Icon close

The ultimate guide to optimising Microsoft workloads on AWS


As an AWS Premier consulting partner with the Migration Competency, we do a lot of migrations from On-Premise Data Centres to AWS. The key motivators and drivers behind our clients’ desire to migrate do vary a bit from project to project, but there is a common theme in achieving greater efficiency, improving security, increasing the speed to market and agility. It’s fair to say that overall our clients are looking to achieve some level of transformation and modernization which means different things to different people. A common situation we see is clients that have a large proportion of Windows servers and are considering how they can take advantage of the typical agility and scalability benefits of the cloud given their Microsoft footprint. In this blog post I’m going to discuss some of the best practice considerations that we’ve learnt from our transformational cloud migrations and how a Microsoft based environment is well suited to running on AWS.

In a typical client migration, there is often more than 70% of the server environment made up of Microsoft Windows Server flavours 2003, 2008, 2012, 2016 and 2019 and the rest made up of Linux servers such as RHEL, CentOS. We also commonly come across a number of Microsoft Windows 7 and Windows 10 desktop workloads typically running on Citrix environments. This presents a challenge, how can we modernise the environment without re-writing applications, how can we make sure the environment is able to scale up and down to meet peak demands and also run efficiently during quiet periods.

We’ve applied some common approaches to tackle these challenges:

1. AWS foundation / Landing Zone

  • Build out a well architected AWS foundation, multi account landing zone using Infrastructure as Code (IAC) with Terraform, CloudFormation or CDK orchestrated via CICD pipelines with configuration stored in source control.

2. Shared services

  • Implement shared services including the fundamental building blocks by first extending core services such as Active Directory and moving to PaaS offerings where possible such as AWS Managed AD.
  • Extend shared services to include file servers which are typically using on premise NAS appliances or file servers and migrating them to managed AWS services such as AWS FSx backed DFS servers.
  • Implement AWS SSM patch manager for Windows OS patching instead of the traditional WSUS servers which reduces the burden of patching.
  • Implement AWS backup for centralised backup. Then migrate/build out the other shared services including but not limited to security tooling such as anti virus infrastructure, vulnerability management tooling, forward/reverse proxies, monitoring / logging servers etc.

3. Migration workloads

  • Typically the migration of servers is based on the workload type, architecture, environment, criticality and dependencies. For example we often see a large number of commercial off the shelf (COTS) applications which are typically harder to refactor. The inability or reduced benefit of refactoring leans these workloads to a lift and shift or re-host. The creation of a migration factory that accelerates the migration and ensures consistency of configuration for supporting services such as backups, monitoring, and security controls. Lift and shift servers can still embark on a modernisation program to refactor the operational processes to support i.e. introducing infrastructure and application automation to enable spinning up of environments on demand.
  • For in-house developed apps running on Windows typically built using .NET and running on IIS or other patterns which lend well to automation. Applying a replatforming or refactoring approach from the start to introduce load balancing using ALBs, certificates from ACM and EC2 auto scaling groups or one of AWS’s container services, to take advantage of the benefits of cloud.
  • For older applications running Windows Server 2003 or Server 2008 which are now officially out of support and unable to be easily migrated to supported operating systems, we would recommend the use of the AWS EMP tool (End of Support Migration Program) to effectively package and run the application on a newer server supported OS like Windows server 2022 using the technology from CloudHouse until the application can be re-written / refactored.

4. SQL Server

  • Within Microsoft based environments there are often multiple Microsoft SQL Servers setup in a cluster or standalone. We recommend customers review opportunities to consolidate the SQL Server footprint to ensure the number of SQL servers are consolidated based on their performance profile, collation types and security profile to ensure optimum AWS run cost savings and SQL server licensing savings.
  • SQL servers are typically one of the largest costs of the AWS run cost in a heavy microsoft server environment so any optimisation that can be applied will produce large savings. Often the production target state is MS-SQL on Multi-AZ RDS or MS-SQL using ‘always on’ EC2 clusters for high availability. The starting point is a thorough review considering existing licensing agreements which will determine the best model to achieve the optimal run cost.

5. VDI and desktop application streaming

  • Review the benefits of migrating Windows 7 / Windows 10 desktops to AWS WorkSpaces for streaming desktop as a service (DaaS) and AWS AppStream 2.0 streaming applications as a service (AaaS). Both WorkSpaces and AppStream provided the ability to transform the operations around desktop and application provisioning keeping the desktop fleet secure, available and scalable. We have seen these benefits unlocked by numerous small, medium and large enterprise customers. Extending an Workspaces and Appstream environment by adding automation including automated provisioning, deprovisioning, reporting and rich visualisation via grafana dashboards can significantly reduce operational overhead and costs.

5. VDI and desktop application streaming

  • Organisations often want to move their teams focus from managing infrastructure and supporting services to core business services, Managed Services can help organisations optimise and run their environment at scale using economies of scale on an ongoing basis. Even when the environment has been built following AWS Well Architected design there are ongoing activities required to ensure the environment is kept up to date, secured and available.
  • CMD provides an additional next generation of managed services aimed at continual improvement called DevOps As A service to provide the ongoing support for new initiatives and uplift using modern cloud practices and automation.


To summarise, Microsoft running on AWS is a great fit when the environment is designed and built correctly. We have been helping customers migrate their infrastructure to AWS, in many cases the large volume of workloads in the migrations are Windows based.

Success is achieved by using repeatable infrastructure and application automation patterns which assist us to ensure the migration is smooth, secure, completed on-time and cost efficient and more importantly enables our clients to unlock the full capabilities of the AWS cloud.

Right now there is no better time to start migrating your Microsoft workloads to the cloud with AWS offering funding to offset your migration costs under the AWS Migration Acceleration Program (MAP). On top of that, there are additional incentives when migrating Windows workloads and MS-SQL databases to AWS. If you’d like to know more then reach out to us to see how we can help you on your next AWS Windows migration journey.

Stay up to date in the community!

We love talking with the community. Subscribe to our community emails to hear about the latest brown bag webinars, events we are hosting, guides and explainers.