Learn how to architect fully available and scalable Microsoft solutions and environments in AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, and introduce DevOps concepts, such as compliance, governance, automation, and repeatability. Also, plan authentication and authorization, and explore various hybrid scenarios with other cloud environment and on-premise solutions/infrastructure. Learn about common architecture patterns for network design, Active Directory, and business productivity solutions like Dynamics AX, CRM, and SharePoint, also common scenarios for custom .NET, .NET Core with SQL deployments and migrations.
6. Private subnetPrivate subnet
Availability Zone 2
Corporate Network
San Francisco
DC1
VPN / Direct
Connect
Availability Zone 1
DC3
Cost 10
Existing Active Directory domain extended to AWS; new
Active Directory sites configured in each AZ; domain
controllers on Amazon Elastic Compute Cloud (Amazon
EC2) Windows servers; site-link costs correctly configured;
and “try next closest site” configured
DC4
AD Domain: abc.com
AD Replication
AD Site: AwsEastAZ1
AD Domain: abc.com
AD Site: AwsEastAZ2
Cost 50
New York
AD Domain: abc.com
AD Site: SanFran
DC2
AD Domain: abc.com
AD Site: NewYork
Active Directory Pattern: Extending Active Directory Domain
to AWS
7. Private subnetPrivate subnet
Availability Zone 2
Corporate Network
Availability Zone 1
Federated
Trust
Corporate Network
San Francisco
DC1
Cost 50
New York
AD Domain: abc.com
AD Site: SanFran
DC2
AD Domain: abc.com
AD Site: NewYork
Internet
ADFS2
ADFS1
AD Domain:
abc.aws.com
Identities mastered on premises; Federated
Trust (AD FS) configured between on-premises
Active Directory and domain controllers running
on Amazon EC2 Windows servers
DC3DC1 or
ADFS
1
AD Domain:
abc.aws.com
DC3DC2 or
ADFS
2
Active Directory Pattern: Federated Trust
8. Private subnetPrivate subnet
Availability Zone 2
Corporate Network
San Francisco
DC1
VPN / Direct
Connect
Availability Zone 1
DC3
Identities mastered on premises; Forest Trusts
configured between on-premises Active Directory
and AWS Directory Service for managed Active
Directory
DC4
AD Domain:
abc.aws.com
AD
Authentication
AD Domain: abc.aws.com
Cost 50
New York
AD Domain: abc.com
AD Site: SanFran
DC2
AD Domain: abc.com
AD Site: NewYork
AD Trust
DC1 or DC3DC2 or
Active Directory Pattern: Forest Trusts
10. Configuration
• Add two containers to AWS
Microsoft Active Directory for
use by AD FS
• Install AD FS
• Integrate AD FS with Azure
Active Directory
• Synchronize users from AWS
Microsoft Active Directory to
Azure Active Directory with
Azure AD Connect
• Sign in to Office 365 by using
your Microsoft Active Directory
identities
11. Options for Deploying SQL Server on AWS
Amazon RDS for SQL Server SQL Server on Amazon EC2
Customer-managedAWS-managed
Power, HVAC, net
OS Install/Maintenance
OS Patching
DBMS Install/Maintenance
DBMS Patching
Database Backups
High Availability
Scaling
Power, HVAC, net
OS Install/Maintenance
OS Patching
DBMS Install/Maintenance
DBMS Patching
Database Backups
High Availability
Scaling
• Consider Amazon
Relational Database
Service (Amazon
RDS) first
• Focus on business
value tasks
• High-level tuning
tasks
• Schema optimization
• No in-house
database expertise
• Need full control over
DB instance
• Backups
• Replication
• Clustering
• Options that are not
available in Amazon RDS
21. Migration Tools from AWS and Partners
Data transfer
AWS Storage and
File Gateway
Amazon S3
Transfer
Acceleration
AWS Direct
Connect
Amazon Kinesis
Firehose
AWS Snowball
and Snowmobile
AWS Database
Migration Service
(AWS DMS)
Server and database
migrations
AWS Server
Migration Service
Application
monitoring/profiling
Amazon
CloudWatch
AWS Config
Discovery and planning
AWS Application
Discovery Service
22. Example Migration Sequence
• Account structure
• Network/VPC
• Security
• Active Directory
Step 1. Landing zone
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
VPN /
DirectConnect
Security Prod
Root
Dev
Private Subnet, 10.0.0.64/18
10.0.0.0/16
Public Subnet, 10.0.0.0/18
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
VPN /
DirectConnect
AWS Shield AWS WAF
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
Security Group
Security Group
Security Group
Security Prod
Root
Dev
10.0.0.0/16
Private Subnet, 10.0.0.64/18
Public Subnet, 10.0.0.0/18
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
VPN /
DirectConnect
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
Security Prod
Root
Dev
23. Example Migration Sequence
Step 2. Database tier
• Build out your DBMS
infrastructure
• Choose a database
replication and
synchronization strategy
• One-step migration
(suitable for smaller
databases and good
connectivity)
• Full-diff migration (suitable
for larger databases and
good connectivity)
• Zero-downtime migration
(software tool based
solution)
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
or
SQL Server
on EC2
SQL Server
on AWS RDS
VPN /
DirectConnect
Security Prod
Root
Dev
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
24. Example Migration Sequence
Step 3. Server/app migration
• Perform extensive testing at
this stage
• Choose a server/app
migration strategy
• Manual migration (build new
servers—migrate app)
• Tool based migration (block-
level migration and
synchronization)
• Always maintain rollback
capability On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
or
SQL Server
on EC2
SQL Server
on AWS RDS
VPN /
DirectConnect
App Server App Server
Web Server Web Server
Security Prod
Root
Dev
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
25. Example Migration Sequence
Step 4. Production cutover
• Plan your final cutoff carefully
• Ensure any final replication
and/or synchronization
occurs
• Test your cutover
mechanism (DNS TTL, and so
on)
• Maintain rollback after
cutoff, if possible
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
or
SQL Server
on EC2
SQL Server
on AWS RDS
VPN /
DirectConnect
App Server App Server
Web Server Web Server
Security Prod
Root
Dev
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
26. AWS Server Migration Service Overview
• Support VMware virtual machine
migration (support for additional
hypervisors coming soon)
• Agentless VM migration
• Capture incremental change made
to on-premises VMs and
automatically transfer to AWS
• Migrate a group of VMs
simultaneously and orchestrate
multiple migrations
• AWS Management Console and
API/CLI access
Source: on-premises server AWS Server Migration Service Target: Amazon Machine
Image
27. AWS Migration Hub
Discover Migrate Track
Discover servers in
existing data centers
(optional)
Group servers as
applications
Track application
migration status
Migrate using tools
outside AWS Migration
Hub
• Better understand your application portfolio
• Streamline application portfolio migration planning and tracking
• Track migration progress from multiple tools in one place
• Reduce time spent determining current status and next steps
36. Continuous
scaling
No servers to
manage
Never pay for
idle—no cold
servers
AWS Lambda
With AWS Lambda, you are charged for every 100 ms your code executes
and the number of times your code is triggered
Java Python .NET Node.js
37. AWS Lambda: Run Code in Response to Events
Function
Changes in
data state
Requests to
endpoints
Changes in
resource state
C#
NodeJS
Python
Java
Event source
2 + 2 = 4
38. Amazon S3 Amazon
DynamoDB
Amazon
Kinesis
AWS
CloudFormation
AWS CloudTrail Amazon
CloudWatch
Amazon
Cognito
Amazon SNSAmazon
SES
Cron events
Data stores Endpoints
Development and management tools Event/message services
Example of Services Used for Serverless Architecture
… and a few more on the way!
AWS
CodeCommit
Amazon
API Gateway
Amazon
Alexa
AWS IoT AWS Step
Functions
42. AWS Serverless Application Model (SAM)
AWS CloudFormation extension optimized for
serverless
New serverless resource types: functions, APIs,
and tables
Supports anything AWS CloudFormation
supports
Open specification (Apache 2.0)
https://github.com/awslabs/serverless-application-model
43. SAM Template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
Tells AWS CloudFormation that this
is a SAM template it needs to
“transform”
Creates a Lambda function with the
referenced managed IAM policy,
runtime, code at the referenced zip
location, and handler as defined.
Also creates an API Gateway and
takes care of all
mapping/permissions necessary
Creates a DynamoDB table with five
read and write units
44. Source
Source
CodeCommit
MyApplication
An Example Minimal Pipeline:
Build
test-build-source
CodeBuild
Deploy Testing
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-stubs
AWS Lambda
Deploy Staging
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-API-test
Runscope
QA-Sign-off
Manual Approval
Review
Deploy Prod
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Post-Deploy-Slack
AWS Lambda
This pipeline:
• Five stages
• Builds code artifact
• Three deployed to “environments”
• Uses AWS CloudFormation to
deploy artifact and other AWS
resources
• Has Lambda custom actions for
running my own testing functions
• Integrates with a third-party
tool/service
• Has a manual approval before
deploying to production
47. Amazon EC2 Systems Manager—Components
Run Command
State Manager
Inventory Maintenance
Window
Patch Manager Automation Parameter
Store
Documents
48. Managing Your Environment with Systems
Manager
Availability Zone
Web security group
Private subnet
Accept traffic from
SSM
WEB2
WEB1
AWS administrator
Corporate data
center
EC2 Systems Manager
Amazon S3
bucket
SNS topic CloudWatch
metric
IAM
policy
49. Monitor EC2 metrics
(CPU, disk usage, and so
on)
Monitor AWS resources
(EBS volumes, Elastic Load
Balancers, and so on)a
Monitor logs and configure
alerts
Store logs and perform
analytics
Availability Zone
S SharePoint
Front-end
SQL Server Domain
Controller
CloudWatch /
CloudWatch Logs
Amazon Kinesis
Amazon
S3
Amazon
Redshift
AWS
Lambda
Availability Zone
S SharePoint
Front-end
SQL Server Domain
Controller
CloudWatch /
CloudWatch Logs
Email
Amazon
SMS
Workflow
CloudWatch
Alarms
CloudWatch and Amazon CloudWatch Logs