getting started with windows workloads on amazon ec2
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Zlatan Dzinic, Senior Consultant, AWS Professional Services
Lou De La Torre, AWS Solutions Architect
July 13, 2016
Getting Started with Windows
Workloads on AWS
Agenda
Why are customers running Windows on AWS?
Which Windows workloads can I run on AWS?
Where can I get started?
Identity
Server products
SQL Server
Developers
DevOps
Licensing
We are here to help
Next steps
Why AWS for Windows workloads?
Secure Reliable High-Performance Familiar
Cost-Effective Extensive Flexible
AWS global infrastructure
Region
Edge location
More than 1 million active customers across 190 countries
More than 2,300 government agencies
More than 7,000 educational institutions
More than 22,000 nonprofit organizations
13 regions
35 Availability Zones
56 edge locations
Customer success story
Searching for a solution to host its Microsoft SharePoint sites, the company
chose AWS because of cost, efficiency, and ability to improve operational
efficiency. By running on AWS, Dole can launch a new SharePoint website in
minutes, and they estimate savings of $350,000 in operating expenses.
“When we were looking for a place to put our SharePoint install, we built out a [Amazon] virtual private
cloud, effectively using it as an extension of our datacenter… We can grow any time we want–we don’t
have to go and acquire new hardware.”
– Joanna, Dyer, Director of IT Solutions, Dole Food Company
Customer success story
Hess turned to AWS to help consolidate disparate systems, including multiple
legacy versions such as Windows Server 2008 and 2003, and Microsoft SQL
Server 2008, 2005, and 2000 that had built up over many years of M&A activity.
Hess was able to complete a full consolidation of 300 Microsoft workloads in less
than 6 months.
“We didn’t have time to redesign applications. AWS could support our legacy 32-bit applications on
Windows Server 2003, a variety of SQL Server and Oracle databases, and a robust Citrix environment.”
– Jim McDonald, Lead Architect, Hess Corporation
Developer platform and tools
Corporate applications Line of business
applications
End user computing
Information security
Corporate applications End user computingBusiness applications
Amazon EC2 for Windows,
Amazon RDS,
AWS CloudFormation,
Amazon CloudFront
EC2 for Windows,
AWS Directory Service,
RDS, Marketplace
Amazon WorkSpaces,
Amazon AppStream,
Marketplace,
AWS Mobile Services, SaaS
AWS Identity and Access Management (IAM),
AWS CloudHSM, AWS Key Management Service (KMS),
security groups, AWS Marketplace
EC2, Amazon S3, RDS, Amazon VPC,
AWS Direct Connect, Directory Service,
IAM, AWS Service CatalogInfrastructure
AWS service offerings for Windows workloads
AWS Elastic Beanstalk,
AWS CodeDeploy,
CloudFormationDevOps
Corporate applications in AWS
Deploy highly available applications
BYOL or pay per use
Security in layers approach helps with
compliance
Leverage multi–Availability Zone
architectures for reliability and
availability
Amazon EC2 can help strengthen
your security posture
Native functionality and tools at no
additional charge
More than 30 global compliance
certifications and accreditations
Security enhancements gleaned from 1M+
customer experiences
AWS industry-leading security teams
available 24/7, 365 days a year
Security infrastructure built to
satisfy military, global banks, and other
high-sensitivity organizations
Access a deep set of cloud security tools
Encryption
AWS Key
Management
Service
AWS
CloudHSM
Server-side
encryption
Networking
Virtual
Private
Cloud
Web
Application
Firewall
Compliance
AWS ConfigAWS
CloudTrail
AWS Service
Catalog
Identity
IAM Active
Directory
Integration
SAML
Federation
Main identity topics
• Infrastructure identity management
• AWS Identity and Access Management (IAM)
• Server/application identity management
• AWS Directory Service (Samba or Active Directory)
• Federation
• AWS Security Token Service
AWS IAM
Role-based
access controlMulti-factor
authentication
Integrated with all
AWS services
IAM roles
Isolated domains
Availability Zone B
Private subnet
DC4
Corporate Network
Munich
DC1
AWS Direct
Connect
Berlin
DC2Availability Zone A
Private subnet
DC3company.cloud
company.local
Federation/
synchronization
Separate identities with synchronization/federation
use partners such as Okta, PingFederate
AWS Directory Service
company.cloud
Single domain extended to multiple sites
Availability Zone B
Private subnet
DC4
Corporate Network
Munich
DC1
Direct Connect
Berlin
DC2
Cost 50
Availability Zone A
Private subnet
DC3Cost 10
company.local
company.local
One single identity, data center extension mode
(rely on Active Directory sites, read-only or not)
One subdomain per site
Availability Zone B
Private subnet
DC4
Corporate Network
Munich
DC1
Direct Connect
Berlin
DC2
company.local
Availability Zone A
Private subnet
DC3cloud.company.local
Isolated subset of the directory, single identity for users
(Active Directory domains in a single forest)
One forest per site and trust
Availability Zone B
Private subnet
DC4
Corporate Network
Munich
DC1
Direct Connect
Berlin
DC2Availability Zone A
Private subnet
DC3 company.local
company.cloud
Separate directories, single identity
(Cross-forest/resource forest with trust)
AWS Directory Service
company.cloud
User identity federation with AWS IAM
Active Directory
AD Users
Enterprise
Applications
Corporate
Systems
AWS IAM
IAM Roles
EC2
DynamoDB
S3
Federated API and CLI access using AD FS
• AD FS http://tinyurl.com/AWS-ADFS-SAML
• AWS CLI http://tinyurl.com/AWS-ADFS-CLI
• AWS Tools for Windows PowerShell
■ AD integrated
■ Automated failover
■ Automated patching
■ Automated backup
■ Point-in-time recovery
Amazon RDS for SQL Server
Amazon RDS
SQL Server high availability
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica
Synchronous-commit Synchronous-commit
Automatic Failover
Primary: 10.0.2.100
WSFC: 10.0.2.101
AG Listener: 10.0.2.102
Primary: 10.0.3.100
WSFC: 10.0.3.101
AG Listener: 10.0.3.102
AG Listener:
ag.awslabs.net
WSFC Quorum
Availability Zone 1
Primary
Replica
Availability Zone 2
Secondary
Replica
Automatic Failover
SoftNAS / SIOS
SQL Server HA with readable replica
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica 1
Synchronous-commit Synchronous-commit
AG Listener:
ag.awslabs.net
Automatic Failover
Asynchronous-commit
Secondary
Replica 2
(Readable)
Reporting
Application
SQL Server disaster recovery and backup
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Secondary
Replica 1
Private Subnet
AG Listener:
ag.awslabs.net
Corporate Network
VPN
Automatic Failover
Secondary
Replica 2
(Readable)
Reporting
Application
Backups
Manual Failover
Availability Zone 1
private subnet
NAT
10.0.32.0/20 10.0.2.0/24
DB1SP1FE1Exch1
SQLServer
10.0.0.10010.0.0.101
10.0.0.102
SharePoint
Server
10.0.0.140
LyncServer
10.0.0.160
ExchangeServer
10.0.0.150
RDG
Availability Zone 2
private subnet
NAT
10.0.96.0/20
RDG
Remote
Users / Admins
10.0.0.0/19
On-premisesdatacenter
VPNDirectConnect
DC1
10.0.2.0/24
DB2SP2FE2Exch2
SQLServer
10.0.64.10010.0.64.101
10.0.64.102
SharePoint
Server
10.0.64.140
LyncServer
10.0.64.160
10.0.64.0/19
DC2
ActiveDirectory
10.0.0.10
ActiveDirectory
10.0.64.10
privatesubnet
privatesubnet
ExchangeServer
10.0.64.150
VPCCIDR10.0.0.0/16
All-in-one
Availability Zone
Private SubnetPublic Subnet
Availability Zone
Private SubnetPublic Subnet
Remote
Users
Sample
Microsoft
Architecture
Virtual Private
Gateway
Corporate
Office
IIS
App
IIS
Web
IIS
App
IIS
Web
VPN
AWS Direct
Connect
Internet
Gateway
RDGW
VPC NAT
Gateway
RDGW
VPC NAT
Gateway
AWS
Directory
Service
AWS
Directory
Service
MS
SQL
MS
SQL
Always On
Availability
Group
VPC Endpoint Amazon S3
Going beyond infrastructure
SharePoint BLOB storage on S3
Export mails to Amazon S3
AWS Marketplace
• On-demand, license included, or BYOL SharePoint
• http://tinyurl.com/AWS-SPS-MP
Quick Starts
• http://tinyurl.com/AWS-MS-QS
AWS SDK and Tools for .NET ArchitectureE
XE
CU
TIO
N
PLA
TF
OR
M
AW
S S
DK
LO
W-
LE
VE
L
SE
RV
ICE
AP
IS
AW
S
TO
OLS
HIG
HE
R-
LE
VE
L
UT
ILIT
Y
AP
IS
.NET 3.5 .NET 4.5 PHONE STORE
SERVICE CLIENTS
AMAZON S3
TRANSFER UTILITY
AMAZON
DYNAMODB OBJECT
PERSISTENCE
VM IMPORT RESOURCE API
AWS TOOLS FOR
WINDOWS
POWERSHELL
AWS TOOLKIT FOR
VISUAL STUDIO
ASP.NET SESSION
PROVIDERTRACE LISTENER
…
AWS ENDPOINTS: REST API
One step further: Go DevOps
• AWS Tools for Windows PowerShell
• Leverage Amazon EC2 Simple Systems Manager
• Auto domain join
• No machine access
• Full traceability
• Fine-grained control
• http://tinyurl.com/AWS-SSM-Home
Management enhancements: EC2 Run Command
Automate common tasks: Automate common administrative tasks at scale.
Delegated administration: IAM integration for full control of users and level of
access.
Auditable: Visibility and tracking of configuration changes with CloudTrail.
Customizable: Create custom actions to automate common tasks.
AWS also provides extended support
AWS Elastic Beanstalk• Deploy from within Visual Studio/automatic log rotation to Amazon S3
AWS CodeCommit/CodePipeline/CodeDeploy• Manage a large fleet (on-premises and cloud-based)
.NET SDK and PowerShell cmdlets• Integration in custom build pipelines in TFS or CruiseControl.NET
AWS is the de facto standard• Jenkins, Bamboo have native integration to AWS
• Other IDE support AWS (Unity, Xamarin Studio, Eclipse…)
Use a comprehensive set of management tools
MonitoringConfiguration
AWS CloudWatch AWS CloudTrailAWS ConfigAmazon EC2
Run Command
PowerShell
Integration
AWS CloudFormationAWS CodeDeploy AWS Elastic
Beanstalk
AWS Toolkit
for Visual
Studio
.NET SDK
Development
Microsoft licensing optionsFlexibility helps you optimize costs
Buy licenses
from AWS
Leverage License
Mobility
Bring your own
licenses (BYOL)
• Save money on software
licensing
• You manage licensing
costs and compliance with
your ISV
• No need for Software
Assurance
• AWS manages Windows
Server licensing
• You manage licensing
costs and compliance
with your ISV
• Uses Software
Assurance
• AWS manages licensing
• Pay-as-you-go pricing
• Multi-tenant or
dedicated
• No need for Software
Assurance
• Unlimited CALs
Microsoft workloads on AWS
Pay-as-you-go –AMI pricing provides access to software
• Windows Server
• SQL Server Standard
• SQL Server Web
• SQL Server Enterprise
Leverage Microsoft’s License Mobility Program
(BYOL)
• SQL Server
• SharePoint Server
• Exchange
• Lync
• RDS
• Dynamics
Leverage Dedicated Host
• Windows Server
• SQL Server - No SA
• SharePoint – No SA
• Exchange – No SA
• Lync – No SA
• Dynamics – No SA
License Mobility is a Microsoft program that allows
customers to move their existing license from on-premises
to the cloud
• Leverage their Enterprise Agreement
• Must have Software Assurance
License Mobility through Software Assurance
BYOL using dedicated hostsLicense compliance and portability
Host ID = h-123abc
Sockets = 2
Physical Cores = 20
• Maintain license compliance
• Granular resource and placement controls
• Visibility into physical resources
• Physical core and socket counts
• Capacity utilization
• Instance location
• Now supports reservations for discounted
pricing
AWS Marketplace is in the console
Browse, search, discover,
and launch thousands of
AWS Marketplace Amazon
Machine Images (AMIs)
directly from within the EC2
console
2,600+ products listed in
35 categories
AWS Training and Certification
Certification
aws.amazon.com/certification
Demonstrate your skills,
knowledge, and expertise
with the AWS platform
Self-Paced Labs
aws.amazon.com/training/
self-paced-labs
Try products, gain new
skills, and get hands-on
practice working with
AWS technologies
aws.amazon.com/training
Training
Skill up and gain
confidence to design,
develop, deploy, and
manage your applications
on AWS
Next steps
Sign up for an AWS account!
Take advantage of the Free Tier: aws.amazon.com/free
Learn more: aws.amazon.com/windows
Join us in the Expo