© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Bill Jacobi, Senior Solutions Architect

November 30, 2016

Running Your First 100K

Microsoft Users on AWS

WIN303

What to Expect from the Session

Learn how AWS has built a push-button, automated solution that runs

the Microsoft Servers that have been scaled to 100K users.

This session will discuss how to build, load-test, and display metrics of a

complex Windows stack. Attendees should have familiarity with

Microsoft server architectures and AWS.

This session will cover Windows technologies mapped to AWS including

EC2 Windows, Bootstrapping, Load Balancing, CloudFormation, Elastic

Beanstalk, Elasticsearch, CodeCommit, and Direct Connect to facilitate

running a multi-tier Microsoft server stack at scale.

Why Run Microsoft Servers on AWS?

Amazon’s Migration to AWS

Microsoft Servers Quick Start

Demo of 100K Users

Load Testing with Locust and ELK stack

- SA Contributor: Len Henry

How the Solution was Built

Agenda

Why Run Microsoft Servers on AWS?

ISV Application and Add-

On Compatibility

ISV applications and add-ons are supported by the AWS

Infrastructure-as-a-Service platform

DevOps enabled AWS CloudFormation builds infrastructure while Microsoft

PowerShell builds applications, in a CI/CD lifecycle

Optimization AWS enables you to monitor, aggregate, report on, and act on

application and infrastructure metrics

Depth/breadth of services Build solutions around the Microsoft stack that combine the

Windows and Open Source ecosystems, and AWS services

Auditability enabled Every API call, network packet in/out, and infrastructure

change is audited and logged, supported by a rich policy model

License management AWS Config can monitor license compliance of server-bound

licenses on Amazon Dedicated Hosts and Dedicated Instances.

Enabled for compliance Applications can run under NIST, PCI, or HIPAA Accelerators to

provide baseline regulatory controls

In 2013, Amazon IT decided to migrate the Microsoft stack to AWS

Over 200K Amazon users access Exchange, SharePoint, and Lync through the corporate image

Exchange data points:

• There are 26 Exchange servers (4 per AZ)

• 7,600 users per server

• DAG Architecture for HA

• Supports users in Americas, EMEA, and Asia

Amazon’s Migration to AWS

Quick Start

CloudFormation

template

Deployment

Guide (PDF)

• Exchange DAG architecture

• Lync Paired Pool

architecture

• SQL Server Always On

architecture for SharePoint

• Brick architecture

represents a 10K modular

pod: Scale horizontally

• Use the Microsoft capacity

calculators to validate

logical architecture

• Use load-testing to validate

physical architecture

Microsoft Topologies

10.0.0.10

Amazon Infrastructure

• Single VPC for integrated

cross-server experience

• Multiple AZs for high

availability across all servers

• DMZ subnet for management

• Private subnet for all

application servers

• Security groups for server

roles and NACLs for subnets

• 2 AD sites mapped to the 2

AZs for high availability

• Amazon Workspaces clients

or on-premises clients

• Connect to on-premises

through VPN or AWS Direct

Connect

Microsoft Servers Quick Start

Client Demo – Microsoft Servers

Server Demo – Microsoft Servers

Load Testing 100K Users with Locust

Locust

master

Locust

worker

Locust

workerLocust

worker

Locust

worker

Locust

worker

Locust

worker

Locust

workerLocust

worker

Locust

worker

SharePoint

WFE/App1

SharePoint

WFE/App2SharePoint

WFE/App3

SharePoint

WFE/App4

SharePoint

WFE/App5

SharePoint

WFE/App6

SharePoint

WFE/App7SharePoint

WFE/App8

SharePoint

WFE/App9SharePoint WFE/App10

Log Aggregation of IIS web requests with an

ELK (ElasticSearch, LogStash, Kibana) Stack

Amazon Elasticsearch

https://www.elastic.co/products/logstash

Log Display with a Kibana Dashboard

How the Solution was Built

• CloudFormation Stacks, PowerShell, Parameters

• AWS CodeCommit

• SharePoint Logical and Physical Architecture

• Performance and Latency

• Auditability

CloudFormation is service for automating deployment of resources: EC2, VPC, NAT, and others

CloudFormation template

− JSON-formatted document which describes a configuration to be deployed in an AWS account

− When deployed, refers to a “stack” of resources

− Stacks can and should be nested for modularity

− Starting point is a usually a baseline OS or pre-configured AMI

PowerShell is inserted into instance start up in CloudFormation

CloudFormation controls configuration across reboots

AWS

CloudFormation

DevOps – CloudFormation

DevOps – AWS Cloud Formation

MasterStack orchestration

ADStack

SQLStack ExchangeStack

SharePointStack LyncStack

1

2

3 4

5 6

AZs, VPC, subnets, R53 DC, Global Catalog, DNS,

Repl

AZs, LB, VPC, R53MBOX, Edge, DAG, RDG,

AD

AZs, LB, VPC, R53FrontEnd, Edge, SQL,

RDG, AD

AZs, VPC, EIPs, storageWSFC, AlwaysOn, Quorum,

Witness, RDG, Full Backup

AZs, LB, VPC, R53WFE, AppSrv, SQL, RDG,

AD

Layer 1

Layer 2

Layer 3

MSServers Solution - 6 CloudFormation Stacks

DevOps – Nested Stacks

• Master stack calls AD; Depends on SQL and

• Stacks create modularity, reuse, and resource ordering

• See blog post for more details

"Resources": {

"ADStack": …AWS::CloudFormation::Stack…

"SQLStack": {

"Type": "AWS::CloudFormation::Stack",

"DependsOn": "ADStack",

"Properties": …

}

CloudFormation Parameters = Full Control

Create Lync FrontEnd1 Instance

Embed PowerShell

Sample of Lync Front End CFN Template

AWS CodeCommit provides version control with Git

SharePoint Logical Architecture

Performance and Latency: Wash DC–Portland, OR

88 ms round trip via Internet 59 ms round trip via Direct Connect

Auditability Infrastructure

− AWS CloudTrail

− AWS Config (see whitepaper for license auditing)

− Amazon Inspector

Network

− VPC flow logs

− Elastic Load Balancing access logs

Application

− Amazon CloudWatch Logs can integrate• IIS logs

• Event logs

• Event Tracing for Windows (ETW) logs

• Any performance counter data

• Exchange, Lync, SharePoint logs

• Any text-based log files

Dedicated Hosts

Visibility of sockets, cores, host ID

Related Sessions

Thank you!

WIN303 – Running your first 100K Microsoft users on AWS

Please fill out your evaluation form