©  2016,  Amazon  Web  Services,  Inc.  or  its  Affiliates.  All  rights  reserved.

Microsoft  Workloads  on  AWSBest  Practices  and  Patterns  for  Architecture,  

Migrations,  and  LicensingAndrew  Reay,  Solutions   Architect

Amazon  Web  Services

What  will  we  cover  today?

• Microsoft  and  AWS• Architecture:  Foundations• Migration:  Collateral,  Tools  and  Options• Licensing:  Considerations  and  Options• Resources:  For  Partners

This  is  a  200  Level  session.  Assumes  an  introductory  level  knowledge  of  AWS  and  Microsoft  technologies.

AWS  and  MicrosoftDedicated  team  for  MS  &  Windows  workloads

Launched  Windows  Server  in  2008

The  team  provides:• Amazon  Machine  Images,  EC2Config,  Drivers,  Patching• Getting  Started  Guides,  Documentation• Whitepapers,  Reference  Architectures,  Quick  Starts• Microsoft  FAQ  including  licensing  guidance

MS  workloads  are  supported  on  AWS

Our  customers  have  successfully  deployed  virtually  every  MS  application  available

Contact  the  team  at:  microsoft@amazon.com

Find  resources  at:  http://aws.amazon.com/windows

Regions  &  Availability  Zones

AZ

AZ

AZ AZ AZ

Transit

Transit

12  Regions  (2016:  Ohio,  India,  UK,  Canada)

33  Availability  Zones

54  Edge  Locations

Reliability:  Easily  build  highly  available  applications

A  VPC  and  many  features  of  that  are  regional  – many  benefits

Use  multiple  AZs  to  host  solutions• Exceptional  RPO  and  RTO• Easier  than  developing,  testing  and  maintaining  DR• Use  AWS  services  -­ Auto  Scaling,  Elastic  Load  Balancing…• Consider  reserving  capacity,  not  just  about  discounts

If  you  can’t  host  across  multiple  AZs

• Can  still  achieve  very  good  RPO  and  RTO• Can  the  DB  be  replicated  synchronously  – Zero  data  loss?• Use  Route  53,  Health  Checks,  AMIs,  EBS  Snapshots,  S3  etc.   to  be  prepared  

for  a  failover.  Think  blue/green…

Client-­‐side  Data  Encryption

Server-­‐side  Data  Encryption

Network  Traffic  Protection

Platform,  Applications,  Identity  &  Access  Management

Operating  System,  Network  &  Firewall  Configuration

Customer  content

AWS  Foundation  Services

Compute Storage Database Networking

AWS  Global  Infrastructure Regions

Availability  ZonesEdge  Locations

Custom

ers

Security:  AWS  Shared  Responsibility  Model

Customers  are  responsible  for  their  security  and  compliance  INthe  Cloud

AWS  is  responsible  for  the  security  OFthe  Cloud

AWS  CloudTrail

AWS  CloudHSM

AWS  IAM

AWS  KMS

AWS  Config

Amazon  Inspector

AWS  Quick  Starts• Single-­click  deployments• Highly-­available• Extensive  documentation• Based  on  customer  deployments  &  AWS  best  practices

• Fully  functional,  not  demos• Included:

• SQL  Server  with  WSFC• SharePoint,  Lync,  Exchange• PowerShell  DSC,  RD  Gateway• Active  Directory,  ADFS,  Direct  Access

https://www.apn-­portal.comhttp://aws.amazon.com/quickstart

Use  the  tools  available

MonitoringConfiguration

AWS  CloudWatch AWS  CloudTrailAWS  Config Amazon  EC2  Run  Command

AWS  Tools  for  PowerShel l

Develop  and  Deploy

AWSOpsWorks

AWS  Toolkit  for  Visual  Studio.NET  SDK AWS  CodeDeploy AWS  

CloudFormationAWS  Elastic  Beansta lk

AWS  Directory  ServiceSimple  AD

§ Managed   directory  powered  by  Samba  4  Active  Directory  Compatible  Server

§ Supports  user  accounts,  group  memberships,  domain-­joining  Amazon  EC2  instances,  and  more

Microsoft  AD§ Managed   directory  powered  by  Microsoft  Active  Directory§ Supports  trusts  and   integrates  with  RDS  SQL  Server§ Up  to  50,000  users

AD  Connector§ Proxies  directory  requests  to  on-­premises  environment§ Users  can  access  AWS  resources  and  applications  with  existing  corporate  credentials

Active  Directory

Common  Options:

• Host  a  resource  domain   in  AWS• Establish  trust  with  an  on-­premise  directory  for  SSO• Extend  AD  into  AWS

Specify  your  DNS  servers  to  be  used  in  your  VPC

SQL  Server  on  AWS

Wide  array  of  choices

Fully  managed  services

Enterprise-­grade   security

99.95%  availability

Flexible  and  scalable

SQL  Server  High  Availability  (HA)

Availability Zone 1

Private Subnet

Primary  Replica

Availability Zone 2

Private Subnet

SecondaryReplica

Synchronous-commit Synchronous-commit

Primary: 10.0.2.100WSFC: 10.0.2.101AG Listener: 10.0.2.102

Primary: 10.0.3.100WSFC: 10.0.3.101AG Listener: 10.0.3.102

AG  Listener:ag.awslabs.net

Automatic  Failover

SQL  Server  HA  with  Readable  Replica

Availability Zone 1

Private Subnet

Primary  Replica

Availability Zone 2

Private Subnet

SecondaryReplica  1

Synchronous-commit Synchronous-commit

AG  Listener:ag.awslabs.net

Automatic  Failover

Asynchronous-commit

SecondaryReplica  2(Readable)

Reporting  Application

File  ServerWitness

Availability  Zone

Private  SubnetPublic  Subnet

Availability  Zone

Private  SubnetPublic  Subnet

Remote  Users  

SampleMS

Architecture

Virtual  Private  Gateway

Corporate  Office

IISApp

IISWeb

IISApp

IISWeb

VPN

AWS  Direct  Connect

InternetGateway

RDGW

VPC  NATGateway

RDGW

VPC  NATGateway

AWS  Directory  Service

AWS  Directory  Service

MS  SQL

MS  SQL

Always  On  Availability  Group

VPC  Endpoint Amazon  S3

AWS  Cloud  Adoption  Framework

Planning,  creation,  management,  and  support  for  your  cloud  environment.

Guidance for  establishing,  developing  and  running  AWS  environments.

Structure where  business  and  IT  can  work  together  toward  a  common  strategy  and  vision.

PeoplePerspective

ProcessPerspective

SecurityPerspective

MaturityPerspective

PlatformPerspective

OperationsPerspective

BusinessPerspective  

AWS  Cloud  Adoption   Framework:  https://d0.awsstatic.com/whitepapers/aws_cloud_adoption_framework.pdf

AWS  Migration  Patterns  (Path  to  Cloud)

Discover,Assess   (EnterpriseArchitecture   andApplications)

Lift  and  Shift(Minimal  Change)

Migration  andUAT  Testing Operate

Refactorfor  AWS

ApplicationLift  and  Shift

Move  the  AppInfrastructure

Plan  Migrationand  Sequencing

Determine  Migration  Path

Decommission

Do  Not  Move

Design,  Build  AWSEnvironment

Move  theApplication

DetermineMigrationProcess

Manually   Move  App  and  Data

3rd Party   Tools

AWS  VM  ImportRefactorfor  AWS

Rebuild  ApplicationArchitecture

VendorS/PaaS

(if  available)

3rd Party   Migration  Tool

Manually   Move  App  and  Data

DetermineMigration  Process

Replatform(typically   legacy  applications)

Recode  AppComponents

RearchitectApplication

RecodeApplication

Architect  AWS  Environment  and  Deploy  App,  Migrate  Data

Signoff

Tuning Cutover

Org/OpsImpact  Analysis

IdentifyOps  Changes

Change  Management  

Plan

Migration  Options• AWS  VM  Import/Export• AWS  Import/Export  Snowball

• AWS  Database  Migration  Tool  

• AWS  Management  Portal  for  vCenter

• AWS  Systems  Manager  for  Microsoft  System  Center  VMM

• AWS  Data  Pipeline

Partner  Tools

Windows  Server  2003  Migration  Options  on  AWS

• Import  and  stay  with  Server  2003  – until  ready

• Import  and  upgrade  in-­place  to  a  Modern  OS

• Re-­write  the  application

• Replace  with  AWS  managed  services

• Keep  a  replica  of  a  legacy  environment

Microsoft  Products  on  Amazon  EC2AWS  provided

License  costs  included   in  EC2  costs

Leverage  MS  License  Mobility  Program

Leverage  EC2  Dedicated  Host-­ Software  Assurance  &  License  

Mobility  not  needed

Microsoft  Windows  Server  (AWS  provided)

Microsoft  SQL  ServerMicrosoft  Remote  Desktop  Services  (User  CALs)

Microsoft  Exchange  ServerMicrosoft  SharePoint  ServerMicrosoft  System  CenterMicrosoft  Dynamics  products

Plus  others  **

Microsoft  Windows  Server

Microsoft  SQL  Server  -­ Standard,  Web  &  Enterprise*

*  Some  AWS  Regions  and  SQL  Server  versions  only**  See  the  licensing  section  of  aws.amazon.com/windows/faq for  full  details

Microsoft  Windows  ServerMicrosoft  Windows  Desktop  7,  8  etc.**Microsoft  OfficeMSDN

Microsoft  SQL  ServerMicrosoft  Remote  Desktop  Services  (User  CALs)

Microsoft  Exchange  ServerMicrosoft  SharePoint  ServerMicrosoft  System  CenterMicrosoft  Dynamics  products

Plus  others **

AWS  +  BYOL Full  BYOL

Licensing  ContinuumAWS  Provided AWS  +  BYOL Full  BYOL

• Import  and  use  your  own  MS  software

• Software  Assurance  &  License  Mobility  not  needed

• Use  Dedicated  Hosts• You  manage  all  licensing  

costs  and  compliance

• Save  through  re-­use  of  existing  licenses

• EC2  manages  Windows  Server  licensing  and  compliance

• PAYG  or  reserved  pricing

• Import  and  use  your  own  MS  licenses  &  CALs

• Requires  active  Software  Assurance  and  License  Mobility  

• You  manage  licensing  costs  and  compliance  for  your  software

• Save  through  re-­use  of  existing  licenses

• EC2  manages  licensing  compliance  &  cost

• No  CALs  required• PAYG  or  reserved  pricing

• Save  with  right-­sizing• Save  with  variable  workloads• Save  with  efficiencies

Customers  always  retain  responsibility  for  managing  compliance  with  the  terms  of  their   licenses.

EC2  Dedicated  Host

• A  physical  EC2  server  dedicated  to  your  use

• Specified   in  terms  of  physical  processors  and  

cores

• Allocate and  Release On-­Demand

• Reserve  capacity  for  a  term

What  is  it?

EC2  Dedicated  HostsBenefits:  Licensing  and  Compliance

Host  ID  =  h-­123abcSockets  =  2Physical  Cores  =  20

• Use  per-­socket  or  per-­core  licenses

• AWS  Config:  data  source  for  license  reporting• Tagging  your  instances  helps

• Enable  compliance  through  controlling   instance  placement  on  hosts  over  time

• Enables  BYOL  Microsoft  licenses  without  Software  Assurance

Partner  Resources  and  Benefits

1. Content  in  APN  Portal  for  partners

Partner  Resources  and  Benefits

2.      Opportunity  Support  from  AWS

Partner  Resources  and  Benefits

3.      Microsoft  Partner  Competencies  – SharePoint,  Exchange

• Public  designation  on  AWS  Website  and  AWS  Partner  Directory

• Use  of  AWS  Competency  Logo  in  marketing  tools• Preferred  access  to  GTM  funding• Selective  eligibility  to  customer  opportunities• Preferred  access  to  Market  Development  Funds

Partner  Resources  and  Benefits

4.      POC  Program

• Funding  for  Partner  Professional  Services• AWS  Promotional  Credits  • Free  AWS  usage  to  support  customer  trials  • Push  to  Pilot  credits• For  qualified  partners

Partner  Resources  and  Benefits

5.      AWS  Test  Drive

• Your  Microsoft  Solution  Stack,Natively on  the  Web• Improves  the  “Time  to  Value”  for  customers• Instant  Access  to  solutions  for  PoC,  testing  &  training• Evaluate,  procure,  deploy  and  use  solutions

• Quickly,  easily,  friction  free

Windows  2003  Live  Migration Bleecker -­ Skype  for  Business  /  Lync  Voice  Test  Drive

F5  BIG-­IP®  SharePoint  Test  Drive

Next  Steps

Attend  the  Sydney  Summit:

• Andrew  Mitchell:  ‘Running  your  Enterprise  Windows  Workloads  on  AWS’

• Peter  Stanski &  Daniel  Zoltak:  ‘Moving  MS  Apps  using  Containers’

• George  Watts:  ‘Strategic  Approaches  to  AWS  Enterprise  Application  Migration’

• Conor McNamara:  ‘Demystifying  Cloud  Economics’

Speak  to  your  Partner  Manager  about  Microsoft  Workloads  on  AWS

Learn  more  athttp://aws.amazon.com/windows/

Sign  up  for  free  athttp://aws.amazon.com/getting-­started

Contact  the  Microsoft  at  AWS   team:  microsoft@amazon.com

Thank  You!