running microsoft enterprise workloads on amazon web services
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
James Saull, Principal Solutions Architect
April 28th, 2016
Microsoft Workloads on AWS
Agenda
Reasons customers are running Microsoft on AWS
What Microsoft workloads run on AWS
Developing .NET / PSH on AWS
Licensing
Publishing your Microsoft stacks in AWS Service Catalog
https://aws.amazon.com/windows/
Why run Microsoft workloads on AWS
Building and managing cloud since 2006
12 regions, 33 availability zones, 54 edge locations
Thousands of partners; 2,500+ Marketplace products
Security & Reliability
Performance
Experience
Scale
Ecosystem
Extensive VM and network performance options
Security in layers approach and 99.95% application SLA
SecurityA few of our many certifications:
Secured premises
Secured access
Built-in firewalls
Unique users
Multi-factor authentication
Private subnets
Encrypted data storage
Dedicated connection
https://aws.amazon.com/compliance/https://aws.amazon.com/security/
Reliability
Easily build highly available applications
ELB distributes load (ideal for SharePoint)
Auto Scaling for availability and scalability
Use multiple Availability Zones (AZs)
High Performance
High performance instances (X1) and HPC solutions
https://aws.amazon.com/hpc/
Automated instance scaling (EC2 Auto Scaling)
Dedicated low-latency network (AWS Direct Connect)
Ensure storage performance (AWS EBS Provisioned IOPS)
Every imaginable use case
Collaboration
Full/Partial Franchise Migration
Web / Mobile / Media
ERP
VDI
BI
https://aws.amazon.com/windows/case-studies/
Information Security
Corporate Applications End User ComputingBusiness Applications
Amazon EC2 Windows,
Amazon RDS,
AWS CloudFormation,
AWS CloudFront
Amazon EC2 Windows,
AWS Directory Service,
Amazon RDS,
AWS Marketplace
Amazon WorkSpaces,
Amazon AppStream, AWS
Marketplace,
AWS Mobile Services, SaaS
AWS Identity and Access Management
(IAM), AWS CloudHSM, AWS Key
Management Service, Security
Groups, AWS Marketplace
Amazon EC2, Amazon S3, Amazon RDS,
Amazon VPC, Amazon Direct Connect,
Directory Service, AWS IAM,
AWS Service Catalog
Infrastructure
AWS service offerings for Microsoft workloads
AWS Elastic Beanstalk,
AWS CodeDeploy,
AWS CloudFormationDevOps
Corporate Apps in AWS
Deploy highly available applications
BYOL or pay per use
Security in layers approach helps with
compliance
Leverage multi-AZ architectures for
reliability & availability
Availability Zone 1
private subnet
NAT
10.0.32.0/20 10.0.2.0/24
DB1SP1FE1Exch1
SQLServer
10.0.0.10010.0.0.101
10.0.0.102
SharePoint
Server
10.0.0.140
LyncServer
10.0.0.160
ExchangeServer
10.0.0.150
RDG
Availability Zone 2
private subnet
NAT
10.0.96.0/20
RDG
Remote
Users / Admins
10.0.0.0/19
On-premisesdatacenter
VPNDirectConnect
DC1
10.0.2.0/24
DB2SP2FE2Exch2
SQLServer
10.0.64.10010.0.64.101
10.0.64.102
SharePoint
Server
10.0.64.140
LyncServer
10.0.64.160
10.0.64.0/19
DC2
ActiveDirectory
10.0.0.10
ActiveDirectory
10.0.64.10
privatesubnet
privatesubnet
ExchangeServer
10.0.64.150
VPCCIDR10.0.0.0/16
All-in-one
https://aws.amazon.com/quickstart/
Going beyond infrastructure
SharePoint BLOB storage on S3
Export mails to Amazon S3
AWS Marketplace
• On-Demand, License Included or BYOL SharePoint
• http://tinyurl.com/AWS-SPS-MP
Quick Starts
• http://tinyurl.com/AWS-MS-QS
SQL Server High Availability
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica
Synchronous-commit Synchronous-commit
Automatic Failover
Primary: 10.0.2.100
WSFC: 10.0.2.101
AG Listener: 10.0.2.102
Primary: 10.0.3.100
WSFC: 10.0.3.101
AG Listener: 10.0.3.102
AG Listener:
ag.awslabs.net
https://aws.amazon.com/windows/resources/whitepapers/alwayson/
SQL Server Disaster Recovery & Backup
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Secondary
Replica 1
Private Subnet
AG Listener:
ag.awslabs.net
Corporate Network
VPN
Automatic Failover
Secondary
Replica 2
(Readable)
Reporting
Application
Backups
Manual Failover
■ AD Integrated
■ Automated failover
■ Automated patching
■ Automated backup
■ Point-in-time recovery
Amazon RDS for SQL Server
Amazon RDS
Simple Systems Manager
• Configuration is continuously applied
• No machine access
• Full traceability - calls audited in AWS CloudTrail
• Fine-grained control
• Run Command (pre-defined):• AWS-JoinDirectoryServiceDomain
• AWS-RunPowerShellScript
• AWS-UpdateEC2Config
• AWS-ConfigureWindowsUpdate
• AWS-InstallApplication
• AWS-InstallPowerShellModule
• AWS-ConfigureCloudWatch
• http://tinyurl.com/AWS-SSM-Home
AWS SDK and Tools for .NET ArchitectureE
XE
CU
TIO
N
PLA
TF
OR
M
AW
S S
DK
LO
W-
LE
VE
L
SE
RV
ICE
AP
IS
AW
S
TO
OLS
HIG
HE
R-
LE
VE
L
UT
ILIT
Y
AP
IS
.NET 3.5 .NET 4.5 PHONE STORE
SERVICE CLIENTS
AMAZON S3
TRANSFERUTILITY
AMAZON
DYNAMODB OBJECT
PERSISTANCE
VM IMPORT RESOURCE API
AWS TOOLS FOR
WINDOWS
POWERSHELL
AWS TOOLKIT FOR
VISUAL STUDIO
ASP.NET SESSION
PROVIDERTRACE LISTENER
…
AWS ENDPOINTS: REST API
https://aws.amazon.com/visualstudio/
Blob Storage in Amazon S3
var bucketName = "<BucketName>";
var fileName = "<FileName>";
var s3Client = new Amazon.S3.AmazonS3Client();
// Write Data to Amazon S3
s3Client.PutObject(new Amazon.S3.Model.PutObjectRequest {
BucketName = bucketName,
Key = fileName,
InputStream = fileStream
});
// Read Data from Amazon S3
var s3Object = s3Client.GetObject(bucketName, fileName);
Amazon S3
Loose Coupling Sets You Free
var queueUrl = "https://sqs.<region>.amazonaws.com/<AcctNum>/<QueueName>";
var sqsClient = new Amazon.SQS.AmazonSQSClient();
// Send to Amazon SQS
sqsClient.SendMessage(queueUrl, "My Message Data");
// Process Amazon SQS
while(!exit) {
var messages = sqsClient.ReceiveMessage(queueUrl);
foreach(var message in messages.Messages) {
// Process message then delete
sqsClient.DeleteMessage(queueUrl, message.ReceiptHandle);
}
}
Amazon SQS
AWS Also Provides Extended Support
AWS Elastic Beanstalk• Deploy from within Visual Studio / Automatic Log Rotation to Amazon S3
AWS CodeCommit / CodePipeline / CodeDeploy• Manage a large (on-premises and cloud-based) fleet
.NET SDK and PowerShell CmdLets• Get-Command -Module AWSPowerShell | Measure-Object -Line
• 1821
AWS is the de-facto standard• Jenkins, Bamboo have native integration to AWS
• Other IDE Support AWS (Unity, Xamarin Studio, Eclipse…)
Microsoft licensing options
Flexibility helps you optimize costs
Buy licenses from AWS
• AWS manages licensing
• Pay as you go pricing
• Multi-tenant or Dedicated
• No need for Software Assurance
• Unlimited CALs
Bring your own licenses (BYOL)
• Save money on software licensing
• You manage licensing costs and compliance with your ISV
• No need for Software Assurance
Leverage License Mobility
• AWS manages Windows Server licensing
• You manage licensing costs and compliance with your ISV
• Uses Software Assurance
BYOL using Dedicated HostsLicense compliance and portability
Host ID = h-123abc
Sockets = 2
Physical Cores = 20
• Maintain license compliance
• Granular resource and placement controls
• Visibility into physical resources
• Physical core and socket counts
• Capacity utilization
• Instance location
• Now supports reservations for discounted
pricing
https://aws.amazon.com/ec2/dedicated-hosts/
Supportability on AWS
Microsoft workloads are supported on AWS. Amazon Web Services fully supports Microsoft Windows Server as both infrastructure and a platform. Our customers have successfully deployed in the AWS cloud virtually every Microsoft application available, including Microsoft Exchange, SharePoint, Lync, Dynamics, and Remote Desktop Services.
If you have support related issues you should contact AWS Support.
What is AWS Service Catalog?
AWS Service Catalog allows organizations to create and manage
catalogs of IT services. It enables users to quickly deploy the approved
IT services they need in a self-service manner.
Organizations Developers
Control
Standardization
Governance
AgilitySelf-service
Time to market
Why should I use AWS Service Catalog?
Self-service
• Increase agility with access to services
• Improve employee satisfaction
Promote standardization
• Share best practices
• Compliance with business goals and policies
Control provisioning of AWS resources
• Tag at provisioning
• Restrict user permissions
IT Product Lifecycle Management in AWS
CloudFormation
templateAdmin
Define
AWS Service Catalog
Publish
CloudFormation
stack
Users
Browse and Launch
AWS CloudTrail Amazon S3
Monitors
Logs all API calls
AWS CloudWatchalarm
Monitors
Initiates
Notifies
AWS Config
Track changesNotifies
Changes
Provisions
Procure
Package