(arc204) architecting microsoft workloads on aws | aws re:invent 2014
DESCRIPTION
Are you interested in implementing key Microsoft workloads such as Windows Server, Active Directory, SQL Server, or SharePoint Server on AWS? Have you wondered how to securely manage your Microsoft-based workloads on AWS? In this session, we step you through the architectural considerations, implementation steps, and best practices for deploying and administering these key Microsoft workloads on the AWS cloud. Find out how to deploy these workloads on your own, or by using automated solutions such as AWS Quick Start. Hear how existing AWS customers have successfully implemented Microsoft workloads on AWS and walk away with a better idea of how to implement or migrate your Microsoft-based workloads to AWS.TRANSCRIPT
![Page 1: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/1.jpg)
![Page 2: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/2.jpg)
![Page 3: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/3.jpg)
• Install critical workloads in at least two Availability Zones to provide
high availability
![Page 4: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/4.jpg)
![Page 5: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/5.jpg)
Availability Zone
Private SubnetPublic Subnet
NAT
10.0.0.0/24 10.0.2.0/24
DCDBAPPWEB
Domain
Controller
SQL
ServerApp
Server
IIS
ServerRDGW
Availability Zone
Private SubnetPublic Subnet
NAT
10.0.0.0/24 10.0.2.0/24
DCDBAPPWEB
Domain
Controller
SQL
ServerApp
Server
IIS
ServerRDGW
Remote
Users / Admins
![Page 6: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/6.jpg)
Availability Zone
Web Security Group SQL Security Group
Private SubnetPublic Subnet
Accept TCP Port 80
from Internet
Accept TCP Port
1433 from Web SG
User
WEB SQLTCP 80 TCP 1433
10.0.0.0/24 10.0.1.0/24
![Page 7: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/7.jpg)
Deploying a bastion host in each Availability Zone can provide highly
available and secure remote access over the Internet
![Page 8: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/8.jpg)
Availability Zone
Gateway Security Group Web Security Group
Private SubnetPublic Subnet
Accept TCP Port
443 from Admin IP
Accept TCP Port 3389
from Gateway SG
AWS Administrator
Corporate Data Center
WEB2
TCP 443
Requires one connection:
• Connect to the RD Gateway, and the gateway proxies the
RDP connection to the back-end instance.
WEB1RDGW
![Page 9: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/9.jpg)
![Page 10: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/10.jpg)
![Page 11: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/11.jpg)
• You get DHCP in Amazon VPC (no
need to deploy your own DHCP
servers)
Connectivity with On-Prem Data Center via VPN or Direct Connect
![Page 12: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/12.jpg)
![Page 13: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/13.jpg)
![Page 14: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/14.jpg)
![Page 15: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/15.jpg)
![Page 16: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/16.jpg)
Availability Zone 1 / AD Site 1
Private SubnetPublic Subnet
10.0.0.0/24 10.0.2.0/24
DC1
Domain
ControllerExchange 2013
CAS+MBX
Availability Zone 2 / AD Site 2
Private SubnetPublic Subnet
10.0.1.0/24 10.0.3.0/24
DC2EXCH2
Domain
ControllerExchange 2013
CAS+MBX
Remote
Mail Server
EDGE1
Exchange 2013
Edge
EDGE2
Exchange 2013
Edge
EXCH1
Exchange Server 2013 running on AWS
![Page 17: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/17.jpg)
• Connectivity via VPN or Direct Connect
• Security groups must allow traffic to and from DCs on-premises
![Page 18: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/18.jpg)
Availability Zone
Private Subnet
DC3
Corporate Network
Seattle
DC1
VPN
AD forest spanning AWS and corporate
data center
Tacoma
DC2
![Page 19: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/19.jpg)
Availability Zone
Private Subnet
DC3
Corporate Network
Seattle
DC1
VPN
AD forest spanning AWS and corporate
data center
Tacoma
DC2
X
DC1 goes down, where do clients in Seattle go for
Directory Services?
![Page 20: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/20.jpg)
Availability Zone
Private Subnet
DC3
Corporate Network
Seattle / AD Site 1
DC1
VPN
AD forest spanning AWS and corporate
data center
Tacoma / AD Site 2
DC2
AD Site 3
Cost 50
Properly implemented site topology and “Try Next Closest
Site” policy enabled. Clients use least cost path to DC.
![Page 21: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/21.jpg)
![Page 22: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/22.jpg)
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica
Synchronous-commit Synchronous-commit
Primary: 10.0.2.100
WSFC: 10.0.2.101
AG Listener: 10.0.2.102
Primary: 10.0.3.100
WSFC: 10.0.3.101
AG Listener: 10.0.3.102
AG Listener:
ag.awslabs.net
Automatic Failover
![Page 23: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/23.jpg)
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica
Synchronous-commit Synchronous-commit
Automatic Failover
Witness
Server
![Page 24: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/24.jpg)
Availability Zone 1
Primary
Replica
Availability Zone 2
Secondary
Replica
Automatic Failover
Witness
Server
Availability Zone 3
![Page 25: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/25.jpg)
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica 1
Synchronous-commit Synchronous-commit
AG Listener:
ag.awslabs.net
Automatic Failover
Asynchronous-commit
Secondary
Replica 2
(Readable)
Reporting
Application
![Page 26: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/26.jpg)
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Secondary
Replica 1
Private Subnet
AG Listener:
ag.awslabs.net
Corporate Network
VPN
Automatic Failover
Secondary
Replica 2
(Readable)
Reporting
Application
Backups
Manual Failover
![Page 27: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/27.jpg)
![Page 28: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/28.jpg)
• Database-tier high availability can be
achieved with SQL AlwaysOn
• Install SharePoint using SQL Client Alias
• Update alias after making DBs highly
available, and point to an Availability
Group Listener fully qualified domain
name (FQDN)
![Page 29: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/29.jpg)
Private Subnet
Private Subnet
10.0.2.0/24
Availability Zone
Availability Zone
Public Subnet
NAT
10.0.0.0/24
DCDB
PrimaryAPPWEB
Domain
ControllerApp
Server
Web
Front-EndRDGW
Public Subnet
NAT
10.0.0.0/24 10.0.2.0/24
DCDB
SecondaryAPPWEB
Domain
ControllerApp
Server
Web
Front-EndRDGW
Users
Availability
Group
SQL
Server
SQL
Server
![Page 30: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/30.jpg)
Log Types:
• Event Logs
• IIS Logs
• Any Event Tracing for
Windows(ETW) Logs
• Any Performance Counter data
• Any text-based log files
Enables customers to easily monitor instance activity in
real time and create alarms on these events
To learn more: http://amzn.to/1qVKKkI
![Page 31: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/31.jpg)
aws.amazon.com/quickstart
![Page 32: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014](https://reader034.vdocuments.us/reader034/viewer/2022052622/559445721a28abfa2f8b4828/html5/thumbnails/32.jpg)
Please give us your feedback on this session.
Complete session evaluations and earn re:Invent swag.
http://bit.ly/awsevals