(arc204) architecting microsoft workloads on aws | aws re:invent 2014
Post on 02-Jul-2015
1.579 Views
Preview:
DESCRIPTION
TRANSCRIPT
• Install critical workloads in at least two Availability Zones to provide
high availability
Availability Zone
Private SubnetPublic Subnet
NAT
10.0.0.0/24 10.0.2.0/24
DCDBAPPWEB
Domain
Controller
SQL
ServerApp
Server
IIS
ServerRDGW
Availability Zone
Private SubnetPublic Subnet
NAT
10.0.0.0/24 10.0.2.0/24
DCDBAPPWEB
Domain
Controller
SQL
ServerApp
Server
IIS
ServerRDGW
Remote
Users / Admins
Availability Zone
Web Security Group SQL Security Group
Private SubnetPublic Subnet
Accept TCP Port 80
from Internet
Accept TCP Port
1433 from Web SG
User
WEB SQLTCP 80 TCP 1433
10.0.0.0/24 10.0.1.0/24
Deploying a bastion host in each Availability Zone can provide highly
available and secure remote access over the Internet
Availability Zone
Gateway Security Group Web Security Group
Private SubnetPublic Subnet
Accept TCP Port
443 from Admin IP
Accept TCP Port 3389
from Gateway SG
AWS Administrator
Corporate Data Center
WEB2
TCP 443
Requires one connection:
• Connect to the RD Gateway, and the gateway proxies the
RDP connection to the back-end instance.
WEB1RDGW
• You get DHCP in Amazon VPC (no
need to deploy your own DHCP
servers)
Connectivity with On-Prem Data Center via VPN or Direct Connect
Availability Zone 1 / AD Site 1
Private SubnetPublic Subnet
10.0.0.0/24 10.0.2.0/24
DC1
Domain
ControllerExchange 2013
CAS+MBX
Availability Zone 2 / AD Site 2
Private SubnetPublic Subnet
10.0.1.0/24 10.0.3.0/24
DC2EXCH2
Domain
ControllerExchange 2013
CAS+MBX
Remote
Mail Server
EDGE1
Exchange 2013
Edge
EDGE2
Exchange 2013
Edge
EXCH1
Exchange Server 2013 running on AWS
• Connectivity via VPN or Direct Connect
• Security groups must allow traffic to and from DCs on-premises
Availability Zone
Private Subnet
DC3
Corporate Network
Seattle
DC1
VPN
AD forest spanning AWS and corporate
data center
Tacoma
DC2
Availability Zone
Private Subnet
DC3
Corporate Network
Seattle
DC1
VPN
AD forest spanning AWS and corporate
data center
Tacoma
DC2
X
DC1 goes down, where do clients in Seattle go for
Directory Services?
Availability Zone
Private Subnet
DC3
Corporate Network
Seattle / AD Site 1
DC1
VPN
AD forest spanning AWS and corporate
data center
Tacoma / AD Site 2
DC2
AD Site 3
Cost 50
Properly implemented site topology and “Try Next Closest
Site” policy enabled. Clients use least cost path to DC.
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica
Synchronous-commit Synchronous-commit
Primary: 10.0.2.100
WSFC: 10.0.2.101
AG Listener: 10.0.2.102
Primary: 10.0.3.100
WSFC: 10.0.3.101
AG Listener: 10.0.3.102
AG Listener:
ag.awslabs.net
Automatic Failover
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica
Synchronous-commit Synchronous-commit
Automatic Failover
Witness
Server
Availability Zone 1
Primary
Replica
Availability Zone 2
Secondary
Replica
Automatic Failover
Witness
Server
Availability Zone 3
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Private Subnet
Secondary
Replica 1
Synchronous-commit Synchronous-commit
AG Listener:
ag.awslabs.net
Automatic Failover
Asynchronous-commit
Secondary
Replica 2
(Readable)
Reporting
Application
Availability Zone 1
Private Subnet
Primary
Replica
Availability Zone 2
Secondary
Replica 1
Private Subnet
AG Listener:
ag.awslabs.net
Corporate Network
VPN
Automatic Failover
Secondary
Replica 2
(Readable)
Reporting
Application
Backups
Manual Failover
• Database-tier high availability can be
achieved with SQL AlwaysOn
• Install SharePoint using SQL Client Alias
• Update alias after making DBs highly
available, and point to an Availability
Group Listener fully qualified domain
name (FQDN)
Private Subnet
Private Subnet
10.0.2.0/24
Availability Zone
Availability Zone
Public Subnet
NAT
10.0.0.0/24
DCDB
PrimaryAPPWEB
Domain
ControllerApp
Server
Web
Front-EndRDGW
Public Subnet
NAT
10.0.0.0/24 10.0.2.0/24
DCDB
SecondaryAPPWEB
Domain
ControllerApp
Server
Web
Front-EndRDGW
Users
Availability
Group
SQL
Server
SQL
Server
Log Types:
• Event Logs
• IIS Logs
• Any Event Tracing for
Windows(ETW) Logs
• Any Performance Counter data
• Any text-based log files
Enables customers to easily monitor instance activity in
real time and create alarms on these events
To learn more: http://amzn.to/1qVKKkI
aws.amazon.com/quickstart
Please give us your feedback on this session.
Complete session evaluations and earn re:Invent swag.
http://bit.ly/awsevals
top related