Running Windows Server on the AWS Cloud

Kevin Wittkopf Sr. Manager, Ecosystem Solutions Architect

Agenda

• AWS Overview

• Running Windows and SQL Server on AWS

• Implementing Microsoft solutions on the AWS cloud

What is Amazon Web Services?

Amazon Web Services offers a complete set of infrastructure and application services

that enable you to run virtually everything in the cloud: from websites and mobile

apps, to big data projects and enterprise applications.

Today, hundreds of thousands of customers of all sizes take advantage of these services in

nearly every industry, including healthcare, media, financial services, insurance, internet, real

estate, retail, education and the public sector. Our on-demand, scalable, and easy-to-use web

services help you take advantage of the six main benefits of Cloud Computing.

Key Benefits to Running in the AWS Cloud

No Up-Front Investment

Apps not Ops

Flexible Capacity

Speed and Agility

Low Ongoing Cost

Deploy

Global Reach

AWS Global Infrastructure

9 Regions

25 Availability Zones

Continuous Expansion

The AWS Cloud

Low-level building

blocks

High-level

building blocks

Tools to access

services

Cross Service

features

Key AWS Services

AMI

Virtual Machine

Configuration

Instance

Running or

Stopped VM

VPC

EC2 “Classic”

Availability Zone Availability Zone

S3

EBS EBS EBS

VPC

EC2 “Classic”

EBS EBS EBS

EBS

Snapshots S3 Buckets

Region

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

EC2

S3

S3

S3

S3

S3

S3

Public Cloud

Secure VPN

over Internet

Multiple

Subnets

Corporate

Router

VPN Gateway

Physical Data Center

Amazon Virtual Private Cloud

Extends Your Data Center IP Addresses

Not Advertised

to Internet

On-Demand

Pay for compute

capacity by the hour

with no long-term

commitments

For spiky workloads,

or to define needs

Many Purchase Models to Support Different Needs

Reserved

Make a low, one-time

payment and receive a

significant discount on

the hourly charge

For committed

utilization

Spot

Bid for unused capacity,

charged at a Spot Price

which fluctuates based

on supply and demand

For time-insensitive or

transient workloads

Dedicated

Launch instances within

Amazon VPC that run

on hardware dedicated

to a single customer

For highly sensitive or

compliance related

workloads

Free Tier

Get Started on AWS

with free usage & no

commitment

For POCs and

getting started

AWS provides pre-configured

Windows & SQL Server AMI’s to start running fully

supported virtual machines

in minutes

*Prices subject to (typically downward) change

Windows and SQL Server By The Hour

Improve Agility & Time-to-Market

Deploy Microsoft software in minutes on production-class hardware

Try several Microsoft solutions in parallel with no risk

Reduce infrastructure costs

No need to pre-allocate hardware budgets. Pay as you go.

Pay for only what you use

No unused capacity

Turn off capacity when it is not being used

Align IT infrastructure to the way business operates

Scale up during one off events, during month and year end

Scale down during slow times

Leverage your Microsoft investment

SharePoint Server and other Microsoft server products can be licensed to run on AWS

Business Value of Microsoft on AWS

Deploy

• Full, real, licensed Windows Server OS – 2003, 2008, 2008r2, 2012 all via our Microsoft SPLA licensing means no CALs required

– SQL Server Standard via SPLA as well

• VPC for static, user-defined networks

• Security groups for easy-to-configure firewalls per VM

• Easily install services that you know – AD, ADFS, SCOM, WSUS, SQL, MS Exchange, SharePoint, etc.

Utilize Your Existing Windows Skill-Set and AWS

Microsoft Licensing Models on AWS

• Partnership to support running Windows

Server-based workloads on AWS

• Amazon Machine Images (AMIs) with

Windows Server and SQL Server today that

were jointly developed by Microsoft and AWS

• SharePoint Server and other Microsoft server

products can be licensed to run on AWS

Two licensing models:

•Windows Server

•SQL Server Standard

Pay-as-you-go – AMI pricing includes

software

•SQL Server Enterprise

•SharePoint Server

•Other qualifying Microsoft Windows Server products*

BYOL – use existing licenses on AWS

*General info on AWS and License Mobility for a variety of MS server products:

http://aws.amazon.com/windows/mslicensemobility/

Detail on AWS and License Mobility with SQL Server:

http://aws.amazon.com/windows/mslicensemobility/sql/

Microsoft “License Mobility through Software Assurance” gives Microsoft Volume

Licensing customers the flexibility to deploy Windows Server applications with

active Software Assurance (SA) on Amazon Web Services.

14

Options for Running SQL Server on AWS

SQL Server on Amazon EC2

• License Included or (BYOL)

• Use provided AMIs or install on EC2

(same licensing)

• Full SQL setup, tools,

administration, etc.

• User will need to do all the work

such as EBS configuration/tuning,

Patch management, DR (snapshots,

recovery), HA setup and

Maintenance

Amazon Relational Database Service – SQL

• License Included – SQL Express, Web, Standard

or BYOL – Standard, Enterprise

• Fully managed RDBMS service

• Automated maintenance, patch management

• Built-in DR – Automated backup & recovery

• EBS tuned – up to 30,000 IOPS using PIOPS

EBS

• Support for SQL Agent & Tuning Advisor

• Diagnostics, CloudWatch metrics

• Tune engine parameters

• No shell, super user, or direct file system access

Windows + SQL AMIs

• Over 20 Amazon published Microsoft Windows and SQL Server AMIs

• Windows Server 2012

• Windows Server 2012 + SQL 2012 Standard, Web & Express

• Windows Server 2008

• Windows Server 2008 + SQL 2012 Standard, Web & Express

• Windows Server 2008 + SQL 2008 Standard, Web & Express

• Other Windows/SQL based AMIs….

• 7 Windows OS versions, in up to 19 languages

• 11 SQL Server versions/editions

Windows Free Usage Tier

• The AWS Free Usage Tier

includes Amazon EC2

instances running Microsoft

Windows Server 2012

• Customers eligible for the

AWS Free Usage tier can

use up to 750 hours per

month of t1.micro instances

running Microsoft Windows

Server 2012 for free

Window and .NET Developer Center

One stop for all tools, documentation, scripts, videos, and sample code to help

you run .NET on the AWS Cloud

http://aws.amazon.com/net/

Develop

Design, Build, and Run .NET on

AWS

• AWS SDK for .NET

• AWS Toolkit for Microsoft Visual

Studio

• .NET container for deploying on

AWS Elastic Beanstalk

Manage

Automate and Scale Windows

on AWS

• AWS Tools for Windows

PowerShell

Connect

Get connected and join the

community of developers

running Windows and

.NET on AWS

• Community Forum

• AWS on Github

Learn

Expand and Explore the

possibility for .NET on AWS

• Links to valuable articles

• Sample code to download

AWS SDK for .NET

• Includes APIs for many

AWS services

• Also Includes:

– AWS Toolkit for Microsoft

Visual Studio

– Visual Studio templates

– AWS Tools for Windows

PowerShell

– AWS CloudFormation

Template Editor

– AWS .NET Library

– C# code samples

Amazon EC2 Windows Guide

What’s New:

• Using Windows

Powershell with the AWS

SDK for .NET

• AWS Diagnostic tools for

Windows Server

• Install EC2 command line

tools on Windows

• Setting up a Windows

HPC Cluster

http://docs.amazonwebservices.com/AWSEC2/latest/WindowsGuide/Welcome.html

AWS CloudFormation – Automated Setup

http://aws.amazon.com/cloudformation/aws-cloudformation-templates/

CloudFormation provides: • An easy way to create, update and manage a collection of AWS resources.

• Templates declaratively describe what AWS resources are needed and how they should interact.

For Windows environments, there are a number of useful CloudFormation templates

for setting up various Microsoft-based components and infrastructure setups:

General Design Considerations for Windows-based

Deployment in the AWS Cloud

• Design as you would for a physical or on-premise deployment using

standard tools (e.g. Microsoft Exchange Role Requirements Calculator)

• Treat AWS Availability Zones as additional datacenters and follow

applicable Microsoft guidance

• Consider the characteristics of a shared compute, storage and

networking environment.

– Instance Types (ECU vs. dedicated physical cores, memory sizing)

– EBS (Standard IOPS vs. EBS-Optimized and Provisioned IOPS)

– Networking (VPC, VPN or Direct Connect, Security Groups, Routing and

others)

– Scaling horizontally instead of vertically

Security for Windows-based Solutions in AWS • Active Directory is used to provide authentication for Windows, SQL Server, SharePoint, etc.

• It is also possible to use LDAP-based directory and use Active Directory Federation Services • VPC provides DHCP – use DHCP options set in VPC • Active Directory domain controllers are created by instantiating Windows Amazon EC2

instance(s) in Active Directory role • Active Directory user setup:

• Create new users manually using , or scripted, etc • For VPN-connected scenarios, setup regular synchronization between on-premise DCs and

in AWS DCs • Windows Server can be used as a customer gateway for VPN access

• Security – public-facing sites can/should have a ‘De-militarized Zone (DMZ)’ approach for minimizing access and attack surface:

• Public subnets with Microsoft Forefront Threat Management Gateway (TMG) or Universal Access Gateway (UAG), for all user access

• RDGW instance(s) and NAT instance(s) in each AZ to provide admin ingress, instance egress

• Setting up Single Sign-on to EC2-based .NET applications from on-premises Windows Domain • http://d36cz9buwru1tt.cloudfront.net/EC2_ADFS_howto_2.0.pdf

EC2 Security for Windows-based Solutions in AWS

• Administrative access to Windows Instances using Remote Desktop Gateway over SSH

• EC2 Security Groups & Rules provide firewall to protect instances ‘Deny’ by default

• EC2 provides some typical Windows/SQL security rule templates

• Network ACLs security groups are recommended to ALSO setup network ACLs on subnets, specific to the instance type/function e.g. SQL instance(s) in a specific

subnet, with a NACL allowing (only) 1433

• Can use Windows (OS-level) Firewall

• Use of MSFT Forefront Threat Management Gateway (TMG) and Universal Access

Gateway (UAG) within public subnet, control threats, DDoS attacks

“Secure Microsoft Applications on AWS” – Whitepaper:

• http://aws.amazon.com/whitepapers/secure-microsoft-applications-on-aws/

SharePoint Server on AWS - Reference Implementation

Remote

Admin

AWS Region

Availability Zone 2

Private Subnet

Availability Zone 1

Public Subnet Private Subnet Private Subnet Private Subnet

Private Subnet Private Subnet Private Subnet Private Subnet Public Subnet

NAT

RDGW

RDGW

Primary DC/DNS

Active Directory

Active Directory Database Tier

Database Tier

Primary DB

SQL Server

Mirror DB

Witness

Application Tier Web Tier

Application Tier Web Tier

Central Admin &

SharePoint Services

Central Admin &

SharePoint Services

IIS & SharePoint

Web Front End

ELB

NAT

Backup DC/DNS

Internet

Gateway

Users

IIS & SharePoint

Web Front End

High Availability SQL Server 2012 on AWS - Reference Implementation

Remote

Admin & Mgmt Users

AWS Region

Availability Zone 1 Availability Zone 2

Primary

DC/DNS

Rerplica

DC/DNS

Windows Server Failover Clustering (WSFC) Cluster

Node

WSFC Configuration

Storage

SQL Server Instance

Instance Network Name

Node

WSFC Configuration

Storage

SQL Server Instance

Instance Network Name

AlwaysOn Availability Group Primary Replica Secondary Replica

Availability Group Listener Virtual Network Name

NAT

Instance

RDGW

Instance

NAT

Instance RDGW

Instance

Elastic IP’s (Public Route) Elastic IP’s (Public Route)

Private

IP’s (P

rivate Ro

ute)

Private

IP’s (P

rivate Ro

ute)

Microsoft Exchange on AWS – Reference Implementation

Microsoft-based Reference Architectures & Implementations

• SharePoint Server:

– Reference Architecture Whitepaper: http://aws.amazon.com/windows/sharepoint/

– Advanced Implementation Guide and CloudFormation templates:

http://media.amazonwebservices.com/AWS_SharePoint_Reference_Implementation_Guide.pdf

• SQL Server: – “Implementing Microsoft Windows Server Failover Clustering (WSFC) and SQL Server 2012

AlwaysOn Availability Groups in the AWS Cloud”:

http://aws.amazon.com/whitepapers/microsoft-wsfc-sql-alwayson/

• Microsoft Exchange: – “Microsoft Exchange Server 2010 in the AWS Cloud: Planning and Implementation Guide”:

http://media.amazonwebservices.com/AWS_Exchange_Planning_Implementation_Guide.pdf

Where can I learn more?

• Microsoft pages on the AWS website to get the latest announcements, case

studies, white papers, or other information on SharePoint on AWS:

– http://aws.amazon.com/microsoft

– http://aws.amazon.com/sharepoint

• Securing Windows-based Applications on AWS: – http://aws.amazon.com/whitepapers/secure-microsoft-applications-on-aws/

• Visit the Windows detail page for more information on pricing for Windows

on AWS: – http://aws.amazon.com/windows

• Specifics on the Microsoft License Mobility program: – http://aws.amazon.com/windows/mslicensemobility/

Bootcamp: Implementing the Microsoft Enterprise Datacenter in the AWS

Cloud Level: 300 - Experienced

Audience: Solution Architects, SysOp Administrators

Price: $600

http://reinvent.awsevents.com/bootcamps.html#implementing-the-microsoft-enterprise-datacenter-in-the-aws-cloud 30

Running Windows Server on the AWS Cloud

Thank You

Running Windows Server on the AWS Cloud

Q & A