Written by Theo Zirogiannis
As an AWS Premier consulting partner with the Migration Competency we do a lot of migrations from On-Premise Data Centres to AWS. The key motivators and drivers behind our clients’ desire to migrate do vary a bit from project to project, but there is a common theme in achieving greater efficiency, improve security, increase the speed to market and agility. It’s fair to say that overall our clients are looking to achieve some level of transformation and modernization which means different things to different people. A common situation we see is clients that have a large proportion of Windows servers and are considering how they can take advantage of the typical agility and scalability benefits of the cloud given their Microsoft footprint. In this blog post I’m going to discuss some of the best practice considerations that we’ve learnt from our transformational cloud migrations and how a Microsoft based environment is well suited to running on AWS.
In a typical client migration, there is often more than 70% of the server environment made up of Microsoft Windows Server flavours 2003, 2008, 2012 and 2016 and the rest made up of Linux servers such as RHEL, CentOS. We also commonly come across a number of Microsoft Windows 7 and Windows 10 desktop workloads typically running on Citrix environments. This presents a challenge, how can we modernise the environment without re-writing applications, how can we make sure the environment is able to scale up and down to meet peak demands and also run efficiently during quiet periods.
We’ve applied some common approaches to tackle these challenges:
- AWS foundation / Landing Zone
- Build out a well architected AWS foundation, multi account landing zone using Infrastructure as Code (IAC) with Terraform or CloudFormation orchestrated via CICD pipelines with configuration stored in source control.
- Shared services
- Implement shared services including the fundamental building blocks by first extending core services such as Active Directory and moving to PaaS offerings where possible such as AWS Managed AD.
- Extend shared services to include file servers which are typically using on premise NAS appliances or file servers and migrating them to managed AWS services such as AWS FSx backed DFS servers.
- Implement AWS SSM patch manager for Windows OS patching instead of the traditional WSUS servers which reduces the burden of patching.
- Implement AWS backup for centralised backup. Then migrate/build out the other shared services including but not limited to security tooling such as anti virus infrastructure, vulnerability management tooling, forward/reverse proxies, monitoring / logging servers etc.
- Migration workloads
- Typically the migration of servers is based on the workload type, architecture, environment, criticality and dependencies. For example we often see a large number of commercial off the shelf (COTS) applications which are typically harder to refactor. The inability or reduced benefit of refactoring leans these workloads to a lift and shift or re-host. The creation of a migration factory that accelerates the migration and ensures consistency of configuration for supporting services such as backups, monitoring, and security controls. Lift and shift servers can still embark on a modernisation program to refactor the operational processes to support i.e. introducing infrastructure and application automation to enable spinning up of environments on demand.
- For in-house developed apps running on Windows typically built using .NET and running on IIS or other patterns which lend well to automation. Applying a refactoring approach from the start to introduce load balancing using ALBs, certificates using ACM and EC2 auto scaling groups to take advantage of the benefits of cloud.
- For older applications running Windows Server 2003 or Server 2008 which are now officially out of support and unable to be easily migrated to supported operating systems, we would recommend the use of the AWS EMP tool (End of Support Migration Program) to effectively package and run the application on a newer server supported OS like Windows server 2016 or 2019 using the technology from CloudHouse till the application can be re-written / refactored.
- SQL Server
- Within Microsoft based environments there are often multiple Microsoft SQL Servers setup in a cluster or standalone. We recommend customers review opportunities to consolidate the SQL Server footprint to ensure the number of SQL servers are consolidated based on their performance profile, collation types and security profile to ensure optimum AWS run cost savings and SQL server licensing savings.
- SQL servers are typically one of the largest costs of the AWS run cost in a heavy microsoft server environment so any optimisation that can be applied will produce large savings. Often the production target state is MS-SQL on Multi-AZ RDS or MS-SQL using ‘always on’ EC2 clusters for high availability. The starting point is a thorough review considering existing licensing agreements which will determine the best model to achieve the optimal run cost.
- VDI and desktop application streaming
- Review the benefits of migrating Windows 7 / Windows 10 desktops to AWS WorkSpaces for streaming desktop as a service (DaaS) and AWS AppStream 2.0 streaming applications as a service (AaaS). Both WorkSpaces and AppStream provided the ability to transform the operations around desktop and application provisioning keeping the desktop fleet secure, available and scalable. We have seen these benefits unlocked by numerous small, medium and large enterprise customers. Extending an Workspaces and Appstream environment by adding automation including automated provisioning, deprovisioning, reporting and rich visualisation via grafana dashboards can significantly reduce operational overhead and costs.
- AWS foundation / Landing Zone
- Managed Services
- Organisations often want to move their teams focus from managing infrastructure and supporting services to core business services, Managed Services can help organisations optimise and run their environment at scale using economies of scale on an ongoing basis. Even when the environment has been built following AWS Well Architected design there are ongoing activities required to ensure the environment is kept up to date, secured and available.
To summarise, Microsoft running on AWS is a great fit when the environment is designed and built correctly. We have been helping customers migrate their infrastructure to AWS, in many cases the large volume of workloads in the migrations are Windows based. Achieving success is achieved by using repeatable infrastructure and application automation patterns which assist us to ensure the migration is smooth, secure, completed on-time and cost efficient and more importantly enables our clients to unlock the full capabilities of the AWS cloud.
Right now there is no better time to start migrating your Microsoft workloads to the cloud with AWS offering up to 30% of Partner consulting services funding under their Windows Rapid Migration Program (WRMP) to help clients migrate. The program is based on environments that have more than 50% Windows workloads. If you’d like to know more then reach out to us to see how we can help you on your next AWS Windows migration journey.