar cargas de trabajo dependientes de AD utilizando servicios gestionados. Proveer SSO y gestion de acceso sin sincronizar datos de identidad
- 10. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Beneficios de AWS Managed Microsoft AD Directorio Activo de Microsoft Basado en Windows Soporta relaciones de confianza Soporta póliticas de grupo Unión automática al dominio de EC2 Alta disponibilidad e instantaneas gestionadas Infraestructura completamente gestionada por AWS. Soporta multiples cuentas y regiones en AWS.
- 11. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Managed Microsoft AD: ¿Qué viene incluido? • Directorio Activo basado en Windows • Servicio gestionado, no compartido • Por defecto dos controladores de dominio (se pueden agregar más) • Replicación multi-región en la versión Enterprise • Provee administración delegada sobre objetos de directorio en sus OUs • Soporta herramientas de administración de AD estándares • Infraestructura de AD gestionada, incluyendo disponibilidad, parchado y copias de seguridad. • Integración directa con servicios de AWS AWS SSO, Amazon FSx for Windows File Server, Amazon Workspaces, Amazon RDS for: SQL Server, Oracle, PostgreSQL
- 12. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Casos de uso
- 13. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. #1: Amazon EC2 – Instancias Windows y Linux .NET Apps SharePoint Server SQL Server Always-On EC2 Amazon Linux • Gestión centralizada de instancias Windows y Linux en EC2 • Gestión centralizada de configuraciones con directivas de grupo • Gestión de Amazon Workspaces • Managing Amazon WorkSpaces • Utilización de credenciales de AD para autenticación • Administración de acceso de usuarios como en un dominio tradicional • Unión automatica de instancias EC2 • Se puede compartir entre multiples cuentas de AWS
- 14. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. #2: Servicios Gestionados de AWS • Gestión centralizada de servicios gestionados – Servidores de archivos y bases de datos. • Despliegue escalable entre multiples cuentas y VPCs. • Flexibilidad de uso entre identidades en AWS e identidades on- premises • Fácil integración con su directorio activo on-premises • Servicios soportados • Amazon RDS for SQL Server • Amazon FSx for Windows File Server Amazon RDS for SQL Server Amazon FSx
- 15. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. #3: Inicio de sesión único en AWS • Cree sus identidades una vez • Gestión centralizada de identidades • AD On-premises, AD en AWS EC2, AWS Managed Microsoft AD • AWS SSO, Okta, Ping Identity, OneLogin, Azure AD • Gestión centralizada de acceso a AWS • Interface a través de SAML: AWS Management Console, CLIv2, AWS mobile app • Acceso SSO a través de todas las regiones, cuentas y aplicaciones de negocio en AWS • Seguridad de inicio de sesión con 2FA • Authy, Google Authenticator • Aplicaciones nativas de AWS SSO integradas • Amazon SageMaker • AWS IoT Core • AWS Management Console AWS Management Console Amazon SageMaker AWS IoT Core
- 16. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. #4: Aplicaciones de AWS • Identidad centralizada • Uso de grupos de AD para control de acceso • Acceso a aplicaciones de AWS • Amazon Chime • Amazon WorkMail • Amazon Connect • Amazon Client VPN • Amazon QuickSight • Amazon WorkSpaces • Amazon AppStream 2.0 • Amazon WorkDocs Amazon WorkSpaces Amazon Chime Amazon Connect Amazon Client VPN Amazon AppStream 2.0 Amazon WorkMail Amazon WorkDocs Amazon QuickSight
- 17. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Laboratorio 1: Desplegando Managed AD
- 18. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Nuestra arquitectura después del Laboratorio 1
- 19. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Integrando Identidades On-premises Relaciones de confianza de Active Directory
- 20. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AD AD On-premises network VPC Trust Managed Microsoft AD DC johndoe-example.com Windows AD DC example.com Access Grupo de seguridad (permisos de acceso) Grupo de seguridad Trusting Trusted Cloud On-premises Entendiendo el modelo de confianza de Active Directory Relación de confianza Forest • No hay acceso por defecto a recursos de otro. • La relación de confianza se usa para leer objetos en el directorio.
- 21. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Beneficios del modelo de confianza • Conectividad nativa y provada. Las relaciones de confianza son el mecanismo native de integración entre AD. • No hay movimiento o transferencia de la información de identidad, se autentica contra los controladores de domiinio on-premises • Menor requisito de puertos abiertos comparados con alternativas • Flujos de comunicación y configuración de seguridad bien documentados
- 22. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Consideraciones: Relación de confianza? • Necesita una relación Do you need a unidireccional or bidireccional? • Una relación unidireccional soporta EC2 y RDS SQL Server. • Se requiere una relación bidireccional para aplicaciones empresariales de AWS: • Workspaces, Chime, QuickSight, etc.
- 23. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Asegurar relaciones de confianza • Deje SID filtering encendido (default). • On-premises: habilite selective authentication. • De on-premises a AWS: solo abra los puertos Trust. • De AWS a on-premises: solo permita los puertos de autenticación • No permitir que grupos en dominio en AWS accedan a recursos on-premises.
- 24. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Relación de confianza entre dominio on-premises y Managed AD VPN AWS Direct Connect Trust (one or two way) Corporate data center AD Domain controllers Domain: example.com Region 1 Availability Zone 1 AWS Managed Microsoft AD Availability Zone 2 Domain: johndoe-example.com
- 25. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Encontrando el directorio: Consideraciones de diseño de red Activar DHCP options set hacia su directorio, ya sea AWS Managed Microsoft AD o AD on-premise, y asignar las opciones necesarias para encontrar el dominio. • Ventajas: permite a cualquier instancia de EC2 comunicarse con el dominio y a los servidores DNS a resolver nombres de dominio. Es decir, no se requiere configurar el DNS manualmente en las intancias EC2. • Retos: No se puede compartir entre cuentas, cada VPC se debe configurar manualmente. AmazonVPC
- 26. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Ejemplo de opciones DHCP VPN AWS Direct Connect Corporate data center AD Domain controllers Domain: company.com Region 1 Availability Zone 1 Availability Zone 2 EC2 domain controller EC2 domain controller EC2 Windows instances (IIS, SQL, .NET) EC2 Windows instances (IIS, SQL, .NET) Extend on-premise AD DHCP Option Set (point to on- premise DNS) DHCP Option Set (point to EC2 DC) Query resource from EC2 Instance to on-premise AD: foo.company.com
- 27. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Laboratorio 2: Creando una instancia para administrar dominio on-premises
- 28. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Nuestra arquitectura hasta ahora
- 29. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Laboratorio 3: Creando una relación de confianza entre dominios
- 30. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Nuestra arquitectura hasta ahora
- 31. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. © 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Daniel Maldonado Sr. Solutions Architect, Microsoft Platform Archivos y Bases de datos SQL en AWS
- 32. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bases de datos y archivos en AWS Amazon FSx • Aumentando la resiliencia de sus File Servers • Utilizando File Servers en la nube con Escritorios Virtuales • Integrando diversos file servers sobre un único dominio • Integración transparente de la nube AWS con la infraestructura on-premises • Lab – Configuración de FSx Amazon RDS for SQL Server • RDS SQL vs. EC2 • Que hay en la Caja? • Arquitectura & Funcionalidades • Lab – Creación & Restauración de Snapshot
- 33. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FSX for Windows
- 34. Integrado con AWS Sistemas de archivos nativos de Windows totalmente administrados
- 35. “Totalmenteadministrado”significaquenonecesitamosmas… Administrar hardware Planear capacidad Adquirir hardware Configurar servidores de storage & volumes Detectar y resolver fallas de hardware Administrar backup (físico) Invertir en infra/CapEx Administrar software Instalar y configurar servidores de administración de software Aplicar & AdministrarWindows updates Administrar licenciamiento Administrar SW de backups Monitorear seguridad
- 36. AumentandolaresilienciadesusFileServers Availability Zone 1 Availability Zone 2 AWS Cloud On-premises network AWS Direct Connect or VPN Windows file server Windows file server
- 38. Integrandodiversosfileserverssobreunúnicodominio Con DFS Namespace, podemos utilizar diversos Amazon FSx para la estructura & jerarquía (data sharding). fs-0123456789.example.comSales fs-9876543210.example.comProjects fs-5678901234.example.comMarketing example.comcorp Sales Marketing Projects
- 39. EjemplodecostoAmazonFSxSãoPaulocon30%,sinbackup • 100TB SSD 128MB throughput en example.corp Multi-Az FSx = Total ~20.4k USD mes, ~244.8k USD año • 100TB en example.corpPrivate con diferentes FSx usando DFS Namespace: 20TB Sales SSD 128MB Throughput Multi-AZ (4.6k*12 = 55.200) 20TB Marketing SSD 32MB Throughput Single-AZ (2.3k*12 = 27.600) 30TB Marketing HDD 128MB Throughput Multi-AZ (1296*12 = 15.552) 30TB TI HDD 128MB Throughput Single-AZ (661*12 = 7.932) = Total ~106.284 año + 2x EC2 DFS en multi-az
- 40. IntegracióntransparentedanubeAWSconlainfraestructuraon- premises AWS Brasil São Paulo Storage Híbrido para las aplicaciones on-premises o AWS (.net/ERP/CRM) Ofrece compatibilidad para apps (SMB file locking, file leasing para local caching) Throughput & IOPS alto, habilitando acceso concurrente + data sharding para acceso “customizado” Throughput Customizable Benefícios Application Belo Horizonte Application Brasília Application RJ Application AWS Direct Connect ou VPN AWS Direct Connect ou VPN Application
- 41. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Laboratorio 4: Creando un sistema de archivos compartido
- 42. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Nuestra arquitectura hasta ahora
- 43. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon RDS for SQL
- 44. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon RDS for SQL Server SQL Server en Amazon EC2 Administrado por el Cliente Administrado por AWS Power, HVAC, net Instalación SO Parches SO Parches DBMS Respaldos Alta Disponibilidad Escalamiento Power, HVAC, net Instalación SO Parches SO Mantenimiento DBMS Parches DBMS Respaldos Alta Disponibilidad Escalamiento Considere RDS primero! Foco en: • Business value tasks • High-level tuning • Optimización de schema No es necesario tener experiencia in-house para administrar la base de datos Considere SQL Server en EC2 si: Necesario control total en: • DB instance & SO • Backups • Réplica • Clúster OpcionesdeImplementacióndeSQLenAWS Mantenimiento DBMS
- 45. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SQL Server EC2 vs. RDS EC2 RDS Licenciamiento Incluido BYOL Control total de instancia Backup automático Self-managedAlways-OnAvailabilityGroups / Failover Cluster Instance AWS-Managed Multi-AZ deployment Seguridad Integrada (MAD) Co-hosting componentes adicionales de SQL Server Auditable centralized engine parameter tuning Point in time restore Seguridad: Sin acceso directo a instancia o file system
- 46. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Escogiendo RDS vs. EC2 Amazon Relational Database Service (Amazon RDS) Amazon Elastic Compute Cloud (Amazon EC2) • Servicio Administrado, hasta 64 vCPU, 488-GB RAM, y 16-TB storage por instancia • Opciones: Express, WEB, Standard, e Enterprise Editions • Tipo de instancia varia con la edición • IO: Standard or Provisioned • IaaS, hasta 128 vCPU, 4-TB RAM, e 400-TB storage (hasta 448 vCPU, 12- TB RAM para High-memory instances) • Cualquier tipo de instancia • Diversas opciones de almacenamiento
- 47. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Funcionalidades 2012, 2014, 2016, 2017 Versiones Soportadas Ediciones High Availability Criptografia Autenticación Respaldos Mantenimiento Express, Web, Standard, Enterprise Todas** Todas** AWS-managed (Mirroring, Always-On AG) Encrypted Storage using AWS KMS (all editions); TDE Support (Enterprise edition) Self-managed (Always-On, FCI, Mirroring…) Windows (MAD) & SQL Authentication Respaldo Automático Administrado Maintenance Plans & 3rd PartyTools Patching de Software automático Self-managed Windows & SQL Authentication Amazon RDS Amazon EC2
- 48. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Funcionalidades - RDS • Change Data Capture (CDC) with Support for DMS • CDC con DMS para on-going replication. • Maximum IOPS: aumentamos! • Maximum IOPS de 32K para 64K • AlwaysOn Availability Groups (SQL Server 2016/17) • Agent Job Failure Events • +30 Databases por Instancia • Storage Auto Scaling • CrossVPC & Cross Account Domain Joins
- 49. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Funcionalidades - RDS • Z1D instance family - Launched! • In-Region Read Replicas - Launched! • Multifile Backups - Launched! • SSAS (tabular) - Launched! • Latest MinorVersions - Launched! • MSDTC - Launched! • SSRS - Launched! • Bulk insert en Instancias Multi-AZ - Launched! • SSIS - Launched!
- 50. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon RDS Multi-AZ SQL Server Availability Zone 1 Private Subnet Availability Zone 2 Private Subnet Synchronous Commit Automatic Failover AWS Region Amazon RDS Primary Amazon RDS Secondary
- 51. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tipos de Almacenamiento VolumeType General Purpose: GP2 Provisioned IOPS: PIOPS/IO1 Throughput Optimized: ST1 Cold HDD: SC1 Technology: SSD SSD Magnetic Magnetic Sizes: 1 GiB – 16TiB 4 GiB – 16TiB 500 GiB – 16TiB 500 GiB – 16TiB Max. IOPS: 10,000 @ 16KiB 64,000 @ 16KiB 500 @ 1MiB 250 @ 1MiB Max.Throughput: 160 MiB/sec 1,000 MiB/sec 500 MiB/sec 250 MiB/sec Max. IOPS/Instance 80,000 80,000 80,000 80,000 Max.Throughput /Instance 1,750 MiB/s 1,750 MiB/s 1,750 MiB/s 1,750 MiB/s Properties: 3 IOPS/GB, burstable up to 3000 IOPS for max 1TiB volumes Consistent provisioned performance, up to 50 IOPS/GB Optimized for throughput, and sequential read/write workloads, baseline perTiB throughput, with burst capability
- 52. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dimensionamiento Correcto Current Instance Families and Generation Family/Usage M5, M4 General Purpose Compute T3,T2 Burstable Performance C5, C4 Compute Optimized P3, P2, G3, F1 Accelerated Computing X1, X1E, R5, R4, R3 Memory Optimized I3, M5D, C5D, R5D Storage Optimized (I/O) D2 Storage Optimized (Density)
- 53. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enterprise vs. Standard Edition AO AG Basic AG Always On Failover Cluster Instances (FCI) Clusterless Availability Group Domain Independent Availability Group Log shipping Multiple Secondary Replicas Read Access to Secondary Replica Backup from Secondary Replica Multiple Databases in Availability Group Page integrity checks on secondary replicas Participation in Distributed Availability Group
- 54. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Opciones de Migración de DB • Extender Availability Group a la Nube • SQL Server Backup/Restore • AWS Database Migration Service (DMS) • SQL Server Replication* • Scripting DB and Data* • SQL Server Mirroring (must be the same version)
- 55. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SQL Server Backup/Restore (log shipping) SQL Server (native SQL agent) Domain controller Share (SMB) Backup bucket Corporate data center On-Premises AWS Cloud Amazon EC2 SQL Server Internet VPN/DX AWS Storage Gateway Local cache
- 56. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud Migration MS SQL instance SQL Server Backup/Restore Amazon S3 Amazon S3 Glacier SQL Server AWS Cloud AWS Cloud
- 57. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Database Migration Service AWS Database Migration Service (AWS DMS) AWS Database Migration Service le ayuda a migrar sus bases de datos SQL a AWS de manera segura y confiable. La base de datos origen se mantiene operando durante la migración, minimizando la interrupción de las aplicaciones que utilizan la base de datos. Inicia tu primera migración en 10 minutos o menos.
- 58. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mantenga sus aplicaciones corriendo durante la migración Customer premises Application users AWS VPN, Direct Connect o Start DMS replication instance o Connect to source and target databases o Select tables, schemas, or databases LetAWS DMS create tables, load data, and keep them in sync DMS Replication Instance
- 59. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Application users AWS o Start DMS replication instance o Connect to source and target databases o Select tables, schemas, or databases Let AWS DMS create tables, load data, and keep them in sync Switch applications over to the target at your convenience Dismantle migration infrastructure Mantenga sus aplicaciones corriendo durante la migración
- 60. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Opciones de Licenciamiento Flexibles 1. Flexible pay-as- you-go licensing choices (RDS and AWS AMI) 2. Bring your license mobility benefits to AWS 3. Bring your legacy licenses to AWS without paying software assurance Productos elegibles con License Mobility y Software Assurance Hosts Dedicados para opciones no elegibles con License Mobility Opciones de licenciamiento en AWS Licencia Incluida BYOL Use RDS Rente licencia de AWS (Windows Server, SQL Server)
- 61. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Laboratorio 4: Creando un base de datos SQL Server
- 62. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Nuestra arquitectura hasta ahora
- 63. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Laboratorio 5: Gestionando RDS y FSx
- 64. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Hoy aprendimos a… • Utilizar Managed AD para tener un dominio completamente gestionado en AWS. • Integración de identidad entre el dominio on-premises y el dominio gestionado en AWS • Ventajas de utilizar servicios gestionados para sistemas de archivos y bases de datos en AWS • Como configurar y gerenciar estos servicios gestionados.
- 65. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions Answers
- 66. © 2021, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Gracias! Por favor recuerde llenar la encuesta al salir
Editor's Notes
- Customers have been running Windows workloads on AWS for over a decade. We run nearly 2x more Windows Server instances than the next largest cloud provider, according to an IDC report. Our experience running Windows applications has earned our customers’ trust and the number of AWS enterprise customers using Amazon EC2 for Windows Server has grown 5x since 2015. You can select from a number of Windows Server versions including the latest version, Windows Server 2019. In addition, AWS supports everything you need to build and run Windows applications including Active Directory, .NET, System Center, Microsoft SQL Server, Visual Studio and Windows desktop-as-a-service. AWS also has the first and only fully managed native-Windows file system available in the cloud with Amazon FSx for Windows File Server and is the only cloud provider to provide production support for Kubernetes on Windows.
- Here are the key reasons why AWS is the best cloud to run Microsoft workloads: 1. Breadth and Depth of Service: AWS supports the full Windows stack, including Active Directory, .NET, SQL Server, and Visual Studio. We offer unique capabilities such as FSx for Windows File Server and Managed Active Directory. We are also the only cloud to provide a cloud-like Dedicated Host experience! 2. Reliability: With over 2x as many regions with multiple availability zones, AWS had 7x less downtime hours compared to Azure in 2018 and 2019! 3. Performance: AWS’ extensive compute selection, coupled with the best-in-class storage and networking features, allow us to deliver nearly 2x better performance, and up to 40% better price-performance for running SQL Server on AWS, over Azure! 4. Lower Total Cost of Ownership (TCO): Research firm, International Data Corp. (IDC), estimates that customers will realize an average return on investment of 442% over five years, when they bring their Windows workloads to AWS. Customers can bring their existing licenses to AWS, and save even more with Savings Plans and EC2 Spot Instances. Optimization and Licensing Assessments help provide AWS right-sized recommendations based on the customers’ on-premises utilization and Microsoft license consumption. Business Value of Efficiently Running High-Performing Windows Workloads in the AWS Cloud 5. Migration experience: Our unmatched migration experience has helped thousands of organizations, such as Hess, Ancestry, and Expedia easily migrate and modernize their Windows workloads on AWS. AWS has been running Windows for over 11 years, longer than Azure has existed, and we host nearly 2x more Windows Server Instances than Azure. Our programs, such as MAP and re:Think for Windows, have helped our customers reduce the risk and cost of moving to AWS. We are also offering a new Windows variant for MAP starting April 1st.
- AWS has over a decade of unmatched experience, helping thousands of organizations, including global enterprises such as Sysco, Hess, Sony DADC, Ancestry and Expedia migrate and modernize their Windows workloads on AWS. AWS has translated this experience in our new Migration Acceleration Program (MAP) for Windows, which is based on our proven MAP methodology of best practices that is recognized by IDC** as the most extensive library of cases covering thousands of successful migrations. MAP for Windows also helps customers modernize their Windows, SQL, and .NET workloads on cloud native, Linux, and open source solutions.
- Traditional enterprise customers host their Active Directory (AD) environments in their datacenter. When moving to the AWS cloud, many customers choose to extend their on-premise AD environments with self-managed Amazon EC2 instances running Windows Server. While this solution offers the flexibility and high availability of the AWS cloud, customers still have to maintain the domain controllers, patch the domain controllers, develop complex backup and restore procedures, and build appropriate safe-guards. Customers have asked for an easier way to address all of this and leverage existing and proven administrative tools to manage their AD objects. [CLICK] This is where AWS Managed Microsoft AD comes in. With Managed Microsoft AD, customers can launch an AWS-managed directory in the cloud, leveraging the scalability and high-availability of an enterprise directory service while adding seamless integration into other AWS services. In addition, customers and administrators alike can access their Managed Microsoft AD using existing administrative tools and techniques!
- Core benefits of using the service: Easily migrate your directory dependent workloads by leveraging a managed service. Provide single sign-on (SSO) and manage access to your AWS services and applications without syncing identity data. Use actual Microsoft Active Directory that’s integrated with other AWS services and applications.
- Use standard Active Directory administrative tools and take advantage of built-in Active Directory features such as 1-way and 2-way domain trusts and Group Policy objects. Amazon EC2 instances running Windows Server can seamlessly join a Managed Microsoft AD. By sharing your Managed Microsoft AD directory, customers can perform seamless domain joins from multiple accounts and VPCs. Managed Microsoft AD is highly available and can be used with your on-premise Active Directory over a VPN or AWS Direct Connect. Managed Microsoft AD can easily be shared with multiple accounts with AWS Organizations or manually. Single AD domains running in Enterprise Edition can be deployed to multiple regions With daily snapshots, your Managed Microsoft AD is backed up automatically and enables easy restore.
- When you launch an Managed Microsoft AD, you get actual Microsoft Active Directory running on Windows Server 2012 R2. (Note: Microsoft Windows Server 2012 R2 has an extended support date of 10/10/2023.) You get two domain controllers with the option of launching additional domain controllers as needed. Managed Microsoft AD provides a delegated directory administrator account with the user name Admin and a password your specify, with authority over an Organizational Units (OU) created by AWS. And because Managed Microsoft AD is running actual Microsoft AD, you can leverage standard AD management tools to administer your AD users, computers, and groups. All of this while leveraging the AWS cloud to manage the infrastructure, maintenance/patching, and backups of your directory. As of December 2020, customers can replicate Managed Microsoft AD Enterprise Edition to multiple regions. This configuration is fast and easy and eliminates the undifferentiated heavy lifting required to manage multiple domain controllers in different regions. Multi-region replication allows customers to scale a single directory easily, improve local performance of EC2 instances or RDS for SQL Server, and add resiliency to their Managed Microsoft AD. Finally, Managed Microsoft AD seamlessly integrates with many AWS services. Run highly-available and scalable directory-aware workloads, provide users and groups access to resources with AWS SSO, or launch Amazon FSx for Windows File Server, Amazon RDS for SQL Server, or an Amazon WorkSpaces within minutes. Limitations: Default limit of 20 directories 5 manual snapshots Max of 20 domain controllers per directory 5 max number of registered CA per directory ** It is possible to request a limit increase via support case Resources: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_limits.html
- With Managed Microsoft AD, you can manage EC2 instances running Windows Server and Linux. Deploy group policy objects for consistency of configuration, scripts, security settings, etc. Delegate administrative access on the AWS created organizational unit to admins. Assign Active Directory users to security groups and to control access to AWS resources (via RBAC or ABAC). For example: remote desktop access, file or folder permissions, application access, administrative access.
- Amazon RDS for SQL Server Administrators can take advantage of SSO or active directory authentication for Amazon RDS databases. Enable access to Amazon RDS databases on different VPCs. Because the DB instance is joined to the Managed Microsoft AD domain, you can provision SQL Server logins and users. You can use the console, AWS CLI, or the Amazon RDS API to manage your DB instance and its relationship with your domain. Amazon RDS for PostgreSQL and Amazon RDS for Oracle Use Kerberos authentication to authenticate users when they connect to your DB instance running PostgreSQL or Oracle. In this case, your DB instance works with Managed Microsoft AD to enable Kerberos authentication. Amazon FSx for Windows file server Organizations can reduce administrative overhead by using Amazon FSx fully managed file server service. FSx provides high level of reliability and scalability as a file storage service that is accessible over SMB. User quotas, end-user file restore, and Microsoft Active Directory (AD) integration is fully supported.
- Managed Microsoft AD is the ideal Identity store for central AD user access Leverage proven and time-tested AD security groups for controlled access Control access to Windows Server with Remote Desktop or define file/folder permissions for NTFS file shares Provide access to the growing list of AWS applications You can use Managed Microsoft AD to provide SSO for cloud applications. By using ADFS, you can SSO into Microsoft Office 365 and sync your users into AzureAD. Through a two-way AD trust between your on-premise AD and Managed Microsoft AD, or by leveraging an AD connector you can SSO into various AWS services and business applications from your on-premise location. Best practice: make sure users configure the email address attribute in AWS SSO Resources https://d1.awsstatic.com/events/reinvent/2019/Managing_user_permissions_at_scale_with_AWS_SSO_SEC308.pdf https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-automatically.html https://docs.aws.amazon.com/directoryservice/latest/admin-guide/usecase4.html
- Managed Microsoft AD is compatible with multiple AWS services. AWS Services use Managed Microsoft AD as the central management Identity store. Users and group access is controlled in Active Directory using familiar administrative tools like AD Computers and Users
- NOTE: to better understand forest/domain trusts, review the following documentation from AWS and Microsoft. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731335(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730798(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731404(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732859(v%3dws.10)
- NOTE: to better understand forest/domain trusts, review the following documentation from AWS and Microsoft. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731335(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730798(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731404(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732859(v%3dws.10)
- NOTE: to better understand forest/domain trusts, review the following documentation from AWS and Microsoft. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731335(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730798(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731404(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732859(v%3dws.10)
- You can configure one-way and two-way external and forest trust relationships between your Managed Microsoft AD and on-premises directories. Managed Microsoft AD supports all three trust relationship directions: Incoming, Outgoing and Two-way (Bi-directional). [CLICK] For example, the diagram shows a one-way outgoing trust which allows on-premise AD users access to AWS hosted resources. [CLICK] This allows an on-premise AD user access to AWS-managed resources such as RDS for SQL Server. [CLICK] Similarly, the same on-premise AD user can be part of an on-premise AD security group, which can be given access to AWS-managed resources. NOTE: to better understand forest/domain trusts, review the following documentation from AWS and Microsoft. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731335(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730798(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731404(v%3dws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732859(v%3dws.10)
- The benefits of the trust model: Native AD connectivity mechanism that is tried and true. Does not replicate or transfer identify information across domains. Administrators have control over who has access to which resources. More secure since there are not as many network ports needed. This solution is well-documented, helping organizations choose the right communication flow and security configurations.
- When designing your domain trust, here are a few considerations. Do you need a 1-way trust (incoming or outgoing) or 2-way (bi-directional) trust? Most AWS-managed services work with a 1-way trust and it is the most restrictive of the two. Amazon WorkSpaces, Amazon Chime, and Amazon QuickSight require a 2-way trust
- Here are some best practices to secure your trusts. Ensure to leave SID filter on to prevent malicious users who have domain or enterprise administrator level access in a trusted forest from gaining (to themselves or other user accounts in the forest) elevated user rights to a trusting forest. Turn on selective authentication in your on-premise AD. This security setting adds more control over which groups of users in a trusted forest can access shared resources in a trusting forest. Only permit the authentication ports when configuring AWS-to-On-Premises AD connectivity. These are TCP and UDP ports allowing access to services such as LDAP, LDAPS, DNS, Kerberos, SMB, and RPC. More information below: Selective auth: https://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx#w2k3tr_trust_security_zyzk Trust ports: https://technet.microsoft.com/en-us/library/cc756944(v=ws.10).aspx Authentication ports: https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
- In this model, we have a single resource domain running in a single AWS region. The on-premise AD is configured with a trust (one-way or two-way) to the Managed Microsoft AD either by an AWS Direct Connect or VPN. Applications that are AD aware run on EC2 instances (.NET applications, SharePoint, SQL Server, and Amazon EC2 Linux). Managed services such as RDS for SQL Server can be made accessible by on-premise AD users.
- Let’s take a look at additional network design considerations. AWS recommends that you create a DHCP options set for your Managed Microsoft AD or on-premise AD and assign the DHCP options set to the VPC that your directory is in. This allows any instances in that VPC to point to the specified domain and DNS servers to resolve their domain name.
- Here we can see how hybrid customers can utilize DHCP options set to access an on-premise Active Directory. [CLICK] A custom DHCP options set is created with the settings for the on-premise Active Directory DNS. This passes configuration information to the EC2 instances, assigning the AD DNS suffix and DNS server IP addresses as the name servers within the VPC via DHCP. [CLICK] A custom DHCP options set can also be configured if the on-premise AD has been extended onto domain controllers running on EC2 instances running Windows Server. In this case, the custom DHCP options set is configured with the DNS server IP addresses of the EC2 instances rather than on-premise DNS server IP addresses.
- File System Nativo do Windows que utiliza o protocolo SMB…Ou seja, com ele eu posso ter o armazenamento de arquivos compartilhado oferecido pelo Windows (NTFS) e que usam SMB. FSx for Windows File Server supports up to 300 PB (65 TB per file system Nao preciso gerenciar hardware e software como Windows Updates, Backups e Seguranca Tenho a opcao de FSx para Lustre em HPC (high performance computing) Pode ser configurado em SingleAZ, MultiAZ. Storage de 32GB ate 64TB Throughput de 8 megabytes por Segundo ate 2 gigabytes por Segundo Posso utilizar o Managed AD ou AD Connector com meus DCs em EC2 ou onpremises como source of authority para identidade (lembrando grupo NTFS), volume shadow copy ;; quando eu crio um FSx, voce esta dando um join no seu AD Janela de manutencao (autobackup) Backup armazenado noS3 e retencao (quanto tempo quero reter dados de 0-35 dias) Data dedup que ajdua a reduzir o custo Ele possui um caching de memoria para throughput adicional. Pensando em Windows, se eu estou pensando em capacidade de tput adicional, recomendacao é segmentar os dados em diferentes file systems SSD e HD Custo contabilizado por capacidade (tamanho do storage) interessante falar que eh o provisionado, nao o utilizado + throughput + backups Posso acessar esses shares via Windows, Linux, MAcoS Criptografia at rest e in transit AWS monitora o hardware e faz o replace automatic se um componente falha Cenarios Cluster ativo passivo MS de Fileserver – migracao para FSx FSR (2008) DFSR , Storage Replica, CAFS – migracao para FSx Posso acessar o FSx para servers onprem utilizando VPN ou DirectConnect CRM, ERP, aplicacao .net que utiliza File Server, diretorio compartilhado, analise de dados, media,conteudo web e existe ate cenario de utilizacao para o SQL por exemploem um Windows Server Failover Cluster em que cada node precisa de acesso para um storage ,nesse caso o FSx pode ser o storage parao SMB File Share Witness – queria ressaltar aqui que é um cenário pouco utilizado, existem clientes dos EUA fazendo isso mas eu esperaria o servico ficar maduro aqui em GRU para testar... Por exemplo perofmance troubleshooting do SQL fica um pouco dificil se o servico de FSx nao possui uma ferramenta Windows especifica para pegar IOPS..logicamente consigo usar CloudWatch Home Directories: end-user shares, departmental data, information worker apps Business Apps: Sharepoint, Dynamics, Exchange, CRM, ERP Web Environments: IIS, .NET-based web apps Data Analytics: business intelligence analytics, grid computing Media and Entertainment workflows: transcoding, media streaming, video editing Databases: Clustered databases needing shared file storage (SQL, Oracle)
- No modelo de Multi-AZ, tenho um FSx em duas Azs Entao o Windows file server é criado em duas availability zones e os dados sao replicados (synchoronous replica). Entao temos os clientes apontando para a ENI do AZ primario. Digamos que aconteca uma falha nesta AZ ou no servidor (clique 2x). O que acontece é que as conexoes reconectam automaticamente em questao de segundos (geralmente abaixo de 30s) para o ENI da segunda AZ que possui os dados replicados. Quando o servidor volta ao ar, o fallback acontece automaticamente (clique). Ou seja, temos aqui um modelo ativo/passivo em que os clientes estao usando o DNS name do share map. Um servidor cai e devido a esta confguracao nao tenho indisponibilidade de dados. Se existir um problema com o storage, a AWS faz a troca deste storage e com a replica, ele fica atualizado.
- O DFS Namespaces é uma função no Windows Server que permite agrupar pastas compartilhadas localizadas em servidores diferentes em um ou mais namespaces estruturados logicamente. Isso torna possível dar aos usuários uma visão virtual das pastas compartilhadas, onde um único caminho leva a arquivos localizados em vários servidores.
- Sobre o HA de DFS-N, ele pode ser hospedado por um cluster de failover para aumentar a disponibilidade do namespace entao para isso adicionei o custo de mais 2EC2, Basicamente para este HA, você pode localizar o namespace em um servidor que também funciona como um nó em um cluster de failover se voce configurar o namespace para usar apenas recursos locais nesse servidor. Entao duas máquinas parrudas aí por exemplo uma m5.xlarge com 4 vCPU, 16RAM em Sao Paulo custaria cada 4.3k dolares ou seja um custo total final de 114k, 130k dolares a menos por ano do que um único FSx para tudo. Eu chamo isso do custo da arquitetura certa.
- This is a “decision matrix” to assist you in selecting appropriate service. Before Just SA OUT 2019 Assurance any tipe of instance, after just dedicated host without SA After just with SA
- Let’s talk about the options available for running SQL Server on AWS x1e.32xlarge 128 3,904
- We have an exhaustive user-guide, here are some highlights EC2 is supported with either bring your own software or pre-configured AMIs (virtual machines). The pre-configured options will not have as many versions or editions supported as a custom-built solution that you build yourself. How many of you have struggled, either because of expense or just the technical challenges, in setting up a multi-site high availability option for your SQL Server instance? With Amazon RDS for SQL Server it is a simple as checking a checkbox when you launch an Amazon RDS instance, to setup a multi-AZ SQL Server cluster, that leverages synchronous replication between to AZs using database mirroring. If you need a different HA solution like AlwaysOn, or log shipping, then choose SQL Server on Amazon EC2 and manage that yourself. Both platforms support storage encryption for all editions using KMS. And for those of you running enterprise edition, you can use transparent data encryption on both platforms. If you need to install 3rd party tools or run specific database maintenance plans, then run SQL Server on Amazon EC2, otherwise we take care of all of that for you. If you want to take advantage of automated software patching, then choose Amazon RDS for SQL Server otherwise you need to manage these tedious maintenance tasks yourself with SQL Server on Amazon EC2.
- Ver o maxino de IOPS para RDS Ver se tem em GRU With storage autoscaling enabled, when Amazon RDS detects that you are running out of free database space it automatically scales up your storage. Amazon RDS starts a storage modification for an autoscaling-enabled DB instance when these factors apply: Free available space is less than 10 percent of the allocated storage. The low-storage condition lasts at least five minutes. At least six hours have passed since the last storage modification. The additional storage is in increments of whichever of the following is greater: 5 GiB 10 percent of currently allocated storage Starting today, Amazon RDS for SQL Server supports joining DB instances to an AWS Managed Microsoft AD directory residing in a different AWS account or VPC. This makes it easier and cost-effective for you to deploy your directory-aware database workloads by reducing the manual configuration to domain join your DB instances and, the need to deploy directories in each account and VPC. Amazon RDS for SQL Server DB instances can now seamlessly join to a directory from any AWS account and any Amazon VPC within an AWS Region.
- SSAS- Analisis Services SSRS - Reporting Services MSDTC- Microsoft Distributed Transaction Coordinator SSIS – Integration Service Amazon RDS for SQL Server expands support for Windows authentication using the AWS Managed Microsoft AD service in more AWS Regions. You can now use Windows authentication in these additional Regions: US West (N. California), South America (São Paulo), Asia Pacific (Mumbai), EU (Paris), and Asia Pacific (Hong Kong).
- Verficar desde de quadno está disponível Multi Az Amazon RDS supports Multi-AZ with Always On AGs for the following SQL Server versions and editions: SQL Server 2017: Enterprise Edition 14.00.3049.1 or later SQL Server 2016: Enterprise Edition 13.00.5216.0 or later Amazon RDS supports Multi-AZ with DBM for the following SQL Server versions and editions, except for the versions of Enterprise Edition noted previously: SQL Server 2017: Standard and Enterprise Editions SQL Server 2016: Standard and Enterprise Editions SQL Server 2014: Standard and Enterprise Editions SQL Server 2012: Standard and Enterprise Editions
- Instance types differ in: Range of available memory Range of available storage Types of available storage (Instance Storage vs. EBS) Number of CPUs Amount of RAM
- Many businesses have chosen SQL Server Enterprise Edition because of their HA requirements Enterprise Edition could cost as much as 10x of Standard Edition SQL Server 2016+ provide HA options for Standard Edition that previously used to be exclusive to Enterprise Edition These features can potentially be leveraged to reduce costs
- Replication Merge replication adds the column rowguid to every table, unless the table already has a column of data type uniqueidentifier with the ROWGUIDCOL property set If a transactional publication supports queued updating subscriptions, replication adds the column msrepl_tran_version to every table. The NOT FOR REPLICATION option is specified by default for foreign key constraints and check constraints Limit use of some statement, like Truncate Table
- AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. You can use the service for backup and archiving, disaster recovery, cloud data processing, storage tiering, and migration. Your applications connect to the service through a virtual machine or hardware gateway appliance using standard storage protocols, such as NFS, SMB and iSCSI. In this scenario, your SQL Serer backups would be stored in Storage Gateway, Volume Gateway, which exposes the storage from the Storage Gateway appliance via file shale. Once the backup files are in Storage Gateway, the service automatically copies the files and puts as objects in S3, which can then be downloaded and restored to SQL Server on EC2 or RDS for SQL Server.
- AWS Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Customers today use Snowball to migrate analytics data, video libraries, image repositories, backups, and to archive part of data center shutdowns, tape replacement or application migration projects. Cloud Migration If you have large quantities of data you need to migrate into AWS – as part of an application server, file server, database, or backup/archive migration – AWS Snowball is often much faster and more cost-effective than transferring that data over the Internet. Disaster Recovery In the event that you need to quickly retrieve a large quantity of data stored in Amazon S3, AWS Snowball appliances can help retrieve the data much quicker than high-bandwidth Internet. Datacenter Decommission There are many steps involved to decommissioning a datacenter to ensure valuable data is not lost. AWS Snowball can help ensure that your data is securely and cost-effectively transferred to AWS during this process. Content Distribution Use AWS Snowball appliances if you regularly receive or need to share large amounts of data with clients, customers, or business associates. Appliances can be sent directly from AWS to client or customer locations.
- Reliable The AWS Database Migration Service is highly resilient and self–healing. It continually monitors source and target databases, network connectivity, and the replication instance. In case of interruption, it automatically restarts the process and continues the migration from where it was halted.
- Initial Load is table-by-table DMS RI need to be properly scaled for the amount of work
- No other cloud platform offers flexible cost optimization choices for customers than AWS. We’ll dive into each option that best fits your needs. Bring your own licenses If you have already purchased Microsoft licenses, you can bring your own licenses (BYOL) to AWS. The BYOL approach allows you to capitalize on both your existing license investments and all the benefits of running Microsoft workloads on AWS. There are two ways to bring your licenses to AWS: by running your Windows workloads on Amazon EC2 Dedicated Infrastructure (EC2 Dedicated Hosts and EC2 Dedicated Instances), or by using Microsoft License Mobility through Software Assurance on shared or default tenant EC2. It is important to note that if you choose to bring your own licenses to AWS, you are responsible for ensuring you follow the stipulations of your licensing agreement with Microsoft. If you have questions about your licensing or rights to Microsoft software, please consult your legal team, Microsoft (including the Microsoft product terms), or your Microsoft reseller. License Mobility through Software Assurance If you have active Software Assurance for eligible Microsoft software, you can take advantage of your existing Microsoft license investments to move to shared or default tenant EC2. You can use AWS VM Import to bring virtual machine images from your on-premises environment to AWS, including both Microsoft software licenses and virtual machine configurations. Customers who wish to use license mobility can purchase Amazon EC2 instances with licensed Microsoft Windows Server pre-installed and bring existing licenses for products like Microsoft SQL Server, Microsoft SharePoint, and more. Dedicated Options for licenses not eligible for License Mobility Amazon EC2 Dedicated Hosts and EC2 Dedicated Instances give you access to hardware that's fully dedicated for your use. This allows you to use your own licensed Microsoft software, including Microsoft Windows Server, on dedicated infrastructure, even without Software Assurance. Amazon EC2 Dedicated Hosts and Dedicated Instances may also enable you to use an active MSDN subscription on AWS for development and testing. Microsoft@amazon.com – for all licensing questions
- Thank you and happy cloud computing!