Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
•Télécharger en tant que PPTX, PDF•
2 j'aime•1,119 vues
Deploy, scale, and manage your Microsoft workloads on AWS. We start our session by discussing why customers want to deploy Microsoft Windows applications on AWS as a cloud platform. We talk about reference architectures and best practices for implementing Microsoft products and technologies including Active Directory, Remote Desktop Gateway, Exchange, SharePoint, and Lync in the AWS cloud. We conclude with best practices for managing and monitoring Microsoft technologies in the AWS cloud.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (20)
Similaire à Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Similaire à Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016 (20)
Plus de Amazon Web Services
Plus de Amazon Web Services (20)
Dernier
Dernier (20)
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
- 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bill Jacobi, Solutions Architect June 20, 2016 Running Microsoft Workloads on AWS
- 2. Why Run Microsoft Servers on AWS? Amazon’s Migration to AWS Demo of Windows Architecture on AWS Cost, Licensing, & Performance Architecture and Technology Agenda
- 3. Why Run Microsoft Servers on AWS? Cloud Benefits Agility Vertical and horizontal scaling takes place in minutes. Experiment, optimize with simple clicks or CLI commands Cost You pay only for what you use, and you can turn up/down resources elastically according to demand or schedules Elasticity Resources are provisioned according to demand. Horizontal and vertical scalability are programs, clicks or CLI commands. Breadth of functionality Compute, Storage, Database, Networking, Dev Tools, Management tools, Security/Identity, Analytics, Mobile, App Services, Enterprise Apps Go global 12 Regions across Americas, Europe, Asia, Australia, South America. 33 Availability Zones.
- 4. Why Run Microsoft Servers on AWS? AWS-specific Benefits Add-On Compatibility ISV add-ons supported by Infrastructure as a Service platform Enabled for compliance Applications can run under NIST, PCI, or HIPAA Accelerators that provide baseline regulatory controls License management AWS Config can monitor license compliance of server- bound licenses on Amazon Dedicated Hosts Auditability enabled Every API call, network packet in/out, and infrastructure change is audited, both ALLOWS/DENIES DevOps enabled AWS CloudFormation builds infrastructure while Microsoft PowerShell builds applications, automating Windows on AWS deployments Optimization Monitor and optimize the specific resources needed
- 5. In 2013, Amazon IT decided to migrate the Microsoft stack to AWS Over 200K Amazon users access Exchange, SharePoint, and Lync through the corporate image Exchange data points: • There are 26 Exchange servers (4 per AZ) • 7,600 users per server • DAG Architecture for HA • Supports users in Americas, EMEA, and Asia Amazon’s Migration to AWS
- 6. Demo: SharePoint Pushbutton Launch SharePoint Deploys SharePoint Foundation running on Windows Server View View in Designer Launch Stack
- 7. Announcing
- 8. Accelerator for Microsoft Servers • Single VPC for integrated cross-server experience • Multiple AZs for high availability across all servers • DMZ subnet for management • Private subnet for app servers • 2 AD sites mapped to the 2 AZs for high availability • Connect to on-premises through AWS Direct Connect (not part of QuickStart)
- 9. • Exchange DAG architecture • Lync Paired Pool architecture • SQL Server Always On architecture for SharePoint • Brick architecture represents a 10 K modular pod • Add n pods for n-scale • Use the Microsoft capacity calculators and load- testing tools to validate Accelerator for Microsoft Servers
- 10. Accelerator for Microsoft Servers
- 11. • Exchange, SharePoint, Lync, SQL Server, and Active Directory on AWS • Deployed from single Master template • 14 Servers, 2 AZs, 10 K Users • Exchange users have 5 GB mailboxes • Lync users have VOIP, video, web conferencing, and desktop sharing • SharePoint Blog and Team Sites are “Everyone”-enabled • ~$14/hour to operate Demo: Microsoft Servers on AWS
- 13. Full Control of Infrastructure and Applications
- 15. $9,997 per Month or $13.70/Hour–Details • $1.00/user/month • Architecture supports 10 K Users • 5 GB Mailboxes • 1 TB SSD Storage for User Profiles
- 16. $9,997 per Month or $13.70/Hour–Details
- 17. Licensing Microsoft Products on AWS BYOL: Support for Microsoft servers • Exchange, Skype for Business, SharePoint, Systems Center • See AWS Microsoft Licensing page for details License-included: Windows Server and SQL Server AMIs available from AWS • Windows Server 2012 • Windows Server 2012 R2 • Windows Server 2008 • Windows Server 2008 R2 • Windows Server 2003 • SQL Server 2012 • SQL Server 2014 http://aws.amazon.com/windows/resources/amis/
- 18. Architecture and Technology • Architectural Considerations • SharePoint and SQL Server on AWS • Performance and Latency • DevOps • Enabled for Compliance • Auditability
- 19. Architectural Considerations Amazon VPC • Configure IP ranges, public/private subnets, routing tables, Internet or private gateway Security groups, network ACLs, VPC flow logging Remote administration The principle of least privilege
- 20. SharePoint on AWS - link
- 21. SQL Server High Availability - link Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica Synchronous-commit Synchronous-commit Automatic Failover Primary: 10.0.2.100 WSFC: 10.0.2.101 AG Listener: 10.0.2.102 Primary: 10.0.3.100 WSFC: 10.0.3.101 AG Listener: 10.0.3.102 AG Listener: ag.awslabs.net
- 22. Performance and Latency: Wash DC–Portland, OR 88 ms round trip via Internet 59 ms round trip via Direct Connect
- 23. Basic standard in AWS for automating deployment of resources CloudFormation template − JSON-formatted document which describes a configuration to be deployed in an AWS account − When deployed, refers to a “stack” of resources PowerShell can be slipstreamed into UserData and run at instance start up AWS CloudFormation DevOps–CloudFormation
- 24. Create Lync FrontEnd1 Instance Embed PowerShell DevOps–PowerShell in CloudFormation
- 25. DevOps–AWS CodeCommit Version Control with Git
- 26. Enterprise Accelerator for Compliance–link
- 27. Auditability Infrastructure: − AWS CloudTrail − AWS Config − Amazon Inspector Network: − VPC flow logs − Elastic Load Balancing access logs Application: − Amazon CloudWatch Logs CloudWatch Logs can integrate • Event logs • IIS logs • Event Tracing for Windows (ETW) logs • Any performance counter data • Exchange, Lync, SharePoint logs • Any text-based log files
Notes de l'éditeur
- Log into the AWS Console and refresh EC2 and S3 so that it is fast on the demo on slide 10
- The first is agility. AWS lets customers quickly spin up resources as they need them, deploying hundreds or even thousands of servers in minutes. This means they can very quickly develop and roll out new applications, and it means teams can experiment and innovate more quickly and frequently. If an experiment fails, you can always de-provision those servers without risk. The second reason is cost savings. AWS allows customers to trade capital expense for variable expense, paying for IT as they consume it. And, the variable expense is much lower than what customers can do for themselves because of AWS’s economies of scale. For example, Dow Jones has estimated that migrating its data centers to AWS will contribute to a global savings of $100 million in infrastructure costs. Or the Commonwealth Bank of Australia, which has halved its storage costs and is estimating it will save hundreds of millions of dollars. Another example is the US Navy, which is moving workloads to AWS and is saving as much as 60% over on-premises or hosting. The third reason is elasticity. Customers used to over provision to ensure they had enough capacity to handle their business operations at the peak level of activity. Now, they can provision the number of resources that they actually need, knowing they can instantly scale up or down along with the needs of their business, which also reduces cost and improves the customer’s ability to meet their user’s demands. The fourth reason is the breadth of functionality that exists in AWS. We have more than any other platform. And, we continue to add new capabilities and new services at an accelerating pace. In 2011, we released over 80 significant services and features; in 2012, nearly 160; in 2013, 280, and in 2014, we launched 516. In 2015, we launched 722 new services, up nearly 40% year-over-year. Customers benefit from this continual evolution, innovation and iteration, because they get the newest/latest features or enhancements instantly. No need to upgrade, deploy, or to migrate. The fifth reason is that AWS enables customers to deploy globally in minutes. AWS has the concept of a Region, which is a physical location around the world where we cluster datacenters. We call each group of logical datacenters an Availability Zone. Using AWS, customers can leverage 33 Availability Zones across 12 geographic regions worldwide. And, we don’t plan to stop there.
- Add-on Compatibility: We are running the servers that Microsoft built for on-premises on the AWS Infrastructure-as-a-service platform. All addons and customizations should run. If you have records management, expense report, workflow, HR, data classifaction addons or others, they should all work. Enabled for compliance: We provide NIST, PCI, and HIPAA sandboxes (though Accelerators) that are locked down and documented against the required regulatory controls License management: With AWS Config, we can track and prove that licenses that need to be server-bound are in fact used exclusively on dedicated servers. We have a feature called Dedicated Hosts for this requirement. AWS Config lets us monitor and report that software never roams beyond the assigned hosts. Auditability built in: AWS CloudTrail monitors every API call. VPC Flow Logs every network packet, AWS Config every change in infrastructure, AWS Inspector lets you to analyze the behavior of AWS resources, including instances, network, file system, and process activity, and identify potential security issues. DevOps built in. My favorite feature. CFN consistently, predictably, reliably builds infrastructure such as networks, instances, gateways, firewalls, etc., and PowerShell lets you build the Microsoft servers. PowerShell is embedded into CFN so that they run together. Optimization – Great example. I’m using regular SSDs in the demo that I’ll show you. If I want to, I can use Provisioned IOPS which guarantee a level of performance above and beyond standard SSDs. If I decide I want more IOPS for Exchange, I can turn on this feature. Same for # of processors, speed of processors, amount of RAM, etc., etc. You have nearly infinite dials, levers, and knobs to optimize the user experience. BTW, the Microsoft tools like SCOM all apply.
- The Accelerator that I’m about to show you is based on lessons learned in moving Amazon users to the Microsoft workloads. Our drivers were similar to the ones on my Benefits slide: Cost optimization, Performance, Elasticity (we have a seasonal workforce), and improving the experience of Amazon users Elasticity was crucial for us. If we add thousands of workers in Q4, we don’t want to be stuck all year with the costs of supporting the high water mark. By the way, Microsoft makes our job easier with what they call their “brick architecture”. More on this to come. You can think of the Microsoft servers and AWS as chocolate and peanut butter. Rob Francis, Senior Manager, Corporate Infrastructure, gave a talk about the Amazon deployment of Microsoft servers on AWS. Email me if you would like this presentation.
- We’ll kick this off and come back to it later. I want everyone to see a stack being built and deployed in this session. Someone remind me if I don’t come back to show you this SharePoint fully up & running in today’s session.
- Add n pods for n-scale. I’m going to show you 10K users today. If you would like to see 100k users at Re:Invent, please include this feedback in your eval forms. Customer feedback drives the limited number of sessions that we get at ReInvent.
- Just flash this slide. Customers already saw it live in the Console.
- Would anyone like to see a demo? Microsoft Servers Demo Context: What is running Background: We have a pod supporting 10K users with access to Exchange, SharePoint, SQL Server, Lync and Active Directory Show AWS Console: These are running in us-west-2 in Portland and I and the clients are in Washington, DC—a distance of over 2000 miles AWS console: Describe the 14 servers that support these workloads for this user count Let’s look at the user count RDP in to DC1 Load PowerShell: Import-module ActiveDirectory Get-Module to show that the AD module is loaded Show all users: Powershell: Get-ADUser – filter * Show user count: (Get-ADUser –filter *).count Show ISE with all AD Commands on the right frame Ping exch2 Ping fe2 Ping spwfe2 Point out that the ‘2’ servers are in different AZs DevOps/Automation – Fill in the MS Servers template but don’t run it. Point to what is already up & running. CloudFormation: Show the 6 stacks, events, and parameters that have built this configuration. Explain the layering AD is base. SQL and Exchange sit on AD. SharePoint sits on SQL. Lync sits on Exchange Dependencies are important hence the layering Use the AD stack, and show event creation of the VPC, Security Groups, Attaching VGW, etc. End User Demo – Use the video for this part of the demo. Video is easier since it shows screens from two laptops at IAD21. You probably only have 1 laptop. Olive Workman emails Pat Perry. Subj: Discuss Electric Vehicle Trends Pat replies: Many companies doing interesting stuff. Olive sees Pat is online. Olive IMs Pat. You able to chat? Pat IMs: Sure thing Olive IMs: Did you see the analyst report from earlier this month? Olive IMs the link to the SharePoint Blog to look at the latest post on GM Pat IMs: You OK to video chat? Olive invites Pat to Video Chat (Provides tour of UI first) Pat Accepts Video Invite. Wave hands and show smooth video. Turn off laptop mics to avoid feedback This shows all of the business productivity servers running in an integrated fashion as you would expect Clients are 2000 miles away from servers (IAD21 us-west-2) Server Consoles Show SharePoint Central, Manage Web Applications, SharePoint:80, Application Management, View Site Collections, Back, Create Site Collection Exchange Admin Center, Click Mailboxes, User Mailboxes, +, Browse, double-click on a name Lync Control Panel, Home, Enable Users for Lync Server, Add, Find, Enable a user AD User and Computers Show what’s been configured in terms of Site Collections, mailboxes/policies, Lync conferencing, voice, etc., and AD user properties Performance and latency RDP to the RDGW We are going to download a 1GB file Just to be clear, I’m not talking about a 1MB or 10MB email attachment Let’s download a 1GB ISO (Lync ISO) of one of the servers to see how fast performance is. About 5s. Exchange (4GB) is about 20s. From the RDGW, download the ISO and calculate the throughput to the Instance.
- Flash this slide because you showed them this template in the Console.
- What do we have on AWS Platform Microsoft and Amazon have jointly developed a set of Amazon Machine Images (AMIs) . They are well documented, optimized, and configured based on best practices. They are available in all regions that AWS supports to provide a consistent global experience. AWS provides updated, fully patched Windows AMIs within 5 business days of Microsoft’s patch Tuesday (second Tuesday of each month). When publishing new Windows AMIs, AWS follows a consistent naming scheme. For example, server and date stamp tagged to the end of the name Look for the date stamp in the AMI name. You find the date stamp (last 8 digits) at the end of the AMI name. Large collection of operating systems , with language support Large collection of databases including SQL Express and Standard editions.
- This is what we built and proposed to BAE.
- Virtual Private Cloud is what you saw on the earlier slide that laid out two public and two private subnets. Note that the application is only aware of subnets and that VPC maps subnets to Availability Zones. Security groups are firewalls that are enforced at the instance level. Network ACLs are firewalls that are enforced at the subnet level VPC flow logging is the logging and auditing of all ingress/egress packets Remote administration is the notion of a bastian host in the public or management subnet Principle of least privilege is the notion of enabling the minimum security settings that will allow the application to work correctly without any additional capabilities
- This slide represents the QuickStart for an HA deployment of SharePoint 2016 Let’s come back to the SharePoint instance that I kicked off. Get the password, browse into the EIP, and login to show a team site.
- WSFC clusters and AlwaysOn Availability Groups Underpin many enterprise-class solutions including Microsoft SharePoint and .NET applications. Again we provide reference models for this. HA, MAZ – sync replica over 1-2 ms link. ------- I would cover this slide quickly because there are other sessions on SQL Server including Joe Spiezio Hybrid IT tomorrow. They will demo this solution live.
- 5,000 mile radius between users and servers to support ALL workloads including Lync Lync is the most latency sensitive. Other workloads can be supported much greater than 5,000 miles Lync is only sensitive for video operations. IM, etc., works over greater distances
- This Accelerator will set up the VPC for an application and turn on the right features such as AWS Config for continuous monitoring. Accelerator gives you the ability to build an application on AWS in which we have hardened and documented the infrastructure to be compliance-ready.