Are you interested in implementing key Microsoft workloads such as Windows Server, Active Directory, SQL Server, or SharePoint Server on AWS? Have you wondered how to securely manage your Microsoft-based workloads on AWS? In this session, we step you through the architectural considerations, implementation steps, and best practices for deploying and administering these key Microsoft workloads on the AWS cloud. Find out how to deploy these workloads on your own, or by using automated solutions such as AWS Quick Start. Hear how existing AWS customers have successfully implemented Microsoft workloads on AWS and walk away with a better idea of how to implement or migrate your Microsoft-based workloads to AWS.

3. •Install critical workloads in at least two Availability Zones to provide high availability

5. Availability Zone
Public Subnet Private Subnet
NAT
10.0.0.0/24 10.0.2.0/24
WEB APP DB DC
Domain
Controller
SQL
Server
App
Server
IIS
Server
RDGW
Availability Zone
Public Subnet Private Subnet
NAT
10.0.0.0/24 10.0.2.0/24
WEB APP DB DC
Domain
Controller
SQL
Server
App
Server
IIS
Server
RDGW
Remote
Users / Admins

6. Availability Zone
Web Security Group SQL Security Group
Public Subnet Private Subnet
Accept TCP Port 80
from Internet
Accept TCP Port
1433 from Web SG
User
WEB SQL
TCP 80 TCP 1433
10.0.0.0/24 10.0.1.0/24

7. Deploying a bastion host in each Availability Zone can provide highly available and secure remote access over the Internet

8. Availability Zone
Gateway Security Group Web Security Group
Public Subnet Private Subnet
Accept TCP Port
443 from Admin IP
Accept TCP Port 3389
from Gateway SG
AWS Administrator
Corporate Data Center
WEB2
TCP 443
Requires one connection:
• Connect to the RD Gateway, and the gateway proxies the
RDP connection to the back-end instance.
WEB1
RDGW

11. •You get DHCP in Amazon VPC (no need to deploy your own DHCP servers)
Connectivity with On-PremData Center via VPN or Direct Connect

16. Availability Zone 1 / AD Site 1
Public Subnet Private Subnet
10.0.0.0/24 10.0.2.0/24
DC1
Domain
Controller
Exchange 2013
CAS+MBX
Availability Zone 2 / AD Site 2
Public Subnet Private Subnet
10.0.1.0/24 10.0.3.0/24
EXCH2 DC2
Domain
Controller
Exchange 2013
CAS+MBX
Remote
Mail Server
EDGE1
Exchange 2013
Edge
EDGE2
Exchange 2013
Edge
EXCH1
Exchange Server 2013 running on AWS

17. •Connectivity via VPN or Direct Connect
•Security groups must allow traffic to and from DCs on-premises

18. Availability Zone
Private Subnet
DC3
Corporate Network
Seattle
DC1
VPN
AD forest spanning AWS and corporate
data center
Tacoma
DC2

19. Availability Zone
Private Subnet
DC3
Corporate Network
Seattle
DC1
VPN
AD forest spanning AWS and corporate
data center
Tacoma
DC2
X
DC1 goes down, where do clients in Seattle go for
Directory Services?

20. Availability Zone
Private Subnet
DC3
Corporate Network
Seattle / AD Site 1
DC1
VPN
AD forest spanning AWS and corporate
data center
Tacoma / AD Site 2
DC2
AD Site 3
Cost 50
Properly implemented site topology and “Try Next Closest
Site” policy enabled. Clients use least cost path to DC.

22. Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica
Synchronous-commit Synchronous-commit
Primary: 10.0.2.100
WSFC: 10.0.2.101
AG Listener: 10.0.2.102
Primary: 10.0.3.100
WSFC: 10.0.3.101
AG Listener: 10.0.3.102
AG Listener:
ag.awslabs.net
Automatic Failover

23. Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica
Synchronous-commit Synchronous-commit
Automatic Failover
Witness
Server

24. Availability Zone 1
Primary
Replica
Availability Zone 2
Secondary
Replica
Automatic Failover
Witness
Server
Availability Zone 3

25. Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica 1
Synchronous-commit Synchronous-commit
AG Listener:
ag.awslabs.net
Automatic Failover
Asynchronous-commit
Secondary
Replica 2
(Readable)
Reporting
Application

26. Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Secondary
Replica 1
Private Subnet
AG Listener:
ag.awslabs.net
Corporate Network
VPN
Automatic Failover
Secondary
Replica 2
(Readable)
Reporting
Application
Backups
Manual Failover

28. •Database-tier high availability can be achieved with SQL AlwaysOn
•Install SharePoint using SQL Client Alias
•Update alias after making DBs highly available, and point to an Availability Group Listener fully qualified domain name (FQDN)

29. Private Subnet
Private Subnet
10.0.2.0/24
Availability Zone
Availability Zone
Public Subnet
NAT
10.0.0.0/24
DC
DB
Primary WEB APP
Domain
Controller
App
Server
Web
Front-End
RDGW
Public Subnet
NAT
10.0.0.0/24 10.0.2.0/24
DC
DB
Secondary WEB APP
Domain
Controller
App
Server
Web
Front-End
RDGW
Users
Availability
Group
SQL
Server
SQL
Server

30. Log Types:
•Event Logs
•IIS Logs
•Any Event Tracing for Windows(ETW) Logs
•Any Performance Counter data
•Any text-based log files
Enables customers to easily monitor instance activity in real time and create alarms on these events
To learn more: http://amzn.to/1qVKKkI

31. aws.amazon.com/quickstart

32. Please give us your feedback on this session.
Complete session evaluations and earn re:Invent swag.
http://bit.ly/awsevals