AWS Launch Wizard for Exchange Server

AWS Launch Wizard for Exchange Server guides you through the sizing, configuration, and deployment of Exchange Server 2016 and Exchange Server 2019 environments on the AWS Cloud. Exchange Server is a messaging and collaboration solution that Microsoft developed, with support for mailboxes, calendars, and e-archival. The deployment includes best practices for configuring a highly available, fault-tolerant, and secure Exchange environment.

This Launch Wizard deployment provides a guided console experience that uses CloudFormation templates for deployment. The templates are based on the Microsoft Exchange on the AWS Cloud Quick Start deployment guide. Launch Wizard reduces the time it takes to deploy Exchange Server to the cloud. Launch Wizard provides an estimated cost of deployment, and you can modify your resources and instantly view the updated cost assessment. When you approve, Launch Wizard provisions and configures the selected resources to create a fully-functioning production-ready Exchange Server deployment. It also creates custom AWS CloudFormation templates, which can be reused and customized for subsequent deployments.

Deployment options

Launch Wizard for exchange supports the following deployment type:

• Deploy an Exchange environment into a new virtual private cloud (VPC) in your AWS account.

Software Licensing

Launch Wizard uses an evaluation copy of Exchange Server. Exchange Server can be deployed and licensed through the Microsoft License Mobility through Software Assurance program. For development and test environments, you can use your existing MSDN licenses for Exchange Server using Amazon Elastic Compute Cloud (Amazon EC2) Dedicated Instances. For details, see the MSDN on AWS page and Exchange licensing FAQs in the Microsoft documentation.

Launch Wizard deploys the latest Amazon Machine Image (AMI) for Microsoft Windows Server 2016 and Windows Server 2019, and includes the license for the Windows Server operating system. The AMI is updated on a regular basis with the latest service pack for the operating system. The Windows Server AMI doesn’t require Client Access Licenses (CALs) and includes two Microsoft Remote Desktop Services licenses. For details, see Microsoft Licensing on AWS.

AWS Regions

Launch Wizard uses various AWS services during the provisioning of the application's environment. Not every workload is supported in all AWS Regions. For a current list of Regions where the workload can be provisioned, see AWS Launch Wizard workload availability.

Components

An Exchange environment deployed with Launch Wizard will include the following components:

• A highly available architecture that spans two or three Availability Zones.

• An VPC configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.

• In the public subnets:

  • Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.

  • (Optional) A Remote Desktop Gateway in an Auto Scaling group to allow inbound Remote Desktop Protocol (RDP) access to Amazon EC2 instances in public and private subnets.

  • (Optional) Exchange Edge Transport servers for routing internet email in and out of your environment.

• In the private subnets:

  • Active Directory domain controllers.

  • Windows Server EC2 instances functioning as Exchange nodes.

By default, Launch Wizard deploys Exchange using two Availability Zones. You can also choose to use three Availability Zones which enable automatic failover of database availability groups (DAGs). When using a third Availability Zone, you can specify whether to deploy a full Exchange node or a file share witness. For more information about automatic failover for the DAGs, see Configure and manage quorum in the Microsoft documentation.

You can choose to use an internal Application Load Balancer as part of the deployment to provide high availability and distribute traffic to the Exchange nodes. In this configuration, you need to import a Secure Sockets Layer (SSL) certificate into AWS Certificate Manager before deploying Exchange with Launch Wizard.

AWS Secrets Manager is used to securely store the Exchange administrative account credentials. SSM Parameter Store is used to retrieve the credentials when necessary.

You can build your Exchange environment with two Availability Zones as shown in the following diagram.

You can also build your Exchange environment with three Availability Zones to provide automatic failover of the DAGs as shown in the following diagram.