AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC405)
Running Microsoft Workloads in the AWS Cloud Webinar
-
Upload
amazon-web-services -
Category
Technology
-
view
1.225 -
download
5
Transcript of Running Microsoft Workloads in the AWS Cloud Webinar
Running Windows Workloads on AWS
Bill Jacobi, [email protected]
©2016 Amazon Web Services, Inc. or its affiliates. All rights reserved.
AgendaAmazon Corporation migration of Microsoft Servers to AWS
Demo of Accelerator for Microsoft Servers on AWS
• Discussion: Active Directory, Security, remote administration
• Live example of SharePoint “push-button” launch
Cost, Licensing & Performance
• Licensing Options (BYOL and Amazon-provided)
• Cost of running Exchange, SharePoint, Lync, and AD on AWS
• Performance and Latency
DaaS Core Services & Proposed Solutions
Why Run Microsoft Servers on AWS?Cloud Benefits
Agility Vertical and horizontal scaling takes place in minutes. Experiment, optimize with simple clicks or CLI commands
Cost You pay only for what you use, and you can turn up/down resources elastically according to demand or schedules
Elasticity Resources are provisioned according to demand. Horizontal and vertical scalability are programs, clicks or CLI commands.
Breadth of functionality Compute, Storage, Database, Networking, Dev Tools, Management tools, Security/Identity, Analytics, Mobile, App Services, Enterprise Apps
Go global 12 Regions across Americas, Europe, Asia, Australia, South America. 33 Availability Zones.
Why Run Microsoft Servers on AWS?AWS-specific Benefits
ISV Application Compatibility ISV apps that run on Microsoft are supported by the AWS Infrastructure-as-a-Service platform
Enabled for compliance Applications can run under NIST, PCI, or HIPAA Accelerators that provide baseline regulatory controls
License management AWS Config can monitor license compliance of server-bound licenses on Amazon Dedicated Hosts
Auditability enabled Every API call, network packet in/out, and infrastructure change is audited, both ALLOWS/DENIES
DevOps enabled AWS CloudFormation builds infrastructure while Microsoft PowerShell builds applications, automating Windows on AWS deployments
Optimization Monitor and optimize the specific resources needed
Amazon Corporation migration to AWS
In 2013 Amazon IT decided to migrate the Microsoft stack to AWS Over 200K Amazon users access
Exchange, SharePoint, and Lync via the corporate image
Exchange data points
‒ There are total of 26 Exchange servers (4 per AZ)
‒ DAG Architecture for HA
‒ Supports users in Americas, EMEA, and Asia
SharePoint Push-button Launch
SharePoint Deploys SharePoint Foundation running on Windows Server
View View in Designer
Launch Stack
Availability Zone 1
private subnet
NAT
10.0.32.0/20 10.0.2.0/24
DB1SP1FE1Exch1
SQLServer
10.0.0.10010.0.0.10110.0.0.102
SharePointServer
10.0.0.140
LyncServer
10.0.0.160
ExchangeServer
10.0.0.150
RDG
Availability Zone 2
private subnet
NAT
10.0.96.0/20
RDG
Remote Users / Admins
10.0.0.0/19
On-premises datacenter
VPNDirect
Connect
DC1
10.0.2.0/24
DB2SP2FE2Exch2
SQLServer
10.0.64.10010.0.64.10110.0.64.102
SharePointServer
10.0.64.140
LyncServer
10.0.64.160
10.0.64.0/19
DC2
Active Directory10.0.0.10
Active Directory
10.0.64.10
private subnet
private subnet
ExchangeServer
10.0.64.150
VPC CIDR 10.0.0.0/16
Enterprise Accelerator for Microsoft Servers
https://docs.aws.amazon.com/quickstart/latest/accelerator-msservers/welcome.html
• Exchange, SharePoint, Lync, SQL Server, and Active Directory on AWS
• Deployed from single Master template• 14 Servers, 2 AZs, 10K Users• Exchange users have 5GB mailboxes• Lync users have VOIP, video, web
conferencing, and desktop sharing• SharePoint Blog and Team Sites are
“Everyone”-enabled• ~$14/hour to operate
Exchange, SharePoint, Lync, SQL Server, ADSolution Summary
Exchange, SharePointLync, SQL Server, AD
• Single VPC for integrated cross-server experience
• Multi-AZ for High Availability across all servers
• DMZ subnet for management• Private subnet for app servers• 2 AD Sites for high availability• Connect to on-premises
through Direct Connect (not part of QuickStart)
AWS Infrastructure
Exchange, SharePointLync, SQL Server, AD
• Exchange DAG architecture
• Lync Paired Pool architecture
• SQL Server AlwaysOn architecture for SharePoint
• Brick architecture represents a 10K modular pod
• Add n pods for n-scale • Use the Microsoft capacity
calculators and load-testing tools to validate
Microsoft Infrastructure
Licensing Microsoft Products on AWSBYOL: Support for Microsoft servers (Exchange, Lync, SharePoint, etc.)
• See AWS Microsoft Licensing page for details
SPLA: Windows Server and SQL Server AMIs available from AWS
• Windows Server 2012 R2• Windows Server 2012• Windows Server 2008 R2• Windows Server 2008• Windows Server 2003• SQL Server 2012 and SQL Server 2014
http://aws.amazon.com/windows/resources/amis/
$9,997 per month for 10,000 Users - Details
$1.00/user/month
Generally, linear scaling and linear costs
SharePoint on AWS – link
Basic standard in AWS for automating deployment of resources
CloudFormation Template− JSON-formatted document which describes
a configuration to be deployed in an AWS account
− When deployed, refers to a “stack” of resources
− PowerShell can be slipstreamed into UserData and run at instance bootstrap
AWS CloudFormation
DevOpsAWS CloudFormation
MasterStack orchestration
ADStack
SQLStack ExchangeStack
SharePointStack LyncStack
2
3 4
5 6
AZs, VPC, subnets, R53 DC, Global Catalog, DNS, Repl
AZs, LB, VPC, R53MBOX, Edge, DAG, RDG, AD
AZs, LB, VPC, R53FrontEnd, Edge, SQL, RDG,
AD
AZs, VPC, EIPs, storageWSFC, AlwaysOn, Quorum, Witness, RDG, Full Backup
AZs, LB, VPC, R53WFE, AppSrv, SQL, RDG, AD
Layer 1
Layer 2
Layer 3
DevOpsAWS CloudFormation
MSServers Solution - 6 CloudFormation Stacks
1
DevOps -- Nested Stacks
• Stacks create modularity, reuse, and resource ordering• See blog post for more details
"Resources": {"ADStack": …
AWS::CloudFormation::Stack…"SQLStack": {
"Type": "AWS::CloudFormation::Stack",
"DependsOn": "ADStack", "Properties": …
}
Performance and Latency
88 ms roundtrip via Internet 59 ms roundtrip via Direct Connect
Desktop-as-a-Service (DaaS) Core Services
Email Exchange 2013Collaboration SharePoint 2013
Unified Communications Lync 2013
Office Automation Office Client
Directory Service Active Directory
Monitoring and Automation CloudWatch LogsMicrosoft Systems Center
Resources
• AWS QuickStarts for Microsoft Workloads• https://aws.amazon.com/quickstart/#microsoft
• Building a Microsoft BackOffice Server Solution on AWS with CloudFormation (Blog post)
• https://blogs.aws.amazon.com/application-management/post/Tx283EYG3AA5RSD/Building-a-Microsoft-BackOffice-Server-Solution-on-AWS-with-AWS-CloudFormation
• Getting Started with Amazon EC2 Windows Instances• https://
docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/EC2_GetStarted.html