running microsoft workloads on aws | aws public sector summit 2016

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Bill Jacobi, Solutions Architect

June 20, 2016

Running Microsoft Workloads on AWS

Why Run Microsoft Servers on AWS?Amazon’s Migration to AWSDemo of Windows Architecture on AWSCost, Licensing, & Performance Architecture and Technology

Agenda

Why Run Microsoft Servers on AWS?Cloud Benefits

Agility Vertical and horizontal scaling takes place in minutes. Experiment, optimize with simple clicks or CLI commands

Cost You pay only for what you use, and you can turn up/down resources elastically according to demand or schedules

Elasticity Resources are provisioned according to demand. Horizontal and vertical scalability are programs, clicks or CLI commands.

Breadth of functionality Compute, Storage, Database, Networking, Dev Tools, Management tools, Security/Identity, Analytics, Mobile, App Services, Enterprise Apps

Go global 12 Regions across Americas, Europe, Asia, Australia, South America. 33 Availability Zones.

Why Run Microsoft Servers on AWS?AWS-specific Benefits

Add-On Compatibility ISV add-ons supported by Infrastructure as a Service platform

Enabled for compliance Applications can run under NIST, PCI, or HIPAA Accelerators that provide baseline regulatory controls

License management AWS Config can monitor license compliance of server-bound licenses on Amazon Dedicated Hosts

Auditability enabled Every API call, network packet in/out, and infrastructure change is audited, both ALLOWS/DENIES

DevOps enabled AWS CloudFormation builds infrastructure while Microsoft PowerShell builds applications, automating Windows on AWS deployments

Optimization Monitor and optimize the specific resources needed

In 2013, Amazon IT decided to migrate the Microsoft stack to AWSOver 200K Amazon users access Exchange, SharePoint, and Lync through the corporate imageExchange data points:

• There are 26 Exchange servers (4 per AZ)

• 7,600 users per server• DAG Architecture for HA• Supports users in Americas,

EMEA, and Asia

Amazon’s Migration to AWS

Demo: SharePoint Pushbutton Launch

SharePoint Deploys SharePoint Foundation running on Windows Server

View View in Designer

Launch Stack

Announcing

Accelerator for Microsoft Servers

• Single VPC for integrated cross-server experience

• Multiple AZs for high availability across all servers

• DMZ subnet for management

• Private subnet for app servers

• 2 AD sites mapped to the 2 AZs for high availability

• Connect to on-premises through AWS Direct Connect (not part of QuickStart)

• Exchange DAG architecture

• Lync Paired Pool architecture

• SQL Server Always On architecture for SharePoint

• Brick architecture represents a 10 K modular pod

• Add n pods for n-scale • Use the Microsoft capacity

calculators and load-testing tools to validate

Accelerator for Microsoft Servers

Accelerator for Microsoft Servers

• Exchange, SharePoint, Lync, SQL Server, and Active Directory on AWS

• Deployed from single Master template• 14 Servers, 2 AZs, 10 K Users• Exchange users have 5 GB mailboxes• Lync users have VOIP, video, web

conferencing, and desktop sharing• SharePoint Blog and Team Sites are

“Everyone”-enabled• ~$14/hour to operate

Demo: Microsoft Servers on AWS

Full Control of Infrastructure and Applications

$9,997 per Month or $13.70/Hour–Details

• $1.00/user/month

• Architecture supports10 K Users

• 5 GB Mailboxes

• 1 TB SSD Storage for User Profiles

$9,997 per Month or $13.70/Hour–Details

Licensing Microsoft Products on AWS

BYOL: Support for Microsoft servers• Exchange, Skype for Business,

SharePoint, Systems Center• See AWS Microsoft Licensing page for

details

License-included: Windows Server and SQL Server AMIs available from AWS

• Windows Server 2012• Windows Server 2012 R2• Windows Server 2008• Windows Server 2008 R2• Windows Server 2003• SQL Server 2012 • SQL Server 2014 http://aws.amazon.com/windows/resources/amis/

Architecture and Technology

• Architectural Considerations• SharePoint and SQL Server on AWS• Performance and Latency• DevOps • Enabled for Compliance• Auditability

Architectural Considerations

Amazon VPC

• Configure IP ranges, public/private subnets, routing tables, Internet or private gateway

Security groups, network ACLs, VPC flow logging

Remote administration

The principle of least privilege

SharePoint on AWS - link

SQL Server High Availability - link

Availability Zone 1

Private Subnet

Primary Replica

Availability Zone 2

Private Subnet

SecondaryReplica

Synchronous-commit Synchronous-commit

Automatic Failover

Primary: 10.0.2.100WSFC: 10.0.2.101AG Listener: 10.0.2.102

Primary: 10.0.3.100WSFC: 10.0.3.101AG Listener: 10.0.3.102

AG Listener:ag.awslabs.net

Performance and Latency: Wash DC–Portland, OR

88 ms round trip via Internet 59 ms round trip via Direct Connect

Basic standard in AWS for automating deployment of resources

CloudFormation template− JSON-formatted document which describes

a configuration to be deployed in an AWS account

− When deployed, refers to a “stack” of resources

PowerShell can be slipstreamed into UserData and run at instance start up

AWS CloudFormation

DevOps–CloudFormation

Create Lync FrontEnd1 Instance

Embed PowerShell

DevOps–PowerShell in CloudFormation

DevOps–AWS CodeCommitVersion Control with Git

Enterprise Accelerator for Compliance–link

Auditability Infrastructure:

− AWS CloudTrail− AWS Config− Amazon Inspector

Network:− VPC flow logs− Elastic Load Balancing access logs

Application:− Amazon CloudWatch Logs

CloudWatch Logs can integrate• Event logs• IIS logs• Event Tracing for Windows (ETW) logs• Any performance counter data• Exchange, Lync, SharePoint logs• Any text-based log files