Menu
Microsoft Servers on AWS
Quick Start Reference Deployment Guide

Architecture

Figure 1 represents the Quick Start architecture of Windows servers on AWS. The most notable aspect of this architecture is that through Amazon VPC the architecture reflects the same architectural patterns and practices that Microsoft recommends for on-premises implementations. This is not surprising, because Microsoft provides the same architectural recommendations for on-premises and virtualized environments.

Note

Microsoft does make allowances in its server calculators for physical vs. virtual environments, but these don’t change the basic architectures as much as reflecting virtualization overhead. All the reference architectures automated by this Quick Start adhere to Microsoft TechNet guidelines and meet minimum resource requirements. The Quick Start implementations are reference implementations, and actual sizing will require performance and acceptance testing.


        Quick Start architecture for Microsoft servers on AWS

Figure 1: Quick Start architecture for Microsoft servers on AWS

The Quick Start environment combines the resources that are deployed as part of the AD DS, SQL Server, SharePoint Server, Exchange Server, Lync Server, and Web Application Proxy and AD FS Quick Starts. All of these Quick Starts provide a highly available Multi-AZ architecture.

  • The AD DS Quick Start deploys the domain controllers and Remote Desktop Gateway bastion hosts.

  • The SQL Server Quick Start deploys two SQL Server instances in a failover cluster using the file share witness.

  • The SharePoint Server Quick Start deploys two web front-end servers and two application servers by selecting the traditional topology.

  • The Exchange Server Quick Start deploys two multi-role servers with mailbox and client access server (CAS) roles. It can optionally also deploy two edge transport servers.

  • The Lync Server Quick Start deploys two front-end servers. It can optionally also deploy two edge servers.

  • The Web Application Proxy and AD FS Quick Start deploys two servers.

The following sections provide more information about these server components of the Quick Start architecture. For a detailed discussion of best practices for networking and remote administration, Windows architectural considerations on AWS, and managing and monitoring Windows instances and applications, see Appendix B.

Active Directory Domain Services

Active Directory Domain Services (AD DS) and Domain Name Server (DNS) are core Windows services that provide the foundation for many enterprise-class Microsoft-based solutions, including the Microsoft business productivity servers deployed by this Quick Start.

This Quick Start provides a new installation of AD DS in the AWS cloud, which is discussed in detail in the Quick Start deployment guide for AD DS (scenario 1).

SQL Server 2014

SQL Server hosts the SharePoint Server configuration database and the content store, and is required for SharePoint Server 2016. In an enterprise setting, SQL Server is used for high availability of the content in a SharePoint Server farm. SQL Server uses AlwaysOn Availability Groups layered over Windows Server Failover Clustering (WSFC) to provide redundant databases along with a witness server to ensure that a quorum can vote for the node to be promoted to master. In AWS, the architecture (shown in Figure 2) mirrors an on-premises architecture of two SQL Server instances spanning two subnets placed in two different Availability Zones.


        SQL Server AlwaysOn Availability Group supports automatic failover

Figure 2: SQL Server AlwaysOn Availability Group supports automatic failover

For detailed information about the SQL Server and WSFC components of this Quick Start deployment, see the Quick Start deployment guide for SQL Server with WSFC.

SharePoint Server 2016

There are a number of ways to design the topology of a SharePoint Server farm depending on your requirements. Microsoft provides guidance for two separate architectural approaches for SharePoint Server 2016: traditional topology and streamlined topology. The AWS CloudFormation template provided by this guide is built with flexibility in mind, and lets you choose either topology for your SharePoint Server farm.

By default, the template builds the highly available SharePoint Server farm illustrated in Figure 3. This is based on the traditional topology, which includes web servers, application servers, and database servers.


        Default Quick Start architecture for SharePoint farm (traditional topology)

Figure 3: Default Quick Start architecture for SharePoint farm (traditional topology)

For more information about traditional and streamlined topologies and other details for the SharePoint Server part of this Quick Start deployment, see the Quick Start for SharePoint Server 2016.

Exchange Server 2013

In the Quick Start architecture for Exchange Server 2013, critical workloads such as Exchange Server instances and Exchange edge transport servers are placed in two or more Availability Zones. The Remote Desktop Gateway instances remain in the management subnet. Similar to the SQL Server AlwaysOn architecture, Exchange Server employs a Database Availability Group (DAG) architecture that is built into the mailbox role. These roles are deployed across two Availability Zones to increase availability.

This Quick Start builds the minimal amount of infrastructure to provide Exchange Server high availability for 250 mailboxes. In addition to providing the minimal amount of infrastructure for high availability, you might want to consider the Microsoft Preferred Architecture for Exchange Server 2013 (Exchange PA). Although the Exchange PA calls for running Exchange on dedicated physical servers, it also includes many design aspects that can be beneficial in any environment. For details on Exchange PA and guidelines for designing for performance and high availability, see the Quick Start deployment guide for Exchange Server.

Lync Server 2013

Lync Server employs a highly available architecture for the Lync front-end role. These roles are deployed across two Availability Zones to increase availability.

The default configuration deploys two Lync Server Standard Edition pools across two Availability Zones to support disaster recovery and pool failover. You can home 50% of the users on the first pool and home the remaining 50% of the users on the second pool. This will provide an active-active type of deployment, where servers in both Availability Zones are servicing users. In the event of a disaster, the pool can fail over to the other Availability Zone.

You can also customize the template to optionally deploy Lync edge servers. For additional information about the Lync Server deployment and customization instructions, see the Quick Start deployment guide for Lync Server.

Web Application Proxy and AD FS

Microsoft Active Directory Federation Services (AD FS) is a Windows Server role that provides identity federation and single sign-on (SSO) capabilities for users accessing applications in an AD FS-secured environment, or with federated partner organizations. AD FS authenticates users and provides security tokens to applications or federated partner applications that trust AD FS. In order to make AD FS accessible to external users, you can deploy the Web Application Proxy role on Windows Server 2012 R2. The Web Application Proxy server can proxy requests to the AD FS infrastructure for users who are connecting from an external location, without the need for VPN connectivity.

The default configuration deploys two Web Application Proxy and AD FS servers across two Availability Zones. For additional information about these servers, see the Quick Start deployment guide for Web Application Proxy and AD FS.