Migrating Microsoft Workloads To Amazon Web Services: Andy Hall Jignesh Suthar June 3, 2020

Migrating Microsoft Workloads to
Amazon Web Services

Andy Hall
Jignesh Suthar
June 3, 2020
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
Agenda
1. Microsoft Workloads on AWS
2. Assessment
3. Migration
4. Optimization
5. Hands on Lab: Migration/Hybrid
AWS
Microsoft Workloads
Windows Workloads Market
70% 82% 50%

Enterprise Applications Windows Applications Of Enterprise customers
Windows based (IDC) still on premise (IDC) planning to migrate to cloud
within next 24mo. (Gartner)
Assessing Microsoft Workloads
Traditional technology consumption
Technology
teams Request Procurement Model
Engineers as requesters
Procurement as approvers
Rack & Approve
stack & track Step function spend and capacity forecasting
Long procurement cycles

Operations Supply Chain
High cost of failure
Procure
Cloud technology consumption
Model
Deploy Operate
Engineers and Finance acting as one
Technology Finance Match capacity with demand

teams organization
Procurement is instant
Low cost of failure

Optimize
Not a traditional data center
Traditional financial management Poor cloud cost management

processes cause up to $10B+ in impacts the business2
excess annual cloud spend1 80% of respondents acknowledge that poor
financial management related to cloud costs has
had a negative impact on their business
35%
excess spend Slows/halts cloud adoption (53%)
Cripples innovation (25%)
Lowers quality of service (38%)
Leads to sprawl/underutilization of resources (40%)
65% Increases cost (22%)
efficient
cloud spend
Sources:
1. RightScale 2019 State of the Cloud Report from Flexera;
2. (451 Research Report) Cost Management in the Cloud Age Enterprise readiness threatens innovation. (451 Research study commissioned by Cloudability)
Use Optimization and Licensing Assessments
to Analyze Business Impact
On-Premises vs. Rightsized to AWS
Annual
on-prem cost
36% in
Rightsized compute savings
to AWS
$0 $50,000,000 $100,000,000 $150,000,000
SQL Ent On-Prem

49% in SQL
SQL Ent On-Prem
Core Requirement
Core Requirement
core savings
SQL Ent Core
SQL Ent Cores
Optimized in AWS
Optimized in AWS
0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000
Source: TSO Logic—Economics of Cloud Migration Report

Addressing cloud assessment challenges
Challenge AWS solution
§ Footprint: Knowing what is installed across all § The AWS assessment identifies everything in the
servers, workstations, cloud instances, containers, & customers environment, regardless of platform,
devices across the entire enterprise application, or geography
§ Scope of opportunity: What to move, focus on under § Analysis allows customer to right size based on actual
utilized servers, servers running at peak capacity, resource consumption (ARC) and pivot on multiple
heavily virtualized, older server, etc. scenarios
§ Cost: What it really costs once all the credits, § Identify optimized licensing and provisioning to ensure
discounts, & rebates are used. Ability to weigh the the most cost-effective cloud solution
pros and cons of BYOL and LI
§ Provide recommendations for Dedicated Hosts,
§ Timing and effort: Concerns the process will take optimized CPU, Reserved Instances, and Spot
months and the customer may need to go through
this exercise with another cloud provider § Customer has access to all the data, and
recommendations are available fast
Migrating Microsoft Workloads
How would you migrate a three tier application?
Presentation Tier
Application Tier
Database Tier
Migration Planning
Determine the best option
Rehost: Run Servers on Amazon Elastic Compute Cloud (Amazon EC2)
Replatform: Migrate to a Managed Service(Amazon RDS)
Refactor/Modernize: Refactor Application from .NET Framework to .NET

Core\Migrate to Cloud Native Solutions (Amazon EKS, AWS Lambda, Amazon
DynamoDB, and others)
Rehost: Lift and shift servers onto Amazon EC2
• Familiar administration experience

• Full control over the environment
• COTS Applications
• For SQL Databases
• All SQL Server features available Amazon
EC2
• All SQL Server versions supported
Migration Tool: CloudEndure Migration
Migration Tool: Server Migration Service
• Agentless VM migration from on-premises datacenters to Amazon EC2

• Supports VMware & Hyper-V Virtual Machines
• Automate, schedule, and track incremental replications
• Simplified application migration using multi-server grouping
• Auto-generates AMIs and CloudFormation Template for ease of deployment
• Free of cost
Three Tier Application Rehost
AWS Server
Migration
Presentation Tier Service Presentation Tier
1. Use a Migration Tool
1. Server Migration Service (SMS)
2. CloudEndure
3. Third-Party Tools
Application Tier 2. Backup and Restore Application Tier

3. Deploy new machines and re-install
AWS Database
Migration Service
Database Tier Database Tier

1. Database Migration Service
2. Backup and Restore
Replatform: Migrate to a Managed Service
• Optimized architecture
• Automated patching
• Automated backups Amazon RDS Amazon FSx
• Proven high availability

• COTS Applications
AWS Directory VMware Cloud on

Service AWS
Three Tier Application Replatforming
AWS Server
Migration
Presentation Tier Service Presentation Tier
1. Server Migration Service (SMS)
2. CloudEndure
3. Third-Party Tools
Application Tier 2. Backup and Restore Application Tier

3. Deploy new machines and re-install
AWS Database
Migration Service

2. Backup and Restore
Amazon RDS
Modernization: Adopt Cloud Native Services
• Containers\Micro-Services
• Amazon EKS
AWS Lambda Amazon Elastic Container
• Amazon ECS Service for Kubernetes
• AWS Lambda
• Amazon API Gateway
Amazon API Amazon Elastic
• Aurora: SQL/OLTP Gateway Container Service
• DynamoDB: NoSQL
Amazon Aurora Amazon DynamoDB
AWS Serverless Portfolio
APPLICATION PRIMITIVES – COMPUTE AND DATASTORES
Amazon AWS AWS Amazon Amazon Aurora Amazon

S3 Lambda Fargate DynamoDB Serverless Kinesis
APPLICATION INTEGRATION
Amazon Amazon AWS Amazon Amazon AWS

SNS API Gateway Step Functions MQ SQS AppSync
DEVELOPER TOOLS
AWS AWS AWS AWS Amazon AWS

CloudFormation Cloud9 CodePipeline Config CloudWatch X-Ray
SECURITY AND ADMINISTRATION
AWS AWS Amazon Amazon AWS AWS AWS Amazon

IAM SSO GuardDuty Inspector WAF CloudTrail Shield Cognito
Three Tier Application – Refactor/Modernized
Presentation Tier Presentation Tier
1. Use Containers
1. Amazon ECS
Amazon Simple Storage Containers
2. Amazon EKS Service (S3)
2. Serverless Architecture
Application Tier Application Tier
Amazon API AWS Lambda Containers

Gateway
AWS Database
Migration Service

Amazon Aurora Amazon
2. Schema Conversion Tool
DynamoDB
Sample Modernized Architecture with Lambda
Amazon Amazon S3 Amazon

CloudFront Aurora
serverless
Browser
Amazon API AWS Lambda Amazon

Gateway DynamoDB
Sample Modernized Architecture with Containers
Amazon Amazon S3
CloudFront Amazon ECR
Amazon
Aurora
serverless
Browser AWS Fargate
Application Load Amazon ECS Amazon

Balancer DynamoDB
Hybrid:
• Continue to use your on-premises investments while getting the

full benefits of the cloud
• AWS provides the broadest set of hybrid capabilities of any cloud

provider: networking, data, access, management, and application
services.
Optimizing Microsoft Workloads
Optimizing your workloads on AWS
Begin the adoption of managed services and transition to

management using Cloud native tools.
• Leverage Managed Services
• Managed Active Directory
• FSx for Window Server
• RDS for SQL Server
• Elastic Beanstalk
• AWS Systems Manager
AWS Managed Active Directory
AD on AWS supports many options
AD as a Managed Service True hybrid AD AD-enabled cloud
Actual Microsoft AD, HIPAA and A modern, hybrid approach Run or extend AD-dependent
PCI Eligible, Trust support, to AD that shares privileges workloads onto EC2 or AWS
Group-based policies, SSO, and data from on-premises Managed Services
Seamless domain join, AWS AD to AWS Managed
Management Console Microsoft AD on AWS
Federation, Daily snapshots
AWS Managed Microsoft AD
• High availability
• Increased security
• Reduce management overhead
• Deploy workloads faster
• Automate deployments using APIs
• Create managed instances in AWS using the AWS Management Console, CLI, or API
• Connect to on-prem Active Directory using trusts or utilize as a stand alone
directory
• Seamlessly domain join your EC2 instances, and use on-prem identities for AWS
apps
AWS Managed Microsoft AD: What’s in the box?
• Actual Microsoft Active Directory (2012 R2)

• Single tenant, managed service
• Default of two domain controllers (no max)
• Provides delegated administrative authority over directory
objects in your OU
• Supports standard AD management tools
• AWS managed infrastructure, including availability, patching,
and backups
• Seamless integration with AWS services
• AWS SSO, Amazon FSx for Windows File Server, Amazon Workspaces,
Amazon RDS for: SQL Server, Oracle, PostgreSQL
Common Use Cases
Amazon EC2 AWS Managed Services
.NET Apps SharePoint SQL Server Always- Amazon EC2 Amazon RDS for Amazon RDS for Amazon RDS for Amazon FSx for
Server On Linux SQL Server Oracle PostgreSQL Windows File Server
AWS Single Sign-On AWS Applications
AWS Management Amazon Amazon Amazon Amazon Amazon

AWS IoT Core WorkSpaces AppStream 2.0 WorkDocs QuickSight
Console SageMaker
CLI v2 SAML
Amazon Amazon Amazon AWS Client VPN
Chime WorkMail Connect
Active Directory Trust Model
Understanding the trust model
Trusting Trusted
VPC On-premises
network
Trust
AD Access AD
Managed AD DC Windows
AD DC
Forest Trust Cloud On-premises

• No access by
default
• Trust used to read
objects in the Security group
directory (access entitlements here)
Security group
Benefits of the trust model
• Time tested & proven native AD connectivity

mechanism.
• No movement or transfer of identity information, but
ability to utilize them.
• Fewer network port requirements compared than
alternatives.
• Well documented communication flows and security
configurations.
Trust considerations
• Do you need a 1-way or 2-way trust?

• 1-way supports EC2 & RDS SQL Server
• 2-way required for AWS Enterprise Apps:
Workspaces, Chime, Quicksight, etc.
• Inbound half of two-way trust is used for user
lookup/provisioning.
Reference Architecture:
Availability Zone
AWS Managed Microsoft AD
Private Subnet AWS Managed Services
RDS
SQL Server DB
WEB APP
Auth/
LDAP Domain
IIS App Controller
Server Server DC
Application
Managed AD
10.0.2.0/24
Remote
Users/Admins
Auth/ Direct
LDAP Connect Trust
Private Subnet AWS Managed Services

Domain
AD VPN
Controller
Auth/
Domain
WEB APP LDAP Managed AD
Controllers
Corporate data center

IIS App RDS for
Server Server SQL Server DB
10.0.3.0/24
Availability Zone
Amazon FSx for Windows
What is Amazon FSx for Windows?
Fully managed native Deeply integrated

Windows file systems with AWS
Designed for a wide spectrum of use cases:
Home Line-of-business Web serving and

directories applications content management
NEW! NEW!
Software Backup and HA SQL Server

development disaster recovery databases
environments
Broadly accessible
Microsoft Windows
Amazon EC2 Amazon VPN AWS Direct
Server 2008+ and
WorkSpaces Connect
Windows 7+
Linux Amazon VPC Peering AWS Transit

VMware Cloud
(SMB client) AppStream 2.0 Gateway
on AWS
MacOS
On-premises In-VPC access
compute instance
OS Compute instance Network connectivity

Storage Pricing
(per GB-month)
Single-AZ Multi-AZ
SSD-based storage 13 cents 23 cents

SSD
NEW!
HDD-based storage 1.3 cents 2.5 cents

HDD
Note: Based on Amazon FSx for Windows File Server pricing in US East (N. Virginia)
Backups
Region
Daily automated backup
Admin-defined schedule and

Amazon FSx
retention period
for Windows File Server
\\fs-0123456789.example.com
Amazon S3
Admins can take
backups as needed
Admin-initiated backup
Operations and Management:
AWS Systems Manager (SSM)
Operate Safely and At Scale
Operations for any cloud at any scale
Group
The building blocks of your applications
Support AWS, On-Premises,

Visualize and Other Clouds
Operational insights for applications Use cross-platform capabilities manage
Brings other AWS services in a single console both Windows and Linux
Act
Using AWS best practices with built-in controls
AWS Systems Manager Capabilities
Resource Groups Patch Manager State Manager
Run Command Automation Maintenance Window
Inventory Parameter Store Session Manager
Distributor
Manage Resources at Scale
Resource groups
Define the building blocks

of your application
Give a meaning to a collection
of AWS resources (as an app, env,
or business unit)
Group AWS resources based on
tags using a simple query
Save a search as a heterogeneous
group of (dynamic) resources
Interact with a group directly rather than
individual resources
Improved Visibility and Control
Setup operational
dashboards
Build and customize your
own ops-dashboards
Leverage your existing Amazon
CloudWatch dashboards
Leverage your existing
CloudWatch metrics
Monitor Compliance
Visualize your application’s metrics
Compliance with Patch Manager
corp data center
Default Patch Baseline Web Server

Patch Group=WebServers
for the OS Patch Baseline
Patch Manager
Patch Group=SQLCluster
Individual instances
not grouped
Maintenance
Compliance Notifications!
Window
Compliance as Code
Author Run Compliance scans View Compliance

Compliance checks in InSpec (human Using Run Command or periodic scans On Compliance UI or APIs
readable, open-source DSL) on GitHub using State Manager
Safe and Secure Operations
corp data center
VPC2
Tags
IAM
Tags
VPC1
Auditing
CloudTrail Run Command Amazon CloudWatch

Events
Interactive Access to Instances with Session Manager
• Interactive browser-based shell and CLI for
EC2 instances
Shell or CLI
Access Control Auditing and Logging

• No need to open inbound ports, manage
SSH keys or certs
IAM CloudTrail
• Grant/Revoke access from IAM
EC2 instances
• Session auditing and logging

VPC1
• Support for AWS PrivateLink
Questions?
Hands-on Experience
Lab Information
• Check your email for a Hash Code – from hllaah@amazon.com

• Lab Guide is available here -
https://winonaws.cloud/migratewindows
• You lab Environment is available here -
https://dashboard.eventengine.run/login
• You will need your lab hash code to access the environment
• Lab Region: Oregon (US-WEST-2)
• If you have questions while running the lab, just let us know
• Survey - https://survey.immersionday.com/XKwPYjkGR

Migrating Microsoft Workloads To Amazon Web Services: Andy Hall Jignesh Suthar June 3, 2020

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Migrating Microsoft Workloads To Amazon Web Services: Andy Hall Jignesh Suthar June 3, 2020

Uploaded by

Copyright:

Available Formats

Migrating Microsoft Workloads to

Amazon Web Services

5. Hands on Lab: Migration/Hybrid

70% 82% 50%

Long procurement cycles

Technology Finance Match capacity with demand

Low cost of failure

Traditional financial management Poor cloud cost management

$0 $50,000,000 $100,000,000 $150,000,000

SQL Ent On-Prem

Source: TSO Logic—Economics of Cloud Migration Report

Rehost: Run Servers on Amazon Elastic Compute Cloud (Amazon EC2)

Replatform: Migrate to a Managed Service(Amazon RDS)

Refactor/Modernize: Refactor Application from .NET Framework to .NET

• Familiar administration experience

• Agentless VM migration from on-premises datacenters to Amazon EC2

Application Tier 2. Backup and Restore Application Tier

Database Tier Database Tier

• Proven high availability

AWS Directory VMware Cloud on

Application Tier 2. Backup and Restore Application Tier

Database Tier Database Tier

Amazon Aurora Amazon DynamoDB

Amazon AWS AWS Amazon Amazon Aurora Amazon

Amazon Amazon AWS Amazon Amazon AWS

AWS AWS AWS AWS Amazon AWS

SECURITY AND ADMINISTRATION

AWS AWS Amazon Amazon AWS AWS AWS Amazon

Amazon API AWS Lambda Containers

Database Tier Database Tier

Amazon Amazon S3 Amazon

Amazon API AWS Lambda Amazon

Browser AWS Fargate

Application Load Amazon ECS Amazon

• Continue to use your on-premises investments while getting the

• AWS provides the broadest set of hybrid capabilities of any cloud

Begin the adoption of managed services and transition to

AD as a Managed Service True hybrid AD AD-enabled cloud

• Actual Microsoft Active Directory (2012 R2)

AWS Single Sign-On AWS Applications

AWS Management Amazon Amazon Amazon Amazon Amazon

Forest Trust Cloud On-premises

• Time tested & proven native AD connectivity

• Do you need a 1-way or 2-way trust?

Private Subnet AWS Managed Services

Corporate data center

Fully managed native Deeply integrated

Home Line-of-business Web serving and

Software Backup and HA SQL Server

Linux Amazon VPC Peering AWS Transit

OS Compute instance Network connectivity

SSD-based storage 13 cents 23 cents

HDD-based storage 1.3 cents 2.5 cents

Daily automated backup

Admin-defined schedule and

Support AWS, On-Premises,

Resource Groups Patch Manager State Manager

Run Command Automation Maintenance Window

Inventory Parameter Store Session Manager

Define the building blocks

corp data center

Default Patch Baseline Web Server

Author Run Compliance scans View Compliance