© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Steve Roberts and Norm Johanson

October 2015

DEV202

Under the Desk to the AWS Cloud

with Windows PowerShell

What to expect from this session

• How to move a physical server into the cloud:

• Launch the virtualized server in a private network.

• Connect the private network back to on premise

network/domain.

• Set up monitoring of the virtualized server.

Focus on repeatable, scriptable automation -

no button-clicking!

Why automate?

• Consistency

• Easy to revise and extend

• Versioning

• Scalable

Session tools and technologies

AWS Tools for Windows PowerShell

Using Amazon S3 and Amazon EC2 to import our server

Creating and configuring a private network with Virtual Private Cloud

Launching and configuring our server in Amazon EC2

Meet Norm.A.Developer

Norm’s Options

• Attempt to fix the broken hardware, in place.

• Purchase and provision replacement hardware.

• Or capture the machine in a virtual image and host in the

cloud.

Session code

• Created a script module wrapping the required steps.

• GitHub link: https://github.com/awslabs/aws-sdk-net-samples

• Invite you to follow along!

• Includes single command that can coordinate whole

process.

• This session will use the individual commands.

• Take the code, modify it to your needs.

Process steps

Tool setup Import &

convert

Create

network

Launch

server

Post-launch

configuration

Let’s get started…

Tool setup Import &

convert

Create

network

Launch

server

Post-launch

configuration

AWS Tools for Windows PowerShell

Installation options

• Windows installer includes AWS SDK for .NET and AWS Toolkit for

Visual Studio

http://aws.amazon.com/powershell/

• PowerShell Gallery (WMF 5 preview+ & Windows 10)

https://www.powershellgallery.com/packages/AWSPowerShell/

Pre-installed on public Amazon EC2 Windows images

PowerShell Gallery

Demo: Getting started with AWS Tools for PowerShell

Where are we?

Tool setup Import &

convert

Create

network

Launch

server

Post-launch

configuration

Virtualizing the hardware

Some tools:

• SysInternals Disk2Vhd

• P2V migration tools (part of SCVMM)• http://blogs.technet.com/b/chrad/archive/2011/09/09/vhdcapture-amp-vhdprep-using-these-tools-to-p2v-

your-physical-server-to-usb-network-share.aspx

EC2 Import prerequisites• http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/VMImportPrerequisites.html

Importing the virtual machine

(1) virtualize

(2) upload

(4) request conversion

(5) EC2 downloads VHD

using temporary role credentials

(6) VHD conversion -> new private image

Amazon EC2

Private Public Market

place

Amazon S3

Bucket

Disk

image

Machine Images (AMIs)

(3) Setup role and

permissions

Demo: Import and convert

What we learned: Importing virtual machines

• How to upload VM image to Amazon S3

• Configuring role access for EC2

- could be a one-time operation

• How to start import conversion

- wait for conversion to be complete

Where are we?

Tool setup Import &

convert

Create

network

Launch

server

Post-launch

configuration

Virtual Private Cloud (VPC)

Our new server needs to be in a private network

VPC allows us to:

• Set up a private network in the cloud

• Configure inbound & outbound access

• Bridge securely with onsite network, extending it to the cloud

Whitepapers:https://d36cz9buwru1tt.cloudfront.net/Extend_your_IT_infrastructure_with_Amazon_VPC.pdf

http://media.amazonwebservices.com/AWS_Amazon_VPC_Connectivity_Options.pdf

An example VPC setup

10.0.0.0/16

Region

Availability Zone A

Availability Zone B

Subnet 1: 10.0.0.0/24

Subnet 2: 10.0.1.0/24

10.0.0.1

10.0.0.2

10.0.0.3

10.0.1.1

10.0.1.2

10.0.1.3

corporate data center

No access to/from wider internet

– all non-local traffic is routed to private

gateway and onto corporate network

Applicable to our demo scenario except

we don’t have a real domain today!

Router VPN ConnectionVirtual Private

GatewayCustomer

Gateway

Demo network setup

us-west-2 us-west-2

VPC: 10.0.0.0/16 VPC: 172.0.0.0/16

Subnet 1:

10.0.0.0/24 Subnet 1:

172.0.0.0/24

Subnet 2:

10.0.1.0/24

RouterRouter VPC

Peering

Imported

Server

Simulated on-premises network

Simple AD

(AWS Directory

Service) Subnet 2 etc…

New network

Demo: Create and configure VPC

What we learned: Creating VPCs

• How to construct and configure a basic VPC

• Demo: connecting two VPCs using VPC peering

• Real-world: use virtual private gateway linked to

customer gateway

Where are we?

Tool setup Import &

convert

Create

networkLaunch

server

Post-launch

configuration

Demo: Launch server image in VPC

What we learned: Launching images

• Creating and configuring access via security group

• Launching images into VPC using subnet association

• How to run PowerShell script on the instance at launch

Where are we?

Tool setup Import &

convert

Create

network

Launch

server

Post-launch

configuration

Post-launch server configuration

With the virtualized server running, some final steps:

1. We want to connect the server back to the corporate

domain.

2. We want to enable monitoring of logs and metrics.

Post-launch configuration with Amazon EC2 Simple

Systems Manager

Thin automation bootstrap layer

• Auto-domain join when launching Windows instances

• Supports joining in AWS Directory Service through Simple AD and AD

Connector

• Installation of PowerShell modules

• Installation of MSI packages

• Configure CloudWatch metrics and logs

Complementary to PowerShell DSC/Chef, etc.

• Use SSM to bootstrap

• Optionally, hand over to other tools for more in-depth

configuration

Configuration steps for Norm

1. Create configuration document in JSON format.

2. Apply document to launched instances.

• Instances must be launched with IAM role.

3. Check status.

4. (Optional) Automatically reapply to prevent

configuration drift.

• Use Windows Task Scheduler and EC2Config-cli.

Demo: Post-launch server configuration

What we learned: Configuring instances

• SSM enables simple bootstrap configuration

• Simple configuration document to apply to instances

-Document can be constructed at runtime or version-controlled

• How to use SSM to:

• Join to a domain

• Set up CloudWatch monitoring

Process completed

Tool setup Import &

convert

Create

network

Launch

server

Post-launch

configuration

Where does Norm go from here?

Continue running with server in the cloud

• Decommission physical hardware

• Assuming app compatibility, we can scale out, if needed

Launch additional instance(s) for investigation

• Use these to tease-apart the installed applications

Improve availability by running in multiple AZs

What we’ve learned

How to use the AWS Tools for Windows PowerShell to:

• Easily virtualize and import a server into the cloud

• Construct a virtual private network and allow access to/from

the corporate on-premises network

• Configure running instances in a repeatable, consistent, and

scalable manner

All using automation – no button clicks!

Links

• GitHub for script module

https://github.com/awslabs/aws-sdk-net-samples

• AWS .NET blog

https://blogs.aws.amazon.com/net/

• Managing Windows Instance Configurationhttp://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-

configuration-manage.html

Thank you!

Remember to complete

your evaluations!