Learn how Amazon RDS makes it easy to deploy and operate a highly available and scalable SQL Server database in the cloud with cost-efficient and resizable capacity.
3. Free online webinar
events
Free 1-day local
training events
Local user groups
around the world
Online special
interest user groups
Business analytics
training
Free Online Resources
PASS Blog
White Papers
Session Recordings
Newsletter www.pass.org
Explore everything PASS has to offer
PASS Connector
BA Insights
Get involved
4. Session evaluations
Download the GuideBook App
and search: PASS Summit 2017
Follow the QR code link
displayed on session signage
throughout the conference
venue and in the program guide
Your feedback is important and valuable.
Go to passSummit.com
Submit by 5pm Friday, November 10th to win prizes. 3 Ways to Access:
5. Richard Waymire
Principal DB Specialist SA, AWS
SQL Server DB Specialist, AWS
SQL Server specialist Solution Architect for
the Americas.
SQL Server Experience
24 years of SQL Server experience, including
12+ years at Microsoft with the SQL Server
Team
Numerous Publications/Papers
Author/co-author of several books and
whitepapers on SQL Server going back to
SQL Server 6.5/richardwaymire @rwaymi
6. • AWS Overview
• How can I run SQL Server workloads on AWS?
• Performance of SQL Server RDS
• High Availability and Reliability
• Tuning and Configuration Management at scale
• Active Directory Integration
• Networking and Security for RDS SQL Server
• Enabling Data Access and Movement
Agenda
8. What are the primary drivers for moving to the cloud?
$ Move from capital expense to variable expense
Stop guessing capacity
Increased agility
Go global in minutes
Breadth of services
10. Achieve Low Latency and High Availability in All Regions
Region & Number of Availability Zones
AWS GovCloud (2) EU
Ireland (3)
US West Frankfurt (2)
Oregon (3) London (2)
Northern California (3)
Asia Pacific
US East Singapore (2)
N. Virginia (5), Ohio (3) Sydney (3), Tokyo (3),
Seoul (2), Mumbai (2)
Canada
Central (2) China
Beijing (2)
South America
São Paulo (3)
16 Regions – 44 Availability Zones – 74 Edge Locations
Announced Regions
Paris, Ningxia, Stockholm, Hong Kong, Bahrain, AWS Gov Cloud East
11. Compute Storage
AWS Global Infrastructure
Database
Application Services
Deployment & Administration
Networking
AWS Database Services
Scalable High Performance
Application Storage in the Cloud
Amazon RDS
Amazon DynamoDB Amazon Redshift
Amazon ElastiCache
Amazon Database
Migration Service
12. Simple and fast to deploy
Fully managed = low admin
Fast, predictable performance
Easy to scale
Cost-effective
Open Source Engines: MySQL, PostgreSQL, MariaDB
Commercial Engines: Oracle, SQL Server
MySQL Compatible Engine: Aurora
Amazon
RDS
13. How can I run SQL Server
workloads on AWS?
SQL Server as
Managed
Service
Automation,
Configuration
at Scale
No Data
Lock-in
16. App optimization,
tuning
Deployment
Monitoring
High availability
Backups
DB & OS patching
Your responsibility
App optimization,
tuning
Deployment
Monitoring
17. Which one is right for you?
Amazon RDS for SQL Server
Consider RDS first
Focus on:
• Business value tasks
• High-level tuning tasks
• Schema optimization
No in-house database expertise
SQL Server on Amazon EC2
Need full control over:
• DB instance
• Backups
• Replication
• Clustering
Use options not in Amazon RDS
18. SQL Server features at a glance
* Self-installed
Amazon RDS for SQL Server SQL Server on Amazon EC2
Versions Supported: 2008 R2, 2012, 2014, 2016 2005*, 2008*, 2008 R2, 2012, 2014, 2016
Editions Supported: Express, Web, Standard, Enterprise**
High Availability: Self-managed; AlwaysOn, Mirror, Log ShipAWS-managed
Encrypted Storage using AWS KMS (all editions); TDE SupportEncryption:
Authentication: Windows & SQL authentication
Maintenance plans & 3rd party toolsManaged automated backupsBackups:
Self-managedAutomatic software patchingMaintenance:
19. • Nov 2016 – SQL Server 2016 supported
• Feb 2017 – SQL Server supports Forced SSL
• June 2017 – TDE-encrypted snapshots can be copied cross-region
• June 2017 – SQL Server 2016 SP1 supported
• June 2017 – Support for stopping/starting Database Instances
• July 2017 – EE License Included in all AWS Commercial Regions
• August 2017 – Max Storage increased from 4TB to 16TB
• Sept 2017 – HIPAA Eligibility achieved
• Nov 2017 – Reconfigure Storage Type on Snapshot Restore
RDS SQL Server pace of Innovation
20. Deploy and Operate
SQL Server at scale
SQL Server as
Managed
Service
Automation,
Configuration
at Scale
No Data
Lock-in
21. Deploy and manage SQL Server
Amazon
RDS
Management
Console
AWS Command
Line Interface
(CLI)
or
AWS Tools for
PowerShell
AWS SDKs AWS
CloudFormation
templates
Multiple ways to start and manage your SQL Server resources using AWS
30. Scaling compute resources
Range of DB
instance classes
From: 1 vCPU and 1
GB of RAM
To: 40 vCPUs or 244
GB of RAM
Grouped in instance
families:
Standard (db.m4)
Memory (db.r3)
Burst Capable
(db.t2)
Scale up or down by
changing the
instance class
R3
31. • SQL Server workloads typically benefit from large amounts of
memory (caching)
• Consider db.r3 - Memory Optimized instances
• Edition and licensing may impact DB instance class options
• DB instances can be modified to change the DB instance class
• Requires a reboot (or failover in Multi-AZ)
• Can scale compute capacity with the workload, if practical
• Storage cannot be scaled once deployed
• Plan for data set growth
Performance planning
32. Storage & I/O performance
Amazon RDS Amazon EC2
Type Size Performance Size Performance Burst Capacity Pricing Model
Magnetic
Storage
20 GiB–1 TiB ~100 IOPS 1 GiB–1 TiB ~ 100 IOPS Yes, several
hundred IOPS
Allocated
storage; I/O
operations
General
Purpose (SSD)
20 GiB–4 TiB
(min. 100 GiB
recommended)
3 IOPS/GiB 1 GiB–16 TiB 3 IOPS/GiB for
volumes 1 TiB
or less, up to
10,000 IOPS
for larger
volumes
Yes, up to 3000
IOPS per
volume,
subject to
credits (< 1 TiB
in size)
Allocated
storage
Provisioned
IOPS
(SSD)
100 GiB–4 TiB
(min. 200 GiB
for Standard
edition & up)
Up to max.
20,000 IOPS
4 GiB–16 TiB Up to 20,000
IOPS
No, fixed
allocation
Allocated
storage;
Provisioned
IOPS
34. Amazon RDS Multi-AZ
Always run production workloads in
Multi-AZ mode
• Primary and secondary DB nodes in
different Availability Zones (AZ)
• Leverages SQL Server DB Mirroring
• Automatic failover (1–2 minutes typically)
Consider:
• Impact on mirroring of change heavy workloads (for example, index rebuilds)
35. Amazon RDS Multi-AZ in depth
Failure scenarios mitigated:
• Loss of availability in primary AZ
• Loss of network connectivity to principal DB node
• Compute unit or storage failure on principal DB node
Failover process:
Mirroring
stopped
Address
apply debt
Promote to
master
Change DNS
endpoint
Provision new
secondary
Consider:
• Implement retry logic at the application layer—trigger manual failover to test
36. Monitoring SQL Server performance
Monitor performance using Amazon CloudWatch
Alarms & notifications: Amazon RDS &
Amazon EC2
Default metrics: Amazon RDS & Amazon
EC2
Custom metrics: Amazon EC2
1
2
3
CPU Utilization
Read / Write IOPS
Disk Queue Depth
Memory (RDS)
Storage Space (RDS)
Connections (RDS)
I/O Throughput (EC2)
…
Use SQL Server Profiler & Tuning Advisor to trace query performance
37. Overview:
• OS Level Monitoring Metrics – 26 system and per process metrics
• Metrics delivered to CloudWatch Logs
• Up to 1 second granularity
Compared to CloudWatch Metrics:
• Agent based metrics collections
• There can be differences with CloudWatch metrics due to collection source
(hypervisor vs. agent) – eg. CPU
Amazon RDS Enhanced Monitoring
38. Enhanced Monitoring
50+ system/OS metrics | sorted process list view | 1-60 sec granularity
alarms on specific metrics | egress to CloudWatch Logs | integration with 3rd-party tools
39. • Automated backup and recovery
• Maximum retention: 35 days
• Restore to any second, typically up to the last 5 minutes
• Full DB instance snapshots & restore
• Backup & Restore using .bak files
• Leverages SQL Server’s native backup functionality
• 4 TB database size limit
Reliability
41. • Centralized management of DB
engine parameters
• Ability to consistently apply
configurations to DB instances
• Auditability of configuration
• Sensible defaults work for most
use cases
• Ability to create custom parameter
groups
Parameter Groups Option Groups
• Used for enabling additional
features
• Ability to create custom option
groups
• Supported options:
• Transparent Data Encryption (TDE)
in Enterprise Edition only
• S3 Backup & Restore
Manage the RDS SQL Server
configuration
43. Customizing parameter groups
• Exercise Caution - Change at Your Own Risk!
• Not all parameters can be changed, some read only for visibility
• Dynamic (applied immediately) vs. Static (requires reboot)
• Fixed value, formula driven default, DB instance class dependent,
interdependent – for example:
Parameter “clr”
Enable (1) or disable (0) the
common language runtime,
default disabled (0). But if
enabled, parameter
“lightweight pooling” must be
disabled (0)
Parameter “max server
memory (mb)”
Memory allowed to be used
by the server instance.
Default based on instance
class:
{DBInstanceClassMemory}/
1048576
Parameter “max worker
threads”
Number of worker threads
available for SQL Server
processes. Default is 0 – db
engine computed based on
formula:
512+ max(0, (vCPUs-4)x16)
45. What we need:
RDS for SQL Server DB Instance✓
S3 Bucket (to store .bak files)✓
DB Option Group enabling
SQLSERVER_BACKUP_RESTORE
✓
SSMS or other client to connect to DB
instance
✓
49. What we need:
RDS for SQL Server DB Instance✓
S3 Bucket (to store .bak files)✓
DB Option Group enabling
SQLSERVER_BACKUP_RESTORE
✓
SSMS or other client to connect to DB
instance
✓
57. What we need:
RDS for SQL Server DB Instance✓
S3 Bucket (to store .bak files)✓
DB Option Group enabling
SQLSERVER_BACKUP_RESTORE
✓
SSMS or other client to connect to DB instance and restore✓
64. RDS for SQL Server deployment patterns
Standalone DB
Instance
Microsoft AD
integrated DB
Instance
Integration with
existing Active
Directory
Infrastructure
Hybrid on-
premise and
AWS
deployment
65. Standalone DB instance
RDS SQL Server DB Instance
• Deployed in a DB Subnet Group
• Single-AZ or Multi-AZ (recommended
for production)
• No directory integration, authenticate
via SQL Server Authentication
Pros
• Simplicity, great for ad-hoc workloads,
ETL processes, data conversion and
migration
Cons
• Connection string/application
credential management overhead
66. • Join RDS for SQL Server to a domain
• Domain provided by AWS Directory Services
• Directory as a managed service
• Deploy a Microsoft AD directory
• Fully managed AD forest
• Primary and secondary domain controllers in different AZs
• Ability to establish forest trusts
Using Windows Authentication
67. Microsoft AD integrated DB instance
• Cloud-based Active Directory
deployment using AWS Directory
Services Microsoft AD
• Managed directory
• Credentials stored and managed in the
directory
• RDS DB instance joined to the directory
operated domain
• Add SQL Server logins for domain
users, and authenticate using Windows
Authentication
68. Integration with existing Active Directory
Microsoft AD directory + external AD
• Integrate with existing AD deployment
using a Forest Trust
• Configure inbound trust on the external
forest + outbound trust in the directory
• Configure conditional forwarders for
the 2 domains
Pros
• Leverage an existing, self-managed AD
deployment with RDS SQL Server
Cons
• Increased complexity operating 2
domains
69. Hybrid on-premise and AWS deployment
Microsoft AD directory + on-prem AD
• Extend your internal network to AWS
• Private connectivity to your AWS VPC
(VPN, DirectConnect)
• We recommend extending your AD
deployment to AWS using secondary
controllers in your VPC
• Establish Forest Trust between the
existing AD and the Microsoft AD
directory
Active Directory integration & deployment
patterns
Active Directory integration & deployment
patterns
70. Networking and Security
for RDS SQL Server
SQL Server as
Managed
Service
Automation,
Configuration
at Scale
No Data
Lock-in
71. Securing SQL Server on AWS: network
Amazon VPC: Control subnets, AZ
specificity (DB subnet groups), route
tables and NACLs
Security groups: Restrict instance traffic
Public access: Avoid it or limit it
1
2
3
VPC
72. Securing SQL Server on AWS: data
Protect data at rest
Encrypted DB instances using AWS KMS,
TDE, column-level, encrypt before saving
Secure data in transit
Encrypted connections via SSL
1
2
73. Securing SQL Server on AWS: access &
audit
Control: Use AWS Identity and Access
Management (IAM) to control instance
lifecycle permissions, grant least
privileges
Audit: Use AWS CloudTrail to log AWS
API invocations
2
3
Grant least privileges to applications and
end users
1
74. Enabling Data Access and
Movement
SQL Server as
Managed
Service
Automation,
Configuration
at Scale
No Data
Lock-in
75. • Manage using common tools: SQL Server Management
Studio, sqlcmd, etc.
• Data source only for SSAS, SSIS and SSRS
• Maximum 30 databases per Amazon RDS instance
• Amazon RDS does not provide desktop, Administrator or
file-system access to DB instances
• Not supported: Maintenance Plans, Database Mail, Linked
Servers, MSDTC
Amazon RDS SQL Server tooling
76. Migrating data to & from Amazon RDS
.BAK File Save & Restore
Leverages SQL Server’s native backup functionality
AWS Database Migration Service
Minimize downtime during migrations, migrate
between different DB platforms, Schema Conversion
Tool
AWS Marketplace
Third-party data import and export tools and
solutions
1
3
4
Microsoft SQL Server Database Publishing Wizard,
Import/Export
Export to T-SQL files, load using sqlcmd
2
77. Why Microsoft SQL Server on AWS
Largest Global Reach - every region with
high availability zones
Cost benefits through license optimizations
Increase innovation and flexibility for future
Improve security posture