M E X I C O C I T Y

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Simplifying Microsoft Architectures with AWS ServicesRafael Mattje de Carvalho

T E C H 2 0 5

Senior Solution Architects ManagerAWS

AgendaIntroduction

Simplifying connectivity

Simplifying governance and security

Simplifying the active directory

Simplifying SQL server deployments

Simplifying .NET development

Simplifying migrations

11 years of innovation for Microsoft on AWS

Windows Server & EC2

SQL Server

.NET

App Modernization

Cust

omer

ado

ptio

n

2008

Visual Studio ToolkitMicrosoft SCOM plug-in release.

Microsoft SharePoint 2016 (Marketplace)

Microsoft SCVMM Plug-in

SAP instance on AWS 2012

Trusted Advisor checks for Windows

Hyper-V support in SMS

Windows for Lightsail

Application-consistent Snapshots through VSS

AWS Directory Service

Sessions Manager Dedicated Host Enhancement Tag-On

EC2 Dedicated Hosts (BYOL)

EC2 Run Command

EC2 Systems Manager

EC2 Dedicated Instances (BYOL)

EC2 Windows on Bare Metal/Hyper-V AMI

WS 2008 & SQL Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2016

Windows Server 1803

Windows Server 2003

Application migration using AWS SMS

Active Directory Cross VPC Support

AWS License Manager

SQL 2017 AMI AL2/Ubuntu

SQL Server 2008 R2 Amazon RDS adds SQL Server

SQL Server 2017

SQL Server 2012

SQL Server 2008 R2

SQL Server 2016

SQL Server 2008 Upgrade

2010 2012 2014 2016 2018 Today

.NET Core & PowerShell on AL2/UbuntuWindows Deep Learning AMI

.NET Core 2.1 on Linux AMIs

Lambda Support for PowerShell Core

Amazon ECS for Windows Containers

Amazon EKS for Windows

AWS Tools for Windows PowerShell

.NET SDK

DynamoDB Accelerator SDK for .NET

.NET on Lambda & AWS CodeBuild

.NET Core 2.1 Support with Lambda & X-Ray

X-Ray .NET SDK

.NET Developer HubAWS X-Ray .NET Core Support

CloudWatch AppInsights

.NET Developer Hub

Amazon EC2 Run Command

AWS Toolkit for Visual StudioSDK for .NET

Amazon EC2 AWS Systems Manager

Amazon EC2 Dedicated Hosts (BYOL)

Amazon EC2 Dedicated Instances (BYOL)

Amazon EC2 Windows on Bare Metal/Hyper-V AMI

IDC, Windows Server Operating Environment Market Update, Doc # US44217118, Aug 2018

30.9%

11.4%

Worldwide Windows Public Cloud IaaS Instances by Cloud Provider, 2017

Azure

https://d1.awsstatic.com/analyst-reports/IDC_Slide_WindowsonAWS_JM181015.pdf

According to IDC, almost 2/3 of Windows instances runningon public cloud run on AWS

Stockholm

Hong Kong

Announced regions

Reliability begins with the AWS global infrastructure

Concepts: Regions and Availability Zones (AZs)

Region 1

Availability Zone 1

Availability Zone 2

Availability Zone 3

Region 2

Availability Zone 1

Availability Zone 2

Availability Zone 3

AWS VPN

Availability Zone

Private subnetPublic subnet

Availability Zone

Private subnetPublic subnet

Remote users

A typical multi-AZ

architecture

Virtual private gateway

Corporate office

IISApp

IISWeb

IISApp

IISWeb

AWS Direct Connect

Internetgateway

RDGW

Amazon VPC NATgateway

RDGW

Amazon VPC NATgateway

AWS Directory Service

AWS Directory Service

MS SQL

MS SQL

Always on availability

group

Amazon VPC endpoint Amazon S3

Auto Scaling

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Concepts: ConnectivityOn premises Region

AZ 1 AZ 2 AZ 3

VPC

Public subnet

Private subnet

Public subnet

Private subnet

Public subnet

Private subnet

Concepts: ConnectivityRegion

VPC VPC

VPN connectionCustomer gateway

Amazon VPC Amazon VPC

Amazon VPC Amazon VPCVPC peering

VPN connection

VPN connection

VPC peering

Things can get complex …

VPC peering

VPC peering VPC Peering AWS Direct Connect Gateway

AWS TransitGateway

Amazon VPCAmazon VPC

Amazon VPCAmazon VPC

Customergateway

VPNconnection

AWS DirectConnect Gateway

Simplify with AWS Transit Gateway

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

One account: Isolation with IAM and Amazon VPC

Everything

Account by environment

Development ProductionEverything

Multi-account approach

Developersandbox

Development Pre-production

Team or group accounts

Security

Core accounts

Organizations master

Sharedservices

Network

Log archive Production

Team sharedservices

Developer accounts

Organizations: Account management

Log archive: Security logs

Security: Security tools, AWS Config rules

Shared services: Directory, limit monitoring

Network: AWS Direct Connect

Developer sandbox: Experiments, learning

Development: Development

Pre-production: Staging

Production: Production

Team shared services: Team shared services, data lakeData

center

It can become hard to manage all these accounts

DeveloperDeveloper DeveloperDeveloper DeveloperDeveloperDeveloper DeveloperDeveloper DeveloperDeveloperDeveloper DeveloperDeveloper DeveloperDeveloperDeveloper DeveloperDeveloper Developer

Team Dev Team Dev Team Dev Team Dev Team Dev

Team Stg Team Stg Team Stg Team Stg Team Stg

Team Prod Team Prod Team Prod Team Prod Team ProdProduction

Development and UAT

Staging

Development core shared

Staging core shared

Production core shared

Introducing AWS Control Tower:Consistent and simple multi-account management

Automated AWS setup

Launch an automated landing zone with best-

practices blueprints

Policy enforcement

Pre-packaged guardrails to enforce policies or

detect violations

Dashboard for oversight

Continuous visibility into workload compliance

with controls

Key features and benefits

Account setup

Automated, secure, and scalable landing zone

Multi-account management using Organizations

Central logging and multi-account configuration consistency

Built-in best practices

Multi-account preventive and detective guardrails

Easy-to-use dashboard and notifications

Curated rules in plain EnglishAccount provisioning wizard

Guardrails

Landing zone

Guardrail goals and categories – examples

Goal/Category Example

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

How you can run AD on AWS?

AD Connector Managed AD AD on Amazon EC2Connect Windows on Amazon

EC2 and AWS apps to on-premises AD

Managed AD designed to work with Amazon RDS and more

Deploy self-managed AD on AWS

AWS architecture using AD Connector

Windows App on EC2

AD Connector

On-prem AD

On-prem Windows Apps

Azure ADConnect

Sync

Azure AD

OOffice 365

Azure

AWS On-premAWS

AWS architecture using managed ADAWS

Windows App on EC2

AWS Managed AD

FSx for Windows FS

Hybrid AD architecture using Managed AD

Windows App on EC2

AWS RDS for SQL Server

AWS Managed AD

AD 1-way trust

Sync

On-prem Windows Apps

On-prem AD

Azure ADConnect

Azure AD

OOffice 365

Amazon Web Services On-premAzure

AWS

Auth/LDAP

Auth/LDAP

DBRDS forSQL Server

Availability Zone

Private Subnet

10.0.2.0/24

APPWEB

AppServer

IISServer

Availability Zone

Private Subnet

10.0.3.0/24

APPWEB

AppServer

IISServer

Remote Users/Admins

Domain Controllers

Corporate data center

Reference Architecture: AWS Managed Microsoft AD

DBRDS

SQL Server

AWS Managed Services

AWS Managed ServicesDomain

Controller

DC

Domain Controller

Trust

Application

Auth/LDAP

VPN

Direct Connect

AD

Managed AD

Managed AD

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Amazon RDS for SQL Server SQL Server on Amazon EC2

Customer managedAWS managed

Power, HVAC, net

OS Install/Maintenance

OS Patching

DBMS Install/Maintenance

DBMS Patching

Database Backups

High Availability

Scaling

Power, HVAC, net

OS Install/Maintenance

OS Patching

DBMS Install/Maintenance

DBMS Patching

Database Backups

High Availability

Scaling

• Consider Amazon RDS first

• Focus on business value tasks

• High-level tuning asks• Schema optimization• No in-house database

expertise

• Need full control overdatabase instance

• Backups• Replication• Clustering• Options that are not

available in Amazon RDS

Options for deploying SQL server on AWS

Amazon RDS multi-AZ• Synchronous volume replication within AZ and synchronous data replication across AZs

• Recovery time typically ~ 1 minute

• Uses Always On for 2016 Enterprise Edition and DB Mirroring for other versions/editions

• Failover triggered by SQL server

Availability Zone 1

SQL primary

Volume Volume

MS SQL Primary DB Instance

VolumeVolumeReplica

Availability Zone 2

Volume Volume

MS SQL Secondary DB Instance

VolumeVolumeReplica

Amazon RDS multi-AZ

SQL Server Failover

Address Apply Debt

Promote to Primary

Change DNS Endpoint

Provision New Secondary

Automatic Failover Process

Primary DB Instance Secondary DB instance

Amazon RDS Endpoint

Primary DB InstanceSecondary DB Instance

SQL Server on

Database “modernize” choices for Windows workloads

Consistent user experience

No change to apps

Reduce costs ofWindows license and support

Integration with cloud native services

Significant reduction in Total Cost of Ownership (TCO)

DBA experience changes for better

AuroraLinux

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

How can AWS help?Different services, tools, and features

AWS Toolkit forVisual Studio

AWS SDKfor .NET

AWS Tools for Microsoft Visual Studio Team Services

AWS Tools for PowerShell

AWS Toolkit for Visual StudioFull integration in Visual Studio

AWS Toolkit for Visual

Studio

AWS SDK for .NET

Hosting options for .NET applications

Rethinking compute and storageCommon modernization and optimization pathways

Modernizing Windows workloads

increases cloud maturity, lowers

costs, and enables new innovation

capacity

Application

SQL Server on Linux

Aurora

.NET core on Linux

Linux Containers

Lambda (serverless)

DatabaseModernization

pathwaysSQL Server on Windows(on-premises, Azure, AWS)

.NET Framework (application)

Current state Future stateModernization

What’s so great about serverless?Modernizing with serverless

No infrastructureprovisioning

Automaticscaling

Never pay for idle

Highly availableand fault tolerant

Let’s take Lambda as an example

Scenario: 16,000 request/day @ 200ms avg. = 3,200,000ms/day

What’s about the price?

Use the AWS developer tools for continuous integration and continuous delivery (CI/CD)

CodeBuild + third-party

CodeCommit CodeBuild CodeDeploy X-Ray

Source Build Test Deploy Monitor

CodePipeline

Or integrate VSTS with the AWS developer tools for continuous integration and continuous delivery (CI/CD)

CodeDeploy X-Ray

Source Build Test Deploy Monitor

CodePipeline

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS data migration options

Database and machine migration and recovery

Streaming data

Offline transfer

Hybrid/edgegateways

AWS Storage Gateway family

APN Partner Products

AWS DataSync AWS Transfer for SFTP

Online file and object transfers

Bulk data, files, objects, HDFS,

databases

AWS Snowball Edge

AWS Snowmobile

File, block volume, snapshot, and tape backup storage for on-premises apps

AWS DMS CloudEndure an AWS Company

Amazon Kinesis family: Kinesis Data Firehose, Kinesis Data Steams,

Kinesis Video Streams

Amazon S3 Transfer Acceleration

Rapid transfers File exchanges Long-distance uploads and downloads

Example of a typical three tier migration

IIS (front-end)

IIS (back-end)

SQL server

IIS (front-end)

IIS (back-end)

SQL server

AWS SMS

AWS DMS

VMware Cloud on AWS

Do you use VMware?

Thank you!

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.