Best Practices for Deploying

Microsoft SQL Server 2008

on AWS
1 Introduction:
Time to migrate, time to modernize

Housing essential information for key applications,

SQL servers are a vital resource for many enterprises.
Some of these organizations are currently using
legacy applications built on Microsoft SQL Server
2008. Unfortunately, Microsoft will be ending support
for this platform on July 9, 2019.

While this will undoubtedly create a host of problems, it also presents an

opportunity—there’s never been a better time to modernize legacy SQL
applications and migrate to newer, more innovative solutions like cloud
computing. Maximizing the results of these changes while minimizing
business disruption requires choosing the right partner. Amazon Web
Services (AWS) is optimally positioned to guide you through the transition,
enabling superior value, benefit, and ROI.

2
2 Upgrade and migrate how you want,
when you want

When you move to AWS, you make the decision on of SQL Server in minutes with cost-efficient and resizable compute capacity.
Amazon RDS frees you up to focus on application development by managing
how to migrate and update your infrastructure and at time-consuming database administration tasks including provisioning, backups,
what pace. You can customize your cloud migration software patching, monitoring, high availability, and hardware scaling.
and application modernization plans based on your
business needs, not lengthy agreements or complex If you want more fine-tuned control of your database, consider Amazon
Elastic Compute Cloud (EC2). Amazon EC2 presents a true virtual computing
licensing. Ultimately, AWS helps you reduce costs, environment, allowing you to use web service interfaces to launch instances
add efficiencies, and retain the most value from your with a variety of operating systems, load them with your custom application
existing investments. environment, manage your network’s access permissions, and run your image
using as many or few systems as you desire.

Let’s take a look at the different AWS options for upgrading your systems
and capabilities. Then we’ll review AWS choices for migrating your applications Migration options
and data to the cloud. The Amazon Database Migration Service (DMS) is the fastest and easiest path
to the AWS cloud. Amazon DMS supports homogenous migrations, such
Upgrade options as from Microsoft SQL Server database to another SQL Server database,
and heterogeneous migrations between different database platforms, such
AWS offers two predesigned upgrade programs, giving you the flexibility to
as Microsoft SQL Server to MySQL or Amazon Aurora. With Amazon DMS,
choose the one that’s the best fit for your business needs.
you can continuously replicate your data with high availability. The service
supports migrations from on-premises to cloud, cloud-to-cloud, or cloud to
The simplest, quickest path to upgrade is the Amazon Relational Database on-premises.
Service (Amazon RDS). Amazon RDS makes it easy to set up, operate, and
scale SQL Server deployments in the cloud. You can deploy multiple editions

3
Migration options (cont’d)
Alternatively, you can migrate via SQL server native solutions. These include:

Backup/restore Replication AlwaysOn Availability Groups (AGs) Distributed Availability Groups

You can use native Microsoft SQL Achieve synchronous DB-level Support one set of primary Migrate databases with zero
Server backup/restore capabilities replication and zero data loss databases and one to eight sets downtime. Keep both sides of the
to migrate databases to instances through mirroring, AlwaysOn of corresponding secondary migration synchronized without
of SQL Server running in Amazon availability groups, or basic databases. Combine with worrying about the complexities of
RDS or EC2. Amazon RDS supports availability groups while running Distributed AGs to achieve Active Directory or WSFC. Combine
restoring database backups stored in separate Availability Zones (AZs). virtually unlimited scale. AGs deployed in each region into
in Amazon Simple Storage Service Offload your read-only transactions a larger distributed AG. Good for
(S3). This is the easiest method of from your primary SQL Server cases involving several replicas
migration, but you should consider instance to one or more read across two or more regions.
the outage time required between replica instances.
creating a backup, transferring it to
Amazon S3, and finally restoring it
in your target instance.

4
3 Optimizing infrastructure performance

Migrating and modernizing with AWS will significantly

improve your system performance, which can lead
to less downtime, faster service delivery, and greater
customer satisfaction. With a robust set of options
to modernize your databases and an ever-expanding
catalog of compelling, innovative services, AWS Reduce latency with instance storage
delivers what your business needs today and for years Instance storage helps your SQL Server deliver better results at a lower cost.
Storage optimized EC2 instance types use fixed-size local disks, and a variety
to come.
of different storage technologies are available. Among these, Non-Volatile
Memory express (NVMe) is the fastest technology with the highest IOPS
Get better throughput with Amazon EBS and throughput.
Amazon Elastic Block Store (Amazon EBS) is a single-AZ block storage service
with various flexible options catering to diverse requirements. You can provision To minimize latency, you can deploy AlwaysOn FCIs or AlwaysOn AGs on
up to 64,000 IOPS per io1 EBS volume (based on 16 KiB I/O size), along instances that run inside an EC2 cluster placement group.
with 1000 MB/s throughput. Amazon EBS volumes are simple, convenient,
and effective.
Instance disks are ephemeral, living only as long as their associated EC2
instance runs. One suitable use for instance storage may be for the TempDB
If you need more IOPS and throughput than a single EBS volume provides, system database files, because they are recreated each time the SQL Server
you can create multiple volumes and stripe them in your Windows or service is restarted.
Linux instance.

Another use for EC2 instance storage is the buffer pool extension. This
Amazon EBS also enables you to create point-in-time and instantaneous EBS feature utilizes fast random-access disks (SSD) as a secondary AWS cache
snapshots. This feature copies the EBS snapshot to Amazon S3 infrastruc- between RAM memory and persistent disk storage, thus striking a balance
ture, an AWS service that comes with 99.999999999% durability. between cost and performance when running workloads on SQL Server.

5
Optimize file server performance with Storage Spaces Direct
Storage Spaces Direct (S2D) on Amazon EC2 for Windows provides a convenient way to increase durabil-
ity, availability, performance, and scale of your file servers. S2D allows all or selected disks attached
to instances of a Windows Server Failover Cluster (WSFC) to be clustered into a storage pool and made
available to all members of the cluster. It removes the complexities of managing different disk technologies
and creating a RAID cluster spread across several servers in a network.

Using Amazon EC2 Windows instances with S2D solves problems of both durability and scale. You can
deploy a group of Windows EC2 instances, join them to the same Windows AD domain, and create a
WSFC. Then you can add all attached NVMe disks to your pool and create an SMB 3.0 share drive on top.

Achieve global availability and reduce latency with read replicas

If you determine many of your database transactions are read-only queries, and that the sheer number
of incoming connections is flooding your database, read replicas may offer a solution. You can offload
read-only transactions from primary SQL servers to one or more read replica instances. Read replicas
may be used to perform backup operations, relieving the primary instance from performance hits during
backup windows.

If you mark your connection strings as read-only when using AG listeners, SQL Server routes incoming
connections to any available read replicas and only sends read-write transactions to the primary instance.

6
4 Optimizing your costs

AWS offers many services available at a fraction of For many businesses, some combination of the License Included and BYOL
models will likely be appropriate. And that’s fine—AWS can easily manage
the price of on-premises solutions. Our flexible pricing any mixture of the two.
options help you manage your costs while maintaining
maximum performance and capacity. With AWS, you Save on vCPU-based licensing costs with Optimize CPUs
can easily right-size your services, leverage Reserved Optimize CPUs is a feature that gives you greater control of your EC2 instances
Instances, and use powerful cost management tools on two fronts. First, you can specify a custom number of vCPUs when
launching new instances to save on vCPU-based licensing costs. Second,
to monitor how much you spend. you can disable Intel Hyper-Threading Technology (Intel HT Technology)
for workloads that perform well with single-threaded CPUs, like certain
Control licensing costs high-performance computing (HPC) applications. This may reduce the
AWS offers two options that help you better control your licensing costs. number of overall cores your system requires, thus decreasing licensing
Our License Included model provides you with fully compliant Microsoft costs even further.
software licenses bundled with Amazon EC2 or Amazon RDS instances. You
pay for them as you go with no upfront costs or long-term investments. Expand flexibility by running SQL inside containers
Running SQL Server inside containers provides higher flexibility with less
We also understand that you’ve made considerable investments in your overhead than VM deployments. Unlike VMs, containers do not need a guest
current SQL Server infrastructure and might want to reuse existing licenses OS running on top of a hypervisor and host OS. Instead, all containers share
when possible on AWS. No problem—you’re welcome to Bring Your Own the same OS kernel of the host. That means it’s possible to run far more
License (BYOL) into the AWS cloud. containers on the same server, with almost no extra overhead.

7
You can assign any number of cores (or fraction of a core) to each container,
depending on compute requirements. This powers high-density deployments,
which can reduce both infrastructure and licensing costs.

Increasing or decreasing resources always results in downtime. However,

containers share resources available on the same host, therefore, they can
use more or less resources as needed over time. If an SQL Server instance
requires resources that are not available on its current host, it can be moved
to a new host in a few seconds. Boot time for SQL Server containers is a
matter of seconds, boosting speed and agility.

Reduce cores, reduce licensing costs

When you run SQL Server on a server with multiple cores, you need to
license all cores available in the instance, regardless of how many are actually
used. However, running SQL Server inside a container with AWS allows you
to limit the number of cores accessible to your container, thus only requiring
you to retain licenses for the cores that are in use.

Ensure you’ve got the SQL version that’s right for you
After exploring migration and upgrade capabilities with AWS, some businesses
find that they don’t need all the high-performance functions that come
with SQL Enterprise Edition. These organizations can realize significant cost
savings by downgrading to SQL Standard Edition. While this will only be
an option for businesses that require a lower level of system performance,
they may be pleasantly surprised to find that SQL Standard Edition has
been inflated with many Enterprise-level features through its latest updates.
Businesses utilizing non-production environments can save even further by
downgrading to SQL Developer Edition, which has no licensing costs.

8
5 Optimizing security

We know security concerns are top-of-mind for Expand to file-level encryption with TDE
businesses considering a cloud migration. Rest assured, Transparent Data Encryption (TDE) provides transparent encryption of your
data at rest. This feature is available on both Amazon RDS for SQL Server
moving to AWS will lead to much higher levels of
and EC2 deployments. While EBS encrypts at the block-level, TDE encrypts
security than if you were to continue relying on your at the file-level, meaning database files can only be decrypted using the
legacy architecture. Security is the first priority at corresponding certificate. This prevents your database files from being
exposed, even if someone gains access to your EC2 instance.
AWS, and there are many AWS security features
available to you. These features can be combined Stay secure with Always Encrypted
with the built-in security features of Microsoft SQL Always Encrypted is a feature that allows separation between data owners
Server to satisfy even the most stringent requirements and data managers. With Always Encrypted, sensitive data stays encrypted
and expectations. even during query processing. Encryption keys remain with the data owners
and are not revealed to the database engine. This feature is available on
both Amazon RDS for SQL Server and EC2 deployments.
Encryption at rest made easy with Amazon EBS and KMS
If you are using EBS volumes to store your SQL Server database files, you
Secure your databases down to the row-level
have the option to enable block-level encryption. Amazon EBS transparently
handles encryption and decryption for you. This is available through a simple Control database access at the row level with Row-Level Security (RLS). This
checkbox, with no further action necessary. feature reduces your attack surface by filtering out all unauthorized access
attempts originating from any layer of your application. RLS could potentially
simplify your applications, but only if you design them in a way that differentiates
AWS Key Management Service (KMS) is a fully managed service that creates
users at the database level—so be sure to consider this at application design
and stores encryption keys. You can use KMS-generated keys or bring your
time. This feature is available on both Amazon RDS for SQL Server and EC2
own. In either case, keys never leave KMS and are protected from any
deployments.
unauthorized access.

9
Protect data in transit with Keep your data in the right hands Block unauthorized users with
Amazon VPC with Application Whitelisting Dynamic Data Masking

Data moves safer with Amazon VPC. Use security You can leverage Windows Server Group Policies to Dynamic Data Masking (DDM) protects data from
groups to restrict access to your EC2 instances whitelist your SQL Server software (and possibly any unwanted requests, masking and obfuscating
and only allow whitelisted endpoints and protocols. other known applications) on your EC2 Windows sensitive data in real-time. DDM is a policy-based
And use network access control lists to blacklist instances. This ensures that nothing but your security function that conceals data in the result
known sources of threats. whitelisted applications can run on these servers, set of a query over designated database fields,
and it’s one of the most effective ways to pre- while making no physical changes to the original
vent malware from breaching your instances. production data.

10
6 Conclusion: Why AWS?

AWS has over ten years of experience running Microsoft Only AWS can deliver:
workloads in the cloud, longer than any other cloud
> Optimum security at multiple levels
provider. It’s the clear choice for your Windows and
SQL databases and applications. > Trusted solutions build on long-term experience and
leading-edge innovation

AWS provides a modernization platform for both database and operating

> Absolute agility, exceptional elasticity, and superior scalability
system. With AWS, you can choose from flexible deployment options based
on your objectives and desired business outcomes—such as lower TCO,
> Cost savings, quick ROI, and low TCO
higher system performance, or better SLA/regulatory compliance.

> Maximum uptime across a massive global footprint

With over 100 services across multiple categories, AWS is the leader in cloud
innovation. According to IDC, AWS controls 60% of the Cloud IaaS for Microsoft > Access to the latest advances through our powerful
Workloads market segment share.* That’s because AWS is a proven, reliable partner network
solution that can help your business optimize infrastructure at levels no
other provider can match.

July 9, 2019 might mark the end of support for Microsoft SQL Server 2008,
but it can also signify the dawning of a new era for your business—an era
of high-performing, cost-efficient, reliably secure architecture. By entering
this bold new era, you’ll empower your business and its leaders to worry less
about infrastructure, focus more on your core mission, and redirect resources
to new business initiatives and innovation.
Make the transition to AWS
Contact us today g

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11