Microsoft Best Practices on AWS Julien Lépine, Solutions Architect, AWS EMEA September 22 nd, 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Why Customers Choose AWS for Windows workloads Experience & Innovation 8 years Running Windows workloads Availability & Performance 35 Availability Zones Spanning 13 geographic regions Customer-focus 52 price reductions Since 2006 Over 70 Service offerings Capable of delivering 48,000instance With consistency IOPS/ Hundreds of $ Millions Saved by customers based on 2.6 million AWS Trusted Advisor notifications
Amazon and Microsoft Thousands customers Running Microsoft workloads Support end-to-end engagement SQL, Exchange, SharePoint, Skype, Dynamics Gold Hosting Partner Since 2009 Windows offerings on Marketplace Hundreds Windows, SQL, SharePoint
AWS Competency Program Recognizing partners with proficiencies in key solutions, verticals & infrastructure Key Benefits Enables Differentiation Larger 2016 Funding Benefits Big Data Mobile Security DevOps Featured on the AWS Solutions Pages Prioritized Marketing Activities Highlighted on Partner Directory Marketing & Commerce Digital Media Healthcare Life Sciences Storage Microsoft SAP Oracle
Why Run Microsoft Servers on AWS? AWS-specific Benefits One Cloud Platform Legacy Support ISV Application Compatibility License Management Auditability Enabled DevOps Enabled Optimization Supports all heterogeneous workloads (Windows, Linux, SAP, Oracle, opensource etc), making DC migrations less complex, lowering cost of managed services and enhancing partner margins for managed services. Supports all legacy to current versions of Windows, SQL, SharePoint etc. The most comprehensive ISV applications in the marketplace. Greater flexibility when porting legacy licenses utilizing Amazon Dedicated Hosts. Unique capability to monitor and audit every API call, network packet in/out and infrastructure change. Complete framework for automation of your Applications. Automated platform for ensuring optimal; reliability, security, performance and cost optimization via our Trusted Advisor Program.
Innovation: Windows on AWS EC2 Run Command on-prem MSFT SharePoint SQL 2016 EC2 Dedicated Hosts (BYOL) Customer Adoption WS 2008 & SQL Server 2008 WS 2003.NET SDK WS 2012 & SQL Server 2012 EC2 Dedicated Instances (BYOL) WS 2008 R2 SQL Server 2008 R2 Visual Studio Toolkit AWS Directory Service MSFT SCOM plug-in release MSFT SCVMM Plug-in AWS Tools for Windows PowerShell Amazon RDS adds SQL Server EC2 Run Command 2008 Today
Identity Best Practices
Infrastructure Identity Management: AWS IAM Role Based Access Control Multi-Factor Authentication Integrated with all AWS Services IAM Roles
Server / Application Identity Management Federation / Synchronization DC1 DC1 Paris Paris DC3 Private subnet Availability Zone A company.cloud DC4 Private subnet Availability Zone B Direct Connect DC2 company.local DC3 Private subnet Availability Zone A Cost 10 company.local DC4 Private subnet Availability Zone B Direct Connect Cost 50 DC2 company.local AWS Directory Services company.cloud London Corporate Network London Corporate Network Isolated / Federated Domains Single Domain DC1 DC1 Paris Paris DC3 cloud.company.local Private subnet Availability Zone A DC4 Private subnet Availability Zone B Direct Connect DC2 company.local DC3 Private subnet Availability Zone A company.cloud DC4 Private subnet Availability Zone B Direct Connect DC2 company.local London London Corporate Network AWS Directory Services Corporate Network company.cloud Sub Domain Resource Forest
User Identity Federation with Amazon IAM Enterprise Applications Active Directory AD Users Corporate Systems Amazon EC2 Amazon Identity & Access Management IAM Roles Amazon S3 Amazon DynamoDB
SQL Server
SQL Server High Availability Primary Replica Secondary Replica Primary Replica Secondary Replica Automatic Failover Automatic Failover Availability Zone 1 Availability Zone 2 Availability Zone 1 Availability Zone 2 SoftNAS / SIOS Witness Server Availability Zone 3 Failover Cluster Instance Always On Availability Group Corporate Network Synchronous-commit Synchronous-commit Asynchronous-commit Manual Failover Primary Replica Private Subnet Availability Zone 1 Automatic Failover AG Listener: ag.awslabs.net Secondary Replica 1 Private Subnet Availability Zone 2 Secondary Replica 2 (Readable) Reporting Application Primary Replica Private Subnet Availability Zone 1 Automatic Failover AG Listener: ag.awslabs.net Secondary Replica 1 Private Subnet Availability Zone 2 VPN Secondary Replica 2 (Readable) Reporting Application Backups AOAG with Readable Replica Off-site / Multi Region HA
Amazon RDS for SQL Server AD Integrated Automated failover Automated patching Amazon RDS Automated backup Point-in-time recovery
Server Products
Core Infra
SharePoint, Exchange, Lync: All-in-one Availability Zone 1 private subnet private subnet NAT Exch1 FE1 SP1 DB1 DC1 RDG Exchange Lync SharePoint Server Server Server 10.0.0.150 10.0.0.160 10.0.0.140 10.0.32.0/20 10.0.2.0/24 10.0.0.0/19 SQL Server 10.0.0.100 10.0.0.101 10.0.0.102 Active Directory 10.0.0.10 Remote Users / Admins On-premises datacenter VPN Direct Connect private subnet NAT Exch2 FE2 private subnet SP2 DB2 DC2 RDG 10.0.96.0/20 Exchange Server 10.0.64.150 Lync SharePoint Server Server 10.0.64.160 10.0.64.140 10.0.2.0/24 10.0.64.0/19 SQL Server 10.0.64.100 10.0.64.101 10.0.64.102 Active Directory 10.0.64.10 Availability Zone 2 VPC CIDR 10.0.0.0/16
Going beyond just infrastructure SharePoint BLOB storage on S3 Export mails to Amazon S3 AWS Marketplace Quick Starts
Licensing and Support
License Mobility through Software Assurance License Mobility is a Microsoft Program that allows customers to move their existing license from on premises to the cloud Leverage their Enterprise Agreement Must have Software Assurance
Microsoft Workloads on AWS Pay-as-you-go AMI pricing provides access to software Windows Server SQL Server Standard SQL Server Web SQL Server Enterprise Leverage Microsoft s License Mobility Program (BYOL) SQL Server SharePoint Server Exchange Lync RDS Dynamics Leveraged Dedicated Host Windows Server SQL Server no SA SharePoint no SA Exchange no SA Lync no SA Dynamics No SA
Licensing Continuum License Included Hybrid BYOL Amazon manages the licenses Pay-as-you-go pricing Multi-tenant or dedicated No license management overhead Baseline in BYOL Leverage scalability and pay-as-you-go where applicable Limit management overhead Import and use your own software Reduce your spend if you already pay an ISV for licensing You manage licensing costs and compliance with your ISV Committed contracts with your ISVs
Supportability on AWS Microsoft workloads are supported on AWS. Amazon Web Services fully supports Microsoft Windows Server as both infrastructure and a platform. Our customers have successfully deployed in the AWS cloud virtually every Microsoft application available, including Microsoft Exchange, SharePoint, Lync, Dynamics, and Remote Desktop Services. If you have support related issues you should contact AWS Support.
Developers
AWS SDK and Tools for.net Architecture AWS TOOLS AWS TOOLS FOR WINDOWS POWERSHELL AWS TOOLKIT FOR VISUAL STUDIO ASP.NET SESSION PROVIDER TRACE LISTENER AWS SDK HIGHER- LEVEL UTILITY LOW- LEVEL SERVICE APIS APIS AMAZON S3 TRANSFERUTILITY AMAZON DYNAMODB VM IMPORT OBJECT PERSISTANCE SERVICE CLIENTS RESOURCE API EXECUTION PLATFORM.NET 3.5.NET 4.5 PHONE STORE AWS ENDPOINTS: REST API
AWS Toolkit for Visual Studio Full Integration in Visual Studio
Blob storage in Amazon S3 var bucketname = "<BucketName>"; var filename = "<FileName>"; var s3client = new Amazon.S3.AmazonS3Client(); Amazon S3 // Write Data to Amazon S3 s3client.putobject(new Amazon.S3.Model.PutObjectRequest { BucketName = bucketname, }); Key = filename, InputStream = filestream // Read Data from Amazon S3 var s3object = s3client.getobject(bucketname, filename);
Loose Coupling with Amazon SQS var queueurl = "https://sqs.<region>.amazonaws.com/<acctnum>/<queuename>"; var sqsclient = new Amazon.SQS.AmazonSQSClient(); Amazon SQS // Send to Amazon SQS sqsclient.sendmessage(queueurl, "My Message Data"); // Process Amazon SQS while(!exit) { var messages = sqsclient.receivemessage(queueurl); foreach(var message in messages.messages) { // Process message then delete sqsclient.deletemessage(queueurl, message.receipthandle); } }
AWS Also Provides Extended Support AWS Elastic Beanstalk Deploy from within Visual Studio / Automatic Log Rotation to Amazon S3 AWS CodeCommit / CodePipeline / CodeDeploy Manage a large (on-premises and cloud-based) fleet.net SDK and PowerShell CmdLets Integration in custom build pipelines in TFS or CruiseControl.NET AWS is the de-facto standard Most CI tools have native integration to AWS Other IDEs support AWS (Unity, Xamarin Studio, Eclipse )
MSDN
DevOps
Automate Everything AWS Tools for Windows PowerShell Leverage AWS Simple Systems Manager Run Command Auto-Domain Join No machine access Full traceability Fine-grained control
Automation for every use case Amazon EC2 AWS OpsWorks AWS Elastic BeanStalk AWS Lambda IAAS* DEVOPS DEV OPS PAAS* AWS CloudFormation * Definition may vary AUTOMATION
We are here to help
Thousands of customers, every imaginable use case Collaboration Full/Partial Franchise Migration Web / Mobile / Media Mail ERP VDI BI
AWS Well Architected Framework SECURITY RELIABILITY PERFORMANCE COST OPTIMIZATION
AWS Resources for Partners Partner Development Managers Professional Services Solutions Architects Enterprise Support
AWS Training and Certification Self-Paced Labs Training Certification Try products, gain new skills, and get hands-on practice working with AWS technologies aws.amazon.com/training/ self-paced-labs Skill up and gain confidence to design, develop, deploy and manage your applications on AWS aws.amazon.com/training Demonstrate your skills, knowledge, and expertise with the AWS platform aws.amazon.com/certification
Thank you!