SQL Server with WSFC on AWS
SQL Server with WSFC Quick Start

Architecture

Deploying this Quick Start for a new virtual private cloud (VPC) with the default parameters builds the following SQL Server environment in the AWS Cloud.


      WSFC and SQL Server architecture on AWS (default configuration)

Figure 1: WSFC and SQL Server architecture on AWS (default configuration)

The Quick Start sets up the following:

  • A VPC configured with public and private subnets across two Availability Zones. This provides the network infrastructure for your SQL Server deployment. You can optionally choose a third Availability Zone for the file share witness or for an additional SQL Server cluster node, as shown in Figure 2.*

     

    
          WSFC and SQL Server architecture on AWS with three Availability Zones

    Figure 2: WSFC and SQL Server architecture on AWS with three Availability Zones

     

  • In the public subnets, Windows Server-based Remote Desktop Gateway (RD Gateway) instances and network address translation (NAT) gateways for outbound internet access.*

  • In the private subnets, Active Directory Domain Services (AD DS) domain controllers, which are configured by AWS Systems Manager Automation documents.*

     

    The Quick Start uses AWS Directory Service to provision AD DS and to manage tasks such as monitoring domain controllers and configuring backups and snapshots. You can also choose to add AD DS domain controllers as EC2 instances to the architecture and manage these yourself, as shown in Figures 3 and 4.

     

    
          WSFC and SQL Server architecture with AD DS on Amazon EC2

    Figure 3: WSFC and SQL Server architecture with AD DS on Amazon EC2

     

    
          WSFC and SQL Server architecture with three Availability Zones and AD DS on
            Amazon EC2

    Figure 4: WSFC and SQL Server architecture with three Availability Zones and AD DS on Amazon EC2

     

  • In the private subnets, Windows Server-based instances as WSFC nodes and SQL Server Enterprise edition with SQL Server Always On availability groups on each node. This architecture provides redundant databases along with a witness server to ensure that a quorum can vote for the node to be promoted to primary. The default architecture mirrors an on-premises architecture of two SQL Server instances spanning two subnets placed in two different Availability Zones, as shown later in Figure 5.

  • AWS Secrets Manager for password storage.

  • Security groups to ensure the secure flow of traffic between the instances deployed in the VPC.

* The template that deploys the Quick Start into an existing VPC and Active Directory infrastructure skips the components marked by asterisks and prompts you for your existing VPC configuration.

Note

This Quick Start uses the Active Directory DS Quick Start to build the AWS infrastructure for SQL Server. For more information about this infrastructure, see the Active Directory DS deployment guide. The guide includes detailed information about PowerShell Desired State Configuration (DSC) usage and Systems Manager usage.