Implementing Windows and SQL Server

for High Availability on AWS

Presented by Matt Tavis

Content by Mike Pfeiffer

1

What We Will Cover

• This is an overview of a High Availability solution built with Windows Server and SQL Server running on Amazon EC2

• This example uses the AlwaysOn Availability Groups feature of SQL Enterprise Edition 2012 or 2014

• There are other ways to build HA solutions with SQL Server, and one example is to use the new Multi-AZ feature of Amazon Relational Database Services (RDS) – http://aws.amazon.com/rds/sqlserver/

– http://aws.amazon.com/rds/multi-az/

– http://aws.amazon.com/blogs/aws/amazon-rds-for-sql-server-with-multi-az/

Before You Get Started

This is an advanced topic. If you are new to AWS, please visit

the “Getting Started with AWS” section of the documentation.

You should also be familiar with the following topics:

• Amazon EC2

• Amazon VPC

• Windows Server 2012

• Windows Server Active Directory and DNS

• Windows Server Failover Clustering (WSFC)

• SQL Server AlwaysOn Availability Groups

3

Introduction The goal of a high availability configuration is to protect from failure of a single instance.

This guide discusses architectural considerations and configuration steps when launching

the necessary AWS services to run WSFC across different subnets and Availability Zones,

and also provides instructions for installing and configuring WSFC and an AlwaysOn

Availability Group. We also provide you a sample AWS CloudFormation template to help

deploy the necessary infrastructure predictably and repeatedly.

Implementing a WSFC cluster and AlwaysOn Availability Group in the AWS cloud is not

different from deploying on-premises as long as two requirements are met:

• Deploy the cluster nodes inside a VPC

• Put WSFC cluster nodes in separate subnets

• This presentation gives an overview of the process to create the example solution. It does

not outline each step. For the detailed overview, please consult the whitepaper available

here: http://aws.amazon.com/microsoft/whitepapers/

4

Microsoft Platform on AWS

• Partnership to support running Windows

Server-based workloads on AWS

• Windows Server, SQL Server on AWS today

– Amazon Machine Images (AMIs) jointly

developed by Microsoft and AWS

• SharePoint Server and other Microsoft

server products can be licensed to run on

AWS

Two licensing models:

•Windows Server

•SQL Server Standard

Pay-as-you-go – AMI pricing includes

software

•SQL Server Enterprise

•SharePoint Server

•Other Microsoft Windows Server products

BYOL – use existing licenses on AWS

General info on AWS and License Mobility for a variety of MS server products:

http://aws.amazon.com/windows/mslicensemobility/

Detail on AWS and License Mobility with SQL Server:

http://aws.amazon.com/windows/mslicensemobility/sql/

Microsoft “License Mobility through Software Assurance” gives Microsoft Volume Licensing

customers the flexibility to deploy Windows server applications with active Microsoft Software

Assurance on Amazon Web Services (AWS).

5

Summary – What You Will Learn

Part 1 Implement Active Directory Domain Services

Part 2 Launch and Configure the Server Infrastructure

Part 3 Configure a SQL Server 2012 or 2014 AlwaysOn Availability Group

6

Summary – What You Will Build

One Amazon VPC

One public route

One Internet Gateway

Security Groups to control the secure flow of traffic between the instances deployed in the Amazon VPC

•8 private subnets and 2 public subnets

•2 private routes

•2 Windows Server 2012–based Remote Desktop Gateway instances

•2 Linux–based NAT instances to enable administrative ingress and egress

•4 Elastic IP Addresses associated with the NAT and RDGW instances

•2 Windows Server 2012–based instances to host the Active Directory

•2 Windows Server 2012–based instances to host the WSFC Node and SQL Server 2012 or 2014 instances

Per Availability Zone

7

8

Part 1: Implement Active Directory Domain

Services

9

Part 1: Implement Active Directory Domain Services

Implement Active Directory Domain Services

The underlying Active Directory architecture for this deployment is based on an existing reference

implementation provided by AWS: Implementing Active Directory Domain Services in the AWS Cloud.

This architecture provides a highly available Active Directory Domain Services infrastructure that supports

the following best practices.

• Domain Controllers should be placed in a minimum of two Availability Zones to provide high availability.

• Instances should be placed into individual server tiers.

• Domain Controllers and other non-internet facing servers should be placed in private subnets.

• Instances launched by CloudFormation templates will require internet access to connect to the AWS CloudFormation

endpoint during the bootstrapping process. To support this configuration, public subnets are used to host NAT instances for

outbound internet access. Remote Desktop Gateway is also deployed into the public subnets for remote administration.

Other components, such as reverse proxy servers can be placed into these public subnets, if needed.

Several critical components and considerations are covered in the Active Directory reference that addresses Active Directory Site and Subnet design and how DNS and DHCP work inside an Amazon VPC. For more details on the underlying Active Directory and network design, see the reference architecture outlined in Implementing Active Directory Domain Services in the AWS Cloud

10

Part 2: Launch and Configure the Server

Infrastructure

11

Part 2: Launch and Configure the Server Infrastructure

Part 2 in Steps

12

• Set up SQL Server Enterprise Edition

• Create and Configure Security Groups

• Create WSFC Cluster

• Enable AlwaysOn High Availability

Part 2: Launch and Configure the Server Infrastructure

Part 2 in Steps

13

• Set up SQL Server Enterprise Edition

• Create and Configure Security Groups

• Create WSFC Cluster

• Enable AlwaysOn High Availability

Part 2: Launch and Configure the Server Infrastructure

Set Up SQL Server Enterprise Edition

High Availability and Disaster Recovery in the AWS Cloud

• Amazon EC2 provides ability to place instances in multiple

regions and Availability Zones

• By launching in separate AZs you can protect from the failure of

a single location

• WSFC provides features that complement the HA and DR

scenarios supported in the AWS Cloud

14

Part 2: Launch and Configure the Server Infrastructure

Set Up SQL Server Enterprise Edition

SQL Server Enterprise Edition

• AMIs are provided only for SQL Server Express and SQL Server

Web Edition

• To install SQL Server 2012 or 2014 Enterprise Edition on AWS you

can download the trial software from Microsoft

• The scripted deployment will download the trial version from the

Microsoft download site and add automatically to the instance at

\\dc1\sqlinstall\ in the first AZ

• For a production deployment with volume licensing, use Software

Assurance to mobilize the license

15

Part 2: Launch and Configure the Server Infrastructure

Part 2 in Steps

16

• Set up SQL Server Enterprise Edition

• Create and Configure Security Groups

• Create WSFC Cluster

• Enable AlwaysOn High Availability

Part 2: Launch and Configure the Server Infrastructure

Create and Configure Security Groups

Security Groups and Firewalls

• Amazon EC2 instances must be associated with a Security Group

• You have control over ingress and egress, and can build granular rules that

are scoped by protocol, port number, and source or destination IP address or

subnet

• More guidance available in our Securing the Microsoft Platform on AWS

whitepaper at http://aws.amazon.com/microsoft/whitepapers/#security

• Security group rules will need to allow traffic for necessary services, and

SQL nodes will need to have ports opened to communicate with each other

• If you use the CloudFormation templates, a number of Security Groups and

rules will be created for you (details in Appendices)

17

Part 2: Launch and Configure the Server Infrastructure

Part 2 in Steps

18

• Set up SQL Server Enterprise Edition

• Create and Configure Security Groups

• Create WSFC Cluster

• Enable AlwaysOn High Availability

Part 2: Launch and Configure the Server Infrastructure

Create WSFC Cluster

Storage on the WSFC Nodes

• The CloudFormation template will deploy the WSFC nodes using the r3.2xlarge

instance type by default

• Amazon Elastic Block Store (Amazon EBS) Provisioned IOPs volumes backed by

solid state drives are included in the reference architecture to provide performant

and durable storage

• Each WSFC node deploys 8

Amazon EBS volumes to create

three stripe set (Raid0) arrays

• SQL Server will utilize the disk

layout for databases and logs

in the locations shown at right

19

Part 2: Launch and Configure the Server Infrastructure

Create WSFC Cluster

IP Addressing on the WSFC Nodes

• Each node hosting SQL Server instances will have 3 IP

addresses assigned and addresses can be specified

– One IP address is used as Primary

address for the instance

– Second IP address acts as WSFC IP

resource

– Third IP address used to host the

AlwaysOn Availability Group listener

20

Part 2: Launch and Configure the Server Infrastructure

Create WSFC Cluster

Windows Server Failover Clustering

• The following PowerShell commands will build the WSFC Cluster

• Create an additional share to keep the cluster online in the event of

an individual server failure

• The CloudFormation template will create a folder that the Active

Directory computer account will have access to

21

Part 2: Launch and Configure the Server Infrastructure

Part 2 in Steps

• Set up SQL Server Enterprise Edition

• Create and Configure Security Groups

• Create WSFC cluster

• Enable AlwaysOn High Availability

22

Part 2: Launch and Configure the Server Infrastructure

Enable AlwaysOn High Availability

The CloudFormation template will enable AlwaysOn

• Done with a simple PowerShell command run on each node

• As you create an Availability Group, initial data synchronization will

be done using a file share \\dc1\replica, created by the template

• Now you’ll be ready to create your databases and Availability Group

23

Part 2: Launch and Configure the Server Infrastructure

Automated Deployment Template helps you deploy the WSFC

Nodes into AWS architecture

• Deploys Active Directory Domain Services infrastructure along with Windows Server 2012 or 2014 based instances as WSFC nodes into their respective subnets

• Allows for customization of 40 defined parameters

• You can modify these or use them as a guide for creating your own set of parameters

Launch Stack

24

Template takes about 3 hours to complete

Template will cost about $15 of AWS Service hours

Part 3: Configure a SQL Server AlwaysOn

Availability Group

25

Part 3: Configure a SQL Server AlwaysOn Availability Group

Create a Test Database or Attach an Existing Database

• Using SQL Server Management Studio,

connect to the first cluster node

• Connect a new database or attach a test

database

• Ensure the Recovery model on the

database is set to full

• Back up the database by right-clicking on the

database in SQL Management Studio and

select Tasks > Backup

26

Part 3: Configure a SQL Server AlwaysOn Availability Group

Create an Availability Group

• In Object Explorer launch the New

Availability Group wizard and follow it

according to the guide provided

• Run Windows PowerShell to adjust the

Listener Host Record TTL

• Connect via Remote Desktop Gateway

to the Primary Domain Controller

• Open Server Manager and Check DNS

to ensure all availability group Listeners’

IP addresses are listed

27

Part 3: Configure a SQL Server AlwaysOn Availability Group

Test Your WSFC Cluster and AlwaysOn Availability Group

The paper provides a step by step process to verify that

your first node is online, then stop that instance and check

that it fails over to the second node.

29

Conclusion

Summary In this presentation, we gave an overview of the steps to implement the necessary infrastructure in the AWS cloud to set up and configure Windows Server Failover Clustering and SQL Server AlwaysOn Availability Groups. The resulting sample implementation supports the following scenarios:

• Protect from failure of a single instance

• Provide automatic failover between the cluster nodes

• Protect from failure of the instance placed in the secondary Availability Zone and

automatically failover to the primary one

We recommend you consult the Microsoft documentation and customize some of the steps described in this guide to deploy a solution that best meets your HA and DR needs. Testing Before putting the solution into production, you should test your deployment and familiarize yourself with the clusters behavior during a high availability automatic failover or a disaster recovery event. There is a full testing process outlined in the whitepaper.

30

Additional Resources

Web Pages

Microsoft on AWS

http://aws.amazon.com/microsoft/

Windows on AWS (includes pricing)

http://aws.amazon.com/windows/

Reference Deployment Quickstart

http://aws.amazon.com/quickstart/

quickstart@amazon.com

AWS Windows and .NET Developer Center (with sdk)

http://aws.amazon.com/net/

Amazon EC2 Windows Guide

http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/

Microsoft Licensing

http://aws.amazon.com/windows/mslicensemobility/ Covers Exchange, SharePoint, SQL, Lync, SCOM, and Dynamics.

See page for specific details, including which versions are covered.

Whitepapers

Implementing Active Directory Domain Services on AWS

Remote Desktop Gateway Reference Architecture

Exchange on AWS Implementation & Planning Guide

SharePoint Server on AWS Reference Architecture

more at http://aws.amazon.com/microsoft/whitepapers

Contact Us

https://aws.amazon.com/microsoft/contact-us/

If you have either business or technical questions about running

Microsoft software on AWS, please don’t hesitate to contact us.

31

Calling all Developers, Architects, & Technical Leaders

for the cloud computing event of the year

Learn more and register at

reinvent.awsevents.com

Implementing Windows and SQL Server

for High Availability on AWS

Thank You

33