Please join us as an AWS Solution Architect discusses the steps required to build, migrate, or deploy Windows Server solutions on Amazon Web Services (AWS). In this webinar we plan to present the various options for running Windows Server-based technologies, such as ASP.NET, SharePoint Server, and SQL Server, on the AWS Cloud. We will also review the latest technical guidance and implementation materials from AWS, such as AWS CloudFormation Templates, which assist you in architecting solutions with best practices for security, scalability, and high availability (HA). This webinar is designed for a technical audience.

1. Running Windows Server on the AWS Cloud
Presented by Miles Ward
Sr. Mgr. Solutions Architect
1

2. Agenda
• AWS Overview
• Running Windows and SQL Server on AWS
• Implementing Microsoft solutions on the AWS
cloud
2

3. What is Amazon Web Services?
Amazon Web Services offers a complete set of infrastructure and application services
that enable you to run virtually everything in the cloud: from websites and mobile
apps, to big data projects and enterprise applications.
Today, hundreds of thousands of customers of all sizes take advantage of these services in
nearly every industry, including healthcare, media, financial services, insurance, internet, real
estate, retail, education and the public sector. Our on-demand, scalable, and easy-to-use web
services help you take advantage of the six main benefits of Cloud Computing.
3

4. Key Benefits to Running in the AWS Cloud
No Up-Front
Investment
Speed and Agility
Low Ongoing
Cost
Apps not Ops
Flexible Capacity
Global Reach
Deploy
4

5. AWS Global Infrastructure
10 Regions
NEW
25 Availability Zones
Continuous Expansion
5

6. The AWS Cloud
Tools to access
services
Cross Service
features
High-level
building blocks
Low-level building
blocks
6

7. Key AWS Services
EC2 “Classic”
EC2 “Classic”
VPC
VPC
Instanc
e
AMI
EBS
EBS
EBS
Availability Zone
Virtual Machine
Configuration
Running or
Stopped VM
EBS
EBS
EBS
Availability Zone
EBS
Snapshots
S3
S3 Buckets
Region
7

8. Amazon Virtual Private Cloud
Extends Your Data Center
Multiple
Subnets
EC2
EC2
EC2
EC2
EC2
IP Addresses
Not Advertised
to Internet
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
Secure VPN
over Internet
S3
S3
S3
S3
S3
S3
EC2
EC2
VPN Gateway
Public Cloud
Corporate
Router
Physical Data Center
8

9. Many Purchase Models to Support Different Needs
Free Tier
On-Demand
Reserved
Spot
Dedicated
Get Started on AWS
with free usage & no
commitment
Pay for compute
capacity by the hour
with no long-term
commitments
Make a low, one-time
payment and receive a
significant discount on
the hourly charge
Bid for unused capacity,
charged at a Spot Price
which fluctuates based
on supply and demand
Launch instances within
Amazon VPC that run
on hardware dedicated
to a single customer
For POCs and
getting started
For spiky workloads,
or to define needs
For committed
utilization
For time-insensitive or
transient workloads
For highly sensitive or
compliance related
workloads
9

10. AWS provides pre-configured
Windows & SQL Server
AMIs to start running fully
supported virtual machines
in minutes
10

11. Windows and SQL Server By The Hour
*Prices subject to (typically downward) change
11

12. Business Value of Microsoft on AWS
Improve Agility & Time-to-Market
Deploy Microsoft software in minutes on production-class hardware
Try several Microsoft solutions in parallel with no risk
Reduce infrastructure costs
No need to pre-allocate hardware budgets. Pay as you go.
Pay for only what you use
No unused capacity
Turn off capacity when it is not being used
Align IT infrastructure to the way business operates
Scale up during one off events, during month and year end
Scale down during slow times
Deploy
Leverage your Microsoft investment
SharePoint Server and other Microsoft server products can be licensed to run on AWS
12

13. Utilize Your Existing Windows Skill-Set and AWS
• Full, real, licensed Windows Server OS
– 2003, 2008, 2008r2, 2012 all via our Microsoft SPLA licensing means no CALs required
– SQL Server Standard via SPLA as well
• VPC for static, user-defined networks
• Security groups for easy-to-configure firewalls per VM
• Easily install services that you know
– AD, ADFS, SCOM, WSUS, SQL, MS Exchange, SharePoint, etc.
13

14. Microsoft Licensing Models on AWS
Microsoft “License Mobility through Software Assurance” gives Microsoft Volume
Licensing customers the flexibility to deploy Windows Server applications with
active Software Assurance (SA) on Amazon Web Services.
• Partnership to support running Windows
Server-based workloads on AWS
• Amazon Machine Images (AMIs) with
Windows Server and SQL Server today that
were jointly developed by Microsoft and AWS
• SharePoint Server and other Microsoft server
products can be licensed to run on AWS
*General info on AWS and License Mobility for a variety of MS server products:
http://aws.amazon.com/windows/mslicensemobility/
Two licensing models:
Pay-as-you-go – AMI
pricing includes
software
BYOL – use existing
licenses on AWS
•Windows Server
•SQL Server Standard
•SQL Server Enterprise
•SharePoint Server
•Other qualifying Microsoft Windows Server
products*
Detail on AWS and License Mobility with SQL Server:
http://aws.amazon.com/windows/mslicensemobility/sql/
14

15. Options for Running SQL Server on AWS
SQL Server on Amazon EC2
Amazon Relational Database Service – SQL
•
•
•
•
•
License Included or (BYOL)
Use provided AMIs or install on EC2
(same licensing)
Full SQL setup, tools,
administration, etc.
User will need to do all the work
such as EBS configuration/tuning,
Patch management, DR (snapshots,
recovery), HA setup and
Maintenance
•
•
•
•
•
•
•
•
License Included – SQL Express, Web, Standard
or BYOL – Standard, Enterprise
Fully managed RDBMS service
Automated maintenance, patch management
Built-in DR – Automated backup & recovery
EBS tuned – up to 30,000 IOPS using PIOPS
EBS
Support for SQL Agent & Tuning Advisor
Diagnostics, CloudWatch metrics
Tune engine parameters
No shell, super user, or direct file system access
15

16. Windows + SQL AMIs
• Over 20 Amazon published Microsoft
Windows and SQL Server AMIs
• Windows Server 2012
• Windows Server 2012 + SQL 2012
Standard, Web & Express
• Windows Server 2008
• Windows Server 2008 + SQL 2012
Standard, Web & Express
• Windows Server 2008 + SQL 2008
Standard, Web & Express
• Other Windows/SQL based AMIs….
• 7 Windows OS versions, in up to 19
languages
• 11 SQL Server versions/editions
16

17. Windows Free Usage Tier
• The AWS Free Usage Tier
includes Amazon EC2
instances running Microsoft
Windows Server 2012
• Customers eligible for the
AWS Free Usage tier can
use up to 750 hours per
month of t1.micro instances
running Microsoft Windows
Server 2012 for free
17

18. Window and .NET Developer Center
One stop for all tools, documentation, scripts, videos, and sample code to help
you run .NET on the AWS Cloud
http://aws.amazon.com/net/
Develop
Manage
Connect
Learn
Design, Build, and Run .NET on
AWS
Automate and Scale Windows
on AWS
Expand and Explore the
possibility for .NET on AWS
• AWS SDK for .NET
• AWS Tools for Windows
PowerShell
Get connected and join the
community of developers
running Windows and
.NET on AWS
• AWS Toolkit for Microsoft Visual
Studio
• .NET container for deploying on
AWS Elastic Beanstalk
• Community Forum
• Links to valuable articles
• Sample code to download
• AWS on Github
18

19. AWS SDK for .NET
• Includes APIs for many
AWS services
• Also Includes:
– AWS Toolkit for Microsoft
Visual Studio
– Visual Studio templates
– AWS Tools for Windows
PowerShell
– AWS CloudFormation
Template Editor
– AWS .NET Library
– C# code samples
19

20. Amazon EC2 Windows Guide
What’s New:
• Using Windows
Powershell with the AWS
SDK for .NET
• AWS Diagnostic tools for
Windows Server
• Install EC2 command line
tools on Windows
• Setting up a Windows
HPC Cluster
http://docs.amazonwebservices.com/AWSEC2/latest/WindowsGuide/Welcome.html
20

21. AWS CloudFormation – Automated Setup
CloudFormation provides:
• An easy way to create, update and manage a collection of AWS resources.
• Templates declaratively describe what AWS resources are needed and how they should interact.
For Windows environments, there are a number of useful CloudFormation templates
for setting up various Microsoft-based components and infrastructure setups:
21

22. General Design Considerations for Windows-based
Deployment in the AWS Cloud
• Design as you would for a physical or on-premise deployment using
standard tools (e.g. Microsoft Exchange Role Requirements Calculator)
• Treat AWS Availability Zones as additional datacenters and follow
applicable Microsoft guidance
• Consider the characteristics of a shared compute, storage and
networking environment.
– Instance Types (ECU vs. dedicated physical cores, memory sizing)
– EBS (Standard IOPS vs. EBS-Optimized and Provisioned IOPS)
– Networking (VPC, VPN or Direct Connect, Security Groups, Routing and
others)
– Scaling horizontally instead of vertically
22

23. Security for Windows-based Solutions in AWS
• Active Directory is used to provide authentication for Windows, SQL Server, SharePoint, etc.
• It is also possible to use LDAP-based directory and use Active Directory Federation Services
• VPC provides DHCP – use DHCP options set in VPC
• Active Directory domain controllers are created by instantiating Windows Amazon EC2
instance(s) in Active Directory role
• Active Directory user setup:
• Create new users manually using , or scripted, etc
• For VPN-connected scenarios, setup regular synchronization between on-premise DCs and
in AWS DCs
• Windows Server can be used as a customer gateway for VPN access
• Security – public-facing sites can/should have a ‘De-militarized Zone (DMZ)’ approach for
minimizing access and attack surface:
• Public subnets with Microsoft Forefront Threat Management Gateway (TMG) or Universal Access
Gateway (UAG), for all user access
• RDGW instance(s) and NAT instance(s) in each AZ to provide admin ingress, instance egress
• Setting up Single Sign-on to EC2-based .NET applications from on-premises Windows Domain
• http://d36cz9buwru1tt.cloudfront.net/EC2_ADFS_howto_2.0.pdf
23

24. EC2 Security for Windows-based Solutions in AWS
•
•
•
•
Administrative access to Windows Instances using Remote Desktop Gateway over SSH
EC2 Security Groups & Rules provide firewall to protect instances ‘Deny’ by default
EC2 provides some typical Windows/SQL security rule templates
Network ACLs security groups are recommended to ALSO setup network ACLs on subnets,
specific to the instance type/function e.g. SQL instance(s) in a specific
subnet, with a NACL allowing (only) 1433
• Can use Windows (OS-level) Firewall
• Use of MSFT Forefront Threat Management Gateway (TMG) and Universal Access
Gateway (UAG) within public subnet, control threats, DDoS attacks
“Secure Microsoft Applications on AWS” – Whitepaper:
•
http://aws.amazon.com/whitepapers/secure-microsoft-applications-on-aws/
24

25. SharePoint Server on AWS - Reference Implementation
Public Subnet
Private Subnet
Private Subnet
Private Subnet
Private Subnet
IIS & SharePoint
Web Front End
Central Admin &
SharePoint Services
Application Tier
Availability Zone 1
Primary DB
SQL Server
Primary DC/DNS
Database Tier
Active Directory
Database Tier
Active Directory
NAT
Remote
Admin
RDGW
Web Tier
ELB
Users
Web Tier
Application Tier
IIS & SharePoint
Web Front End
Internet
Gateway
Central Admin &
SharePoint Services
Mirror DB
Backup DC/DNS
RDGW
Witness
NAT
Public Subnet
Private Subnet
Private Subnet
Private Subnet
Private Subnet
Availability Zone 2
AWS Region
25

26. High Availability SQL Server 2012 on AWS - Reference Implementation
Remote
Admin & Mgmt
Users
Elastic IP’s (Public Route)
NAT
Instance
Elastic IP’s (Public Route)
RDGW
Instance
NAT
Instance
RDGW
Instance
Windows Server Failover Clustering (WSFC) Cluster
Node
WSFC Configuration
Node
WSFC Configuration
SQL Server Instance
SQL Server Instance
Instance Network Name
Instance Network Name
AlwaysOn Availability Group
Secondary Replica
Availability Group Listener Virtual Network Name
Storage
Storage
Primary
DC/DNS
Rerplica
DC/DNS
Availability Zone 1
Private IP’s (Private Route)
Private IP’s (Private Route)
Primary Replica
Availability Zone 2
AWS Region
26

27. Microsoft Exchange on AWS – Reference Implementation
27

28. Microsoft-based Reference Architectures & Implementations
• SharePoint Server:
– Reference Architecture Whitepaper: http://aws.amazon.com/windows/sharepoint/
– Advanced Implementation Guide and CloudFormation templates:
http://media.amazonwebservices.com/AWS_SharePoint_Reference_Implementation_Guide.pdf
• SQL Server:
– “Implementing Microsoft Windows Server Failover Clustering (WSFC) and SQL Server 2012
AlwaysOn Availability Groups in the AWS Cloud”:
http://aws.amazon.com/whitepapers/microsoft-wsfc-sql-alwayson/
• Microsoft Exchange:
– “Microsoft Exchange Server 2010 in the AWS Cloud: Planning and Implementation Guide”:
http://media.amazonwebservices.com/AWS_Exchange_Planning_Implementation_Guide.pdf
28

29. Where can I learn more?
• Microsoft pages on the AWS website to get the latest announcements, case
studies, white papers, or other information on SharePoint on AWS:
–
–
http://aws.amazon.com/microsoft
http://aws.amazon.com/sharepoint
• Securing Windows-based Applications on AWS:
–
http://aws.amazon.com/whitepapers/secure-microsoft-applications-on-aws/
• Visit the Windows detail page for more information on pricing for Windows
on AWS:
–
http://aws.amazon.com/windows
• Specifics on the Microsoft License Mobility program:
–
http://aws.amazon.com/windows/mslicensemobility/
29

30. Test Drive
The Test Drive program enables customers to quickly and easily explore the benefits of using Microsoft
server software on AWS. Developed by APN Consulting and Technology partners, these labs are
provided free of charge for demonstrational purposes. Each Test Drive lab includes up to 5 hours of
complimentary AWS server time. http://aws.amazon.com/testdrive/microsoft/
SharePoint 2013
BIG IP for SharePoint
SharePoint PM tools
SQL Server AlwaysOn
SQL Developer Lab
Exchange 2013 HA
Exchange Server 2013
Metalogix Archive Manager
30

31. Running Windows Server on the AWS Cloud
Thank You
31

32. Running Windows Server on the AWS Cloud
Q&A
32