getting started with windows workloads on amazon ec2 - toronto
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Shawn Gandhi
Head of Solutions Architecture
AWS Canada
September 2016
Getting Started with Windows
Workloads on AWS
@shawnagram
Who Are We Exactly?
Customer
Account
Manager
Solutions
ArchitectTech
Account
Manager
Pro
Services
Training &
Cert
Partner
Team
Biz Dev
Agenda
Why are customers running Windows on AWS
What Windows workloads run on AWS
Corp apps
Line of business apps
Developers
Where to get started and recent enhancements
Security
Management
Infrastructure
Licensing
Why are customers running
Windows on AWS?
Customer Success Story
Searching for a solution to host its Microsoft SharePoint sites, the company
chose AWS because of cost, efficiency, and to improve operational efficiency. By
running on AWS, Dole can launch a new SharePoint website in minutes and
estimates savings $350,000 in operating expenses.
“When we were looking for a place to put our SharePoint install, we built out a [Amazon] virtual private
cloud, effectively using it as an extension of our datacenter… We can grow any time we want– we don’t
have to go and acquire new hardware.”
– Joanna, Dyer, Director of IT Solutions, Dole Food Company
Customer Success Story
Hess turned to AWS to help consolidate disparate systems, include multiple
legacy versions Windows Server 2003, and 2008 and Microsoft SQL Server
2000, 2005, 2008 that had built up over many years of M&A activity. Hess was
able to complete a full consolidation of 300 Microsoft workloads in under 6
months.
“We didn’t have time to re-design applications. AWS could support our legacy 32-bit applications on
Windows Server 2003, a variety of SQL Server and Oracle databases, and a robust Citrix environment.”
– Jim McDonald, Lead Architect, Hess Corporation
Why run Windows workloads on AWS
*as of July 31, 2014
Building and managing cloud since 2006
12 regions, 33 Availability Zones, 54 edge locations
Thousands of partners; 2,500+ Marketplace products
Security & Reliability
Performance
Experience
Scale
Ecosystem
Extensive VM and network performance options
Security in layers approach and 99.95% application SLA
SecurityA few of our many certifications:
Secured premises
Secured access
Built-in firewalls
Unique users
Multi-factor authentication
Private subnets
Encrypted data storage
Dedicated connection
Reliability
Easily build highly available applications
ELB distributes load (ideal for SharePoint)
Auto Scaling for availability and scalability
Use multiple Availability Zones
G2
GPU
enabled
M4
General
purposeMemory
optimized
R3
Dense-storage
and high-I/O
optimized
C4
Compute
optimized
C3
D2 I2
T2
High Performing
M3
High Performing
High performance instances (X1) and HPC solutions
Automated instance scaling (Auto Scaling)
Dedicated low-latency network (AWS Direct Connect)
Ensure storage performance (EBS Provisioned IOPS)
Deploy faster wherever you like
Reliability & Scale:
Availability Zones
AZ
AZ
AZ AZ AZ
Transit
Transit
What Windows workloads can I
run on AWS?
Developer platform & tools
Corp applications Line of business
applications
End user computing
Information Security
Corporate Applications End User ComputingBusiness Applications
Amazon EC2 Windows,
Amazon RDS,
AWS CloudFormation,
AWS CloudFront
Amazon EC2 Windows,
AWS Directory Service,
Amazon RDS,
AWS Marketplace
Amazon WorkSpaces,
Amazon AppStream, AWS
Marketplace,
AWS Mobile Services, SaaS
AWS Identity and Access Management (IAM),
AWS CloudHSM, AWS Key Management Service,
security groups, AWS Marketplace
Amazon EC2, Amazon S3, Amazon RDS,
Amazon VPC, Amazon Direct Connect,
AWS Directory Service, AWS IAM,
AWS Service Catalog
Infrastructure
AWS Service Offerings for Windows Workloads
AWS Elastic Beanstalk,
AWS CodeDeploy,
AWS CloudFormationDevOps
Corporate Apps in AWS
Deploy highly available applications
BYOL or pay per use
Security in layers approach helps with
compliance
Leverage multi-AZ architectures for
reliability & availability
Ref Architecture: SharePoint on AWS
Custom (Line of Business) Apps in AWS
AWS CloudFormation templates
accelerate deployment
Run .NET applications in EC2
instances running Windows Server
Fully managed database with
Amazon RDS for SQL Server
Add resiliency and HA with multi-AZ,
ELB, and Auto Scaling
Develop and Deploy Code in AWS
Build code quickly
Leverage familiar SDKs and toolkits
Deploy and scale your applications
AWS
CloudFormation
AWS CodeDeploy AWS Elastic
Beanstalk
.NET SDK AWS Toolkit
for Visual Studio
Where to Get Started
Security is job #1
Amazon EC2 Can Help Strengthen Your
Security Posture
Get native functionality and tools
at no additional charge
Over 30 global compliance
certifications and accreditations
Leverage security enhancements gleaned
from 1M+ customer experiences
Benefit from AWS industry leading
security teams 24/7, 365 days a year
Security infrastructure built to
satisfy military, global banks, and other
high-sensitivity organizations
Access a Deep Set of Cloud Security Tools
Encryption
AWS Key
Management
Service
AWS
CloudHSM
Server-side
encryption
Networking
Virtual
Private
Cloud
Web
Application
Firewall
Compliance
AWS ConfigAWS
CloudTrail
AWS Service
Catalog
Identity
IAM Active
Directory
Integration
SAML
Federation
VPC (Virtual Private Cloud)
Provision a logically isolated section of the AWS cloud
Control your virtual networking environment with:• Subnets
• Route tables
• Security groups
• Network ACLs
Control if and how your instances access the Internet
Connect to your on-premises network via a hardware VPN or Direct Connect
Availability Zone 1 Availability Zone 2
Internet
10.0.0.5
10.0.0.6
10.0.3.17
10.0.3.5
10.0.1.5
10.0.1.25
10.0.1.8
10.0.1.6
VPC Subnet
VPC subnet
VPC subnet
Virtual Private Gateway
Customer Gateway
VPN Connection
Internet Gateway
Customer Data Center
Use a Comprehensive Set of Management Tools
MonitoringConfiguration
AWS CloudWatch AWS CloudTrailAWS ConfigAmazon EC2
Run Command
PowerShell
Integration
AWS CloudFormationAWS CodeDeploy AWS Elastic
Beanstalk
AWS Toolkit
for Visual
Studio
.NET SDK
Development
Management Enhancements:
EC2 Run Command
Automate Common Tasks: Automate common administrative tasks at scale.
Delegated Administration: IAM integration for full control of users and level of
access.
Auditable: Visibility and tracking of configuration changes with AWS CloudTrail
Customizable: Create custom actions to automate common tasks
Microsoft Licensing OptionsFlexibility helps you optimize costs
Buy licenses
from AWS
Leverage License
Mobility
Bring your own
licenses (BYOL)
• Save money on software
licensing
• You manage licensing
costs and compliance with
your ISV
• No need for Software
Assurance
• AWS manages Windows
Server licensing
• You manage licensing
costs and compliance
with your ISV
• Uses Software
Assurance
• AWS manages licensing
• Pay as you go pricing
• Multi-tenant or
Dedicated
• No need for Software
Assurance
• Unlimited CALs
BYOL Using Dedicated HostsLicense compliance and portability
Host ID = h-123abc
Sockets = 2
Physical Cores = 20
• Maintain license compliance
• Granular resource and placement controls
• Visibility into physical resources
• Physical core and socket counts
• Capacity utilization
• Instance location
• Now supports reservations for discounted
pricing
It’s easy to get started!
http://aws.amazon.com/getting-started/
AWS Management Console
AWS Marketplace is in the Console
Browse, search, discover,
and launch thousand of AWS
Marketplace Amazon
Machine Images (AMIs)
directly from within the EC2
console
2,600+ products listed in 35
categories
Partner Case StudyBusiness Critical .NET Application
Securities Trading Platform - Background
Business critical trading platform running on AWS with Continuous Delivery
• At the end of 2014 Sourced were approached to run a pilot in AWS for a large retail
bank
• After operating workloads in AWS with an increasing level of criticality they were
ready to move one of their “crown jewels”, a business critical and heavily regulated
trading platform
• The business owners of this platform had an expiring data centre lease and needed
to validate whether AWS was a possible target for this application
• Development methodologies and application delivery processes (CI/CD) needed to
be defined
• Operational tooling and support procedures needed to be converted and validated
• Centralised logging and the collection of metrics became paramount
• Traditional 3-tier architecture
• Windows 2012 (Headless)
• .NET 4.5 / IIS 8
• SQL Server 2012
• Live market data
• 50,000 concurrent traders
• 200-300,000 active users
• Predictable traffic pattern
Application Characteristics
Securities Trading Platform - Implementation
Business critical trading platform running on AWS with Continuous Delivery
Traditional Data Tier
Traditional App Tier
Internal
Instance Instance Instance Instance
Instance Instance
Instance Instance
past.aws.app.com live.aws.app.com next.aws.app.com
Auto Scale EnabledServing Traffic
Auto Scale DisabledReady for Scale Up
Auto Scale DisabledReady for Destruction
DNS Carousel
Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer
Amazon Web Services
www.application.com
DDoS Protection
User Traffic
AgilityINTRA-DAY RELEASES
e.g. Primary website was turned pink for
Breast Cancer Awareness Week
ScalabilityRESILIENT PRODUCTS
e.g. Platform auto-scaled during recent China stock market
freeze with no customer impact
Lower CostsDC CONSOLIDATION
e.g. Data Center lease was up for renewal and facilitated exit
Context
• 3-Tier application with the app and data tier remaining on-premise
• Solution is protected by a CDN provided by a 3rd party
• Build and release pipeline integrated with AWS and DNS is used to swing
traffic to a new release
Securities Trading Platform – Real World AWS Resiliency
Auto Scale in Action for a Business Critical Application
• January 2016 the Chinese Stock Exchange
suspends trading for the second time in the year
due to a $75B loss
• There was a run on the Australian Stock Exchange
shortly after 10am
• What would normally represent a red-light
moment for the AppOps team has just become a
validation in a Splunk dashboard to ensure AWS
reacted as expected
As the platform met scale out criteria instances were provisioned seamlessly
Next Steps
Sign up for an AWS account!
Take advantage of the Free Tier: aws.amazon.com/free
Learn more: aws.amazon.com/windows
https://qwiklabs.com/
