Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Building Manageable Windows Workloads - ARC324 - re:Invent 2017

Amazon Web Services
Amazon Web Services

Do you want to know how to run Microsoft Windows workloads in the cloud using best practices? In this session, we dive deep into how to use AWS Directory Service to create a fully managed Active Directory in AWS. We provide guidance and tips from the experts on how to get the most out of Amazon EC2 Systems Manager. During this interactive hands-on session, participants will install and configure Active Directory, create Amazon EC2 instances that automatically join and unjoin an Active Directory Domain, and then show some great features of Systems Manager to show how customers can better manage Windows workloads on AWS.

1 of 20
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Building Manageable Windows Workloads R y a n P o t h e c a r y & L e e P e t f o r d U K P r o s e r v e T e a m N o v e m b e r 2 9 , 2 0 1 7
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • AWS Directory Service overview and exercises • Amazon EC2 Systems Manager overview and exercises
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Qwiklabs & Workshop Guide • https://event.aws.qwiklabs.com • https://s3.amazon.com/arc324/workshop.pdf
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Directory Service A R C 3 2 4 — B u i l d i n g a M a n a g e a b l e W i n d o w s W o r k l o a d
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Directory Service AWS Directory Service Directory Service Simple ADAD Connector Cloud Directory Amazon EC2
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Workshop Design
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Directory Service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Directory Service Labs A R C 3 2 4 — B u i l d i n g a M a n a g e a b l e W i n d o w s W o r k l o a d
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager A R C 3 2 4 — B u i l d i n g a M a n a g e a b l e W i n d o w s W o r k l o a d
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager A set of capabilities that: • enable automated configuration • support ongoing management of systems at scale • work across all of your Windows and Linux workloads • run in Amazon EC2 or on-premises • carry no additional charge to use
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager Run Command State Manager Inventory Maintenance Window Patch Manager Automation Parameter Store
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Run Command • Remotely execute shell scripts, PowerShell scripts • Bootstrap an instance, configure the OS, install software • Execute commands for a particular case, or trigger using Amazon CloudWatch Events Remotely perform common administrative tasks at scale
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Inventory • Collect instance and OS details, network configurations, installed software, and patches • Use Custom Inventory and extend the inventory schema • Track licensing usage and identify zero-day vulnerabilities • Track inventory-state changes over time and generate non- compliance notifications via AWS Config integration Collect, query, and audit instance software inventory
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Parameter Store • Encrypt sensitive information using your own KMS keys • Reference your parameters in Run Command, State Manager, or Automation service • Use with AWS Identity and Access Management (IAM) to manage access in a granular fashion • Eliminate ongoing maintenance challenge of critical enterprise assets Centralized management of IT assets such as passwords and connection strings
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. State Manager • Define configuration policy using simple JSON-based documents • Example: Configure firewall and update anti-malware definitions • Control how configuration policy is applied (schedule, target instances) • Monitor instance compliance Periodically re-apply configuration policies to manage drift
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Maintenance Window • Define one or more recurring windows of time during which it is acceptable for disruptive actions to occur • Periodically invoke Patch Manager or Run Command • Improve availability and reliability of your workloads by automatically performing tasks in a well-defined window of time Schedule disruptive tasks in well-defined window to minimize downtime
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patch Manager • Express custom patch policies as patch baselines • Example: apply critical patches on day one, but wait seven days for non-critical patches • Perform patching during scheduled maintenance windows • Generate patch-compliance reports • Eliminate manual intervention and reduce time-to-deploy for critical updates and zero-day vulnerabilities Roll OS patches using custom-defined rules
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automation Service • Simplify Amazon Machine Image (AMI) maintenance • Source AMI launch instance  configure instance  new AMI • Use to create your “gold” image from an Amazon EC2 AMI • Integrate into CI/CD pipeline • Orchestrate instance launches, Run Command execution, AWS Lambda functions, image creation, and instance terminations Automate common tasks using simplified workflows
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Systems Manager Labs A R C 3 2 4 — B u i l d i n g a M a n a g e a b l e W i n d o w s W o r k l o a d
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

More Related Content

Building Manageable Windows Workloads - ARC324 - re:Invent 2017

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Building Manageable Windows Workloads R y a n P o t h e c a r y & L e e P e t f o r d U K P r o s e r v e T e a m N o v e m b e r 2 9 , 2 0 1 7
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • AWS Directory Service overview and exercises • Amazon EC2 Systems Manager overview and exercises
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Qwiklabs & Workshop Guide • https://event.aws.qwiklabs.com • https://s3.amazon.com/arc324/workshop.pdf
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Directory Service A R C 3 2 4 — B u i l d i n g a M a n a g e a b l e W i n d o w s W o r k l o a d
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Directory Service AWS Directory Service Directory Service Simple ADAD Connector Cloud Directory Amazon EC2
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Workshop Design
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Directory Service
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Directory Service Labs A R C 3 2 4 — B u i l d i n g a M a n a g e a b l e W i n d o w s W o r k l o a d
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager A R C 3 2 4 — B u i l d i n g a M a n a g e a b l e W i n d o w s W o r k l o a d
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager A set of capabilities that: • enable automated configuration • support ongoing management of systems at scale • work across all of your Windows and Linux workloads • run in Amazon EC2 or on-premises • carry no additional charge to use
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager Run Command State Manager Inventory Maintenance Window Patch Manager Automation Parameter Store
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Run Command • Remotely execute shell scripts, PowerShell scripts • Bootstrap an instance, configure the OS, install software • Execute commands for a particular case, or trigger using Amazon CloudWatch Events Remotely perform common administrative tasks at scale
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Inventory • Collect instance and OS details, network configurations, installed software, and patches • Use Custom Inventory and extend the inventory schema • Track licensing usage and identify zero-day vulnerabilities • Track inventory-state changes over time and generate non- compliance notifications via AWS Config integration Collect, query, and audit instance software inventory
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Parameter Store • Encrypt sensitive information using your own KMS keys • Reference your parameters in Run Command, State Manager, or Automation service • Use with AWS Identity and Access Management (IAM) to manage access in a granular fashion • Eliminate ongoing maintenance challenge of critical enterprise assets Centralized management of IT assets such as passwords and connection strings
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. State Manager • Define configuration policy using simple JSON-based documents • Example: Configure firewall and update anti-malware definitions • Control how configuration policy is applied (schedule, target instances) • Monitor instance compliance Periodically re-apply configuration policies to manage drift
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Maintenance Window • Define one or more recurring windows of time during which it is acceptable for disruptive actions to occur • Periodically invoke Patch Manager or Run Command • Improve availability and reliability of your workloads by automatically performing tasks in a well-defined window of time Schedule disruptive tasks in well-defined window to minimize downtime
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patch Manager • Express custom patch policies as patch baselines • Example: apply critical patches on day one, but wait seven days for non-critical patches • Perform patching during scheduled maintenance windows • Generate patch-compliance reports • Eliminate manual intervention and reduce time-to-deploy for critical updates and zero-day vulnerabilities Roll OS patches using custom-defined rules
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automation Service • Simplify Amazon Machine Image (AMI) maintenance • Source AMI launch instance  configure instance  new AMI • Use to create your “gold” image from an Amazon EC2 AMI • Integrate into CI/CD pipeline • Orchestrate instance launches, Run Command execution, AWS Lambda functions, image creation, and instance terminations Automate common tasks using simplified workflows
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Systems Manager Labs A R C 3 2 4 — B u i l d i n g a M a n a g e a b l e W i n d o w s W o r k l o a d
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!