© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

December 9, 2015 | Los Angeles, CA

Migration of Microsoft

Workloads to

Amazon Web Services

Agenda

• AWS Migration Methodology

• Architecture Best Practices

• Workload Migration Examples

• Migration Tools

• Additional Resources

AWS Migration Methodology

Modernizing IT: Gartner’s 5 Rs

Packaged

Apps

Databases

Custom Apps

Phase out

unnecessary

applications

Leave data or

applications in

place and

extend via new

platform

Replace custom

applications with

modern,

packaged

offerings

Move

application and

data to new

platform without

modification

Create new

applications

utilizing services

to speed

implementation

Modernizing IT: Gartner’s 5 Rs

Packaged

Apps

Databases

Custom Apps

Phase out

unnecessary

applications

Leave data or

applications in

place and

extend via new

platform

Replace custom

applications with

modern,

packaged

offerings

Move

application and

data to new

platform without

modification

Create new

applications

utilizing services

to speed

implementation

AWS Migration Patterns: Path to the Cloud

Phased Migration Strategy

Cloud Assessment Phase

•Assess Costs

•Assess Architecture

•Document current inventory & workloads

•Assess Security

Proof of Concept Phase

•Learn AWS

•Build a pilot

•Build Support within the organization

Data Migration Phase

•Leverage different storage options

•Migrate

Application Migration Phase

•Lift & Shift Migration

•Hybrid Migration

Leverage the Cloud Phase

•Auto-scaling

•Automation

•Elasticity

•High Availability

Optimization Phase

•Utilization

•Monitoring

•Efficiency

•Performance

•Re-engineering

Phase Driven Approach to Cloud Migration

Phase Process Benefits

Cloud

Assessment

• Financial Assessment (TCO calculation)

• Security and Compliance Assessment

• Technical Assessment (Classify application

types)

• Identify the tools that can be reused and the

tools that need to be built

• Migrate licensed products

• Create a plan and measure success

• Business case for migration (Lower

TCO, faster time to market, higher

flexibility & agility, scalability +

elasticity)

• Identify gaps between your current

traditional legacy architecture and

next -generation cloud architecture

Proof of

Concept

• Get your feet wet with AWS

• Build a pilot and validate the technology

• Test existing software in the cloud

• Build confidence with various AWS

services

• Mitigate risk by validating critical

pieces of your proposed architecture

Data

Migration

• Understand different storage options in the

AWS cloud

• Migrate fileservers to Amazon S3

• Migrate RDBMS to EC2 + EBS, or Amazon

RDS

• Redundancy, Durable Storage,

Elastic Scalable Storage

• Automated Management Backup

Phase Driven Approach to Cloud Migration

Phase Process Benefits

Application

Migration

• Understanding the different instance type and

performance characteristics

• Network connectivity and security controls

• Deploy instances and software

• Failure tolerance, optimal capacity

provisioning, high availability

• Scalable compute resources

• Infrastructure automation

Leverage the

Cloud

• Leverage other AWS services

• Automate elasticity and SDLC

• Flexibility and agility

• Automation and improved productivity

• Harden security

• Create dashboard to manage AWS resources

• Leverage multiple availability zones

• Reduction in CapEx in IT

• Flexibility and agility

• Automation and improved

productivity

• Higher Availability

Optimization • Optimize usage based on demand

• Improve efficiency

• Implement advanced monitoring and

telemetry

• Re-engineer your application

• Decompose your relational databases

• Increased utilization and

transformational impact in OpEx

• Better visibility through advanced

monitoring and telemetry

Phase Deep-Dive: Assessment & Discovery

Application/Device MappingA document that relates individual compute instances and

infrastructure to a specific application.

Security You will want to understand any application specific security

requirements, Data Protection mechanisms, authentication

mechanisms and security classification efforts.

Application Architecture DiagramsApplication diagrams that show the relationships between

infrastructure and software for a specific workload.

ComplianceAny compliance regulations will need to ne vetted in order to

meet the organizations audit requirements such as HIPPA,

PCI, DSS, FedRAMP

Integration/Dependency MappingA document that shows the integration points or

dependencies of one application on other applications.

Criticality, RPO/RTO ObjectivesWhat are the application specific criticality rankings,

RPO/RTO objectives and migration efforts will need to

consider application maintenance windows (Recovery Time

Objectives)

Application Load MetricsUnderstanding an applications load profile will help

understand the scale of the infrastructure required to support

the environment.

Architecture Best Practices

Architecture Best Practices

Resiliency Loose

Coupling

Elasticity Storage Security

Workload Migration Example

First You

Need a

Target:

The VPC

Availability Zone

Private SubnetPublic Subnet

NAT

10.0.0.0/24 10.0.2.0/24

DCDBAPPWEB

Domain

Controller

SQL

ServerApp

Server

IIS

ServerRDGW

Availability Zone

Private SubnetPublic Subnet

NAT

10.0.0.0/24 10.0.2.0/24

DCDBAPPWEB

Domain

Controller

SQL

ServerApp

Server

IIS

ServerRDGW

Remote

Users / Admins

The Principles of Security Don’t Change Much

• Roles Based Access Control and Least Privilege Apply

• Use Security Groups to filter traffic

Availability Zone

Web Security Group SQL Security Group

Private SubnetPublic Subnet

Accept TCP Port 80

from Internet

Accept TCP Port

1433 from Web SG

User

WEB SQLTCP 80 TCP 1433

10.0.0.0/24 10.0.1.0/24

Remember You Are Always Working Remote

Deploying a bastion host in each Availability Zone can provide

highly available and secure remote access over the Internet

• Clients can use the Remote Desktop Protocol (RDP) over

HTTPS to establish a secure, encrypted connection

• Bastion hosts can run Windows PowerShell Web Access for

remote command line administration

SQL Server on AWS

SQL Server on Amazon EC2

• You Manage Your Infrastructure

• Advanced Deployments: WSFC +

AlwaysOn Availability Groups

Amazon RDS for SQL Server

• Fully Managed by AWS

• No Administrative Intervention

• Uses SQL Server Mirroring

Many Versions and Editions of SQL Server including Express, Web, Standard and

Enterprise and SQL 2005, 2008, 2012, 2014

Highly Available SQL Server

Availability Zone 1

Private Subnet

Primary

Replica

Availability Zone 2

Private Subnet

Secondary

Replica

Synchronous-commit Synchronous-commit

Primary: 10.0.2.100

WSFC: 10.0.2.101

AG Listener: 10.0.2.102

Primary: 10.0.3.100

WSFC: 10.0.3.101

AG Listener: 10.0.3.102

AG Listener:

ag.awslabs.net

Automatic Failover

SQL Server WSFC: The Quorum

Availability Zone 1

Private Subnet

Primary

Replica

Availability Zone 2

Private Subnet

Secondary

Replica

Synchronous-commit Synchronous-commit

Automatic Failover

Witness

Server

SQL Server WSFC Failover: The Witness

Availability Zone 1

Primary

Replica

Availability Zone 2

Secondary

Replica

Automatic Failover

Witness

Server

Availability Zone 3

SQL Server HA with Read Replica

Availability Zone 1

Private Subnet

Primary

Replica

Availability Zone 2

Private Subnet

Secondary

Replica 1

Synchronous-commit Synchronous-commit

AG Listener:

ag.awslabs.net

Automatic Failover

Asynchronous-commit

Secondary

Replica 2

(Readable)

Reporting

Application

SQL Server HA Hybrid

Availability Zone 1

Private Subnet

Primary

Replica

Availability Zone 2

Secondary

Replica 1

Private Subnet

AG Listener:

ag.awslabs.net

Corporate Network

VPN

Automatic Failover

Secondary

Replica 2

(Readable)

Reporting

Application

Backups

Manual Failover

SQL Server HA Hybrid – Replicating to AWS

Primary

Replica

Secondary

Replica 1

AG Listener:

ag.awslabs.net

VPN

Automatic Failover

Secondary

Replica 2

(Readable)

DR, Migration

Manual Failover

Corporate Network

Migration to Amazon RDS for SQL Server

Create Database

• Use Console, CLI or API

Prepare the Source

• Disable foreign key constraints, database triggers, and automated backups

Import Logins and

Data

• Query for Logins

• Generate Scripts to obtain the data

Reverse Preparations

• Re-enable the elements disabled before

Migration Tools

AWS Database Migration Service

AWS

Database Migration

Service

• Start your first migration in 10 minutes or less

• Keep your apps running during the migration

• Replicate within, to or from Amazon EC2 or RDS

• Move data to the same or different database

engine

• Sign up for preview at aws.amazon.com/dms

AWS Database Migration Service

Customer

Premises

Application Users

AWS

Internet

VPN

• Start a replication instance

• Connect to source and target databases

• Select tables, schemas, or databases

Let AWS Database Migration Service

create tables, load data, and keep

them in sync

Switch applications over to the target

at your convenience

AWS

Database Migration

Service

Migration Tools

AWS Provided Tools

• AWS Import/Export, Snowball

• VM Import/Export

• Amazon RDS Migration Tool

• Amazon WorkMail Migration

Tool

• AWS Data Pipeline

Partner Tools

Migration Tools

• Common set of tools that can assist customers in migrating workloads into Amazon

Web Services.

• Tools and Partner’s change. Here is an abbreviated list of some commonly

recommended tools.

Description Tool assisted migration options

Production environment, Live Migration with

minimum downtime

CloudEndure

Production environment, not so critical

workloads, can sustain outage

RACEMI

Windows 2003, in-place upgrade and migration AppZero

Database migrations, all use cases Attunity

Non-Prod / Non-critical migrations AWS VM Import

Additional Resources

Microsoft Quick Starts

https://aws.amazon.com/quickstart/

• Web Application Proxy and Active Directory Federation Services

• Lync Server 2013

• Exchange Server 2013

• Windows PowerShell DSC

• SharePoint Server 2013

• SQL Server 2012 and 2014 with WSFC

• Remote Desktop Gateway

• Active Directory Domain Services

Where Can I Learn More?

• AWS Directory Services

• Microsoft Pages on AWS

• Microsoft Whitepapers on AWS

• Windows FAQ on AWS

• Microsoft License Mobility on AWS

Thank You!

Slides will be available on SlideShare.