Running Microsoft SQL on AWS

Chris Fleischmann - Enterprise Solutions Architectfchris@amazon.com

Amazon Web Services Confidential

Agenda

SQL Server deployment options SQL Server on RDS on AWS SQL Server on EC2 on AWS

High Availability options on AWS for SQL Server Security options on AWS for SQL Server Migrating SQL Server to AWS

More Functionality Than Any Other Infrastructure Provider

AWS MarketplaceEnterprise Applications

Platform asA Service

Administration & Security

Core Services

Infrastructure

Microsoft SQL Server deployment options

There are two ways to run SQL Server 2008 R2 and 2012 in AWS. One is to use the Amazon Relational Database Service (Amazon RDS, or RDS). The other is to run SQL Server on the Amazon Elastic Compute Cloud (Amazon EC2, or EC2). The latter option is also available for other versions of SQL Server, such as 2014, subject to Microsoft licensing.

Amazon Web Services Confidential

SQL Server Support on AWS

• Microsoft workloads are supported on AWS• Our customers have successfully deployed in the AWS cloud virtually

every Microsoft application available, including Microsoft Exchange, SharePoint, Lync, Dynamics, and Remote Desktop Services

• If you have support related issues you should contact AWS Support• If you have an existing Microsoft support agreement you can contact

Microsoft Support• Support for Microsoft workloads on AWS can be a collaborative effort

between you, AWS Support, and Microsoft Support.

Amazon Web Services Confidential

EC2 Dedicated Hosts on AWS EC2 Dedicated Hosts physical servers with EC2 capacity fully dedicated to a customer’s use.

Using a Dedicated Host, you can see how many sockets or physical cores are installed on a physical server and can granularly control the placement of their instances on their hosts.

Allows customers to effectively use server-bound licenses in EC2, while adding visibility and control in compliance, or highly regulated scenarios (Dedicated Hosts are supported in the BAA).

  Under BYOL you may need to report the usage of your licenses back to your ISV. This is where

AWS Config lends a hand. When activated, AWS Config records host and instance level information relevant to software licensing and can be used as data source for our customers to self-report license usage.

Dedicated Hosts are available for M3, M4, C3, C4, I2, D2, G2, and R3 instance families in all public regions where these instance families are currently supported, excluding China (Beijing) and GovCloud (US).

For more information on Dedicated Host availability and pricing, visit the Dedicated Hosts pricing page.

Amazon Web Services Confidential

SQL Server License Mobility on AWS You are responsible for obtaining the licenses required for eligible Microsoft

applications running in the AWS cloud using the License Mobility through Software Assurance benefit, and for complying with all applicable Microsoft licensing requirements. Under the PUR, the number of licenses required varies based on the instance type, version of SQL Server, and the Microsoft licensing model you choose.

For “Licensing by Individual Virtual OSE” of Microsoft SQL Server 2014 (and permitted instances of Microsoft SQL Server 2012), the July 2014 version of the PUR states, “The number of licenses required equals the number of Virtual Cores in each Virtual OSE in which you will run the server software, subject to a minimum of four licenses per Virtual OSE.” The July 2014 version of the PUR defines a “Virtual Core” as “the unit of processing power in a virtual hardware system. A Virtual Core is the virtual representation of one or more hardware threads.”

http://aws.amazon.com/windows/resources/licensemobility/sql/

Amazon Web Services Confidential

SQL Server Licensing on EC2

• EC2 BYOL/LI: Licensed by vCPU (minimum of 4), all mirrors require licensing• EC2 Dedicated Instances BYOL: Licensed by vCPU (minimum of 4), mirrors do not

require licensing• EC2 Dedicated Instances LI: Licensed by vCPU (minimum of 4), all mirrors require

licensing

Amazon Web Services Confidential

SQL Server Licensing on RDS RDS BYOL: Licensed by vCPU (minimum of 4), all mirrors require licensing RDS LI: Licensed by vCPU (minimum of 4), all mirrors require licensing

Amazon Web Services Confidential

SQL Server Licensing Cloud vs On-Prem

• SQL Server is twice as expensive on both AWS and Azure for a single server with the same number of cores

• It can be four times as expensive if a passive mirror is included• These are standard Microsoft terms under the PUR• Counteract by:

® Optimizing licenses to use SE or other editions instead of EE® Reduce vCPUs to right size the instance (new hardware)® Add a caching tier, move components to NoSQL or migrate to

MySQL/PostgreSQL

Amazon Web Services Confidential

Engine/Edition Versions License Included BYOLSQL Server 2008 R2

2012Express Edition

Web EditionStandard Edition

Enterprise Edition1

Standard EditionEnterprise Edition

* Requires Software Assurance/License Mobility

Versions and Licensing

1. Virginia, Oregon and Dublin

Amazon Web Services Confidential

SQL Server on RDS on AWS Amazon RDS takes care of the undifferentiated heavy lifting of

your SQL Server Database. Installation Disk provisioning and management Patching and minor version upgrades Failed instance replacement Backup and recovery Automated Multi-AZ (Availability Zone) synchronous replication

Amazon Web Services Confidential

SQL Server on EC2 on AWS Running SQL Server on EC2, you have full control over the

operating system, database installation and configuration. You are responsible for administering the database, including

backups and recovery, patching the operating system and the database, tuning of the operating system and database parameters, managing security, and configuring high availability or replication

Running your own relational database on Amazon EC2 is the ideal scenario if you require a maximum level of control and configurability. You can also use SQL Server services and features that are not available in Amazon RDS.

Amazon Web Services Confidential

Features

Core Database Engine Features Partially Contained Databases

SQL Server Management Tools Columnstore Indexes

Full text search UTF-16

SSL Advanced Security/TDE

Spatial Safe CLR

Change Tracking Target for SSRS, SSIS, etc.

RDS SQL – Supported Features

Amazon Web Services Confidential

Features

>30 Databases per Instance SQL Server Analysis Services

Windows Authentication* SQL Server Integration Services

Database Mail SQL Server Reporting Services

CDC Data Quality Services

Distributed Queries Master Data Services

SQL Server Audit Always On

Performance Data Collector File Tables

RDS SQL Server – Unsupported Features

v

High Availability options on AWS for SQL Server

Amazon Web Services Confidential

High Availability options on AWS for SQL Server RDS offers Multi-AZ support for Amazon RDS for SQL Server*

This high availability (HA) option leverages SQL Server Mirroring technology with additional improvements, to meet the requirements of enterprise-grade production workloads running on SQL Server.

Replicates synchronously across Availability Zones.

SQL Server On AWS EC2; Use Microsoft's AlwaysOn technology with 2 or more

Availability Zones, see whitepaper: https://s3.amazonaws.com/quickstart-reference/microsoft/sql/latest/doc/Microsoft_WSFC_and_SQL_AlwaysOn_Quick_Start.pdf

*Except for the following regions: Sydney

Amazon Web Services Confidential

High Availability options on AWS for SQL Server Amazon RDS automatically performs a failover in the event of any

of the following: Loss of availability in the primary Availability Zone Loss of network connectivity to the primary DB node Compute unit failure on the primary DB node Storage failure on the primary DB node

Amazon RDS Multi-AZ deployments do not failover automatically in response to database operations such as long running queries, deadlocks or database corruption errors.

Amazon Web Services Confidential

High Availability options on AWS for SQL Server

Instance Failure

Storage Failure AZ Failure Region

FailureRDS

RDS MAZ

Failover options vary in capabilities and on the specific event. For example, Storage failure could be a single disk or all access to EBS. Regional failover is customer driven and thus highly variable

Using AWS's Relational Database Service (RDS) offering provides:

Amazon Web Services Confidential

High Availability options on AWS for SQL Server

Instance Failure

Storage Failure AZ Failure Region

FailureRDS <5 mins+ <5 mins+ User driven

RDS MAZ <60 sec+ <60 sec+ <60 sec+ User driven

Times are estimates and will vary. For example, caches need to be warmed, DBs recovered, etc. PLEASE TEST!

Using AWS's Relational Database Service (RDS) offering provides:

Security options on AWS forSQL Server

Amazon Web Services Confidential

Security options on AWS for SQL Server

Use a VPC Run your DB in a private subnet

Use a separate Security Group (SG) for your DB

Connect through the CNAME

Use for Data in Transit

Amazon Web Services Confidential

Security options on AWS for SQL ServerAWS Identity and Access Management (IAM) DO NOT share AWS account credentials Create IAM users

Minimum permissions Use groups for common permissions

Tag resources Delegate access Rotate credentials

Amazon Web Services Confidential

Security options on AWS for SQL Server

Secure Data at Rest• There are several options for protecting data-at-rest in a DB

instance: Encrypted Amazon RDS DB instances using Amazon KMS SQL Server Transparent Data Encryption (TDE) SQL Server column-level; Encrypting data in the application before it is saved to the

database instance.

Amazon Web Services Confidential

Security options on AWS for SQL Server There are several features and sets of controls available to manage

the security of your Amazon RDS database instance. These controls are as follows:

Network controls, which determine the network configuration underlying your DB instance

DB instance access controls, which determine administrative and management access to your RDS resources

Data access controls, which determine access to the data stored in your RDS DB instance databases

Data-at-rest protection, which affects the security of the data stored in your RDS DB instance

Data-in-transit protection, which affects the security of data connections to and from your RDS DB instance

Migrating SQL Server to AWS

Start your first migration in 10 minutes or lessKeep your apps running during the migrationReplicate within, to or from Amazon EC2 or RDSMove data to the same or different database engine Sign up for preview at aws.amazon.com/dms

AWSDatabase Migration

Service

Amazon Web Services Confidential

CustomerPremises

Application Users

AWS

Internet

VPN

Keep your apps running during the migration

Start a replication instance

Connect to source and target databases

Select tables, schemas, or databases

AWSDatabase Migration Service

Let AWS Database Migration Service create tables, load data, and keep them in sync

Switch applications over to the target at your convenience

Amazon Web Services Confidential

Migrate and replicate between database engines

Amazon Web Services Confidential

Sign Up for AWS Database Migration Service

Sign up for AWS Database Migration Service Preview now: aws.amazon.com/dms

Download the AWS Schema Conversion Tool: aws.amazon.com/dms

QuestionsChris Fleischmannfchris@amazon.com