Architecting Enterprise Workloads on AWS Mike Pfeiffer

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Let’s Get Started Why run Windows Server on AWS? Microsoft licensing on AWS Designing a Virtual Network architecture Running Directory Services on AWS Setting up remote administrative access over the internet Designing a highly available SQL Server environment Load Balancing SharePoint front-end servers Task automation with EC2 run command Seamless recovery from failures #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Why Run Windows Servers on AWS? Security Scalability Performance Proven platform for running Windows Server at scale in the cloud – #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Microsoft Licensing on AWS #ITDevConnections Buy Licenses from AWS Bring Licenses to AWS AWS Manages License Compliance Supports current and legacy software versions CALs not required Bring existing licenses to Dedicated Hosts Bring existing licenses with License Mobility

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Designing a Virtual Network Architecture Amazon Virtual Private Cloud (VPC) Logically isolated network in the cloud Network can span multiple data centers (availability zones) Provides hybrid connectivity via VPN tunnel or AWS Direct Connect #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS VPC Architecture Overview #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections

DEMO: BUILDING AN AMAZON VPC

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Running Directory Services on AWS Fully managed directory instance (patch management and automated backups) One click provisioning Seamless domain join for member servers Single Sign-On allows users to access AWS resources with AD credentials #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS AWS Directory Service #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Running Directory Services on AWS Manage your own Active Directory on EC2 – Deploy EC2 instances running ADDS in at least two availability zones – Configure static private IP addresses and configure DNS – Deploy Writable Domain Controllers whenever possible – Consider implications of Read-Only Domain Controllers (not always compatible with enterprise workloads) #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Enable network connectivity via VPN or AWS Direct Connect Configure Security Groups to allow traffic to and from DCs on-prem Use cross forest trusts with Managed AD environments on AWS You can stretch an on-prem AD forest to AWS by managing your own DCs on EC2 #ITDevConnections Running ADDS in a Hybrid Deployment

DEMO: LAUNCH A MANAGED ADDS ENVIRONMENT ON AWS

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Seamless Domain Join Deploy Managed AD or AD Connector Create IAM instance role for EC2 instances Launch instance with role and directory assignment Instance will launch and automatically join the domain #ITDevConnections

DEMO: SEAMLESS DOMAIN JOIN

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Secure Remote Administration Deploy bastion hosts (aka jump boxes) into public subnets Control network traffic via security groups Remote Desktop Gateway, PowerShell Web Access and PowerShell Remoting are commonly used solutions #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Secure Remote Administration Architecture #ITDevConnections Availability Zone Gateway Security Group Web Security Group Private SubnetPublic Subnet Accept TCP Port 443 from Admin IP Accept TCP Port 3389 from Gateway SG AWS Administrator Corporate Data Center WEB2 TCP 443 TCP 3389 WEB1 RDGW TCP 3389

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Running SQL Server on AWS SQL Server available as a managed service through Amazon Relational Database Service (RDS) RDS provides Multi-AZ high availability out of the box You can deploy instances with SQL Server and configure high availability manually #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections Availability Zone A NAT DB Master Availability Zone B NAT DB Slave sql.example.com RDS SQL Server Architecture

ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections Availability Zone A NAT DB Failed Availability Zone B NAT DB Master sql.example.com RDS SQL Server Architecture

DEMO: DEPLOYING A MULTI-AZ RDS DATABASE INSTANCE

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Building Your Own SQL Servers on EC2 Launch SQL Enterprise AMI (at least one per AZ) Configure Storage Setup Windows Server Failover Clustering Implement Always On Availability Groups Consider using a 3 rd AZ for cluster quorum #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS SQL Always On Architecture Overview #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica Synchronous-commit Primary: WSFC: AG Listener: Primary: WSFC: AG Listener: AG Listener: sql.example.com Automatic Failover

ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica Synchronous-commit Automatic Failover Witness Server

ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections Availability Zone 1 Primary Replica Availability Zone 2 Secondary Replica Automatic Failover Witness Server Availability Zone 3

ARCHITECTING ENTERPRISE WORKLOADS ON AWS SharePoint High Availability Web tier made highly available through load balancing Application tier load balancing native to SharePoint Database tier high availability can be achieved with SQL RDS Multi-AZ or SQL Always On #ITDevConnections

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Elastic Load Balancing Managed load balancing service Spans data centers (availability zones) for seamless failover Uses health checks to determine if service can accept connections Integrated with Amazon Certificate Manager – can be used for SSL offloading with free public certificates #ITDevConnections

DEMO: DEPLOYING AN ELASTIC LOAD BALANCER

ARCHITECTING ENTERPRISE WORKLOADS ON AWS Task Automation with EC2 Run Command Automate common tasks Centralized execution and reporting Requires client side agent Works with EC2 instances and on-prem servers #ITDevConnections

DEMO: EC2 RUN COMMAND

ARCHITECTING ENTERPRISE WORKLOADS ON AWS What We Covered Why run Windows Server on AWS? Microsoft licensing on AWS Designing a Virtual Network architecture Running Directory Services on AWS Setting up remote administrative access over the internet Designing a highly available SQL Server environment Load Balancing SharePoint front-end servers Task automation with EC2 run command Seamless recovery from failures #ITDevConnections

Rate This Session Now! Rate with Mobile App: Select the session from the Agenda or Speakers menus Select the Actions tab Click Rate Session Rate with Website: Register at Go to Select this session from the list and rate it Tell Us What You Thought of This Session Be Entered to WIN Prizes! #ITDevConnections