Menu
Microsoft Servers on AWS
Quick Start Reference Deployment Guide

Overview

This guide provides infrastructure and configuration information for planning and deploying Microsoft Windows workloads on the AWS cloud, with a focus on desktop as a service (DaaS) implementations. It builds the AWS infrastructure and deploys Microsoft business productivity servers such as SharePoint Server, SQL Server, Exchange Server, and Lync Server, to provide a DaaS solution for enterprise customers.

Advantages of Running Microsoft Servers on AWS

The AWS cloud provides a suite of infrastructure services that enable you to deploy Microsoft workloads in a highly available, fault-tolerant, and affordable way. By deploying Microsoft business productivity servers on the AWS cloud, you can take advantage of the email, collaboration, communications, and directory features provided by these servers along with the flexibility and security of AWS. Here are some of the advantages of running Microsoft servers on AWS:

  • Add-on compatibility. Since AWS provides an infrastructure as a service (IaaS) platform, custom-developed and partner add-ons that run on premises are generally compatible with the Microsoft servers deployed on AWS. This enables AWS to be a platform that replaces on-premises deployments without losing add-ons and customizations.

  • Scalability. On AWS, it is easy to monitor a Microsoft deployment and scale horizontally or vertically as workload demands require.

  • Agility. On AWS, vertical and horizontal scalability can take place in minutes rather than the time frame of typical corporate procurements and bare-metal deployments. AWS provides several DevOps tools and features that support rapid agility and make it easy to experiment.

  • Cost. With AWS, you pay only for what you use, and you can turn down resources elastically according to demand or schedules to reduce costs. And you can generally bring your existing software licenses to the cloud without having to purchase new software licenses.

  • Optimization. With AWS, you can easily increase or decrease individual resources that affect the user experience. IT can choose among several options to increase the performance of existing deployments, including choosing faster storage, more processors, faster processors, or greater network throughput, instead of purchasing new servers.

  • Reliability. With DevOps tools on AWS, you can automate the build and deployment of Microsoft n-tier applications with version-controlled SharePoint Server farms, Exchange Server deployments, etc., and manage Microsoft server infrastructure as code.

  • High availability. Microsoft SQL Server AlwaysOn Availability Groups enable you to distribute databases across multiple server instances and storage volumes, but it’s usually complex and costly to ensure that those instances are placed in separate facilities with separate power grids, flood plains, and Internet backbones. AWS Availability Zones make it easy to achieve this.

This guide requires basic familiarity with the architecture and management of Microsoft servers. For more information about Microsoft products, including general guidance and best practices, consult the Microsoft product documentation.

DaaS Core Services and Proposed Solutions

The following table shows the alignment between DaaS core services and the Windows-based solutions that can run on AWS.

DaaS core service Proposed solution
Email Microsoft Exchange Server 2013
Collaboration Microsoft SharePoint Server 2016
Unified communications Microsoft Lync Server 2013
Office automation Microsoft Office*
Virtual desktop Amazon WorkSpaces*
Directory Microsoft Active Directory
Monitoring and automation

Amazon CloudWatch Logs

Amazon VPC Flow Logs

AWS Config

AWS CloudTrail

AWS CloudFormation

Microsoft Systems Center suite

* Amazon WorkSpaces includes both the Windows client and Microsoft Office products, but it is not included in this release of the Quick Start

The following table shows the AWS cloud services that will be required to support DaaS workloads.

Category AWS cloud service
Compute Amazon Elastic Compute Cloud (Amazon EC2)
Networks, subnets, gateways, virtual private networks (VPNs) Amazon Virtual Private Cloud (Amazon VPC)
Dedicated private network AWS Direct Connect
Instance and subnet firewalls Security groups and network access control lists (ACLs)
Volume storage Amazon Elastic Block Store (Amazon EBS)
Snapshot (backup) storage Amazon Simple Storage Service (Amazon S3)
Template-based resource creation and automation AWS CloudFormation
Resource and custom monitoring Amazon CloudWatch
User and access control AWS Identity and Access Management (IAM)
Internal app store AWS Service Catalog

For detailed information about these services, see the AWS Services section.

Templates Included with This Quick Start

AWS CloudFormation is an automated DevOps deployment service for building out n-tier applications and infrastructure from templates. These templates provision AWS resources such as networks, subnets, routing, firewalls, virtual machine instances, and gateways, and support the inclusion of Windows PowerShell scripting to install and configure the Microsoft servers into the AWS infrastructure.

This Quick Start consists of a main template, which integrates the deployment of six nested templates. Each nested template deploys a Microsoft server solution on AWS according to AWS best practices. The following table describes each template and its dependencies.

Template Description Dependencies
Main template Primary template file that deploys the six nested templates for Microsoft server solutions. The nested templates listed below
Active Directory Domain Services

Deploys Active Directory Domain Services (AD DS) and Domain Name Server (DNS) on AWS to provide directory services for the Microsoft server solutions automated by this Quick Start.

For more information about this template and the environment it builds, see the AD DS Quick Start deployment guide.

None
SQL Server 2012 and 2014 with Windows Server Failover Clustering (WSFC)

Deploys SQL Server 2012 or 2014 instances configured in a Windows Server Failover Cluster (WSFC).

For more information about this template and the environment it builds, see the SQL Server Quick Start deployment guide.

AD DS
Lync Server 2013

Implements a Lync Server environment with paired Lync Server 2013 Standard Edition pools across two Availability Zones.

For more information about this template and the environment it builds, see the Lync Server Quick Start deployment guide.

AD DS
Exchange Server 2013

Deploys a small Exchange Server 2013 environment that supports 250 mailboxes.

For more information about this template and the environment it builds, see the Exchange Server Quick Start deployment guide.

AD DS
SharePoint Server 2016

Deploys a SharePoint Server 2016 farm based on a traditional or streamlined topology.

For more information about this template and the environment it builds, see the SharePoint Server Quick Start deployment guide.

AD DS, SQL Server
Web Application Proxy and AD FS

Deploys a Web Application Proxy and Active Directory Federation Services (AD FS) environment.

For more information about this template and the environment it builds, see the Web Application Proxy Quick Start deployment guide.

AD DS

Note

This Quick Start does not include Windows PowerShell DSC. For more information about deploying this configuration platform on AWS, see the PowerShell DSC on AWS Quick Start.

To deploy the AWS infrastructure and the Microsoft server solutions listed in the table, use the main template when launching the stacks. You can also edit the main template to customize stacks or to omit stacks to be deployed, or deploy each stack independently.

Cost and Licenses

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

The AWS CloudFormation templates provided with the Quick Start include configuration parameters that you can customize, and some settings, such as the instance types and the number of instances, can greatly affect the cost of the deployment.

The Quick Start launches the Amazon Machine Image (AMI) for Windows Server 2012 R2 and includes the license for the Windows Server 2012 R2 operating system.

By default, this Quick Start installs the free trial versions of the Microsoft business productivity servers. To use these servers beyond the trial period, you must obtain licenses from Microsoft. For production environments, you can license Microsoft server products through the Microsoft License Mobility through Software Assurance program, and provide your own product key after deployment. For development and test environments, you can leverage your existing MSDN licenses using Amazon EC2 Dedicated Hosts or Dedicated Instances. For details, see the MSDN on AWS page.

AWS Services

The core AWS components used by this Quick Start include the following AWS services. (If you are new to AWS, see the Getting Started section of the AWS documentation.)

  • AWS CloudFormation – AWS CloudFormation gives you an easy way to create and manage a collection of related AWS resources, and provision and update them in an orderly and predictable way. You use a template to describe all the AWS resources (e.g., Amazon EC2 instances) that you want. You don't have to individually create and configure the resources or figure out dependencies—AWS CloudFormation handles all of that.

  • Amazon VPC – The Amazon Virtual Private Cloud (Amazon VPC) service lets you provision a private, isolated section of the AWS cloud where you can launch AWS services and other resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

  • Amazon EC2 – The Amazon Elastic Compute Cloud (Amazon EC2) service enables you to launch virtual machine instances with a variety of operating systems. You can choose from existing Amazon Machine Images (AMIs) or import your own virtual machine images.

  • NAT Gateway – NAT Gateway is an AWS managed service that controls NAT gateway resources. A NAT gateway is a type of network address translation (NAT) device that enables instances in a private subnet to connect to the Internet or to other AWS services, but prevents the Internet from connecting to those instances.

  • IAM – AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. With IAM, you can manage users, security credentials such as access keys, and permissions that control which AWS resources users can access, from a central location.

  • Amazon EBS – Amazon Elastic Block Store (Amazon EBS) provides persistent block-level storage volumes for use with Amazon EC2 instances in the AWS cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS volumes provide the consistent and low-latency performance needed to run your workloads.

  • Amazon S3 – Amazon Simple Storage Service (Amazon S3) provides secure, durable, highly scalable cloud storage. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web.