Upload
amazon-web-services
View
1.446
Download
1
Embed Size (px)
Citation preview
Running Microsoft SQL on AWS
Chris Fleischmann - Enterprise Solutions [email protected]
Amazon Web Services Confidential
Agenda
SQL Server deployment options SQL Server on RDS on AWS SQL Server on EC2 on AWS
High Availability options on AWS for SQL Server Security options on AWS for SQL Server Migrating SQL Server to AWS
More Functionality Than Any Other Infrastructure Provider
AWS MarketplaceEnterprise Applications
Platform asA Service
Administration & Security
Core Services
Infrastructure
Microsoft SQL Server deployment options
There are two ways to run SQL Server 2008 R2 and 2012 in AWS. One is to use the Amazon Relational Database Service (Amazon RDS, or RDS). The other is to run SQL Server on the Amazon Elastic Compute Cloud (Amazon EC2, or EC2). The latter option is also available for other versions of SQL Server, such as 2014, subject to Microsoft licensing.
Amazon Web Services Confidential
SQL Server Support on AWS
• Microsoft workloads are supported on AWS• Our customers have successfully deployed in the AWS cloud virtually
every Microsoft application available, including Microsoft Exchange, SharePoint, Lync, Dynamics, and Remote Desktop Services
• If you have support related issues you should contact AWS Support• If you have an existing Microsoft support agreement you can contact
Microsoft Support• Support for Microsoft workloads on AWS can be a collaborative effort
between you, AWS Support, and Microsoft Support.
Amazon Web Services Confidential
EC2 Dedicated Hosts on AWS EC2 Dedicated Hosts physical servers with EC2 capacity fully dedicated to a customer’s use.
Using a Dedicated Host, you can see how many sockets or physical cores are installed on a physical server and can granularly control the placement of their instances on their hosts.
Allows customers to effectively use server-bound licenses in EC2, while adding visibility and control in compliance, or highly regulated scenarios (Dedicated Hosts are supported in the BAA).
Under BYOL you may need to report the usage of your licenses back to your ISV. This is where
AWS Config lends a hand. When activated, AWS Config records host and instance level information relevant to software licensing and can be used as data source for our customers to self-report license usage.
Dedicated Hosts are available for M3, M4, C3, C4, I2, D2, G2, and R3 instance families in all public regions where these instance families are currently supported, excluding China (Beijing) and GovCloud (US).
For more information on Dedicated Host availability and pricing, visit the Dedicated Hosts pricing page.
Amazon Web Services Confidential
SQL Server License Mobility on AWS You are responsible for obtaining the licenses required for eligible Microsoft
applications running in the AWS cloud using the License Mobility through Software Assurance benefit, and for complying with all applicable Microsoft licensing requirements. Under the PUR, the number of licenses required varies based on the instance type, version of SQL Server, and the Microsoft licensing model you choose.
For “Licensing by Individual Virtual OSE” of Microsoft SQL Server 2014 (and permitted instances of Microsoft SQL Server 2012), the July 2014 version of the PUR states, “The number of licenses required equals the number of Virtual Cores in each Virtual OSE in which you will run the server software, subject to a minimum of four licenses per Virtual OSE.” The July 2014 version of the PUR defines a “Virtual Core” as “the unit of processing power in a virtual hardware system. A Virtual Core is the virtual representation of one or more hardware threads.”
http://aws.amazon.com/windows/resources/licensemobility/sql/
Amazon Web Services Confidential
SQL Server Licensing on EC2
• EC2 BYOL/LI: Licensed by vCPU (minimum of 4), all mirrors require licensing• EC2 Dedicated Instances BYOL: Licensed by vCPU (minimum of 4), mirrors do not
require licensing• EC2 Dedicated Instances LI: Licensed by vCPU (minimum of 4), all mirrors require
licensing
Amazon Web Services Confidential
SQL Server Licensing on RDS RDS BYOL: Licensed by vCPU (minimum of 4), all mirrors require licensing RDS LI: Licensed by vCPU (minimum of 4), all mirrors require licensing
Amazon Web Services Confidential
SQL Server Licensing Cloud vs On-Prem
• SQL Server is twice as expensive on both AWS and Azure for a single server with the same number of cores
• It can be four times as expensive if a passive mirror is included• These are standard Microsoft terms under the PUR• Counteract by:
® Optimizing licenses to use SE or other editions instead of EE® Reduce vCPUs to right size the instance (new hardware)® Add a caching tier, move components to NoSQL or migrate to
MySQL/PostgreSQL
Amazon Web Services Confidential
Engine/Edition Versions License Included BYOLSQL Server 2008 R2
2012Express Edition
Web EditionStandard Edition
Enterprise Edition1
Standard EditionEnterprise Edition
* Requires Software Assurance/License Mobility
Versions and Licensing
1. Virginia, Oregon and Dublin
Amazon Web Services Confidential
SQL Server on RDS on AWS Amazon RDS takes care of the undifferentiated heavy lifting of
your SQL Server Database. Installation Disk provisioning and management Patching and minor version upgrades Failed instance replacement Backup and recovery Automated Multi-AZ (Availability Zone) synchronous replication
Amazon Web Services Confidential
SQL Server on EC2 on AWS Running SQL Server on EC2, you have full control over the
operating system, database installation and configuration. You are responsible for administering the database, including
backups and recovery, patching the operating system and the database, tuning of the operating system and database parameters, managing security, and configuring high availability or replication
Running your own relational database on Amazon EC2 is the ideal scenario if you require a maximum level of control and configurability. You can also use SQL Server services and features that are not available in Amazon RDS.
Amazon Web Services Confidential
Features
Core Database Engine Features Partially Contained Databases
SQL Server Management Tools Columnstore Indexes
Full text search UTF-16
SSL Advanced Security/TDE
Spatial Safe CLR
Change Tracking Target for SSRS, SSIS, etc.
RDS SQL – Supported Features
Amazon Web Services Confidential
Features
>30 Databases per Instance SQL Server Analysis Services
Windows Authentication* SQL Server Integration Services
Database Mail SQL Server Reporting Services
CDC Data Quality Services
Distributed Queries Master Data Services
SQL Server Audit Always On
Performance Data Collector File Tables
RDS SQL Server – Unsupported Features
v
High Availability options on AWS for SQL Server
Amazon Web Services Confidential
High Availability options on AWS for SQL Server RDS offers Multi-AZ support for Amazon RDS for SQL Server*
This high availability (HA) option leverages SQL Server Mirroring technology with additional improvements, to meet the requirements of enterprise-grade production workloads running on SQL Server.
Replicates synchronously across Availability Zones.
SQL Server On AWS EC2; Use Microsoft's AlwaysOn technology with 2 or more
Availability Zones, see whitepaper: https://s3.amazonaws.com/quickstart-reference/microsoft/sql/latest/doc/Microsoft_WSFC_and_SQL_AlwaysOn_Quick_Start.pdf
*Except for the following regions: Sydney
Amazon Web Services Confidential
High Availability options on AWS for SQL Server Amazon RDS automatically performs a failover in the event of any
of the following: Loss of availability in the primary Availability Zone Loss of network connectivity to the primary DB node Compute unit failure on the primary DB node Storage failure on the primary DB node
Amazon RDS Multi-AZ deployments do not failover automatically in response to database operations such as long running queries, deadlocks or database corruption errors.
Amazon Web Services Confidential
High Availability options on AWS for SQL Server
Instance Failure
Storage Failure AZ Failure Region
FailureRDS
RDS MAZ
Failover options vary in capabilities and on the specific event. For example, Storage failure could be a single disk or all access to EBS. Regional failover is customer driven and thus highly variable
Using AWS's Relational Database Service (RDS) offering provides:
Amazon Web Services Confidential
High Availability options on AWS for SQL Server
Instance Failure
Storage Failure AZ Failure Region
FailureRDS <5 mins+ <5 mins+ User driven
RDS MAZ <60 sec+ <60 sec+ <60 sec+ User driven
Times are estimates and will vary. For example, caches need to be warmed, DBs recovered, etc. PLEASE TEST!
Using AWS's Relational Database Service (RDS) offering provides:
Security options on AWS forSQL Server
Amazon Web Services Confidential
Security options on AWS for SQL Server
Use a VPC Run your DB in a private subnet
Use a separate Security Group (SG) for your DB
Connect through the CNAME
Use for Data in Transit
Amazon Web Services Confidential
Security options on AWS for SQL ServerAWS Identity and Access Management (IAM) DO NOT share AWS account credentials Create IAM users
Minimum permissions Use groups for common permissions
Tag resources Delegate access Rotate credentials
Amazon Web Services Confidential
Security options on AWS for SQL Server
Secure Data at Rest• There are several options for protecting data-at-rest in a DB
instance: Encrypted Amazon RDS DB instances using Amazon KMS SQL Server Transparent Data Encryption (TDE) SQL Server column-level; Encrypting data in the application before it is saved to the
database instance.
Amazon Web Services Confidential
Security options on AWS for SQL Server There are several features and sets of controls available to manage
the security of your Amazon RDS database instance. These controls are as follows:
Network controls, which determine the network configuration underlying your DB instance
DB instance access controls, which determine administrative and management access to your RDS resources
Data access controls, which determine access to the data stored in your RDS DB instance databases
Data-at-rest protection, which affects the security of the data stored in your RDS DB instance
Data-in-transit protection, which affects the security of data connections to and from your RDS DB instance
Migrating SQL Server to AWS
Start your first migration in 10 minutes or lessKeep your apps running during the migrationReplicate within, to or from Amazon EC2 or RDSMove data to the same or different database engine Sign up for preview at aws.amazon.com/dms
AWSDatabase Migration
Service
Amazon Web Services Confidential
CustomerPremises
Application Users
AWS
Internet
VPN
Keep your apps running during the migration
Start a replication instance
Connect to source and target databases
Select tables, schemas, or databases
AWSDatabase Migration Service
Let AWS Database Migration Service create tables, load data, and keep them in sync
Switch applications over to the target at your convenience
Amazon Web Services Confidential
Migrate and replicate between database engines
Amazon Web Services Confidential
Sign Up for AWS Database Migration Service
Sign up for AWS Database Migration Service Preview now: aws.amazon.com/dms
Download the AWS Schema Conversion Tool: aws.amazon.com/dms
QuestionsChris [email protected]