© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Bill Jacobi, Solutions Architect
June 20, 2016
Running Microsoft Workloads on AWS
Why Run Microsoft Servers on AWS?Amazon’s Migration to AWSDemo of Windows Architecture on AWSCost, Licensing, & Performance Architecture and Technology
Agenda
Why Run Microsoft Servers on AWS?Cloud Benefits
Agility Vertical and horizontal scaling takes place in minutes. Experiment, optimize with simple clicks or CLI commands
Cost You pay only for what you use, and you can turn up/down resources elastically according to demand or schedules
Elasticity Resources are provisioned according to demand. Horizontal and vertical scalability are programs, clicks or CLI commands.
Breadth of functionality Compute, Storage, Database, Networking, Dev Tools, Management tools, Security/Identity, Analytics, Mobile, App Services, Enterprise Apps
Go global 12 Regions across Americas, Europe, Asia, Australia, South America. 33 Availability Zones.
Why Run Microsoft Servers on AWS?AWS-specific Benefits
Add-On Compatibility ISV add-ons supported by Infrastructure as a Service platform
Enabled for compliance Applications can run under NIST, PCI, or HIPAA Accelerators that provide baseline regulatory controls
License management AWS Config can monitor license compliance of server-bound licenses on Amazon Dedicated Hosts
Auditability enabled Every API call, network packet in/out, and infrastructure change is audited, both ALLOWS/DENIES
DevOps enabled AWS CloudFormation builds infrastructure while Microsoft PowerShell builds applications, automating Windows on AWS deployments
Optimization Monitor and optimize the specific resources needed
In 2013, Amazon IT decided to migrate the Microsoft stack to AWSOver 200K Amazon users access Exchange, SharePoint, and Lync through the corporate imageExchange data points:
• There are 26 Exchange servers (4 per AZ)
• 7,600 users per server• DAG Architecture for HA• Supports users in Americas,
EMEA, and Asia
Amazon’s Migration to AWS
Demo: SharePoint Pushbutton Launch
SharePoint Deploys SharePoint Foundation running on Windows Server
View View in Designer
Launch Stack
Announcing
Accelerator for Microsoft Servers
• Single VPC for integrated cross-server experience
• Multiple AZs for high availability across all servers
• DMZ subnet for management
• Private subnet for app servers
• 2 AD sites mapped to the 2 AZs for high availability
• Connect to on-premises through AWS Direct Connect (not part of QuickStart)
• Exchange DAG architecture
• Lync Paired Pool architecture
• SQL Server Always On architecture for SharePoint
• Brick architecture represents a 10 K modular pod
• Add n pods for n-scale • Use the Microsoft capacity
calculators and load-testing tools to validate
Accelerator for Microsoft Servers
Accelerator for Microsoft Servers
• Exchange, SharePoint, Lync, SQL Server, and Active Directory on AWS
• Deployed from single Master template• 14 Servers, 2 AZs, 10 K Users• Exchange users have 5 GB mailboxes• Lync users have VOIP, video, web
conferencing, and desktop sharing• SharePoint Blog and Team Sites are
“Everyone”-enabled• ~$14/hour to operate
Demo: Microsoft Servers on AWS
Full Control of Infrastructure and Applications
$9,997 per Month or $13.70/Hour–Details
• $1.00/user/month
• Architecture supports10 K Users
• 5 GB Mailboxes
• 1 TB SSD Storage for User Profiles
$9,997 per Month or $13.70/Hour–Details
Licensing Microsoft Products on AWS
BYOL: Support for Microsoft servers• Exchange, Skype for Business,
SharePoint, Systems Center• See AWS Microsoft Licensing page for
details
License-included: Windows Server and SQL Server AMIs available from AWS
• Windows Server 2012• Windows Server 2012 R2• Windows Server 2008• Windows Server 2008 R2• Windows Server 2003• SQL Server 2012 • SQL Server 2014 http://aws.amazon.com/windows/resources/amis/
Architecture and Technology
• Architectural Considerations• SharePoint and SQL Server on AWS• Performance and Latency• DevOps • Enabled for Compliance• Auditability
Architectural Considerations
Amazon VPC
• Configure IP ranges, public/private subnets, routing tables, Internet or private gateway
Security groups, network ACLs, VPC flow logging
Remote administration
The principle of least privilege
SharePoint on AWS - link
SQL Server High Availability - link
Availability Zone 1
Private Subnet
Primary Replica
Availability Zone 2
Private Subnet
SecondaryReplica
Synchronous-commit Synchronous-commit
Automatic Failover
Primary: 10.0.2.100WSFC: 10.0.2.101AG Listener: 10.0.2.102
Primary: 10.0.3.100WSFC: 10.0.3.101AG Listener: 10.0.3.102
AG Listener:ag.awslabs.net
Performance and Latency: Wash DC–Portland, OR
88 ms round trip via Internet 59 ms round trip via Direct Connect
Basic standard in AWS for automating deployment of resources
CloudFormation template− JSON-formatted document which describes
a configuration to be deployed in an AWS account
− When deployed, refers to a “stack” of resources
PowerShell can be slipstreamed into UserData and run at instance start up
AWS CloudFormation
DevOps–CloudFormation
Create Lync FrontEnd1 Instance
Embed PowerShell
DevOps–PowerShell in CloudFormation
DevOps–AWS CodeCommitVersion Control with Git
Enterprise Accelerator for Compliance–link
Auditability Infrastructure:
− AWS CloudTrail− AWS Config− Amazon Inspector
Network:− VPC flow logs− Elastic Load Balancing access logs
Application:− Amazon CloudWatch Logs
CloudWatch Logs can integrate• Event logs• IIS logs• Event Tracing for Windows (ETW) logs• Any performance counter data• Exchange, Lync, SharePoint logs• Any text-based log files