AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC405)

  • View
    191

  • Download
    0

Embed Size (px)

Text of AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC405)

  • 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Julien Lpine, Solutions Architect, AWS

    Brian Lewis, Partner Solutions Architect, AWS

    December 1, 2016

    Running, Configuring and

    Securing Windows Workloads

    ARC405

  • Agenda of this session

    BUILDING THE

    FOUNDATIONS

    ENSURING REPEATABLE

    DEPLOYMENTS

    ENABLING EFFICIENT

    OPERATIONS

  • Building foundations

    AWS IAM AMAZON VPC AWS DIRECTORY SERVICE

  • Building foundations: platform identity

    AWS IAM AMAZON VPC AWS DIRECTORY SERVICE

  • Platform identity

    corporate data

    center

    ADDC

    ADFS

    AWS IAM

    Amazon

    S3

    AWS

    CloudTrail

    AWS

    Config

    Logging and monitoring platform

  • Building foundations: networking

    AWS IAM AMAZON VPC AWS DIRECTORY SERVICE

  • Core network infrastructure

    Availability Zone

    Availability Zone

    Internet

    gateway

    NAT

    gateway

    NAT

    gateway

    VPN

    connection

    corporate data

    center

    Amazon

    S3

    Logging and monitoring platform

    Public subnet

    Public subnet Private Subnet

    Private Subnet

    flow logs

    Amazon

    CloudWatch Logs

    Availability Zone

  • Building foundations: application identity

    AWS IAM AMAZON VPC AWS DIRECTORY SERVICE

  • Windows identity

    Availability Zone

    Availability Zone

    Internet

    gateway

    NAT

    gateway

    Active

    Directory Tier

    AWS Directory

    Service

    NAT

    gateway

    VPN

    connection

    corporate data

    center

    AWS IAM

    ADFS

    ADDC

  • Moving initial Microsoft workloads to AWS

    BUILDING IN THE

    CLOUD

    MIGRATION MAINTENANCESUPERVISION

  • Creating repeatable architectures

    IMAGE AUTOMATION BOOTSTRAPPING CONTAINERS AUTOMATED

    DEPLOYMENTS

    AWS

    CloudFormationAmazon ECS

    PowerShell

  • Sample platform

    Availability Zone

    Availability Zone

    Internet

    gateway

    NAT

    gateway

    NAT

    gateway

    VPN

    connection

    corporate data

    center

    ADDC

    ADFS

    AWS IAM

    users

    Active

    Directory Tier

    Database

    TierWeb Tier

    ELB

    IIS

    Server

    IIS

    Server

    Amazon

    RDSAWS Directory

    Service

  • Administration at scale

    REMOTE DESKTOP

    ACCESS

    REMOTE SCRIPTING

    RDGW Amazon

    WorkSpaces

    CLOUD CONTROL

    CENTER

    PowerShell

    AWS Tools for

    Windows

    PowerShell

    Amazon EC2

    Run Command

  • Keeping the platform up to date

    IMAGE HYGIENE

    PowerShell

    DSC Desired state

    MONITORINGCONFIGURATION

    MANAGEMENT

    Amazon

    CloudWatchAMI Automation

    PATCHING

    Patch

    management

  • Next steps

    HANDS-ON LABS ARCHITECTURE

    CENTER

    TRAINING AND

    CERTIFICATION

    AWS TOOLS FOR

    WINDOWS

    POWERSHELL

  • Thank you!

  • Remember to complete

    your evaluations!

  • Related Sessions

    Windows on AWS Sessions

    WIN201 - Simplifying Microsoft Architectures with AWS services

    WIN402 - How I learned to embrace DevOps and Configure

    Infrastructure at Scale