This document summarizes a presentation about running Microsoft technologies on Amazon Web Services (AWS). It discusses: 1) Popular Microsoft workloads that are commonly used on AWS like SQL Server, SharePoint, and web applications. 2) New features of AWS that benefit Microsoft customers such as the Windows free tier, SQL Server on more instance types, and Relational Database Service. 3) Best practices for networking and security when running Windows workloads on AWS like using security groups, virtual private clouds (VPC), and Identity and Access Management (IAM).

1. AWS Summit 2012 | Melbourne
Welcome
Best Practices: Microsoft on AWS

2. AWS Summit 2012 | Melbourne
Welcome
Miles Ward – Solutions Architect
@milesward

3. Today’s Agenda
Microsoft on AWS 201
What’s Big, What’s Easy, What’s New
Networking and Security
Licensing
SQL Server on AWS
EBS, RDS, Web, oh my!
SharePoint on AWS
WFE’s,
How the US Treasury does it
Advanced Tips
Cloudformation
VM Import

4. What we assume you already know:
EC2 Instance
+
Windows Server OS
=
AWS provides pre-configured Windows AMI’s to start running
fully supported Windows Server virtual machines in the cloud
in minutes

5. Isn’t cloud Windows.. different?
• Full, real, licensed Windows Server OS
• 2003, 2008, 2008r2, all via our Microsoft SPLA licensing means no CAL’s required
• SQL Server Web and Standard via SPLA as well
• VPC for static, secure, user-defined networks
• Security groups for easy-to-configure firewalls per VM
• Easily install services and software that you know
AD, ADFS, SCOM, WSUS, SQL, Exchange, SharePoint, Media Services, etc.
• All the benefits of a cloud infrastructure without the… weird

6. What’s Big, What’s Easy, What’s New
• Web Applications Applications
• WebMatrix • SAP, Sage, ESRI, etc
• .net and IIS • Media Applications
• Microsoft Applications • Transcoding, Encoding
• SharePoint • Windows HPC Cluster
• SQL Server • Genomics
• Exchange • CFD, CAD
• System Center • Financials
• Windows Media Services
• Software Dev and Test
• ADFS

7. What’s Big, What’s Easy, What’s New
• Web Applications Applications
• WebMatrix • SAP, Sage, ESRI, etc
• .net and IIS • Media Applications
• Microsoft Applications • Transcoding, Encoding
• SharePoint • Windows HPC Cluster
• SQL Server • Genomics
• Exchange • CFD, CAD
• System Center • Financials
• Windows Media Services
• Software Dev and Test
• ADFS

8. What’s New
Windows Free Tier

9. What’s New
SQL Server Standard on more host types, and now SQL
Web Edition at a lower hourly price point

10. What’s New
Relational Database Service for SQL Server
Point and Click deployment in minutes with pre-configured Server,
OS, and DB parameters
Vertically scale with a few clicks or a single API call
Automated backups and DR
Managed database snapshots for backup or cloning
Automatic Windows and SQL Server software patching
#1: Fully Managed Disk
Plus Free Tier!

11. What’s New
Elastic Beanstalk with support for .net and Visual Studio
IIS 7.5 with full .net support
Package deployable code as a “Microsoft Web Deploy” and you’re done
Or
Use the AWS Toolkit for Visual Studio to publish builds from within your IDE
Windows Server 2008r2 with auto-scaling and Elastic Load Balancer to
distribute traffic
Application level metrics like request count, average latency
Zero lock-in or lock-out, open up the hood, RDP in, change it how you like
Plus Free Tier!

12. More What’s New?!
CloudFront support for IIS-MS 4.1 Smooth
Streaming
Windows HPC Cluster support
http://docs.amazonwebservices.com/AWSEC2/latest/Windo
wsGuide/ConfigWindowsHPC.html
m1.medium instances, cc2.8xlarge instance

13. Even more new! Storage Gateway
Your Datacenter
Amazon Elastic
Compute Cloud
(EC2)
AWS Storage
Gateway
Clients
VM SSL
Internet
On-premises Host or
Direct AWS Storage Amazon Simple
Connect Gateway Service Storage Service (S3)
Application
Servers Amazon Elastic
Block Storage
(EBS)
Direct Attached or Storage Area Network Disks

14. Security

15. Security: Shared Responsibility Model
AWS Customer
• Facilities • Operating System
• Physical Security • Application
• Physical Infrastructure • Security Groups
• Network Infrastructure • OS Firewalls
• Virtualization • Network Configuration
Infrastructure • Account Management

16. So, what do you do about it?
SAS 70 Type II Audit
Encrypt data in transit
ISO 27001/2 Certification
Encrypt data at rest
PCI DSS 2.0 Level 1-5
Protect your AWS Credentials
HIPAA/SOX Compliance
Infrastructure Application Rotate your keys
FISMA Moderate
Security Security Secure your OS and applications
FEDRamp / GSA ATO
How we measure that our How can you secure your
infrastructure is secure application and what is your
responsibility?
Services Security
What security options
Enforce IAM policies
and features are
Use MFA, VPC, Leverage S3 bucket policies,
available to you? EC2 Security groups, EFS in EC2 Etc..

17. Networking and Security
• No:
• Multicast, Broadcast, Anycast, IP spoofing, Clustering
• VPC
• Statics, Routing, Network ACL + Security Group, Ingress/Egress
• VPN
• Direct Connect

18. Networking and Security
• AWS Credentials
• IAM (hint: Try the policy wizard!)
• For your Staff
• For your Applications
• MFA
• Secure Delete!
• Instance Credentials
• Keypairs
• Passwords

19. Amazon Virtual Private Cloud (VPC)
• Logically Isolated Environment
• Private IP address ranges
• Ingress and Egress Network Access Control
• Elastic IP addresses and Internet Gateway
• Hardware encrypted VPN connections or Direct Connect
10G’s
DirectConnect Amazon Virtual
Corporate Location Private Cloud
Data Center
• Wizard-based setup

20. VPC is part of the Autodesk internal network
Source: Autodesk

21. The New Enterprise IT
Availability Zone 1
Network Architecture
10G
DirectConnect NAT Private
Corporate Location Instance Subnet
Data Center VPN Gateway
Customer
Gateway
Internet Gateway Public Subnet
Amazon VPC
Availability Zone 2
Corporate
Headquarters
S3 SQS/SNS/SES SWF Elastic SimpleDB DynamoD
Beanstalk B
AWS Region
Branch Offices

22. New EC2 VPC feature:
Elastic Network Interface
• Up to 2 Addresses
• Span Subnets
• Attach/Detach
• Public or Private

23. SQL Server

24. “With AWS and 2nd Watch, we have found a much more cost
effective way to keep the lights on for a critical part of our
infrastructure while reducing the risk of IT resources getting
distracted from our core business strategies.”
David Barbieri, SVP and CIO
Business Benefits
Infra Cost Comparison • Big savings over existing infrastructure
~58% savings!
AWS Cloud • Faster network speeds
Infrastructure
• Improved load times
Old Infrastructure
• Already planning future migrations
SW Apps:
• SharePoint 2010
• SQL Server 2008
• Umbraco CMS

25. SQL Server QnD
Instance Type Matters!
m1.xlarge /= m2.xlarge
IO Throughput is, well, important
Cluster Compute for non-HPC: DB on CC
EBS /= SAN
Raid0 isn’t quite what you think on EC2
Snapshots!
ENI for HA

26. Example:
a fork-lifted app, with
a fork-lifted DB

27. Example:
Fault-Tolerant

28. Replication

29. Replication Architectures

30. Storage Architecture
Microsoft SQL Server 2008 r2 Web, Standard or Enterprise
Data Data Data Data Ephemeral
FileGroup1 FileGroup2 FileGroup3 FileGroup4 TempDB
Raid0
Data Data Data Data
FileGroup5 FileGroup6 FileGroup7 FileGroup8
MS SQL Instance
m2.4xlarge EC2M2.4xlarge
Log Log Backup Backup
FileGroups FileGroups
1,2,3,4 5,6,7,8
FileGroups FileGroups
1,2,3,4 5,6,7,8
Instance

31. SQL on EC2 vs. SQL on RDS
Do you have 3rd party applications on the DB host?
Windows Authorization…
Complex Replication Topologies
Manual update/patch control

32. SharePoint

33. Case Study – SharePoint on AWS
• SharePoint migration and consolidation
projects with Recovery.gov, Treasury.gov,
Army Corp of Engineers and others
• Team leveraged existing Windows skills and
tool sets
• Microsoft License Mobility program to license
server applications on AWS
SW Apps: Infrastructure Cost Comparison
60%-70% savings!
• SharePoint 2010
• SQL Server 2008 AWS Cloud…
• Forefront
Old Infrastructure

34. A little fault-tolerance exercise
Elastic Load
Balancer
How much load can
you safely put on
each instance?
SharePoint EC2 SharePoint EC2
Instance #1 Instance #2

35. A little fault-tolerance exercise
Elastic Load
Balancer
SharePoint EC2 SharePoint EC2
Instance #1 Instance #2

36. A little fault-tolerance exercise
Elastic Load
Balancer
How about now?
SharePoint EC2 SharePoint EC2
Instance 1-5 Instance 6-10

37. A little fault-tolerance exercise
Elastic Load
Balancer
SharePoint EC2 SharePoint EC2
Instance 1-5 Instance 6-10

39. Licensing

40. Case Study – BizSpark
• Mobile Application Developer
• “Scales to the moon” based on mobile campaign
demand
• Up and running with complete infrastructure
migration – in days
• Cost savings: “servers costs are 1/3 the cost… for
4 x times server power.”
SW Apps:
• IIS
• SQL Server 2008
Video Presentation: http://tinyurl.com/78uhp83

41. Licensing
• OEM aka Hourly Licensing via SPLA
• Windows OS, SQL Server Web and Standard Edition
• License Mobility aka BYOL
• Sharepoint, SQL Server, Lync, System Center, Exchange, Dynamics CRM
• RDS aka Terminal Services
• SAL via 3rd Party SPLA
• BizSpark
• Or the golden rule… Talk to your Microsoft Rep!

42. License Mobility Requirements
Must be on active Software Assurance
Enterprise Agreement
Enterprise Subscription Agreement
Open Value Agreement
Open License (with SA option)
Select Plus (with SA option)
For Licensed apps, need appropriate CALs
No migration for 90 days

43. BizSpark
• Developing Software?
• Privately Held?
• Less than 3 years old?
• Making less than $1mm USD annually?
• Join BizSpark!

44. Extra Tricks

45. Cloudformation
http://aws.amazon.com/cloudformation/aws-cloudformation-templates/

49. VM Import: Cloud Recovery
(this looks a lot like a migration, doesn’t it?) Windows
Server 2008
Boot Data
Volume Drive
C: D:
VMware ESX VMDK Snapshots Amazon EBS
Availability Zone #1
Citrix Xen VHD VM Import
Microsoft Hyper-V VHD service

50. Getting Started
• Simply sign up for AWS at
http://aws.amazon.com/
• Start a Windows Server, RDP in, kick the tires.
• Take advantage of the Free Tier to experiment
with more advanced services