Microsoft On AWS Immersion

Microsoft on AWS
Immersion Day
Microsoft Squad Brazil

September 08th, 2021
© 2021, Amazon Web Services, Inc. or its Affiliates.

Senior Principal Enterprise Solutions Senior Technical

Customer Solutions Solutions Architect Partner Account
Solutions Architect Architect Solutions Manager
Manager Architect

Innovation for Windows on AWS

Innovations for AWS customers Entitlement Distributor
.NET 5 on AWS
RDS SQL Server Integration and Reporting Services
12+ years of running Windows workloads Launch Wizard for SQL Server on Linux
VSS Backup for Windows
License Switching
VSS Backup for Windows
AWS App2Container
69 new launches for Windows Workloads in the last year

Porting Assistant for .NET
MAP for Windows .NET Core 3.1 Support with Lambda
SQL Server 2019 Windows + Linux Windows Web App Migration Assistant
(ASP.NET)
10k+ partners innovating on AWS .NET Cloud Development Kit (CDK)

AWS Launch Wizard
Joined .NET Foundation
AWS Launch Wizard for SQL Server
New, Simplified, Bring Your Own
License (BYOL) experience
EC2 Image Builder
Amazon Linux 2 and Ubuntu
Azure to AWS Migration Support
w/ Mono and .NET support
AWS Toolkit for Visual Studio Code
CloudWatch AppInsights for .NET and SQL Amazon EKS for Windows Containers
AWS License Manager AWS X-Ray .NET Core Support
Active Directory Cross VPC Support Amazon FSx for Windows File Server
Dedicated Host Enhancement Tag-On Application migration using AWS SMS
.NET Developer Hub .NET Core 2.1 Support with Lambda & X-Ray
Lambda Support for PowerShell Core
Sessions Manager
.NET Core on Linux AMIs
SQL Server 2017 Windows + Linux
EC2 Windows on Bare Metal/Hyper-V AMI
Windows Deep Learning AMI
Hyper-V support in SMS .NET Core & PowerShell on AL2/Ubuntu
Application-consistent Snapshots through VSS .NET Core Support in AWS CodeStar and CodeBuild
.NET Core 1.0 Support with Lambda
Trusted Advisor for Windows Windows for Lightsail
Windows Server
.NET SDK v3 Windows Server 2016
X-Ray .NET SDK SQL Server
EC2 Systems Manager
Microsoft SharePoint 2016 (Marketplace) Amazon ECS for Windows Containers
SQL Server 2008 SQL Server 2016
.NET
Windows Server 2012 AWS Directory Service
Windows Server 2003 .NET SDK v2
Windows Server 2008 SQL Server 2012 EC2 Dedicated Hosts (BYOL)
SQL Server 2008 R2 NuGet (Package management) AWS Tools for Windows PowerShell
App Modernization
Amazon RDS adds SQL Server
.NET SDK Windows Server 2008 R2 AWS Toolkit for Visual Studio SAP instance on AWS
2008 2010 2012 2014 2016 2018 2020 Today

Agenda
• Recados
• Active Directory on AWS

• Demo
• Amazon FSx for Windows Server

• Demo
• AWS App2Container
• Demo
• Fechamento (Quiz)
https://eventbox.dev?code=FYJJ499DV1

Overview of Active Directory on AWS

Agenda – Active Directory @ AWS
• Why do customers deploys Active Directory on AWS

• How do customers choose
• Managed AD (MAD) vs. EC2
• Design considerations
• AWS Managed AD Use Cases
• Demo - Deploying Managed Microsoft AD
• Demo - Administering AD
• Forest Trusts
• Demo - Forest Trusts

Why do customers deploy Active Directory on AWS?
Support Windows Integrate with AWS Provide low latency

workloads running applications and to applications
on AWS services

How do customers choose between these options?
• Want to minimize AD infrastructure AWS Managed

operational management in the cloud Microsoft AD
• Allow delegation of cloud AD management to

a separate team while maintaining control of
user identity
• Need delineation between on-premises and
AWS environments
• Need native integration with Amazon RDS,
Amazon FSx, AWS Single Sign-On, etc.

How do customers choose between these options?
• Want to extend the existing forest/domain to Deploy AD to

AWS Amazon EC2
• Need for domain/enterprise admin privilege
• Extend existing users, groups, OUs, and GPOs
• Single unified environment between on-
premises and AWS cloud

Managed vs EC2
AWS Managed Active Directory on
Active Directory Service Amazon EC2 Instances
Scaling Scaling
Schema Extensions
• Consider Schema Extensions • Need full control over Schema Extensions
Managed AD first Active Directory
High Availability High Availability
• Focus on business
AD Backups AD Backups
value tasks
• Reduced O&M OS Patching OS Patching
tasks OS Install/Maintenance OS Install/Maintenance
Power, HVAC, net Power, HVAC, net
AWS manages Customer manages

General Design Considerations
• Customer responsible for patching,

monitoring, backups, and high
availability
• Place domain controllers in a

minimum of two Availability Zones
to provide high availability
• Treat Availability Zones as you

would distinct data centers

Security Considerations
• Active Directory best practices still apply in AWS
• Control access to your domain controller instances
• Domain controllers should not be internet-facing

• Place domain controllers and other non-
internet facing servers in private subnets
• Use NACLs and Security Groups to control what

ports are open in Active Directory

Network Considerations
• Replication Topology
• Understand your connectivity options

• Needs for hybrid connectivity
• AWS Direct Connect/VPN
• When peering multiple VPCs, it’s sufficient to deploy DCs in a

single VPC. Application servers in other VPCs can access the AD
over VPC peering.

AWS Managed Microsoft AD Use cases

AWS Case Studies - Public References
Millions of customers, including fastest-growing startups, large
enterprise, and leading government agencies, are using AWS to reduce
costs, stay more agile and innovate faster.
https://aws.amazon.com/managed-services/customers/
https://aws.amazon.com/solutions/case-studies/iata/
https://aws.amazon.com/solutions/case-studies/capital-one-all-in-on-aws/
https://aws.amazon.com/blogs/compute/running-the-most-reliable-choice-for-windows-workloads-windows-on-aws

Demo
Deploying Managed Microsoft AD

Demo Architecture – AWS Managed Microsoft AD

Demo
Administering AD

Understanding the Trust Model

When to create a trust relationship
You can configure one and two-way external and forest trust
relationships between your AWS Directory Service for Microsoft Active
Directory and on-premises directories, as well as between multiple AWS
Managed Microsoft AD directories in the AWS cloud.
Forest Trust
• Incoming
• Outgoing
• Two-way (Bi-directional).

Active Directory Topology: Forest Trust
Deploy domain controllers that are of a different domain in a different forest,
and configure one-way or two-way trusts. You can create a new forest in
your AWS environment with forest trust enabled to the existing on-premises
forest. DC1
AD Domain: abc.com
AD Site: SanFran
San Francisco
AD Trust Cost 50
DC1 or DC2 or AD Authentication
AD Domain: abc.aws.com AD Domain: abc.aws.com DC2
VPN / Direct AD Domain: abc.com

Private subnet Private subnet Connect AD Site: NewYork
Availability Zone 1 Availability Zone 2 New York Corporate

Network

Demo
Forest Trust

Demo Architecture – Forest Trust

Amazon FSx for Windows File
Server

September 08th, 2021
FSX Overview

What is Amazon FSx for Windows File Server?
Fully managed native Deeply integrated

Windows file systems with AWS

Fully managed means you no longer need to…
Manage hardware Manage software

Plan capacity Install and configure server software
Procure and purchase hardware Set up and configure file systems
Set up storage servers and volumes Apply Windows updates
Detect and address hardware failures Manage software licenses
Invest CapEx Manage backups
Monitor security
Who is using FSX ? Case Study: Emirates
Emirates gains 37% performance improvement with Amazon

FSx for Windows File Server.
Challenge: Emirates was in the process of migrating their business-critical

booking engine from on premises to the AWS Cloud and needed reliable
shared storage for their content management system (CMS).
Solution: Amazon FSx for Windows File Server enabled Emirates to easily
provision file storage for their CMS to store shared files for their booking
website.
https://aws.amazon.com/fsx/windows/customers/
Amazon FSx for Windows File Server Architecture
Region
VPC
Availability zone A
Subnet 1
\\fs-0123456789.example.com\share
Instances Elastic network

interface

Multi-AZ file system architecture
AWS Cloud AWS Direct On-premises network

Availability Zone 1 Availability Zone 2
Connect
or VPN
Windows Windows
file server file server

Broadly accessible
Microsoft Windows
Amazon EC2 Amazon VPN AWS Direct
Server 2008+ and
WorkSpaces Connect
Windows 7+
Linux Amazon VPC Peering AWS Transit

VMware Cloud
(SMB client) AppStream 2.0 Gateway
on AWS
MacOS
On-premises In-VPC access
compute instance
OS Compute instance Network connectivity

FSx & Identity

Use Amazon FSx with your organization’s AD
Directly integrate your Amazon FSx file systems with your organization’s Active
Directory (on-premises or in-cloud)
• Authentication: Your users continue to access file shares by authenticating
with their existing AD user credentials
• Authorization: You can migrate and use your existing file and folder ACLs, and
your share-level access controls as is, without any modifications needed
Supports two AD integration options:

• AWS Managed Microsoft AD
• Self-managed Microsoft AD (on-premises or in-cloud)

AWS Managed AD Architectures

Self-Managed AD Architectures
AWS Cloud
VPC
Availability Zone 1
Corporate data center

Amazon FSx
AWS Direct Connect
Ldap, DNS, Kerberos

AD
Domain
controllers
company.local Availability Zone 2
Amazon FSx

FSx – A bit on performance

Performance and scale
Latency
Sub-millisecond latencies with SSD
Throughput and IOPS

Direct file server access: up to 3 GB/s of throughput and hundreds of 1000s of IOPS per file system
With client-side caching: up to 10+ GB/s of throughput and millions of IOPS per file system
Single-client performance
With SMB Multichannel, a single client can drive up to the full throughput/IOPS of a file system

Throughput capacity is automatically picked for you –
sufficient for vast majority of apps

FSx – Dedup & Quota

Data Deduplication
• Large datasets = redundant data
• Deduplication deduces redundant data (duplicated
portions of the dataset only once)
• Background = no performance impact
• General Purpose, 50-60%
• User Documents, 30-50%
• Software Development DB, 70-80%

Migrating your data to Amazon
FSx for Windows File Server with
AWS DataSync

AWS DataSync
• Fully automated and integrated with AWS services
• Performs integrity checks on data transferred
• Preserve file-level metadata and attributes when
transferring between Windows file shares
• Accelerates data transfer up to 10x faster than
command line tools (robocopy J)
• Data is encrypted in transit with TLS

AWS DataSync: How it works
On-Premises AWS
AWS Storage Resources
Amazon S3
All storage classes
Amazon Elastic
File System
NFS or SMB
TLS
Shared AWS DataSync AWS DataSync Amazon FSx for
file system agent Windows File Server
Deploy agent on Secure highly parallel Fully managed service Optimized reads and writes
VMware or EC2 for transfers using scales to send or to Amazon S3, Amazon EFS
efficient access to optimized network receive data from agent or Amazon FSx for
local NFS or SMB server protocol Windows File Server

Empowering Users to Restore Files
with Shadow Copies on Amazon
FSx for Windows File Server

Shadow Copies – Self-Service “restore” method

Leveraging automated and manual
Backups

Backup – File System Recovery

Backups
Highly durable Highly durable (11 nines) – stored in Amazon S3
File system Capture and restore a point-in-time view of file system

consistent
Ensures file system-consistency using Shadow Copy
Incremental Only changes after your most recent backup use backup storage
Fully managed Automatic daily backups, with retention policy

Admin-initiated backups via API/Console
Demo: Creating, using and
managing FSX Shares on AWS
Workloads

AWS App2Container

Agenda
• Migration strategy and use cases
• Application containerization
• App2Container
• Supportability
• How does it work?
• Demo
• Q&A

Migration strategy
Install Config Deploy
Rehost Use migration tools
Replatform Determine Modify

platform infrastructure
Validation
Buy Transition
Repurchase Install / Setup
Determine COTS / SaaS
Discovery Production
Refactor Redesign App code ALM / SDLC Integration

development
VMware Cloud On AWS

Relocate
Architecture Best Practices for Migration

Retain
AWS Prescriptive Guidance glossary – Migration terms
Retire
Application containerization
• CI/CD for legacy applications
• Application mobility
• Developer team productivity
• Reduce IT operational / development burden
• Infrastructure optimization

Use cases
• Source code unavailable
• Legacy acquired application
• Development team unavailable
• Unknown application / architecture
• Help with CI/CD deployment

Supportability
What is?
• Help lift and shift applications to containers
• Amazon ECS
• Amazon EKS
• AWS App Runner
Supported applications
• Java applications (Linux)
• Tomcat / TomEE / JBoss (standalone mode)
• Ubuntu / CentOS / RHEL / Amazon Linux
• .NET applications (Windows)
• .NET Framework version 3.5 or later
• IIS 7.5 or later (Windows Server 2008 R2 or later)
• Windows services

How does it work?
Moving Windows applications to containers on AWS
Application Inventory and Containerization and Local Built-in integration with

Dependency Analysis Testing
AWS Services

How does it work?
• Dependency mapping
• Application extraction (artefacts)

• Content (IIS / WinSvc), ports, OSVersion
• Dockerfile building
• ECS, EKS, App Runner*
• CloudFormation (IaC)

How does it work?
Corporate AWS Cloud

data center
App Server App2Container

IIS / WinSvc Worker Server
WinRM HTTPS
Artifacts
DB Server Docker image

Demo
IaC Files
ECR
App Server A2C Server
ECS

Q&A

Thank you!

Microsoft On AWS Immersion

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Microsoft On AWS Immersion

Uploaded by

Copyright:

Available Formats

Microsoft on AWS

Microsoft Squad Brazil

© 2021, Amazon Web Services, Inc. or its Affiliates.

Senior Principal Enterprise Solutions Senior Technical

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

69 new launches for Windows Workloads in the last year

10k+ partners innovating on AWS .NET Cloud Development Kit (CDK)

2008 2010 2012 2014 2016 2018 2020 Today

• Active Directory on AWS

• Amazon FSx for Windows Server

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

• Why do customers deploys Active Directory on AWS

© 2021, Amazon Web Services, Inc. or its Affiliates.

Support Windows Integrate with AWS Provide low latency

© 2021, Amazon Web Services, Inc. or its Affiliates.

• Want to minimize AD infrastructure AWS Managed

• Allow delegation of cloud AD management to

© 2021, Amazon Web Services, Inc. or its Affiliates.

• Want to extend the existing forest/domain to Deploy AD to

© 2021, Amazon Web Services, Inc. or its Affiliates.

AWS manages Customer manages

• Customer responsible for patching,

• Place domain controllers in a

• Treat Availability Zones as you

© 2021, Amazon Web Services, Inc. or its Affiliates.

• Active Directory best practices still apply in AWS

• Control access to your domain controller instances

• Domain controllers should not be internet-facing

• Use NACLs and Security Groups to control what

© 2021, Amazon Web Services, Inc. or its Affiliates.

• Understand your connectivity options

• When peering multiple VPCs, it’s sufficient to deploy DCs in a

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

DC1 or DC2 or AD Authentication

AD Domain: abc.aws.com AD Domain: abc.aws.com DC2

VPN / Direct AD Domain: abc.com

Availability Zone 1 Availability Zone 2 New York Corporate

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

© 2021, Amazon Web Services, Inc. or its Affiliates.

Microsoft Squad Brazil

© 2021, Amazon Web Services, Inc. or its Affiliates.

Fully managed native Deeply integrated

© 2021, Amazon Web Services, Inc. or its Affiliates.

Manage hardware Manage software

Emirates gains 37% performance improvement with Amazon

Challenge: Emirates was in the process of migrating their business-critical

Instances Elastic network

© 2021, Amazon Web Services, Inc. or its Affiliates.

AWS Cloud AWS Direct On-premises network

© 2021, Amazon Web Services, Inc. or its Affiliates.

Linux Amazon VPC Peering AWS Transit

OS Compute instance Network connectivity

© 2021, Amazon Web Services, Inc. or its Affiliates.