(dev202) under the desk to the aws cloud with windows powershell
TRANSCRIPT
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Steve Roberts and Norm Johanson
October 2015
DEV202
Under the Desk to the AWS Cloud
with Windows PowerShell
What to expect from this session
• How to move a physical server into the cloud:
• Launch the virtualized server in a private network.
• Connect the private network back to on premise
network/domain.
• Set up monitoring of the virtualized server.
Focus on repeatable, scriptable automation -
no button-clicking!
Session tools and technologies
AWS Tools for Windows PowerShell
Using Amazon S3 and Amazon EC2 to import our server
Creating and configuring a private network with Virtual Private Cloud
Launching and configuring our server in Amazon EC2
Norm’s Options
• Attempt to fix the broken hardware, in place.
• Purchase and provision replacement hardware.
• Or capture the machine in a virtual image and host in the
cloud.
Session code
• Created a script module wrapping the required steps.
• GitHub link: https://github.com/awslabs/aws-sdk-net-samples
• Invite you to follow along!
• Includes single command that can coordinate whole
process.
• This session will use the individual commands.
• Take the code, modify it to your needs.
Let’s get started…
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration
AWS Tools for Windows PowerShell
Installation options
• Windows installer includes AWS SDK for .NET and AWS Toolkit for
Visual Studio
http://aws.amazon.com/powershell/
• PowerShell Gallery (WMF 5 preview+ & Windows 10)
https://www.powershellgallery.com/packages/AWSPowerShell/
Pre-installed on public Amazon EC2 Windows images
Virtualizing the hardware
Some tools:
• SysInternals Disk2Vhd
• P2V migration tools (part of SCVMM)• http://blogs.technet.com/b/chrad/archive/2011/09/09/vhdcapture-amp-vhdprep-using-these-tools-to-p2v-
your-physical-server-to-usb-network-share.aspx
EC2 Import prerequisites• http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/VMImportPrerequisites.html
Importing the virtual machine
(1) virtualize
(2) upload
(4) request conversion
(5) EC2 downloads VHD
using temporary role credentials
(6) VHD conversion -> new private image
Amazon EC2
Private Public Market
place
Amazon S3
Bucket
Disk
image
Machine Images (AMIs)
(3) Setup role and
permissions
What we learned: Importing virtual machines
• How to upload VM image to Amazon S3
• Configuring role access for EC2
- could be a one-time operation
• How to start import conversion
- wait for conversion to be complete
Virtual Private Cloud (VPC)
Our new server needs to be in a private network
VPC allows us to:
• Set up a private network in the cloud
• Configure inbound & outbound access
• Bridge securely with onsite network, extending it to the cloud
Whitepapers:https://d36cz9buwru1tt.cloudfront.net/Extend_your_IT_infrastructure_with_Amazon_VPC.pdf
http://media.amazonwebservices.com/AWS_Amazon_VPC_Connectivity_Options.pdf
An example VPC setup
10.0.0.0/16
Region
Availability Zone A
Availability Zone B
Subnet 1: 10.0.0.0/24
Subnet 2: 10.0.1.0/24
10.0.0.1
10.0.0.2
10.0.0.3
10.0.1.1
10.0.1.2
10.0.1.3
corporate data center
No access to/from wider internet
– all non-local traffic is routed to private
gateway and onto corporate network
Applicable to our demo scenario except
we don’t have a real domain today!
Router VPN ConnectionVirtual Private
GatewayCustomer
Gateway
Demo network setup
us-west-2 us-west-2
VPC: 10.0.0.0/16 VPC: 172.0.0.0/16
Subnet 1:
10.0.0.0/24 Subnet 1:
172.0.0.0/24
Subnet 2:
10.0.1.0/24
RouterRouter VPC
Peering
Imported
Server
Simulated on-premises network
Simple AD
(AWS Directory
Service) Subnet 2 etc…
New network
What we learned: Creating VPCs
• How to construct and configure a basic VPC
• Demo: connecting two VPCs using VPC peering
• Real-world: use virtual private gateway linked to
customer gateway
What we learned: Launching images
• Creating and configuring access via security group
• Launching images into VPC using subnet association
• How to run PowerShell script on the instance at launch
Post-launch server configuration
With the virtualized server running, some final steps:
1. We want to connect the server back to the corporate
domain.
2. We want to enable monitoring of logs and metrics.
Post-launch configuration with Amazon EC2 Simple
Systems Manager
Thin automation bootstrap layer
• Auto-domain join when launching Windows instances
• Supports joining in AWS Directory Service through Simple AD and AD
Connector
• Installation of PowerShell modules
• Installation of MSI packages
• Configure CloudWatch metrics and logs
Complementary to PowerShell DSC/Chef, etc.
• Use SSM to bootstrap
• Optionally, hand over to other tools for more in-depth
configuration
Configuration steps for Norm
1. Create configuration document in JSON format.
2. Apply document to launched instances.
• Instances must be launched with IAM role.
3. Check status.
4. (Optional) Automatically reapply to prevent
configuration drift.
• Use Windows Task Scheduler and EC2Config-cli.
What we learned: Configuring instances
• SSM enables simple bootstrap configuration
• Simple configuration document to apply to instances
-Document can be constructed at runtime or version-controlled
• How to use SSM to:
• Join to a domain
• Set up CloudWatch monitoring
Process completed
Tool setup Import &
convert
Create
network
Launch
server
Post-launch
configuration
Where does Norm go from here?
Continue running with server in the cloud
• Decommission physical hardware
• Assuming app compatibility, we can scale out, if needed
Launch additional instance(s) for investigation
• Use these to tease-apart the installed applications
Improve availability by running in multiple AZs
What we’ve learned
How to use the AWS Tools for Windows PowerShell to:
• Easily virtualize and import a server into the cloud
• Construct a virtual private network and allow access to/from
the corporate on-premises network
• Configure running instances in a repeatable, consistent, and
scalable manner
All using automation – no button clicks!
Links
• GitHub for script module
https://github.com/awslabs/aws-sdk-net-samples
• AWS .NET blog
https://blogs.aws.amazon.com/net/
• Managing Windows Instance Configurationhttp://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-
configuration-manage.html