getting started with windows workloads on amazon ec2 - toronto

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Shawn Gandhi

Head of Solutions Architecture

AWS Canada

September 2016

Getting Started with Windows

Workloads on AWS

@shawnagram

Who Are We Exactly?

Customer

Account

Manager

Solutions

ArchitectTech

Account

Manager

Pro

Services

Training &

Cert

Partner

Team

Biz Dev

Agenda

Why are customers running Windows on AWS

What Windows workloads run on AWS

Corp apps

Line of business apps

Developers

Where to get started and recent enhancements

Security

Management

Infrastructure

Licensing

Why are customers running

Windows on AWS?

Customer Success Story

Searching for a solution to host its Microsoft SharePoint sites, the company

chose AWS because of cost, efficiency, and to improve operational efficiency. By

running on AWS, Dole can launch a new SharePoint website in minutes and

estimates savings $350,000 in operating expenses.

“When we were looking for a place to put our SharePoint install, we built out a [Amazon] virtual private

cloud, effectively using it as an extension of our datacenter… We can grow any time we want– we don’t

have to go and acquire new hardware.”

– Joanna, Dyer, Director of IT Solutions, Dole Food Company

Customer Success Story

Hess turned to AWS to help consolidate disparate systems, include multiple

legacy versions Windows Server 2003, and 2008 and Microsoft SQL Server

2000, 2005, 2008 that had built up over many years of M&A activity. Hess was

able to complete a full consolidation of 300 Microsoft workloads in under 6

months.

“We didn’t have time to re-design applications. AWS could support our legacy 32-bit applications on

Windows Server 2003, a variety of SQL Server and Oracle databases, and a robust Citrix environment.”

– Jim McDonald, Lead Architect, Hess Corporation

Why run Windows workloads on AWS

*as of July 31, 2014

Building and managing cloud since 2006

12 regions, 33 Availability Zones, 54 edge locations

Thousands of partners; 2,500+ Marketplace products

Security & Reliability

Performance

Experience

Scale

Ecosystem

Extensive VM and network performance options

Security in layers approach and 99.95% application SLA

SecurityA few of our many certifications:

Secured premises

Secured access

Built-in firewalls

Unique users

Multi-factor authentication

Private subnets

Encrypted data storage

Dedicated connection

Reliability

Easily build highly available applications

ELB distributes load (ideal for SharePoint)

Auto Scaling for availability and scalability

Use multiple Availability Zones

G2

GPU

enabled

M4

General

purposeMemory

optimized

R3

Dense-storage

and high-I/O

optimized

C4

Compute

optimized

C3

D2 I2

T2

High Performing

M3

High Performing

High performance instances (X1) and HPC solutions

Automated instance scaling (Auto Scaling)

Dedicated low-latency network (AWS Direct Connect)

Ensure storage performance (EBS Provisioned IOPS)

Deploy faster wherever you like

Reliability & Scale:

Availability Zones

AZ

AZ

AZ AZ AZ

Transit

Transit

What Windows workloads can I

run on AWS?

Developer platform & tools

Corp applications Line of business

applications

End user computing

Information Security

Corporate Applications End User ComputingBusiness Applications

Amazon EC2 Windows,

Amazon RDS,

AWS CloudFormation,

AWS CloudFront

Amazon EC2 Windows,

AWS Directory Service,

Amazon RDS,

AWS Marketplace

Amazon WorkSpaces,

Amazon AppStream, AWS

Marketplace,

AWS Mobile Services, SaaS

AWS Identity and Access Management (IAM),

AWS CloudHSM, AWS Key Management Service,

security groups, AWS Marketplace

Amazon EC2, Amazon S3, Amazon RDS,

Amazon VPC, Amazon Direct Connect,

AWS Directory Service, AWS IAM,

AWS Service Catalog

Infrastructure

AWS Service Offerings for Windows Workloads

AWS Elastic Beanstalk,

AWS CodeDeploy,

AWS CloudFormationDevOps

Corporate Apps in AWS

Deploy highly available applications

BYOL or pay per use

Security in layers approach helps with

compliance

Leverage multi-AZ architectures for

reliability & availability

Ref Architecture: SharePoint on AWS

Custom (Line of Business) Apps in AWS

AWS CloudFormation templates

accelerate deployment

Run .NET applications in EC2

instances running Windows Server

Fully managed database with

Amazon RDS for SQL Server

Add resiliency and HA with multi-AZ,

ELB, and Auto Scaling

Develop and Deploy Code in AWS

Build code quickly

Leverage familiar SDKs and toolkits

Deploy and scale your applications

AWS

CloudFormation

AWS CodeDeploy AWS Elastic

Beanstalk

.NET SDK AWS Toolkit

for Visual Studio

Where to Get Started

Security is job #1

Amazon EC2 Can Help Strengthen Your

Security Posture

Get native functionality and tools

at no additional charge

Over 30 global compliance

certifications and accreditations

Leverage security enhancements gleaned

from 1M+ customer experiences

Benefit from AWS industry leading

security teams 24/7, 365 days a year

Security infrastructure built to

satisfy military, global banks, and other

high-sensitivity organizations

Access a Deep Set of Cloud Security Tools

Encryption

AWS Key

Management

Service

AWS

CloudHSM

Server-side

encryption

Networking

Virtual

Private

Cloud

Web

Application

Firewall

Compliance

AWS ConfigAWS

CloudTrail

AWS Service

Catalog

Identity

IAM Active

Directory

Integration

SAML

Federation

VPC (Virtual Private Cloud)

Provision a logically isolated section of the AWS cloud

Control your virtual networking environment with:• Subnets

• Route tables

• Security groups

• Network ACLs

Control if and how your instances access the Internet

Connect to your on-premises network via a hardware VPN or Direct Connect

Availability Zone 1 Availability Zone 2

Internet

10.0.0.5

10.0.0.6

10.0.3.17

10.0.3.5

10.0.1.5

10.0.1.25

10.0.1.8

10.0.1.6

VPC Subnet

VPC subnet

VPC subnet

Virtual Private Gateway

Customer Gateway

VPN Connection

Internet Gateway

Customer Data Center

Use a Comprehensive Set of Management Tools

MonitoringConfiguration

AWS CloudWatch AWS CloudTrailAWS ConfigAmazon EC2

Run Command

PowerShell

Integration

AWS CloudFormationAWS CodeDeploy AWS Elastic

Beanstalk

AWS Toolkit

for Visual

Studio

.NET SDK

Development

Management Enhancements:

EC2 Run Command

Automate Common Tasks: Automate common administrative tasks at scale.

Delegated Administration: IAM integration for full control of users and level of

access.

Auditable: Visibility and tracking of configuration changes with AWS CloudTrail

Customizable: Create custom actions to automate common tasks

Microsoft Licensing OptionsFlexibility helps you optimize costs

Buy licenses

from AWS

Leverage License

Mobility

Bring your own

licenses (BYOL)

• Save money on software

licensing

• You manage licensing

costs and compliance with

your ISV

• No need for Software

Assurance

• AWS manages Windows

Server licensing

• You manage licensing

costs and compliance

with your ISV

• Uses Software

Assurance

• AWS manages licensing

• Pay as you go pricing

• Multi-tenant or

Dedicated

• No need for Software

Assurance

• Unlimited CALs

BYOL Using Dedicated HostsLicense compliance and portability

Host ID = h-123abc

Sockets = 2

Physical Cores = 20

• Maintain license compliance

• Granular resource and placement controls

• Visibility into physical resources

• Physical core and socket counts

• Capacity utilization

• Instance location

• Now supports reservations for discounted

pricing

It’s easy to get started!

http://aws.amazon.com/getting-started/

AWS Management Console

AWS Marketplace is in the Console

Browse, search, discover,

and launch thousand of AWS

Marketplace Amazon

Machine Images (AMIs)

directly from within the EC2

console

2,600+ products listed in 35

categories

Partner Case StudyBusiness Critical .NET Application

Securities Trading Platform - Background

Business critical trading platform running on AWS with Continuous Delivery

• At the end of 2014 Sourced were approached to run a pilot in AWS for a large retail

bank

• After operating workloads in AWS with an increasing level of criticality they were

ready to move one of their “crown jewels”, a business critical and heavily regulated

trading platform

• The business owners of this platform had an expiring data centre lease and needed

to validate whether AWS was a possible target for this application

• Development methodologies and application delivery processes (CI/CD) needed to

be defined

• Operational tooling and support procedures needed to be converted and validated

• Centralised logging and the collection of metrics became paramount

• Traditional 3-tier architecture

• Windows 2012 (Headless)

• .NET 4.5 / IIS 8

• SQL Server 2012

• Live market data

• 50,000 concurrent traders

• 200-300,000 active users

• Predictable traffic pattern

Application Characteristics

Securities Trading Platform - Implementation

Business critical trading platform running on AWS with Continuous Delivery

Traditional Data Tier

Traditional App Tier

Internal

Instance Instance Instance Instance

Instance Instance

Instance Instance

past.aws.app.com live.aws.app.com next.aws.app.com

Auto Scale EnabledServing Traffic

Auto Scale DisabledReady for Scale Up

Auto Scale DisabledReady for Destruction

DNS Carousel

Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer

Amazon Web Services

www.application.com

DDoS Protection

User Traffic

AgilityINTRA-DAY RELEASES

e.g. Primary website was turned pink for

Breast Cancer Awareness Week

ScalabilityRESILIENT PRODUCTS

e.g. Platform auto-scaled during recent China stock market

freeze with no customer impact

Lower CostsDC CONSOLIDATION

e.g. Data Center lease was up for renewal and facilitated exit

Context

• 3-Tier application with the app and data tier remaining on-premise

• Solution is protected by a CDN provided by a 3rd party

• Build and release pipeline integrated with AWS and DNS is used to swing

traffic to a new release

Securities Trading Platform – Real World AWS Resiliency

Auto Scale in Action for a Business Critical Application

• January 2016 the Chinese Stock Exchange

suspends trading for the second time in the year

due to a $75B loss

• There was a run on the Australian Stock Exchange

shortly after 10am

• What would normally represent a red-light

moment for the AppOps team has just become a

validation in a Splunk dashboard to ensure AWS

reacted as expected

As the platform met scale out criteria instances were provisioned seamlessly

Next Steps

Sign up for an AWS account!

Take advantage of the Free Tier: aws.amazon.com/free

Learn more: aws.amazon.com/windows

https://qwiklabs.com/