Transcript
Page 1: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 2: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 3: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

• Install critical workloads in at least two Availability Zones to provide

high availability

Page 4: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 5: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone

Private SubnetPublic Subnet

NAT

10.0.0.0/24 10.0.2.0/24

DCDBAPPWEB

Domain

Controller

SQL

ServerApp

Server

IIS

ServerRDGW

Availability Zone

Private SubnetPublic Subnet

NAT

10.0.0.0/24 10.0.2.0/24

DCDBAPPWEB

Domain

Controller

SQL

ServerApp

Server

IIS

ServerRDGW

Remote

Users / Admins

Page 6: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone

Web Security Group SQL Security Group

Private SubnetPublic Subnet

Accept TCP Port 80

from Internet

Accept TCP Port

1433 from Web SG

User

WEB SQLTCP 80 TCP 1433

10.0.0.0/24 10.0.1.0/24

Page 7: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Deploying a bastion host in each Availability Zone can provide highly

available and secure remote access over the Internet

Page 8: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone

Gateway Security Group Web Security Group

Private SubnetPublic Subnet

Accept TCP Port

443 from Admin IP

Accept TCP Port 3389

from Gateway SG

AWS Administrator

Corporate Data Center

WEB2

TCP 443

Requires one connection:

• Connect to the RD Gateway, and the gateway proxies the

RDP connection to the back-end instance.

WEB1RDGW

Page 9: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 10: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 11: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

• You get DHCP in Amazon VPC (no

need to deploy your own DHCP

servers)

Connectivity with On-Prem Data Center via VPN or Direct Connect

Page 12: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 13: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 14: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 15: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 16: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone 1 / AD Site 1

Private SubnetPublic Subnet

10.0.0.0/24 10.0.2.0/24

DC1

Domain

ControllerExchange 2013

CAS+MBX

Availability Zone 2 / AD Site 2

Private SubnetPublic Subnet

10.0.1.0/24 10.0.3.0/24

DC2EXCH2

Domain

ControllerExchange 2013

CAS+MBX

Remote

Mail Server

EDGE1

Exchange 2013

Edge

EDGE2

Exchange 2013

Edge

EXCH1

Exchange Server 2013 running on AWS

Page 17: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

• Connectivity via VPN or Direct Connect

• Security groups must allow traffic to and from DCs on-premises

Page 18: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone

Private Subnet

DC3

Corporate Network

Seattle

DC1

VPN

AD forest spanning AWS and corporate

data center

Tacoma

DC2

Page 19: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone

Private Subnet

DC3

Corporate Network

Seattle

DC1

VPN

AD forest spanning AWS and corporate

data center

Tacoma

DC2

X

DC1 goes down, where do clients in Seattle go for

Directory Services?

Page 20: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone

Private Subnet

DC3

Corporate Network

Seattle / AD Site 1

DC1

VPN

AD forest spanning AWS and corporate

data center

Tacoma / AD Site 2

DC2

AD Site 3

Cost 50

Properly implemented site topology and “Try Next Closest

Site” policy enabled. Clients use least cost path to DC.

Page 21: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 22: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone 1

Private Subnet

Primary

Replica

Availability Zone 2

Private Subnet

Secondary

Replica

Synchronous-commit Synchronous-commit

Primary: 10.0.2.100

WSFC: 10.0.2.101

AG Listener: 10.0.2.102

Primary: 10.0.3.100

WSFC: 10.0.3.101

AG Listener: 10.0.3.102

AG Listener:

ag.awslabs.net

Automatic Failover

Page 23: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone 1

Private Subnet

Primary

Replica

Availability Zone 2

Private Subnet

Secondary

Replica

Synchronous-commit Synchronous-commit

Automatic Failover

Witness

Server

Page 24: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone 1

Primary

Replica

Availability Zone 2

Secondary

Replica

Automatic Failover

Witness

Server

Availability Zone 3

Page 25: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone 1

Private Subnet

Primary

Replica

Availability Zone 2

Private Subnet

Secondary

Replica 1

Synchronous-commit Synchronous-commit

AG Listener:

ag.awslabs.net

Automatic Failover

Asynchronous-commit

Secondary

Replica 2

(Readable)

Reporting

Application

Page 26: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Availability Zone 1

Private Subnet

Primary

Replica

Availability Zone 2

Secondary

Replica 1

Private Subnet

AG Listener:

ag.awslabs.net

Corporate Network

VPN

Automatic Failover

Secondary

Replica 2

(Readable)

Reporting

Application

Backups

Manual Failover

Page 27: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014
Page 28: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

• Database-tier high availability can be

achieved with SQL AlwaysOn

• Install SharePoint using SQL Client Alias

• Update alias after making DBs highly

available, and point to an Availability

Group Listener fully qualified domain

name (FQDN)

Page 29: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Private Subnet

Private Subnet

10.0.2.0/24

Availability Zone

Availability Zone

Public Subnet

NAT

10.0.0.0/24

DCDB

PrimaryAPPWEB

Domain

ControllerApp

Server

Web

Front-EndRDGW

Public Subnet

NAT

10.0.0.0/24 10.0.2.0/24

DCDB

SecondaryAPPWEB

Domain

ControllerApp

Server

Web

Front-EndRDGW

Users

Availability

Group

SQL

Server

SQL

Server

Page 30: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Log Types:

• Event Logs

• IIS Logs

• Any Event Tracing for

Windows(ETW) Logs

• Any Performance Counter data

• Any text-based log files

Enables customers to easily monitor instance activity in

real time and create alarms on these events

To learn more: http://amzn.to/1qVKKkI

Page 31: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

aws.amazon.com/quickstart

Page 32: (ARC204) Architecting Microsoft Workloads on AWS | AWS re:Invent 2014

Please give us your feedback on this session.

Complete session evaluations and earn re:Invent swag.

http://bit.ly/awsevals


Top Related