Post on 06-Jan-2017
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Bill Jacobi, Senior Solutions Architect
November 30, 2016
Running Your First 100K
Microsoft Users on AWS
WIN303
What to Expect from the Session
Learn how AWS has built a push-button, automated solution that runs
the Microsoft Servers that have been scaled to 100K users.
This session will discuss how to build, load-test, and display metrics of a
complex Windows stack. Attendees should have familiarity with
Microsoft server architectures and AWS.
This session will cover Windows technologies mapped to AWS including
EC2 Windows, Bootstrapping, Load Balancing, CloudFormation, Elastic
Beanstalk, Elasticsearch, CodeCommit, and Direct Connect to facilitate
running a multi-tier Microsoft server stack at scale.
Why Run Microsoft Servers on AWS?
Amazon’s Migration to AWS
Microsoft Servers Quick Start
Demo of 100K Users
Load Testing with Locust and ELK stack
- SA Contributor: Len Henry
How the Solution was Built
Agenda
Why Run Microsoft Servers on AWS?
ISV Application and Add-
On Compatibility
ISV applications and add-ons are supported by the AWS
Infrastructure-as-a-Service platform
DevOps enabled AWS CloudFormation builds infrastructure while Microsoft
PowerShell builds applications, in a CI/CD lifecycle
Optimization AWS enables you to monitor, aggregate, report on, and act on
application and infrastructure metrics
Depth/breadth of services Build solutions around the Microsoft stack that combine the
Windows and Open Source ecosystems, and AWS services
Auditability enabled Every API call, network packet in/out, and infrastructure
change is audited and logged, supported by a rich policy model
License management AWS Config can monitor license compliance of server-bound
licenses on Amazon Dedicated Hosts and Dedicated Instances.
Enabled for compliance Applications can run under NIST, PCI, or HIPAA Accelerators to
provide baseline regulatory controls
In 2013, Amazon IT decided to migrate the Microsoft stack to AWS
Over 200K Amazon users access Exchange, SharePoint, and Lync through the corporate image
Exchange data points:
• There are 26 Exchange servers (4 per AZ)
• 7,600 users per server
• DAG Architecture for HA
• Supports users in Americas, EMEA, and Asia
Amazon’s Migration to AWS
Quick Start
CloudFormation
template
Deployment
Guide (PDF)
• Exchange DAG architecture
• Lync Paired Pool
architecture
• SQL Server Always On
architecture for SharePoint
• Brick architecture
represents a 10K modular
pod: Scale horizontally
• Use the Microsoft capacity
calculators to validate
logical architecture
• Use load-testing to validate
physical architecture
Microsoft Topologies
10.0.0.10
Amazon Infrastructure
• Single VPC for integrated
cross-server experience
• Multiple AZs for high
availability across all servers
• DMZ subnet for management
• Private subnet for all
application servers
• Security groups for server
roles and NACLs for subnets
• 2 AD sites mapped to the 2
AZs for high availability
• Amazon Workspaces clients
or on-premises clients
• Connect to on-premises
through VPN or AWS Direct
Connect
Microsoft Servers Quick Start
Client Demo – Microsoft Servers
Server Demo – Microsoft Servers
Load Testing 100K Users with Locust
Locust
master
Locust
worker
Locust
workerLocust
worker
Locust
worker
Locust
worker
Locust
worker
Locust
workerLocust
worker
Locust
worker
SharePoint
WFE/App1
SharePoint
WFE/App2SharePoint
WFE/App3
SharePoint
WFE/App4
SharePoint
WFE/App5
SharePoint
WFE/App6
SharePoint
WFE/App7SharePoint
WFE/App8
SharePoint
WFE/App9SharePoint WFE/App10
Log Aggregation of IIS web requests with an
ELK (ElasticSearch, LogStash, Kibana) Stack
Amazon Elasticsearch
https://www.elastic.co/products/logstash
Log Display with a Kibana Dashboard
How the Solution was Built
• CloudFormation Stacks, PowerShell, Parameters
• AWS CodeCommit
• SharePoint Logical and Physical Architecture
• Performance and Latency
• Auditability
CloudFormation is service for automating deployment of resources: EC2, VPC, NAT, and others
CloudFormation template
− JSON-formatted document which describes a configuration to be deployed in an AWS account
− When deployed, refers to a “stack” of resources
− Stacks can and should be nested for modularity
− Starting point is a usually a baseline OS or pre-configured AMI
PowerShell is inserted into instance start up in CloudFormation
CloudFormation controls configuration across reboots
AWS
CloudFormation
DevOps – CloudFormation
DevOps – AWS Cloud Formation
MasterStack orchestration
ADStack
SQLStack ExchangeStack
SharePointStack LyncStack
1
2
3 4
5 6
AZs, VPC, subnets, R53 DC, Global Catalog, DNS,
Repl
AZs, LB, VPC, R53MBOX, Edge, DAG, RDG,
AD
AZs, LB, VPC, R53FrontEnd, Edge, SQL,
RDG, AD
AZs, VPC, EIPs, storageWSFC, AlwaysOn, Quorum,
Witness, RDG, Full Backup
AZs, LB, VPC, R53WFE, AppSrv, SQL, RDG,
AD
Layer 1
Layer 2
Layer 3
MSServers Solution - 6 CloudFormation Stacks
DevOps – Nested Stacks
• Master stack calls AD; Depends on SQL and
• Stacks create modularity, reuse, and resource ordering
• See blog post for more details
"Resources": {
"ADStack": …AWS::CloudFormation::Stack…
"SQLStack": {
"Type": "AWS::CloudFormation::Stack",
"DependsOn": "ADStack",
"Properties": …
}
CloudFormation Parameters = Full Control
Create Lync FrontEnd1 Instance
Embed PowerShell
Sample of Lync Front End CFN Template
AWS CodeCommit provides version control with Git
SharePoint Logical Architecture
Performance and Latency: Wash DC–Portland, OR
88 ms round trip via Internet 59 ms round trip via Direct Connect
Auditability Infrastructure
− AWS CloudTrail
− AWS Config (see whitepaper for license auditing)
− Amazon Inspector
Network
− VPC flow logs
− Elastic Load Balancing access logs
Application
− Amazon CloudWatch Logs can integrate• IIS logs
• Event logs
• Event Tracing for Windows (ETW) logs
• Any performance counter data
• Exchange, Lync, SharePoint logs
• Any text-based log files
Dedicated Hosts
Visibility of sockets, cores, host ID
Related Sessions
Thank you!
WIN303 – Running your first 100K Microsoft users on AWS
Please fill out your evaluation form