Download presentation
Presentation is loading. Please wait.
1
Architecting Enterprise Workloads on AWS Mike Pfeiffer
2
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Let’s Get Started Why run Windows Server on AWS? Microsoft licensing on AWS Designing a Virtual Network architecture Running Directory Services on AWS Setting up remote administrative access over the internet Designing a highly available SQL Server environment Load Balancing SharePoint front-end servers Task automation with EC2 run command Seamless recovery from failures #ITDevConnections
3
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Why Run Windows Servers on AWS? Security Scalability Performance Proven platform for running Windows Server at scale in the cloud – https://aws.amazon.com/solutions/case-studies #ITDevConnections
4
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Microsoft Licensing on AWS #ITDevConnections Buy Licenses from AWS Bring Licenses to AWS AWS Manages License Compliance Supports current and legacy software versions CALs not required Bring existing licenses to Dedicated Hosts Bring existing licenses with License Mobility
5
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Designing a Virtual Network Architecture Amazon Virtual Private Cloud (VPC) Logically isolated network in the cloud Network can span multiple data centers (availability zones) Provides hybrid connectivity via VPN tunnel or AWS Direct Connect #ITDevConnections
6
ARCHITECTING ENTERPRISE WORKLOADS ON AWS VPC Architecture Overview #ITDevConnections
7
ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections
8
ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections
9
ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections
10
ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections
11
DEMO: BUILDING AN AMAZON VPC
12
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Running Directory Services on AWS Fully managed directory instance (patch management and automated backups) One click provisioning Seamless domain join for member servers Single Sign-On allows users to access AWS resources with AD credentials #ITDevConnections
13
ARCHITECTING ENTERPRISE WORKLOADS ON AWS AWS Directory Service #ITDevConnections
14
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Running Directory Services on AWS Manage your own Active Directory on EC2 – Deploy EC2 instances running ADDS in at least two availability zones – Configure static private IP addresses and configure DNS – Deploy Writable Domain Controllers whenever possible – Consider implications of Read-Only Domain Controllers (not always compatible with enterprise workloads) #ITDevConnections
15
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Enable network connectivity via VPN or AWS Direct Connect Configure Security Groups to allow traffic to and from DCs on-prem Use cross forest trusts with Managed AD environments on AWS You can stretch an on-prem AD forest to AWS by managing your own DCs on EC2 #ITDevConnections Running ADDS in a Hybrid Deployment
16
DEMO: LAUNCH A MANAGED ADDS ENVIRONMENT ON AWS
17
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Seamless Domain Join Deploy Managed AD or AD Connector Create IAM instance role for EC2 instances Launch instance with role and directory assignment Instance will launch and automatically join the domain #ITDevConnections
18
DEMO: SEAMLESS DOMAIN JOIN
19
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Secure Remote Administration Deploy bastion hosts (aka jump boxes) into public subnets Control network traffic via security groups Remote Desktop Gateway, PowerShell Web Access and PowerShell Remoting are commonly used solutions #ITDevConnections
20
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Secure Remote Administration Architecture #ITDevConnections Availability Zone Gateway Security Group Web Security Group Private SubnetPublic Subnet Accept TCP Port 443 from Admin IP Accept TCP Port 3389 from Gateway SG AWS Administrator Corporate Data Center WEB2 TCP 443 TCP 3389 WEB1 RDGW TCP 3389
21
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Running SQL Server on AWS SQL Server available as a managed service through Amazon Relational Database Service (RDS) RDS provides Multi-AZ high availability out of the box You can deploy instances with SQL Server and configure high availability manually #ITDevConnections
22
ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections Availability Zone A NAT DB Master Availability Zone B NAT DB Slave sql.example.com 192.168.10.100 192.168.11.100 192.168.10.100 RDS SQL Server Architecture
23
ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections Availability Zone A NAT DB Failed Availability Zone B NAT DB Master sql.example.com 192.168.10.100 192.168.11.100 RDS SQL Server Architecture
24
DEMO: DEPLOYING A MULTI-AZ RDS DATABASE INSTANCE
25
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Building Your Own SQL Servers on EC2 Launch SQL Enterprise AMI (at least one per AZ) Configure Storage Setup Windows Server Failover Clustering Implement Always On Availability Groups Consider using a 3 rd AZ for cluster quorum #ITDevConnections
26
ARCHITECTING ENTERPRISE WORKLOADS ON AWS SQL Always On Architecture Overview #ITDevConnections
27
ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica Synchronous-commit Primary: 10.0.2.100 WSFC: 10.0.2.101 AG Listener: 10.0.2.102 Primary: 10.0.3.100 WSFC: 10.0.3.101 AG Listener: 10.0.3.102 AG Listener: sql.example.com Automatic Failover
28
ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections Availability Zone 1 Private Subnet Primary Replica Availability Zone 2 Private Subnet Secondary Replica Synchronous-commit Automatic Failover Witness Server
29
ARCHITECTING ENTERPRISE WORKLOADS ON AWS #ITDevConnections Availability Zone 1 Primary Replica Availability Zone 2 Secondary Replica Automatic Failover Witness Server Availability Zone 3
30
ARCHITECTING ENTERPRISE WORKLOADS ON AWS SharePoint High Availability Web tier made highly available through load balancing Application tier load balancing native to SharePoint Database tier high availability can be achieved with SQL RDS Multi-AZ or SQL Always On #ITDevConnections
31
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Elastic Load Balancing Managed load balancing service Spans data centers (availability zones) for seamless failover Uses health checks to determine if service can accept connections Integrated with Amazon Certificate Manager – can be used for SSL offloading with free public certificates #ITDevConnections
32
DEMO: DEPLOYING AN ELASTIC LOAD BALANCER
33
ARCHITECTING ENTERPRISE WORKLOADS ON AWS Task Automation with EC2 Run Command Automate common tasks Centralized execution and reporting Requires client side agent Works with EC2 instances and on-prem servers #ITDevConnections
34
DEMO: EC2 RUN COMMAND
35
ARCHITECTING ENTERPRISE WORKLOADS ON AWS What We Covered Why run Windows Server on AWS? Microsoft licensing on AWS Designing a Virtual Network architecture Running Directory Services on AWS Setting up remote administrative access over the internet Designing a highly available SQL Server environment Load Balancing SharePoint front-end servers Task automation with EC2 run command Seamless recovery from failures #ITDevConnections
36
Rate This Session Now! Rate with Mobile App: Select the session from the Agenda or Speakers menus Select the Actions tab Click Rate Session Rate with Website: Register at www.devconnections.com/logintoratesession Go to www.devconnections.com/ratesession Select this session from the list and rate it Tell Us What You Thought of This Session Be Entered to WIN Prizes! #ITDevConnections
Similar presentations
