Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Danny Jenkins
Solutions Architect – Amazon Web Services
Drew Paterson
Solutions Architect - Amazon Web Services
Migrating Microsoft Applications to
AWS like an Expert

What Will You Takeaway From This Session?
• This is a 300 level session
• Holistic approach to migrating Microsoft Workloads
• Move fast…dive deep where necessary
• Barcodes are frustrating – Links on the website
http://unicornshop.lol

Who Are Unicorn Shop?
“To enable anyone with the dream of being a
unicorn to look like one”
• Online ecommerce offering
• Brick and mortar stores
• CMS, back office applications
• .NET and SQL custom applications
• Email hosted in O365
Issues:
• Wasted resources
• Capex vs Opex model
• Developers restrained and can’t help the
business speed up

Migration Approach
Approach
Landing
Zone
Application
Migration
Active
Directory
Automation
Database
Migration
What next?
Application
Review

Web 01 Web 02 Web 03
App 01 App 02 App 03 Batch Jobs
SQL 01 SQL 02
Our Web Store (PCI Compliant)
• PCI compliant workload
• Need to restrict user
access to some
components
• Limited to specific
services
• Need to monitor access
patterns
Application
Review

App 01 App 02
SQL 01 SQL 02
Our CMS Deployment
• Legacy threat
management SPOF
• Systems idle for 70% of
the weekWeb 03
Threat gateway
Application
Review

Microservices
Fleet
Microservices Deployment
Web logs
Database Logs
Vendor API
Business Insights
Application
Review

So Let’s Go!! ....Almost…
Strategy Plan Build & Migrate Run
Existing IT
estate
evaluation
Planning &
Discovery
Application
design
Migration &
Validation
OperationApplication 1
Application 2
Application
1
Application
2
AWS Application
discovery service
Amazon
Cloudwatch
AWS Config
AWS DMS
AWS SMS
ServicesfromAWS
ecosystem
Our
Approach

Approaching The Migration With The 6 R’s
Retain
Retire
Rehost
Replatform
Refactor
Repurchase
Our
Approach

Building Our Landing Zone
• Multiple accounts in Organisations + SCPs
• How to create a monolithic identity approach
(don’t judge me quite yet…)
• Amazon GuardDuty event execution
• Connectivity
• AWS Config enforcing encryption demo
Landing
Zone

Let’s Deploy Our Organisation’s Structure
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*",
"cloudwatch:*"
],
"Resource": "*"
}
]
}
A1 A2 A4
M
A3
Dev Prod Prod
PCI
Landing
Zone

Identity As A Monolith?
Target account
A
Target account
B
Target account
C
Target account
B
Administrator account
CloudFormation
template
Stack Set
Region 1 Region 2
Landing
Zone

Admins
Admin role
Admin role
Sales Account
Retail Account
Identity Account
Cross account roles
Landing
Zone

Identity Account
Stack Set
Landing
Zone

Demo

Amazon CloudDuty – Event Execution
aws events put-rule --name Test --event-pattern "{"source":["aws.guardduty"]}“
aws events put-rule --name Test --event-pattern "{"source":["aws.guardduty"],"detail-
type":["GuardDuty Finding"],"detail":{"severity":[5.0,8.0]}}“
aws events put-targets --rule Test --targets Id=1,Arn=arn:aws:lambda:us-east-
1:111122223333:function:<your_function>
Amazon GuardDuty
UNICORN
Landing
Zone

Our CMS Threat Management Layer
App 01 App 02
SQL 01 SQL 02
Web 03
Threat gateway
Landing
Zone

AWS WAF
Landing
Zone

AWS WAF
• PCI
• OWASP Top
10
• Bot protection
• SQLi/XSS
• IP reputation
• CMS
protection
Landing
Zone

Let’s Get Our Networking Right…
Customer
routers
AWS direct
connect routers Amazon S3
Public traffic
Private traffic
Landing
Zone

A good place to start..Microsoft apps need AD

Amazon
Windows EC2
Instances
Amazon
Linux EC2
Instances
Azure AD
Connect
Server
ADFS
Server
(optional)
Amazon
Workspaces
Amazon
Workmail
Amazon
Workdocs
Amazon
Chime
AWS Mgmt
Console
RDS for
SQL Server
Amazon
QuickSight
Amazon
Connect
AWS Microsoft
AD Directory
Remote
Desktop
Licensing
.NET
applications
SharePoint
SQL
Server VPN
Connection
Office 365
Azure AD
On-premises
Microsoft
Active Directory
On-premises
Users
Authentication &
authorisation
SAML
Authenticate
Federate
Syncronise
Users
AWS apps & services Amazon EC2
Cloud applications
AD aware workloads
On-premises AD
Corporate data centre
Active
Directory

What Next? Migrating Databases Can Be Hard..
Migration
method
Amazon
RDS Target
Amazon
EC2 Target
Downtime DB Objects Cross-Engine
Backup/Restore Yes Yes Yes (hrs) Data, Schemas,
Stored Procedures,
Triggers, Indexes
No
Import/Export
Bulk Copy
Yes Yes Yes (mins-hrs) Data, Schemas,
Stored Procedures,
Triggers, Indexes
No
SQL Log
Shipping
No Yes Minimal (secs-min) Pre-create the DB,
sync
No
Hybrid
Architecture
No Yes Minimal (secs-min) Pre-create the DB,
sync
No
AWS DMS Yes Yes Minimal (secs-min) With SCT (Data,
Schemas, Stored
Procedures, Triggers,
Indexes)
Yes (SCT)
Database
Migration

Users Accessing On Premise
On-premise DB AWS DB
Database
Migration

Migrating Database Writes Across
On-premise
CMS DB AWS DBAWS DMS
Database
Migration

DNS Update And On Premise Decommission
Decommission
CMS DB AWS DBAWS DMS
Database
Migration

What To Migrate After SQL Server?
Fan out / deploy multiple systems in parallel:
• Exchange
• SharePoint
• Skype for Business
• System Centre Configuration Manager
• System Centre Operations Manager
• Etc…
Application
Migration

AWS Server Migration Service
SCVMM
HV
HOST
HV
HOST
HV
HOST AWS SMS
SMS VM
CMS Web
AMI
CMS App
AMI
Application
Migration

Windows? Containers? Actually Yes…
State in containers, you can but it’s hard
Stateless apps + short lived, look at ECS containers
How to migrate apps to containers? Containers are
portable..
Do you have a CICD process already?
Application
Migration

ECS With 2 Autoscaling Groups
Example spot pricing Instance diversity
Application
Migration

Scheduled Tasks? .Net Core 2.0 Lambda
VPC private subnet
Pull data from CSV file
Perform ETL
Insert data into SQL table
Upload
Users
Data dropped in S3
Schedule / event triggered
S3 Bucket Lambda function DB in private subnet
Application
Migration

Automation Is Key, How Do I Automate Updates?
Start temporary
instance
AWS latest
Windows
AMI
Update EC2 Config
or EC2 Launch
Update PV drivers and run
Windows updates
Invoke user provided
scripts
Run a sysprep /
Generalise
Stop
temporary
instance
Custom AMI ready for
deployment
Automation

Searching for a solution to host its MSFT
SharePoint sites, the company chose AWS
because of cost, and to improve operational
efficiency.
By running on AWS, Dole can launch a new
SharePoint website in minutes, host business
intelligence and mobile applications globally,
and estimates savings of more than $350,000
in operating expenses.
“We can grow anytime we want, we don’t have to go and acquire new hardware”
Joanna Dyer – Director, IT Solutions
Automation

• Understand the dependency chain in your
Microsoft applications
• Build your migration plan around the
dependency chain
• Know how Microsoft licensing on AWS works
and plan accordingly
What Next?
Wrapping It Up

Thank You!

Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018

Similar to Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018 (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Migrating Microsoft Applications to AWS like an Expert - AWS Summit Sydney 2018