(ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Download (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Post on 02-Jul-2015

1.566 views

Category:

Technology

0 download

Embed Size (px)

DESCRIPTION

Are you interested in implementing key Microsoft workloads such as Windows Server, Active Directory, SQL Server, or SharePoint Server on AWS? Have you wondered how to securely manage your Microsoft-based workloads on AWS? In this session, we step you through the architectural considerations, implementation steps, and best practices for deploying and administering these key Microsoft workloads on the AWS cloud. Find out how to deploy these workloads on your own, or by using automated solutions such as AWS Quick Start. Hear how existing AWS customers have successfully implemented Microsoft workloads on AWS and walk away with a better idea of how to implement or migrate your Microsoft-based workloads to AWS.

TRANSCRIPT

<ul><li> 1. Install critical workloads in at least two Availability Zones to provide high availability </li></ul> <p> 2. Availability ZonePublic Subnet Private SubnetNAT10.0.0.0/24 10.0.2.0/24WEB APP DB DCDomainControllerSQLServerAppServerIISServerRDGWAvailability ZonePublic Subnet Private SubnetNAT10.0.0.0/24 10.0.2.0/24WEB APP DB DCDomainControllerSQLServerAppServerIISServerRDGWRemoteUsers / Admins 3. Availability ZoneWeb Security Group SQL Security GroupPublic Subnet Private SubnetAccept TCP Port 80from InternetAccept TCP Port1433 from Web SGUserWEB SQLTCP 80 TCP 143310.0.0.0/24 10.0.1.0/24 4. Deploying a bastion host in each Availability Zone can provide highly available and secure remote access over the Internet 5. Availability ZoneGateway Security Group Web Security GroupPublic Subnet Private SubnetAccept TCP Port443 from Admin IPAccept TCP Port 3389from Gateway SGAWS AdministratorCorporate Data CenterWEB2TCP 443Requires one connection: Connect to the RD Gateway, and the gateway proxies theRDP connection to the back-end instance.WEB1RDGW 6. You get DHCP in Amazon VPC (no need to deploy your own DHCP servers)Connectivity with On-PremData Center via VPN or Direct Connect 7. Availability Zone 1 / AD Site 1Public Subnet Private Subnet10.0.0.0/24 10.0.2.0/24DC1DomainControllerExchange 2013CAS+MBXAvailability Zone 2 / AD Site 2Public Subnet Private Subnet10.0.1.0/24 10.0.3.0/24EXCH2 DC2DomainControllerExchange 2013CAS+MBXRemoteMail ServerEDGE1Exchange 2013EdgeEDGE2Exchange 2013EdgeEXCH1Exchange Server 2013 running on AWS 8. Connectivity via VPN or Direct ConnectSecurity groups must allow traffic to and from DCs on-premises 9. Availability ZonePrivate SubnetDC3Corporate NetworkSeattleDC1VPNAD forest spanning AWS and corporatedata centerTacomaDC2 10. Availability ZonePrivate SubnetDC3Corporate NetworkSeattleDC1VPNAD forest spanning AWS and corporatedata centerTacomaDC2XDC1 goes down, where do clients in Seattle go forDirectory Services? 11. Availability ZonePrivate SubnetDC3Corporate NetworkSeattle / AD Site 1DC1VPNAD forest spanning AWS and corporatedata centerTacoma / AD Site 2DC2AD Site 3Cost 50Properly implemented site topology and Try Next ClosestSite policy enabled. Clients use least cost path to DC. 12. Availability Zone 1Private SubnetPrimaryReplicaAvailability Zone 2Private SubnetSecondaryReplicaSynchronous-commit Synchronous-commitPrimary: 10.0.2.100WSFC: 10.0.2.101AG Listener: 10.0.2.102Primary: 10.0.3.100WSFC: 10.0.3.101AG Listener: 10.0.3.102AG Listener:ag.awslabs.netAutomatic Failover 13. Availability Zone 1Private SubnetPrimaryReplicaAvailability Zone 2Private SubnetSecondaryReplicaSynchronous-commit Synchronous-commitAutomatic FailoverWitnessServer 14. Availability Zone 1PrimaryReplicaAvailability Zone 2SecondaryReplicaAutomatic FailoverWitnessServerAvailability Zone 3 15. Availability Zone 1Private SubnetPrimaryReplicaAvailability Zone 2Private SubnetSecondaryReplica 1Synchronous-commit Synchronous-commitAG Listener:ag.awslabs.netAutomatic FailoverAsynchronous-commitSecondaryReplica 2(Readable)ReportingApplication 16. Availability Zone 1Private SubnetPrimaryReplicaAvailability Zone 2SecondaryReplica 1Private SubnetAG Listener:ag.awslabs.netCorporate NetworkVPNAutomatic FailoverSecondaryReplica 2(Readable)ReportingApplicationBackupsManual Failover 17. Database-tier high availability can be achieved with SQL AlwaysOnInstall SharePoint using SQL Client AliasUpdate alias after making DBs highly available, and point to an Availability Group Listener fully qualified domain name (FQDN) 18. Private SubnetPrivate Subnet10.0.2.0/24Availability ZoneAvailability ZonePublic SubnetNAT10.0.0.0/24DCDBPrimary WEB APPDomainControllerAppServerWebFront-EndRDGWPublic SubnetNAT10.0.0.0/24 10.0.2.0/24DCDBSecondary WEB APPDomainControllerAppServerWebFront-EndRDGWUsersAvailabilityGroupSQLServerSQLServer 19. Log Types:Event LogsIIS LogsAny Event Tracing for Windows(ETW) LogsAny Performance Counter dataAny text-based log filesEnables customers to easily monitor instance activity in real time and create alarms on these eventsTo learn more: http://amzn.to/1qVKKkI 20. aws.amazon.com/quickstart 21. Please give us your feedback on this session.Complete session evaluations and earn re:Invent swag.http://bit.ly/awsevals </p>