Upload
amazon-web-services
View
1.469
Download
2
Tags:
Embed Size (px)
DESCRIPTION
AWS Solution Architect discusses high availability features for Microsoft Windows Server and SQL Server running on the AWS Cloud. Windows Server Failover Clustering (WSFC) and SQL AlwaysOn Availability Groups are part of the underpinnings for many enterprise-class solutions, including Microsoft SharePoint and .NET applications. You will learn to: • Deploy the virtual network infrastructure on multiple subnets • Launch Amazon Machine Images (AMIs) of Windows Server 2008 R2 • Set up Active Directory and DNS • Launch and configure the WSFC nodes • Create a SQL Server AlwaysOn Availability Group
Citation preview
Microsoft SharePoint Server on AWS Deploying a SharePoint 2010 Server Farm on the AWS Cloud
Ulf Schoo
AWS Solution Architect
1
Agenda
• Introduction
• Running Microsoft Workloads on AWS
• SharePoint Server Architecture on AWS
• Common SharePoint Server Scenarios in the AWS cloud
• Mapping SharePoint Server scenarios to AWS – Network and Security Setup – Server Setup and Configuration – Deployment
• Resources
2
Meeting Business Growth • Time to obtain new hardware
• Scalability, elasticity
Data Center Limitations
Inflexible Architecture
DR & HA
Finding & Retiring IT talent
Enterprise IT Challenges
3
Key Benefits to Running in the AWS Cloud
No Up-Front Investment
Apps not Ops
Flexible Capacity
Speed and Agility
Low Ongoing Cost
Deploy
Global Reach
4
The AWS Cloud
Low-level building blocks
High-level building blocks
Tools to access services
Cross Service features
5
AWS Global Infrastructure
9 Regions
25 Availability Zones
Continuous Expansion
6
Key AWS Services
AMI
Virtual Machine Configuration
Instance
Running or Stopped VM
VPC
EC2 “Classic”
Availability Zone Availability Zone
S3
EBS EBS EBS
VPC
EC2 “Classic”
EBS EBS EBS
EBS Snapshots
S3 Buckets
Region
7
AWS “Virtual Private Cloud”
• Launch AWS resources in a virtual network that you define
• Environment closely resembles a traditional network
• Control over IP address ranges, subnets, routes, gateways
and security settings
• Create encrypted VPN connections between your branch
offices or corporate headquarters and use VPC as an
extension of your corporate data center
8
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
EC2
S3
S3
S3
S3
S3
S3
Public Cloud
Secure VPN
over Internet
Multiple
Subnets
Corporate
Router
VPN Gateway
Amazon Virtual Private Cloud Extends Your Data Center
IP Addresses
Not Advertised
to Internet
Physical Data
Center
9
Microsoft Platform on AWS
• Partnership to support running Windows
Server-based workloads on AWS
• Amazon Machine Images (AMIs) with
Windows Server and SQL Server today that
were jointly developed by Microsoft and
AWS
• SharePoint Server and other Microsoft
server products can be licensed to run on
AWS
Two licensing models:
•Windows Server
•SQL Server Standard
Pay-as-you-go – AMI pricing includes
software
•SQL Server Enterprise
•SharePoint Server
•Other qualifying Microsoft Windows Server products*
BYOL – use existing licenses on AWS
*General info on AWS and License Mobility for a variety of MS server products:
http://aws.amazon.com/windows/mslicensemobility/
Detail on AWS and License Mobility with SQL Server:
http://aws.amazon.com/windows/mslicensemobility/sql/
Microsoft “License Mobility through Software Assurance” gives Microsoft Volume Licensing
customers the flexibility to deploy Windows Server applications with active Software
Assurance (SA) on Amazon Web Services.
10
SharePoint Server Common Workloads
• Enterprise collaboration, content management,
and team/project sites
• Web Applications: – ASP.NET++ documents/team, SharePoint services, social
computing workflow, backend connectivity, web-part
personalization, etc.
• Search services – SharePoint Search Server
• MS Office services – Excel, Word, etc.
11
Two SharePoint Scenarios
• Enterprise internal deployment of SharePoint: – All or partial deployment of corporate SharePoint infrastructure
on AWS
– Intranet only – user experience identical to running on-premise
SharePoint
• Public-accessible Web Application/Website – Web-based application built on SharePoint Server
– For instance: Customer service portal
12
Intranet SharePoint on AWS
• Enterprise (Intranet) SharePoint farm: – Completely or partial (hybrid) hosted in AWS
– Extension of enterprise infrastructure into AWS
• Key points: – Typically for corporate group collaboration, content sharing, team sites
– Internal only – access only from within corporate
– Active Directory on premise – authenticate using corporate credentials
Microsoft SharePoint Architecture Intranet On-Premises
Application Server Tier
Web Server Group
Web Server Group
App Server Group
App Server Group
Web Server Tier Database Server Tier
Database Group
Database Group Load
Balancer
Primary DB
Secondary DB
Domain Controller
Witness
On-Premises Data Center
Public Website on AWS
• Public Website – Hosted public website/application on AWS
– Leverage SharePoint Server capabilities for web-based application (content, workflow)
• Key points: – Complete solution deployed within AWS
– Accessible via public internet
– DMZ for threat management
15
Microsoft SharePoint Architecture Pubic Facing Website
Application Server Tier
Threat Management Gateways
SharePoint Servers
Threat Management (DMZ)
Database Server Tier
Secondary DB
Load
Balancer
Primary DB
Domain Controller
Witness
Application Hosting
Web Server Tier
Web Server Group
Mirro
red
Web Server Group
SharePoint Servers
Fire
wal
l
Threat Management Gateways
On-Premises Data Center
16
Implementing SharePoint Server Farm on AWS
Done in a step-wise sequential approach similar to a setup on-premises:
1. Create foundational infrastructure:
• Network, Routing, Security
• 2nd Datacenter for High Availability (2nd AWS Availability Zone)
2. Setup AD, Sites, Subnets, Sitelinks
3. Set up MS SQL Server – primary, secondary, (witness)
4. Set up Application Servers
5. Set up Web Front End (WFE) servers
17
SharePoint Architecture in AWS Intranet – Network
On Premises Data Center
Customer Gateway
(VPN)
Active Directory Domain Controllers
Availability Zone 1
Availability Zone 2
AWS Region
VPN Connection
Virtual Private
Gateway
Web Tier Application Tier Database Tier
Web Tier Application Tier
Active Directory
Database Tier
Active Directory
Private Subnet Private Subnet Private Subnet
Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
Elastic Load
Balancer
18
SharePoint Architecture in AWS Public Facing Site – Network
Availability Zone 1
Availability Zone 2
Region
Internet Gateway
Internet
Web Tier Application Tier Database Tier
Web Tier Application Tier
Active Directory
Database Tier
Active Directory
DMZ
DMZ
NAT
NAT
HTTP/S
Public Subnet Private Subnet Private Subnet Private Subnet
Public Subnet Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
RDGW
RDGW
19
Identity and Authorization
• Active Directory setup in VPC to provide user
authentication for SharePoint farm on AWS – For the intranet scenario, AWS AD contents are replicated from the
AD on-premises via VPN (periodic refresh)
– For website scenario, users are created and maintained in AWS AD
• If on-premises alternate directory exists (LDAP etc),
then ADFS should be considered to federate those
with SharePoint
20
SharePoint Architecture in AWS Active Directory On AWS
VPN Connection
Active Directory Domain Controllers
Availability Zone 1
Availability Zone 2
Virtual Private
Gateway
Customer Gateway
(VPN)
Active Directory Replication Active Directory
Active Directory
Private Subnet
Private Subnet
On Premise Data Center
21
SharePoint Architecture in AWS Public Facing Website – AD Setup
Availability Zone 1
Availability Zone 2
Region
Internet Gateway
Internet
Web Tier Application Tier
Database Tier
Web Tier Application Tier
Active Directory
Database Tier
Active Directory
DMZ
DMZ
NAT
NAT
HTTP/S
Public Subnet Private Subnet Private Subnet Private Subnet
Public Subnet Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
RDGW
RDGW
22
Server Setup
• Map Microsoft guidance for on-premise and virtualized
SharePoint Server setups to EC2
• For each distinct server type/role: o Select (or create/derive) AMI for the role – Windows, MS SQL, etc.
o Select EC2 Instance Type – pivot around CPU, RAM, storage, and
networking performance
• Serves as an initial starting point for sizing/testing
• Test/tweak against your metrics and usage patterns, e.g.
number of concurrent users, type and amounts of
content, etc
23
Server Sizing
24
Tier / Role Scenario Processor RAM Hard Disk
Web/Application Tier All 64-bit, 4 core 8 GB 80 GB
Database server Small deployment 64-bit, 4 core 8 GB 80 GB
Database server Medium deployment 64-bit, 8 core 16 GB 80 GB
Domain controller All 64-bit, 4 core 8 GB 80 GB
Tier Applicable EC2 Instance Type and Range AMI to Use
Web front end Extra Large (m1.xl) Windows Server 2008 R2 + IIS
Application server Extra Large: High Memory Quad Extra Large (m2.xl–m2.4xl) Windows Server 2008 R2
Database server High Memory Quadruple Extra Large (m2.4xl) Optimized SQL Server 2008 R2 AMIs from Microsoft
Domain controller Extra Large (m1.xl) Windows Server (in the role of a domain controller)
Microsoft recommended server requirements for on-premises SharePoint farm:
Suggested mapping to AWS instance types:
Security Setup
• To enable appropriate access in and out of the VPC,
subnets, and the instances running each subnet
• Two core components in security setup:
Security Groups Act as a firewall that controls the traffic allowed in and out of a AWS resource.
Security groups act at the instance level, not the subnet level.
Network ACLs Acts as a firewall for controlling traffic in and out of a subnet. Network ACLs act
at the subnet level, not the instance level.
25
SharePoint Architecture in AWS Intranet – Server Setup
On Premise
Data Center
Customer
Gateway
(VPN)
Active Directory
Domain Controllers
Availability Zone 1
Availability Zone 2
AWS Region
VPN
Connection
Virtual
Private
Gateway
Web Tier Application Tier Primary Database
Web Tier Application Tier
Active Directory
Secondary Database
Active Directory
Private Subnet Private Subnet Private Subnet
Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
Elastic
Load
Balancer
M1.xl M2.2xl-4xl
M2.4xl
M1.small
26
SharePoint Architecture in AWS Public Website – Server Setup
Availability Zone 1
Availability Zone 2
Region
Internet
Gateway
Internet
Web Tier Application Tier Primary Database
Web Tier Application Tier
Active Directory
Secondary Database
Active Directory
DMZ
DMZ
NAT
NAT
HTTP/S
Public Subnet Private Subnet Private Subnet Private Subnet
Public Subnet Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
RDGW
RDGW
M1.xl M2.2xl-4xl
M2.4xl
M1.small
27
Deployment Tools
• AWS CloudFormation – Specify creation and configuration of AWS resources in a JSON-
based template
– Deploy template using AWS CloudFormation to create a ‘stack’ of
running resources
– Integrates with other deployment scripts/tools
• Private AMI Creation
• Windows Powershell – Execute on instance at provisioning time via instance Metadata
– Use PowerShell to orchestrate CloudFormation template launches
28
SharePoint Architecture Whitepaper
• The whitepaper describes all of this in much greater detail and is available for download at:
http://aws.amazon.com/windows/sharepoint/
• Presents and discusses how the SharePoint Server architecture scenarios can be configured and deployed to run on AWS – Enterprise internal deployment of SharePoint
– Public-accessible Web Application/Website
• Targeted to IT decision-makers and administrators
29
Tutorial Article and New Video Tutorial
Article
http://aws.amazon.com/articles/9982940049271604
Video
http://aws.amazon.com/windows/sharepoint/gsg-sharepoint-2010/
“Deploy a Microsoft SharePoint 2010 Server Farm in the AWS Cloud in 6 Simple Steps”:
– Builds upon the SharePoint Architecture White Paper – Configure your SharePoint Server farm and test by creating a sample site
AWS CloudFormation Templates for each step: network/AD stack
Db
stack
app
stack
web
stack
30
Advanced Implementation Guide
• Available in pdf format here:
https://aws.amazon.com/whitepapers/ sharepoint-implementation-guide/
• Comprehensive guide detailing all of the components of the AWS CloudFormation templates, AMI and instance configuration, parameters that can be varied, etc
• Walks through ALL of the AWS CloudFormation details, Powershell scripts, cfn-init details, etc
• Targeted to customers and systems integrators that want to understand all the details, to customize, extend, etc
31
32
Further Reading
Web Pages
Microsoft on AWS http://aws.amazon.com/microsoft/
Amazon EC2 Windows Guide http://aws.amazon.com/sharepoint/
Amazon EC2 Windows Guide http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/
Microsoft AMIs for Windows and SQL Server http://aws.amazon.com/windows/ (includes pricing)
https://aws.amazon.com/amis?ami_provider_id=1&platform=Windows
&selection=ami_provider_id%2Bplatform
Microsoft License Mobility http://aws.amazon.com/windows/mslicensemobility/
Covers Microsoft Exchange, SharePoint, SQL Server, Lync Server,
System Center Operations Manager, and Dynamics CRM. See page
for specific details including which versions are covered.
Whitepapers
Microsoft SharePoint Server on AWS: Reference Architecture
Secure Microsoft Applications on AWS
Implementing Microsoft Windows Server Failover Clustering (WSFC)
and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud
Contact Us
Microsoft (general) https://aws.amazon.com/microsoft/contact-us/
SharePoint https://aws.amazon.com/sharepoint/contact-us/
33
Slalom http://www.slalom.com/
AWS Partner Network
Smartronix http://www.smartronix.com
AIS http://www.appliedis.com
Booz Allen http://www.boozallen.com
RDA http://www.rdacorp.com
A selection of APN members that specialize in Microsoft Exchange workloads
Bootcamp: Implementing the Microsoft Enterprise Datacenter in the AWS Cloud
Level: 300 - Experienced Audience: Solution Architects, SysOp Administrators Price: $600
http://reinvent.awsevents.com/bootcamps.html#implementing-the-microsoft-enterprise-datacenter-in-the-aws-cloud 34