More Related Content Similar to Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech Talks (20) More from Amazon Web Services (20) Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech Talks1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Greg Eppel, Sr. Solutions Architect, Microsoft Platform
June 26, 2018
Ensuring Your Windows Server
Workloads Are Well-Architected
2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
https://aws.amazon.com/well-architected/
3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is the AWS Well-Architected Framework?
Pillars Design principles Questions
4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pillars of AWS Well-Architected
Security Reliability
Performance
efficiency
Cost
optimization
Operational
excellence
5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Developer platform and tools
Architecture Identity and Access Management
SQL Server
Administration
6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Architecture
7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Applications on Microsoft Windows
.NET Applications
8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWSQuickStarts
9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pillars of AWS Well-Architected
Security Reliability
Performance
efficiency
Cost
optimization
Operational
excellence
10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Global Infrastructure
18 Regions – 55 Availability Zones – 100+ Edge Locations
Region & Number of Availability Zones
AWS GovCloud (3) EU
Ireland
US West Frankfurt
Oregon
Northern California
London
Paris
Asia Pacific
US East Singapore
N. Virginia, Ohio Sydney, Tokyo,
Seoul, Mumbai
Canada
Central China
Beijing
Ningxia
South America
São Paulo
Announced Regions
Bahrain, Hong Kong SAR, Sweden,
AWS GovCloud East
11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Microsoft Active Directory
12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Microsoft AD (Hybrid)
13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Microsoft AD FS
14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Microsoft SharePoint
15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Identity and Access
Management
16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pillars of AWS Well-Architected
Security Reliability
Performance
efficiency
Cost
optimization
Operational
excellence
17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM
Role-based
access control Integrated with all
AWS services
IAM roles
Multi-factor
authentication
18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Secure remote administration architecture
Availability Zone
Gateway Security Group Web Security Group
Private SubnetPublic Subnet
Accept TCP Port
443 from Admin IP
Accept traffic from
Gateway SG
AWS Administrator
Corporate Data Center
WEB2
TCP 443 WEB1
RDGW
Requires one connection:
• Connect to the RD Gateway, and the gateway proxies the RDP or PowerShell connection to the
back-end instance.
19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Single domain across multiple sites
Availability Zone B
Private subnet
DC4
Corporate Network
Munich
DC1
Berlin
DC2
Cost 50
Availability Zone A
Private subnet
DC3
Cost 10
company.local
company.local
VPN
AWS Direct
Connect
20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
One subdomain per site
Availability Zone B
Private subnet
DC4
Corporate Network
Munich
DC1
Berlin
DC2
company.local
Availability Zone A
Private subnet
DC3
cloud.company.local
VPN
AWS Direct
Connect
21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Separate domains per site
Availability Zone B
Private subnet
DC4
Corporate Network
Munich
DC1
Berlin
DC2Availability Zone A
Private subnet
DC3 company.local
company.cloud
AWS Directory Service
company.cloud
VPN
AWS Direct
Connect
22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
User identity federation with AWS IAM
AD Users
Enterprise
Applications
Corporate
Systems
AWS IAM
IAM Roles
EC2
DynamoDB
S3
23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SQL server
24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pillars of AWS Well-Architected
Security Reliability
Performance
efficiency
Cost
optimization
Operational
excellence
25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SQL Server on Amazon EC2
• Windows or Mixed Authentication
• You manage the virtual machine security, storage,
network ports, etc.
• Full SQL Server sysadmin privileges
26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SQL Server HA/DR on EC2
• Mirroring
• Always-On Availability Groups
• Transaction Log Shipping
• Failover Cluster Instance*
* Some configurations require third-party tools.
27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Multi-AZ AlwaysOn Availability Group
Availability Zone 1
Private Subnet
EC2
Primary
Replica
Availability Zone 2
Private Subnet
EC2
Secondary
Replica
Synchronous Commit
Automatic Failover
AWS Region
28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Multi-region AlwaysOn Availability Group
Availability Zone 1
Private Subnet
EC2
Primary
Replica
Primary: 10.0.2.100
WSFC: 10.0.2.101
AG Listener: 10.0.2.102
AWS Region A
Availability Zone 2
Private Subnet
EC2
Secondary
Replica
Primary: 10.0.3.100
WSFC: 10.0.3.101
AG Listener: 10.0.3.102
Availability Zone 1
Private Subnet
EC2
Secondary
Replica
Primary: 10.1.2.100
WSFC: 10.1.2.101
AG Listener: 10.1.2.102
Synchronous Commit
Automatic Failover
AWS Region B
Asynchronous Commit
Manual Failover
29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is Amazon RDS?
• Managed database service
• Automatic patching, backups, mirroring, etc.
• Automatic Host Replacement protects you in the event of a
hardware failure.
• 6 database engines to choose from: Amazon Aurora,
Oracle, PostgreSQL, MySQL, MariaDB, and SQL Server
30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SQL Server HA/DR on RDS
• Spans Availability Zones
• Automatic Failover
• Automatic Host Replacement
• Automatic Backups
• Automatic Software Patching (can be disabled)
31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Multi-AZ SQL Server on Amazon RDS
Availability Zone 1
Private Subnet
Availability Zone 2
Private Subnet
Synchronous Commit
Automatic Failover
AWS Region
Amazon
RDS
Primary
Amazon
RDS
Secondary
Managed Service
32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Developers
33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pillars of AWS Well-Architected
Security Reliability
Performance
efficiency
Cost
optimization
Operational
excellence
34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Windows Development Tools
Visual Studio
VSTS
PowerShell
NuGet
Command line
35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Development tools
AWS SDK for .NET
AWS Toolkit for Visual Studio
AWS Tools for VSTS
AWS Tools for
PowerShell
AWS CLI
36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Tools for Windows
AWS Toolkit for Visual Studio
AWS Tools for VSTS
AWS SDK for .NET
AWS Tools for PowerShell
AWS CLI
Visual Studio
VSTS
PowerShell
NuGet
Command line
37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Release processes levels
Source Build Test Production
Continuous integration
Continuous delivery
Continuous deployment
38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
MonitorProvisionDeployTestBuildCode
Elastic Beanstalk
OpsWorks
Cloud
Watch
Cloud
Formation
Code
Deploy
Code
Commit
Code
Pipeline
.NET CI/CD Pipeline
39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Example of a .NET CI/CD Pipeline
AWS CodeDeploy
SourceBucket
Push/Pull
Poll
Push
BuildServer
TestServer(s)
HTTPS ELB
endpoint
HTTPS ELB
endpoint
40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Example of a .NET CI/CD Pipeline
AWS CodeDeploy
SourceBucket
Push/Pull
Push
TestServer(s)
HTTPS ELB
endpoint
HTTPS ELB endpoint
-.NET Core – native support
-.NET Framework - https://amzn.to/2JvQAMo
Push
AWS
CodeBuild
41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
MonitorProvisionDeployTestBuildCode
Elastic Beanstalk
OpsWorks
Cloud
Watch
Cloud
Formation
Code
Deploy
.NET CI/CD Pipeline
42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What’s included in VSTS tools?
Tasks for deployment:
• AWS CodeDeploy
• AWS CloudFormation
• AWS Elastic Beanstalk
• .NET Core deployment to Lambda
AWS Elastic
Beanstalk
AWS
Lambda
AWS
CloudFormation
Amazon
S3
AWS
CodeDeploy
AWS
CLI
AWS Tools for
Windows PowerShell
Amazon
SNS
General purpose tasks:
• Amazon S3 uploads/downloads
• Invoking Lambda functions
• Send SNS messages
• Run cmdlets/scripts using the AWS PowerShell
Tools Module
• Run AWS CLI commands
+ AWS “Service Endpoint” credential type
43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Toolkit for Visual Studio
Full integration in Visual Studio AWS Toolkit
for Visual
Studio
.NET SDK
44. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Toolkit: Starter Templates
45. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Toolkit: Boilerplate Templates
46. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Toolkit: Elastic Beanstalk
47. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Toolkit for Visual Studio
Visual Studio AWS Toolkit for
Visual Studio
AWS SDK
for .NET
Amazon
EC2
AWS
Elastic
Beanstalk
Amazon
S3
Amazon
DynamoDB
Other
100+
Services
48. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What Direction Should Customers Go?
ReHost? RePlatform? ReFactor?
ASP.NET Application
Windows Server
Hypervisor
Statu s: on
Connection sConn ect io nsConn ect ions
Network Up /Network Do wn
Amazon
ECSWindows Server
Hypervisor
Statu s: on
Connection sConn ect io nsConn ect ions
Network Up /Network Do wn
Amazon
ECSWindows Server
Hypervisor
Statu s: on
Connection sConn ect io nsConn ect ions
Network Up /Network Do wn
Amazon
ECS
Windows Server
Hypervisor
Statu s: on
Connection sConn ect io nsConn ect ions
Network Up /Network Do wn
Amazon
ECSWindows Server
Hypervisor
Statu s: on
Connection sConn ect io nsConn ect ions
Network Up /Network Do wn
Amazon
ECS
Windows Server
Hypervisor
Statu s: on
Connection sConn ect io nsConn ect ions
Network Up /Network Do wn
Amazon
ECSWindows Server
Hypervisor
Statu s: on
Connection sConn ect io nsConn ect ions
Network Up /Network Do wn
Amazon
ECSWindows Server
Hypervisor
Statu s: on
Connection sConn ect io nsConn ect ions
Network Up /Network Do wn
Amazon
ECS
Windows Server
Hypervisor
Statu s: on
Connection sConn ect io nsConn ect ions
Network Up /Network Do wn
Amazon
ECSWindows Server
Hypervisor
Statu s: on
Connection sConn ect io nsConn ect ions
Network Up /Network Do wn
Amazon
ECS
Windows Server
Hypervisor
Amazon
ECS Windows Server
Hypervisor
Amazon
ECS Windows Server
Hypervisor
Amazon
ECS Windows Server
Hypervisor
Amazon
ECS
Windows Server
Hypervisor
Amazon
ECS Windows Server
Hypervisor
Amazon
ECS Windows Server
Hypervisor
Amazon
ECS Windows Server
Hypervisor
Amazon
ECS
Windows Server
Hypervisor
Amazon
ECS Windows Server
Hypervisor
Amazon
ECS Windows Server
Hypervisor
Amazon
ECS Windows Server
Hypervisor
Amazon
ECS
1 2 3
49. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pillars of AWS Well-Architected
Security Reliability
Performance
efficiency
Cost
optimization
Operational
excellence
50. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Rehost
Automatic management
includes:
• Load balancing
• Health monitoring
• Auto Scaling
• Code deployment
AMIs with specific
configurations
• .NET 4.7, 2.0, 1.X
• .NET Core 2.0, 1.1, 1.0
• IIS 7.5 – IIS 10
• Windows Server &
Windows Server Core
2008 R2 - 2016
Ops features
• URL swapping (Green /
Blue)
• Rolling updates
• RDS Integration
• App versioning
• Custom AMIs
Easy-to-use service for deploying and scaling web applications
51. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Elastic Beanstalk
AWS CodeDeploy
Amazon EC2
Replatform
Amazon
Route 53
ELB / ALB
Auto Scaling Group
Managed AD
Multi-AZ
SQL Server RDS
Multi-AZ
ElastiCache
Auto Scaling Group
50% 50%
52. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Refactor
AWS
API Gateway
CloudFront S3 Bucket
S3://www.yourspa.com
GetSchedule()
UpdateSchedule()
AddEvent()
AWS Lambda
DynamoDB
Route 53
53. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Administration
54. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Systems Manager – components
Run Command State Manager Inventory Maintenance Window
Patch Manager Automation Parameter Store Documents
55. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Systems Manager capabilities
Run Command
Maintenance
Window
Inventory
State Manager Parameter Store
Patch Manager
Automation
Deploy, Configure,
and Administer
Track and
Update
Shared
Capabilities
56. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Safe and secure ops at scale without RDP
• Remotely manage thousands of
Windows instances running on Amazon
EC2 or on-premises
• Control user actions and scope with
secure, granular access control
• Safely execute changes with rate control
to reduce blast radius
• Audit every user action with change
tracking
AWS cloud
corporate data
center
IT Admin, DevOps
Engineer
Role-based Access
Control
57. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Maintain Software Compliance, Reduce Risk
• Bootstrap instances on launch with image
builds that are compliant
• Roll out Windows patches based on
corporate policies and org-wide
maintenance windows
• Get notified on malwares, vulnerabilities,
blacklisted apps with recommended
actions
Create compliant
software images
Deploy instances
Automate online patch
management
58. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Wrapping it up
+
59. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Questions?