This document summarizes a presentation about running Microsoft technologies on Amazon Web Services (AWS). It discusses:
1) Popular Microsoft workloads that are commonly used on AWS like SQL Server, SharePoint, and web applications.
2) New features of AWS that benefit Microsoft customers such as the Windows free tier, SQL Server on more instance types, and Relational Database Service.
3) Best practices for networking and security when running Windows workloads on AWS like using security groups, virtual private clouds (VPC), and Identity and Access Management (IAM).
3. Today’s Agenda
Microsoft on AWS 201
What’s Big, What’s Easy, What’s New
Networking and Security
Licensing
SQL Server on AWS
EBS, RDS, Web, oh my!
SharePoint on AWS
WFE’s,
How the US Treasury does it
Advanced Tips
Cloudformation
VM Import
4. What we assume you already know:
EC2 Instance
+
Windows Server OS
=
AWS provides pre-configured Windows AMI’s to start running
fully supported Windows Server virtual machines in the cloud
in minutes
5. Isn’t cloud Windows.. different?
• Full, real, licensed Windows Server OS
• 2003, 2008, 2008r2, all via our Microsoft SPLA licensing means no CAL’s required
• SQL Server Web and Standard via SPLA as well
• VPC for static, secure, user-defined networks
• Security groups for easy-to-configure firewalls per VM
• Easily install services and software that you know
AD, ADFS, SCOM, WSUS, SQL, Exchange, SharePoint, Media Services, etc.
• All the benefits of a cloud infrastructure without the… weird
6. What’s Big, What’s Easy, What’s New
• Web Applications Applications
• WebMatrix • SAP, Sage, ESRI, etc
• .net and IIS • Media Applications
• Microsoft Applications • Transcoding, Encoding
• SharePoint • Windows HPC Cluster
• SQL Server • Genomics
• Exchange • CFD, CAD
• System Center • Financials
• Windows Media Services
• Software Dev and Test
• ADFS
7. What’s Big, What’s Easy, What’s New
• Web Applications Applications
• WebMatrix • SAP, Sage, ESRI, etc
• .net and IIS • Media Applications
• Microsoft Applications • Transcoding, Encoding
• SharePoint • Windows HPC Cluster
• SQL Server • Genomics
• Exchange • CFD, CAD
• System Center • Financials
• Windows Media Services
• Software Dev and Test
• ADFS
9. What’s New
SQL Server Standard on more host types, and now SQL
Web Edition at a lower hourly price point
10. What’s New
Relational Database Service for SQL Server
Point and Click deployment in minutes with pre-configured Server,
OS, and DB parameters
Vertically scale with a few clicks or a single API call
Automated backups and DR
Managed database snapshots for backup or cloning
Automatic Windows and SQL Server software patching
#1: Fully Managed Disk
Plus Free Tier!
11. What’s New
Elastic Beanstalk with support for .net and Visual Studio
IIS 7.5 with full .net support
Package deployable code as a “Microsoft Web Deploy” and you’re done
Or
Use the AWS Toolkit for Visual Studio to publish builds from within your IDE
Windows Server 2008r2 with auto-scaling and Elastic Load Balancer to
distribute traffic
Application level metrics like request count, average latency
Zero lock-in or lock-out, open up the hood, RDP in, change it how you like
Plus Free Tier!
12. More What’s New?!
CloudFront support for IIS-MS 4.1 Smooth
Streaming
Windows HPC Cluster support
http://docs.amazonwebservices.com/AWSEC2/latest/Windo
wsGuide/ConfigWindowsHPC.html
m1.medium instances, cc2.8xlarge instance
13. Even more new! Storage Gateway
Your Datacenter
Amazon Elastic
Compute Cloud
(EC2)
AWS Storage
Gateway
Clients
VM SSL
Internet
On-premises Host or
Direct AWS Storage Amazon Simple
Connect Gateway Service Storage Service (S3)
Application
Servers Amazon Elastic
Block Storage
(EBS)
Direct Attached or Storage Area Network Disks
15. Security: Shared Responsibility Model
AWS Customer
• Facilities • Operating System
• Physical Security • Application
• Physical Infrastructure • Security Groups
• Network Infrastructure • OS Firewalls
• Virtualization • Network Configuration
Infrastructure • Account Management
16. So, what do you do about it?
SAS 70 Type II Audit
Encrypt data in transit
ISO 27001/2 Certification
Encrypt data at rest
PCI DSS 2.0 Level 1-5
Protect your AWS Credentials
HIPAA/SOX Compliance
Infrastructure Application Rotate your keys
FISMA Moderate
Security Security Secure your OS and applications
FEDRamp / GSA ATO
How we measure that our How can you secure your
infrastructure is secure application and what is your
responsibility?
Services Security
What security options
Enforce IAM policies
and features are
Use MFA, VPC, Leverage S3 bucket policies,
available to you? EC2 Security groups, EFS in EC2 Etc..
17. Networking and Security
• No:
• Multicast, Broadcast, Anycast, IP spoofing, Clustering
• VPC
• Statics, Routing, Network ACL + Security Group, Ingress/Egress
• VPN
• Direct Connect
18. Networking and Security
• AWS Credentials
• IAM (hint: Try the policy wizard!)
• For your Staff
• For your Applications
• MFA
• Secure Delete!
• Instance Credentials
• Keypairs
• Passwords
19. Amazon Virtual Private Cloud (VPC)
• Logically Isolated Environment
• Private IP address ranges
• Ingress and Egress Network Access Control
• Elastic IP addresses and Internet Gateway
• Hardware encrypted VPN connections or Direct Connect
10G’s
DirectConnect Amazon Virtual
Corporate Location Private Cloud
Data Center
• Wizard-based setup
20. VPC is part of the Autodesk internal network
Source: Autodesk
21. The New Enterprise IT
Availability Zone 1
Network Architecture
10G
DirectConnect NAT Private
Corporate Location Instance Subnet
Data Center VPN Gateway
Customer
Gateway
Internet Gateway Public Subnet
Amazon VPC
Availability Zone 2
Corporate
Headquarters
S3 SQS/SNS/SES SWF Elastic SimpleDB DynamoD
Beanstalk B
AWS Region
Branch Offices
22. New EC2 VPC feature:
Elastic Network Interface
• Up to 2 Addresses
• Span Subnets
• Attach/Detach
• Public or Private
24. “With AWS and 2nd Watch, we have found a much more cost
effective way to keep the lights on for a critical part of our
infrastructure while reducing the risk of IT resources getting
distracted from our core business strategies.”
David Barbieri, SVP and CIO
Business Benefits
Infra Cost Comparison • Big savings over existing infrastructure
~58% savings!
AWS Cloud • Faster network speeds
Infrastructure
• Improved load times
Old Infrastructure
• Already planning future migrations
SW Apps:
• SharePoint 2010
• SQL Server 2008
• Umbraco CMS
25. SQL Server QnD
Instance Type Matters!
m1.xlarge /= m2.xlarge
IO Throughput is, well, important
Cluster Compute for non-HPC: DB on CC
EBS /= SAN
Raid0 isn’t quite what you think on EC2
Snapshots!
ENI for HA
30. Storage Architecture
Microsoft SQL Server 2008 r2 Web, Standard or Enterprise
Data Data Data Data Ephemeral
FileGroup1 FileGroup2 FileGroup3 FileGroup4 TempDB
Raid0
Data Data Data Data
FileGroup5 FileGroup6 FileGroup7 FileGroup8
MS SQL Instance
m2.4xlarge EC2M2.4xlarge
Log Log Backup Backup
FileGroups FileGroups
1,2,3,4 5,6,7,8
FileGroups FileGroups
1,2,3,4 5,6,7,8
Instance
31. SQL on EC2 vs. SQL on RDS
Do you have 3rd party applications on the DB host?
Windows Authorization…
Complex Replication Topologies
Manual update/patch control
33. Case Study – SharePoint on AWS
• SharePoint migration and consolidation
projects with Recovery.gov, Treasury.gov,
Army Corp of Engineers and others
• Team leveraged existing Windows skills and
tool sets
• Microsoft License Mobility program to license
server applications on AWS
SW Apps: Infrastructure Cost Comparison
60%-70% savings!
• SharePoint 2010
• SQL Server 2008 AWS Cloud…
• Forefront
Old Infrastructure
34. A little fault-tolerance exercise
Elastic Load
Balancer
How much load can
you safely put on
each instance?
SharePoint EC2 SharePoint EC2
Instance #1 Instance #2
35. A little fault-tolerance exercise
Elastic Load
Balancer
SharePoint EC2 SharePoint EC2
Instance #1 Instance #2
36. A little fault-tolerance exercise
Elastic Load
Balancer
How about now?
SharePoint EC2 SharePoint EC2
Instance 1-5 Instance 6-10
37. A little fault-tolerance exercise
Elastic Load
Balancer
SharePoint EC2 SharePoint EC2
Instance 1-5 Instance 6-10
40. Case Study – BizSpark
• Mobile Application Developer
• “Scales to the moon” based on mobile campaign
demand
• Up and running with complete infrastructure
migration – in days
• Cost savings: “servers costs are 1/3 the cost… for
4 x times server power.”
SW Apps:
• IIS
• SQL Server 2008
Video Presentation: http://tinyurl.com/78uhp83
41. Licensing
• OEM aka Hourly Licensing via SPLA
• Windows OS, SQL Server Web and Standard Edition
• License Mobility aka BYOL
• Sharepoint, SQL Server, Lync, System Center, Exchange, Dynamics CRM
• RDS aka Terminal Services
• SAL via 3rd Party SPLA
• BizSpark
• Or the golden rule… Talk to your Microsoft Rep!
42. License Mobility Requirements
Must be on active Software Assurance
Enterprise Agreement
Enterprise Subscription Agreement
Open Value Agreement
Open License (with SA option)
Select Plus (with SA option)
For Licensed apps, need appropriate CALs
No migration for 90 days
43. BizSpark
• Developing Software?
• Privately Held?
• Less than 3 years old?
• Making less than $1mm USD annually?
• Join BizSpark!
49. VM Import: Cloud Recovery
(this looks a lot like a migration, doesn’t it?) Windows
Server 2008
Boot Data
Volume Drive
C: D:
VMware ESX VMDK Snapshots Amazon EBS
Availability Zone #1
Citrix Xen VHD VM Import
Microsoft Hyper-V VHD service
50. Getting Started
• Simply sign up for AWS at
http://aws.amazon.com/
• Start a Windows Server, RDP in, kick the tires.
• Take advantage of the Free Tier to experiment
with more advanced services
Notas do Editor
Security and Operational Excellence is the Top most priority. Its Priority 0. No exceptions allowed. We understand that Security and governance are often the top issues identified when we talk to our customers. Instead of tossing this over the fence, we really advice and highly recommend our customers to invest in security review early in the process. Get your security folks talk to our security folks and understand security and compliance. Security is really not on or off. It’s a spectrum of options that you can choose from that is right for your application.
Autodesk leverages Amazon VPC as extension of their corporate datacenter. VPC is part of their internal network. They had 3 datacenters since 2009, VPC is 4th datacenter. It was so successful within Autodesk that they identified several new business opportunities and products as a result of this integration.
Working with AWS solutions provider 2nd Watch to create hyper-local web and mobile platforms for travelersMigrating from co-location facility with limited flexibility, inadequate performance, and high operating expensesUtilizing Amazon EC2 with Elastic Load Balancing, Amazon S3, Amazon VPC, and Amazon CloudFront.
Three-Tier Web App has been “fork-lifted” to the cloudEverything in a single Availability ZoneLoad balanced at the Web tier and App tier using software load balancersMaster and Standby databaseElastic IP on front end load balancer onlyS3 used as DB backup instead of tapeHow can you use AWS features to make this app more highly available?
Three-Tier Web App has been “fork-lifted” to the cloudEverything in a single Availability ZoneLoad balanced at the Web tier and App tier using software load balancersMaster and Standby databaseElastic IP on front end load balancer onlyS3 used as DB backup instead of tapeHow can you use AWS features to make this app more highly available?