EC2 Announcements

On October 27th, Amazon made three announcements in regards to their Cloud services. High Memory Instances Lowered Per EC2 Instances Costs Amazon Relational Database Service The EC2 price cuts are great, i’m glad to see Amazon gaining further leve…

On October 27th, Amazon made three announcements in regards to their Cloud services.

The EC2 price cuts are great, i’m glad to see Amazon gaining further leverage in their infrastructure and turning those savings over to us.Personally i’m not a huge fan of the Higher Memory instances as I think at some point its a crutch to keep you from really bringing in the proper scaling technologies, ie Multitenancy, Sharding, Caching and Database Optimization.  I hear way to often from our developers “hardware is cheap” instead of spending a 20-30 hours optimizing poor code.I’m really interested in the new ARDS service, as I utilize a lot of MYSQL databases for applications I run on servers.  I’ll be looking into this service a bit more as it gets rolled out and I have a chance to really test it.Over on the 4sysops blog by Michael Pietroforte they have a great series called “Amazon EC2 Pricing for Dummies,” I highly recommend you check it out if your planning on doing a large server deployment on Ec2.http://4sysops.com/archives/amazon-ec2-pricing-for-dummies-part-1-only-pay-for-what-you-use/Hope to have some more info on ARDS soon!

Twitter Weekly Updates for 2009-10-19

@jason You need to get a Motivation poster designed off your “Starting is Easy, Finishing is hard” Love the saying! # Your having a Seizure on the ground… My first thought isn’t.. “I wonder if he has an app for that” # @StartupTrekTV At best i t…

  • @jason You need to get a Motivation poster designed off your “Starting is Easy, Finishing is hard” Love the saying! #
  • Your having a Seizure on the ground… My first thought isn’t.. “I wonder if he has an app for that” #
  • @StartupTrekTV At best i think you’ll agree to disagree. I’m very interested in hearing the debate. in reply to StartupTrekTV #

Powered by Twitter Tools

Twitter Weekly Updates for 2009-10-11

Lazy Sunday. Brandy and Corbin are at a baby shower. Seahawks lost.. and i’m contemplating cleaning or doing a blog post… exciting! # This is going to be an interesting week. I have no reason to believe so… it just feels that way. # Does anyon…

  • Lazy Sunday. Brandy and Corbin are at a baby shower. Seahawks lost.. and i’m contemplating cleaning or doing a blog post… exciting! #
  • This is going to be an interesting week. I have no reason to believe so… it just feels that way. #
  • Does anyone have a good bootable disk shredder for disposing of old equipment? #
  • TGIF!! Read this Ten ways SaaS Can fail article today, pretty interesting, can’t wait for part 2. @MichaelDunham #
  • Part 2 of 10 Ways to fail at SaaS. . Thnx to @MichaelDunham for the insight. #

Powered by Twitter Tools

Microsoft Active Directory and EC2

On September 30th, Amazon announced they would no longer charge a higher per hour fee for Windows servers utilizing authentication services. The new pricing makes windows on EC2 a lot more attractive then it had been previously. The differentation…

On September 30th, Amazon announced they would no longer charge a higher per hour fee for Windows servers utilizing authentication services. The new pricing makes windows on EC2 a lot more attractive then it had been previously. The differentation between windows and windows with authentication services was always an agitation previously.
The new pricing is great, but i’ve been doing a lot of research and experimentation with running a domain on Amazon EC2. Running a domain on EC2 is more complicated then it should be, and requires a lot more due dilligence and scripting of your windows instances to successfully work in the domain structure.
Setting up a windows domain is a straightforward process that any MCSE should be able to accomplish. A WIndows 2003/2008 server can be turned into a domain controller by running the DCpromo utility and following a simple wizard. Of course you need to make sure you properly size your AD sysvol and place it on the D: drive of the server.
Once the domain is configured and setup, it starts to get tricky and overly complex. There was an aritlce on Amazons developer site that detailed some of the backup and DR practices you, but it seems to have been pulled. I’ve linked to a cached copy, but will keep checking back in case they republish or update the article.
http://74.125.155.132/search?q=cache:CqMDdqzir20J:developer.amazonwebservices.com/connect/entry.jspa%3FexternalID%3D2435+Creating+an+Active+Directory+Domain+in+Amazon+EC2&cd=1&hl=en&ct=clnk&gl=us
As you can see from the document they state that you need to ensure that you have solid backups of your Active Directory environment. Ideally you’d want to store these backups on S3, persistent drive or a server in your local environment. They also advise that you must always have two domain controllers running in the event that an instance becomes degraded.
If your primary domain controller becomes corrupted you deploy another server, run dcpromo and add the new server to the domain structure. They do neglect to mention that if you were to take this approach you need to take careful care to monitor your FSMO roles, DNS server configuration/status and also ensure your global catalog is fully replicated to all domain servers.  Also when an old instance has terminated you will need to make sure you remove the domain controller from the AD structure so you don’t attempt to replicate accounts and objects to a server that no longer exists.
A normal windows/linux instance can be created, configured and setup and then you can follow the document to create an AMI image of the server that you can reuse to deploy identical images. Unfortunately part of the point of an AMI is that these servers are unique and in a windows world the deployment process resets the GUID. Because of this you can’t just setup 3 or 4 servers with images to to be your domain controller as they woudn’t function as a domain when they were brought online.
The other large problem you have to deal with is the DNS server, having multiple DNS servers that may or may not exist will require quite a bit of maintenance activity making sure each domain controller has DNS, that the records are being purged correctly, and that your client machines are pointing to a static IP mapping that you can move from server to server.
Not only do you have this increased complexity with the domain controllers and DNS your windows instance that run your databases, applications, etc will also need some additional tweaking to work properly. You’ll need to create scripts that add the instances to the domain as the instance is initiated, this will allow the instance to be part of the domain and leverage domain policies and accounts. As instances can be a temporary item, you’ll also need to make sure you regularly purge old instances from the Domain and DNS records.  This additional scripting and processes require extra time and testing in building your AMI images.
The advice given by amazon and all of these best practices are great, but I do recall issues when EC2 was still in beta with the entire EC2 cloud needing to be restarted. This results in the need to start all brand new instances, and you may not have the luxury of a previous domain controller to ensure your domain structures. This means you’ll be restoring your AD infrastructure from your backups.
Utlimately, the fault here doesn’t lie in Amazons systems, but really the whole domain concept that Microsoft has built. Its not a very cloud ready service, relying heavily on SMB traffic and local networks. Ideally an active directory design that leverages native TCP/IP, easy domain memberships and the ability to be started off an AMI would be a huge improvement ot the current AD structure.  In a perfect world though, I’d actually prefer to leverage Active Directory as a service from a SaaS provider or managed services vendor that I could leverage in Amazon or any cloud provider.
I’d love to get feedback on what others are doing to solve these WinAD problesm in the cloud. I’m planning on doing some further research around Read Only Domain Controllers, Federated Domain services and ADAM (Active Directory Application Mode) as they may be better solutions in the long term for what i’m working on accomplishing.

On September 30th, Amazon announced they would no longer charge a higher per hour fee for Windows servers utilizing authentication services. The new pricing makes windows on EC2 a lot more attractive then it had been previously. The differentation between windows and windows with authentication services was always an agitation previously.The new pricing is great, but i’ve been doing a lot of research and experimentation with running a domain on Amazon EC2. Running a domain on EC2 is more complicated then it should be, and requires a lot more due dilligence and scripting of your windows instances to successfully work in the domain structure.Setting up a windows domain is a straightforward process that any MCSE should be able to accomplish. A WIndows 2003/2008 server can be turned into a domain controller by running the DCpromo utility and following a simple wizard. Of course you need to make sure you properly size your AD sysvol and place it on the D: drive of the server.Once the domain is configured and setup, it starts to get tricky and overly complex. There was an aritlce on Amazons developer site that detailed some of the backup and DR practices you, but it seems to have been pulled. I’ve linked to a cached copy, but will keep checking back in case they republish or update the article.Active Directory on Amazon EC2As you can see from the document they state that you need to ensure that you have solid backups of your Active Directory environment. Ideally you’d want to store these backups on S3, persistent drive or a server in your local environment. They also advise that you must always have two domain controllers running in the event that an instance becomes degraded.If your primary domain controller becomes corrupted you deploy another server, run dcpromo and add the new server to the domain structure. They do neglect to mention that if you were to take this approach you need to take careful care to monitor your FSMO roles, DNS server configuration/status and also ensure your global catalog is fully replicated to all domain servers.  Also when an old instance has terminated you will need to make sure you remove the domain controller from the AD structure so you don’t attempt to replicate accounts and objects to a server that no longer exists.A normal windows/linux instance can be created, configured and setup and then you can follow the document to create an AMI image of the server that you can reuse to deploy identical images. Unfortunately part of the point of an AMI is that these servers are unique and in a windows world the deployment process resets the GUID. Because of this you can’t just setup 3 or 4 servers with images to to be your domain controller as they woudn’t function as a domain when they were brought online.The other large problem you have to deal with is the DNS server, having multiple DNS servers that may or may not exist will require quite a bit of maintenance activity making sure each domain controller has DNS, that the records are being purged correctly, and that your client machines are pointing to a static IP mapping that you can move from server to server.Not only do you have this increased complexity with the domain controllers and DNS your windows instance that run your databases, applications, etc will also need some additional tweaking to work properly. You’ll need to create scripts that add the instances to the domain as the instance is initiated, this will allow the instance to be part of the domain and leverage domain policies and accounts. As instances can be a temporary item, you’ll also need to make sure you regularly purge old instances from the Domain and DNS records.  This additional scripting and processes require extra time and testing in building your AMI images.The advice given by amazon and all of these best practices are great, but I do recall issues when EC2 was still in beta with the entire EC2 cloud needing to be restarted. This results in the need to start all brand new instances, and you may not have the luxury of a previous domain controller to ensure your domain structures. This means you’ll be restoring your AD infrastructure from your backups.Utlimately, the fault here doesn’t lie in Amazons systems, but really the whole domain concept that Microsoft has built. Its not a very cloud ready service, relying heavily on SMB traffic and local networks. Ideally an active directory design that leverages native TCP/IP, easy domain memberships and the ability to be started off an AMI would be a huge improvement ot the current AD structure.  In a perfect world though, I’d actually prefer to leverage Active Directory as a service from a SaaS provider or managed services vendor that I could leverage in Amazon or any cloud provider.I’d love to get feedback on what others are doing to solve these WinAD problesm in the cloud. I’m planning on doing some further research around Read Only Domain Controllers, Federated Domain services and ADAM (Active Directory Application Mode) as they may be better solutions in the long term for what i’m working on accomplishing.