Thinking through how you want to run Microsoft Windows Server and application workloads on AWS is straightforward, when you have a game plan. Understanding which service to leverage– like Amazon EC2, Amazon RDS, and Directory Services to name a few – will accelerate the process further. There are also a number of new enhancements to help make things even easier. In this session we will walk through how to think about mapping to the various AWS services available so you can get your deployment or migration project off to the right start. Think of this session as the decoder ring between your on-premises deployment and what you can expect from the AWS cloud for your Microsoft Windows Server and applications.

1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Shawn Gandhi
Head of Solutions Architecture
AWS Canada
September 2016
Getting Started with Windows
Workloads on AWS
@shawnagram

2. Who Are We Exactly?
Customer
Account
Manager
Solutions
Architect
Tech
Account
Manager
Pro
Services
Training &
Cert
Partner
Team
Biz Dev

3. Agenda
Why are customers running Windows on AWS
What Windows workloads run on AWS
Corp apps
Line of business apps
Developers
Where to get started and recent enhancements
Security
Management
Infrastructure
Licensing

4. Why are customers running
Windows on AWS?

5. Customer Success Story
Searching for a solution to host its Microsoft SharePoint sites, the company
chose AWS because of cost, efficiency, and to improve operational efficiency. By
running on AWS, Dole can launch a new SharePoint website in minutes and
estimates savings $350,000 in operating expenses.
“When we were looking for a place to put our SharePoint install, we built out a [Amazon] virtual private
cloud, effectively using it as an extension of our datacenter… We can grow any time we want– we don’t
have to go and acquire new hardware.”
– Joanna, Dyer, Director of IT Solutions, Dole Food Company

6. Customer Success Story
Hess turned to AWS to help consolidate disparate systems, include multiple
legacy versions Windows Server 2003, and 2008 and Microsoft SQL Server
2000, 2005, 2008 that had built up over many years of M&A activity. Hess was
able to complete a full consolidation of 300 Microsoft workloads in under 6
months.
“We didn’t have time to re-design applications. AWS could support our legacy 32-bit applications on
Windows Server 2003, a variety of SQL Server and Oracle databases, and a robust Citrix environment.”
– Jim McDonald, Lead Architect, Hess Corporation

7. Why run Windows workloads on AWS
*as of July 31, 2014
Building and managing cloud since 2006
12 regions, 33 Availability Zones, 54 edge locations
Thousands of partners; 2,500+ Marketplace products
Security & Reliability
Performance
Experience
Scale
Ecosystem
Extensive VM and network performance options
Security in layers approach and 99.95% application SLA

8. Security
A few of our many certifications:
Secured premises
Secured access
Built-in firewalls
Unique users
Multi-factor authentication
Private subnets
Encrypted data storage
Dedicated connection

9. Reliability
Easily build highly available applications
ELB distributes load (ideal for SharePoint)
Auto Scaling for availability and scalability
Use multiple Availability Zones

10. G2
GPU
enabled
M4
General
purpose
Memory
optimized
R3
Dense-storage
and high-I/O
optimized
C4
Compute
optimized
C3
D2 I2
T2
High Performing
M3

11. High Performing
High performance instances (X1) and HPC solutions
Automated instance scaling (Auto Scaling)
Dedicated low-latency network (AWS Direct Connect)
Ensure storage performance (EBS Provisioned IOPS)

12. Deploy faster wherever you like

13. Reliability & Scale:
Availability Zones
AZ
AZ
AZ AZ AZ
Transit
Transit

14. What Windows workloads can I
run on AWS?

15. Developer platform & tools
Corp applications Line of business
applications
End user computing

16. Information Security
Corporate Applications End User ComputingBusiness Applications
Amazon EC2 Windows,
Amazon RDS,
AWS CloudFormation,
AWS CloudFront
Amazon EC2 Windows,
AWS Directory Service,
Amazon RDS,
AWS Marketplace
Amazon WorkSpaces,
Amazon AppStream, AWS
Marketplace,
AWS Mobile Services, SaaS
AWS Identity and Access Management (IAM),
AWS CloudHSM, AWS Key Management Service,
security groups, AWS Marketplace
Amazon EC2, Amazon S3, Amazon RDS,
Amazon VPC, Amazon Direct Connect,
AWS Directory Service, AWS IAM,
AWS Service Catalog
Infrastructure
AWS Service Offerings for Windows Workloads
AWS Elastic Beanstalk,
AWS CodeDeploy,
AWS CloudFormation
DevOps

17. Corporate Apps in AWS
Deploy highly available applications
BYOL or pay per use
Security in layers approach helps with
compliance
Leverage multi-AZ architectures for
reliability & availability

18. Ref Architecture: SharePoint on AWS

19. Custom (Line of Business) Apps in AWS
AWS CloudFormation templates
accelerate deployment
Run .NET applications in EC2
instances running Windows Server
Fully managed database with
Amazon RDS for SQL Server
Add resiliency and HA with multi-AZ,
ELB, and Auto Scaling

20. Develop and Deploy Code in AWS
Build code quickly
Leverage familiar SDKs and toolkits
Deploy and scale your applications
AWS
CloudFormation
AWS CodeDeploy AWS Elastic
Beanstalk
.NET SDK AWS Toolkit
for Visual Studio

21. Where to Get Started

22. Security is job #1

23. Amazon EC2 Can Help Strengthen Your
Security Posture
Get native functionality and tools
at no additional charge
Over 30 global compliance
certifications and accreditations
Leverage security enhancements gleaned
from 1M+ customer experiences
Benefit from AWS industry leading
security teams 24/7, 365 days a year
Security infrastructure built to
satisfy military, global banks, and other
high-sensitivity organizations

24. Access a Deep Set of Cloud Security Tools
Encryption
AWS Key
Management
Service
AWS
CloudHSM
Server-side
encryption
Networking
Virtual
Private
Cloud
Web
Application
Firewall
Compliance
AWS ConfigAWS
CloudTrail
AWS Service
Catalog
Identity
IAM Active
Directory
Integration
SAML
Federation

25. VPC (Virtual Private Cloud)
Provision a logically isolated section of the AWS cloud
Control your virtual networking environment with:
• Subnets
• Route tables
• Security groups
• Network ACLs
Control if and how your instances access the Internet
Connect to your on-premises network via a hardware VPN
or Direct Connect

26. Availability Zone 1 Availability Zone 2
Internet
10.0.0.5
10.0.0.6
10.0.3.17
10.0.3.5
10.0.1.5
10.0.1.25
10.0.1.8
10.0.1.6
VPC Subnet
VPC subnet
VPC subnet
Virtual Private Gateway
Customer Gateway
VPN Connection
Internet Gateway
Customer Data Center

27. Use a Comprehensive Set of Management Tools
MonitoringConfiguration
AWS CloudWatch AWS CloudTrailAWS Config
Amazon EC2
Run Command
PowerShell
Integration
AWS CloudFormationAWS CodeDeploy AWS Elastic
Beanstalk
AWS Toolkit
for Visual
Studio
.NET SDK
Development

28. Management Enhancements:
EC2 Run Command
Automate Common Tasks: Automate common administrative tasks at scale.
Delegated Administration: IAM integration for full control of users and level of
access.
Auditable: Visibility and tracking of configuration changes with AWS CloudTrail
Customizable: Create custom actions to automate common tasks

29. Microsoft Licensing Options
Flexibility helps you optimize costs
Buy licenses
from AWS
Leverage License
Mobility
Bring your own
licenses (BYOL)
• Save money on software
licensing
• You manage licensing
costs and compliance with
your ISV
• No need for Software
Assurance
• AWS manages Windows
Server licensing
• You manage licensing
costs and compliance
with your ISV
• Uses Software
Assurance
• AWS manages licensing
• Pay as you go pricing
• Multi-tenant or
Dedicated
• No need for Software
Assurance
• Unlimited CALs

30. BYOL Using Dedicated Hosts
License compliance and portability
Host ID = h-123abc
Sockets = 2
Physical Cores = 20
• Maintain license compliance
• Granular resource and placement controls
• Visibility into physical resources
• Physical core and socket counts
• Capacity utilization
• Instance location
• Now supports reservations for discounted
pricing

31. It’s easy to get started!

32. http://aws.amazon.com/getting-started/
AWS Management Console

33. AWS Marketplace is in the Console
Browse, search, discover,
and launch thousand of AWS
Marketplace Amazon
Machine Images (AMIs)
directly from within the EC2
console
2,600+ products listed in 35
categories

34. Partner Case Study
Business Critical .NET Application

35. Securities Trading Platform - Background
Business critical trading platform running on AWS with Continuous Delivery
• At the end of 2014 Sourced were approached to run a pilot in AWS for a large retail
bank
• After operating workloads in AWS with an increasing level of criticality they were
ready to move one of their “crown jewels”, a business critical and heavily regulated
trading platform
• The business owners of this platform had an expiring data centre lease and needed
to validate whether AWS was a possible target for this application
• Development methodologies and application delivery processes (CI/CD) needed to
be defined
• Operational tooling and support procedures needed to be converted and validated
• Centralised logging and the collection of metrics became paramount
• Traditional 3-tier architecture
• Windows 2012 (Headless)
• .NET 4.5 / IIS 8
• SQL Server 2012
• Live market data
• 50,000 concurrent traders
• 200-300,000 active users
• Predictable traffic pattern
Application Characteristics

36. Securities Trading Platform - Implementation
Business critical trading platform running on AWS with Continuous Delivery
Traditional Data Tier
Traditional App Tier
Internal
Instance Instance Instance Instance
Instance Instance
Instance Instance
past.aws.app.com live.aws.app.com next.aws.app.com
Auto Scale Enabled
Serving Traffic
Auto Scale Disabled
Ready for Scale Up
Auto Scale Disabled
Ready for Destruction
DNS Carousel
Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer
Amazon Web Services
www.application.com
DDoS Protection
User Traffic
Agility
INTRA-DAY RELEASES
e.g. Primary website
was turned pink for
Breast Cancer
Awareness Week
Scalability
RESILIENT PRODUCTS
e.g. Platform auto-
scaled during recent
China stock market
freeze with no
customer impact
Lower Costs
DC CONSOLIDATION
e.g. Data Center lease
was up for renewal
and facilitated exit
Context
• 3-Tier application with the app and data tier remaining on-premise
• Solution is protected by a CDN provided by a 3rd party
• Build and release pipeline integrated with AWS and DNS is used to swing
traffic to a new release

37. Securities Trading Platform – Real World AWS Resiliency
Auto Scale in Action for a Business Critical Application
• January 2016 the Chinese Stock Exchange
suspends trading for the second time in the year
due to a $75B loss
• There was a run on the Australian Stock Exchange
shortly after 10am
• What would normally represent a red-light
moment for the AppOps team has just become a
validation in a Splunk dashboard to ensure AWS
reacted as expected
As the platform met scale out criteria instances
were provisioned seamlessly

38. Next Steps
Sign up for an AWS account!
Take advantage of the Free Tier: aws.amazon.com/free
Learn more: aws.amazon.com/windows
https://qwiklabs.com/