welcome to this is my architecture I'm Matt from AWS if you've been watching this series you know that normally we talk to customers and partners about how they build their Solutions on top of AWS but once in a while we talk to our own internal teams and learn how they build their own Solutions so today I'm joined by Santiago from the AWS QuickStart team thanks for joining thank you so what is AWS quick start and what do you do so AWS quickart uh we build uh quick starts and which are reference deployments on AWS for key workloads um they use best practices and they're built with partners and with AWS solution Architects So when you say key workloads what does that mean what type of quick starts are there it there it's a whole variety of quick starts um so we have anywhere from Enterprise workloads um all the way to open source tools and and deployments great so are these Cloud information templates or scripts or how are they built correct they're they're a combination of assets so they're cloud formation templates with accompanying scripts to you know do bootstrap and do the deployment itself it also comes with a deployment guide uh that gives you kind of a step-by-step guide of how it was created and what the reference um was all about great so AWS quips allow customers to deploy sort of automatically almost as if they had an Auto Solutions architect a complex architecture following best practices and guidance so they're highly available Etc yep great so today we're looking at SQL Server 2017 on ec2 is that right that's right so we have Amazon RDS and that supports SQL Server 2017 so why would a user need to use Quick Start to deploy that yeah so it gives him a lot of flexibility this particular quick start deploys an always on availability group configuration uh that uses a Windows Server failover cluster um a little bit different than RDS RDS actually uses for multi-az uh they make use of of SQL mirroring okay great so we always say we're about user flexibility user choice so you can use RDS to deploy SQL server but if you want to deploy it yourself on ec2 you have other choices yeah correct um you have the choices of this quick start and also it gives a bit more flexibility in ownership so there's cases where um a customer may want direct access to the file system or administrative access to them instances and this Quickstar lets them do that okay great so some customers who want to get direct access in machine log in as an administrator and perhaps install an agent or do other things they can do that with this architecture correct okay so tell me how it's built I mean I imagine that this is just part of the picture that we have up here uh is this all One Cloud information template how are you building it so with quick starts we try to package everything in one in one piece um but you can also Deploy on an existing VPC or on a brand new VPC in this example we have a new VPC that actually comes from our VPC quick start which is another quick start that we use as a foundational piece for a lot of different other Quicks as well so does that mean that you have sort of multiple or nested gloud formation templates that's right we we make use of the stack nesting functionality in cloud formation to orchestrate all the different Stacks that are deployed okay so if I was a user though and I'm looking at this I mean what's stopping me from just writing my own cloud formation what what is hard or what is complex about this quick start yeah so this particular quick start just thinking about just the SQL workload is over 3,000 Lines Just in claw formation code um and on top of that you know when you creating all the different scripts do for you know for you to do things like joining a domain or renaming the machine creating the the failover cluster um there's hundreds of Powershell lines of code that were written to create that particular configuration so you have hundreds of lines of power shell scripting thousands of lines of Json or yaml for your Cloud information templates so this effectively saves you a ton of time yes and prevents I imagine human error too Cor right okay great so we have here a VPC quick start you said that's one component of it and then within that we have SQL Server 2017 deployed on ec2 so let let's talk about some of the components here so up top I see we have well first of all we have two availability zones and public and private subnets so what is this piece up here what starting up the top yeah so this particular piece here is another quick start that we deploy as a part of the layering system here um and this is actually a remote desktop gateways so remote desktop gateways you can think of of they're basically Bastion for Linux but in this in this case they're actually Bastion for Windows okay so you have Bastion hosts allow administrative users or people who need to do stuff in the Clusters to to log in remotely yeah so just like not gateways handle the out the outgoing traffic the remote desktop gateways will handle your incoming like administrative type of traffic securely yes great okay so that's the public component you have n Gateway for outbound internet traffic you have remote desktop gateways for sort of secure access to the environment then in the private subnets I imagine where this is the actual SQL Server 2017 magic so what's going on down here correct so as as part of the SQL workload itself um you can actually deploy we we deploy this in two different uh private subnets and one of the instances that we deploy here is a SQL Server so it's called that SQL one and on the other side on the other private subnet we deploy a SQL two uh these are the two SQL Server instances that are in a failover uh in a failover cluster Windows Server failover cluster okay so earlier we were talking about how quick starts give you best practices so you can be highly available so how are you actually handling High availability here is this in an auto scaling group or what's going on here yeah so for the remote desktop Gateway piece we are in an auto scaling group however for the SQL server side of things um we're actually in a a failover cluster um so what we do is we do a synchronous commits um and we do automatic automatic failover of the instances themselves okay so you have automatic failover across availability zones and always on availability group that's great so this is across two uh availability zones can you go across more than two could you have three for example yeah so the Quick Start its parameters you can set the parameters say deploy in 3 A's and it'll deploy another set of public and private subnet with a a SQL Server instance and the third a so some of our larger customers have even more complex availability requirements and they want to have multi- region deployments is that possible here yes so if you deploy the exact same quick start in another region um what you can do is you you can set up a distributed always on availabil availability group listener and with that you would not do the uh you would actually do asynchronous commits and with a um manual failover great okay so you have a highly available SQL Server cluster um SQL Server 2017 running on ec2 you have a remote desktop Gateway in the public subnets here so then moving down I see some additional components what is this representing down here yeah so to in order to create cluster Quorum you need a file share witness um to be able to you basically watch the two SQL Server instances to make sure that they're they're functioning um in the 3az case however we can actually get rid of this and when it moves to another a you can you can set it to be a a failover uh another failover cluster node or it could be a file share witness as well okay great and then lastly we have if I remember my AWS icons correctly I think this is AWS directory Services is that right yes that's correct so what does that use for here yeah so that's used for identity and authentication and what it is this actually deploys across the two azs M and it is used for the SQL servers themselves to join to a domain and for also to do some windows authentication at the same time okay so these are running on Windows server and they can join to a domain on your directory Services is that right that's correct okay now what if I have my own domain already do I still need to use this or how does that work no so because of the layering that we do of this different templates via the stack nesting there is actually a distinct uh template confirmation template that deploys just a SQL workload okay um the this particular template that deploys the active directory is a separate quick start that we that we layered in at the same time as we do for the remote desktop gateways and a VPC that's really interesting because of the modular way that you've built this at every step of the way it gives you that flexibility if you want to use your own domain that's fine if you want to uh just deploy the VPC you can use just that component I really like the way how you've built this up kind of with building blocks of cloudformation for quick starts great well thanks for sharing this with us today thank you thank you for having me here and thanks for watching this is my architecture