5. What we assume you already
know:
AWS provides pre-configured Windows AMI’s to
start running fully supported Windows Server
virtual machines in the cloud
in minutes
6. Isn’t cloud Windows different?
• Full, real, licensed Windows • Security groups for easy-to-
Server OS configure firewalls per VM
• 2003, 2008, 2008r2, all via • Easily install services and
our Microsoft SPLA software that you know: AD,
licensing means no CAL’s ADFS, SCOM, WSUS, SQL,
required Exchange, SharePoint,
Media Services, etc.
• SQL Server Web and
Standard via SPLA as well • All the benefits of a cloud
infrastructure without the…
• VPC for static, secure, user- weird
defined networks
7. What’s Big & Easy
• Web Applications • Windows • Transcoding, E
• WebMatrix
Media Services ncoding
• .net and IIS
• ADFS • Windows HPC
• • 3rd Party
Cluster
Microsoft
Applications
Enterprise • Genomics
•
Applications
• CFD, CAD
SharePoint • SAP, Sage, ES
•
• SQL Server RI, etc Financials
• Exchange • Media • Software Dev
Applications and Test
• System Center
8. What’s New
Windows Free Tier
• 750 hours of Amazon EC2 Linux† Micro Instance usage
• 750 hours of Amazon EC2 Microsoft Windows Server‡ Micro
Instance
• 750 hours of an Elastic Load Balancer plus 15 GB data
processing*
• 30 GB of Amazon Elastic Block Storage, plus 2 million I/Os
and 1 GB of snapshot storage*
• 750 hours of Amazon RDS Single-AZ Micro DB Instances, for
running MySQL, Oracle BYOL or SQL Server (running SQL
Server Express Edition)‡‡
9. What’s New
SQL Server Standard on more host types, and now
SQL Web Edition at a lower hourly price point
10. What’s New
Relational Database Service (RDS)
for SQL Server
• Point and Click
deployment in minutes • Managed database
with pre-configured snapshots for backup or
Server, OS, and DB cloning
parameters • Automatic Windows and
• Vertically scale with a few SQL Server software
clicks or a single API call patching
• Automated backups and • Fully Managed Disk
DR
Plus Free Tier!
11. What’s New
Elastic Beanstalk with support for .Net and Visual
Studio
• IIS 7.5 with full .net support auto-scaling and Elastic
• Package deployable code as Load Balancer to distribute
a “Microsoft Web Deploy” traffic
and you’re done • Application level metrics like
• Use the AWS Toolkit for request count, average
Visual Studio to publish latency
builds from within your IDE • Zero lock-in or lock-out, open
up the hood, RDP in, change
• Windows Server 2008r2 with it how you like
Plus Free Tier!
13. Even more New
CloudFront support for IIS-MS 4.1 Smooth Streaming
Windows HPC Cluster support
http://docs.amazonwebservices.com/AWSEC2/latest
/WindowsGuide/ConfigWindowsHPC.html
2 New Instances: m1.medium instances, cc2.8xlarge
instance
15. Licensing
• OEM aka Hourly • RDS aka Terminal
Licensing via SPLA Services
• Windows OS, SQL Server • SAL via 3rd Party SPLA
Web and Standard Edition
• BizSpark
• License Mobility aka • Or the golden rule… Talk
BYOL
to your Microsoft Rep!
• Sharepoint, SQL
Server, Lync, System
Center, Exchange, Dyna
mics CRM
16. License Mobility Requirements
• Must be on active Software Assurance
•Enterprise Agreement
•Enterprise Subscription Agreement
•Open Value Agreement
•Open License (with SA option)
•Select Plus (with SA option)
• For Licensed apps, need appropriate
CALs
• No migration for 90 days
19. Security: Shared Responsibility Model
AWS Customer
• Facilities • Operating System
• Physical Security • Application
• Physical Infrastructure • Security Groups
• Network Infrastructure • OS Firewalls
• Virtualization • Network Configuration
Infrastructure
• Account Management
20. So what do you do about it?
SAS 70 Type II Audit
Encrypt data in transit
ISO 27001/2 Certification
Encrypt data at rest
PCI DSS 2.0 Level 1-5
Protect your AWS Credentials
HIPAA/SOX Compliance
Rotate your keys
FISMA Moderate Infrastructure Application Secure your OS and applications
FEDRamp / GSA ATO Security Security
How we measure that our How can you secure your
infrastructure is secure application and what is your
responsibility?
Services Security
What security options
and features are available Enforce IAM policies
to you? Use MFA, VPC, Leverage S3 bucket policies,
EC2 Security groups, EFS in EC2 Etc..
21. Networking and Security
• No
• Multicast, Broadcast, Anycast, IP
spoofing, Clustering
• VPC
• Statics, Routing, Network ACL +
Security Group, Ingress/Egress
• VPN
• Direct Connect
22. Networking and Security
• AWS Credentials
• IAM (hint: Try the policy
wizard!)
• For your Staff
• For your Applications
• MFA
• Secure Delete!
• Instance Credentials
• Keypairs
• Passwords
23. Amazon Virtual Private Cloud (VPC)
• Logically Isolated Environment
• Private IP address ranges
• Ingress and Egress Network Access Control
• Elastic IP addresses and Internet Gateway
• Hardware encrypted VPN connections or Direct Connect
Wizard-based setup
10G’s
DirectConnect Amazon Virtual
Corporate Location Private Cloud
Data Center
24. The New Enterprise IT
Network Architecture Availability Zone 1
10G
DirectConnect
Corporate Location NAT Instance Private
Data Center VPN Gateway Subnet
Customer
Gateway
Internet Gateway Public Subnet
Amazon VPC
Availability Zone 2
Corporate
Headquarters
S3 SQS/SNS/SES SWF Elastic SimpleDB DynamoDB
Beanstalk
AWS Region
Branch Offices
25. New EC2 VPC feature:
Elastic Network Interface
• Multiple
Addresses
• Span Subnets
• Attach/Detach
• Public or Private
27. “With AWS and 2nd Watch, we have found a much more
cost effective way to keep the lights on for a critical part of
our infrastructure while reducing the risk of IT resources
getting distracted from our core business strategies.”
David Barbieri, SVP and CIO
Business Benefits
Infra Cost Comparison
~58% savings! • Big savings over existing infrastructure
• Faster network speeds
AWS Cloud Infrastructure
• Improved load times
• Already planning future migrations
Old Infrastructure
SW Apps:
• SharePoint 2010
• SQL Server 2008
• Umbraco CMS
28. SQL Server Quick and Dirty
• Instance Type • Raid0 isn’t quite what
Matters! you think on EC2
• m1.xlarge /= m2.xlarge • Snapshots!
• IO Throughput • ENI for HA
is, well, important
• Cluster Compute for
non-HPC: DB on CC
• EBS /= SAN
31. SQL on EC2 vs. SQL on
• Do you have 3 RDS
rd party applications on
the DB host?
• Windows Authorization…
• Complex Replication Topologies
• Manual update/patch control
33. Case Study – SharePoint on AWS
• SharePoint migration and consolidation
projects with Recovery.gov, Treasury.gov,
Army Corp of Engineers and others
• Team leveraged existing Windows skills and
tool sets
• Microsoft License Mobility program to license
server applications on AWS
SW Apps:
• SharePoint 2010
• SQL Server 2008
Infrastructure Cost Comparison
• Forefront
60%-70% savings!
AWS Cloud Infrastructure
Old Infrastructure
34. A little fault-tolerance
exercise
Elastic
Load
Balancer
How much load can
you safely put on
each instance?
SharePoint SharePoint
EC2 EC2
Instance #1 Instance #2
35. A little fault-tolerance
exercise
Elastic
Load
Balancer
35%-45%
SharePoint SharePoint
EC2 EC2
Instance #1 Instance #2
36. A little fault-tolerance
exercise
Elastic Load
Balancer
How about now?
SharePoint SharePoint
EC2 EC2
Instance 1-5 Instance 6-
10
37. A little fault-tolerance
exercise
Elastic Load
Balancer
~80%
SharePoint SharePoint
EC2 EC2
Instance 1-5 Instance 6-
10
45. VM Import / Export
• VMware ESX VMDK
* Currently for Windows Only
Import
• VMware ESX VMDK • VMware ESX OVA
images
• Microsoft Hyper-V
• Citrix Xen VHD VHD
images
• Citrix Xen VHD file
• Microsoft Hyper-V formats
VHD images
Export
45
46. VM Import: Cloud
Recovery
(this looks a lot like a Windows
migration, doesn’t it?)
Server 2008
Boot Data
Volume Drive
C: D:
Amazon EBS
Snapshots
VMware ESX VMDK
Citrix Xen VHD Availability Zone #1
Microsoft Hyper-V VHD VM Import
service
50. amazon
web services
http://aws.amazon.com
Joe Ziegler, Technical Evangelist
zieglerj@amazon.com
Please Fill out the @jiyosub
Feedback Form
50
Hinweis der Redaktion
SPLA Licenses. Service Providers Licensing Agreement Program
Client Access License
3.7 Gigs of RAM. M1.medium just perfect size for running windows applications. 16 core multithreaded, see 32 cores in the windows task manager
Security and Operational Excellence is the Top most priority. Its Priority 0. No exceptions allowed. We understand that Security and governance are often the top issues identified when we talk to our customers. Instead of tossing this over the fence, we really advice and highly recommend our customers to invest in security review early in the process. Get your security folks talk to our security folks and understand security and compliance. Security is really not on or off. It’s a spectrum of options that you can choose from that is right for your application.
Windows Clustering does not work on us. All windows services that depend on windows clustering, SharePoint Clustering, SQL Clustering not available.
You will need this to run active directory. To give windows the same feel as the traditional environment.
Working with AWS solutions provider 2nd Watch to create hyper-local web and mobile platforms for travelersMigrating from co-location facility with limited flexibility, inadequate performance, and high operating expensesUtilizing Amazon EC2 with Elastic Load Balancing, Amazon S3, Amazon VPC, and Amazon CloudFront. 4 days to do the migration of SQL to EC258% off a CMS application
Three-Tier Web App has been “fork-lifted” to the cloudEverything in a single Availability ZoneLoad balanced at the Web tier and App tier using software load balancersMaster and Standby databaseElastic IP on front end load balancer onlyS3 used as DB backup instead of tapeHow can you use AWS features to make this app more highly available?
Three-Tier Web App has been “fork-lifted” to the cloudEverything in a single Availability ZoneLoad balanced at the Web tier and App tier using software load balancersMaster and Standby databaseElastic IP on front end load balancer onlyS3 used as DB backup instead of tapeHow can you use AWS features to make this app more highly available?
Can remote in. Can’t join them to a domain. SQL Server Authentication
100 departments
Sharepoint reference architecture available online with the whitepaper.