Getting Started with Windows Server on Amazon Web Services

These days in the IT world, everything is about the cloud. Cloud services, cloud security, private clouds, hybrid clouds -- the list goes on. It'senough to make your head spin. For all this recent talk about cloud computing, one company has been offering a variety of cloud services for more thanfive years now. Amazon's cloud offerings, known as Amazon Web Services (AWS), exist in the Infrastructure as a Service (IaaS) category. When you workwith AWS, you're responsible for managing and maintaining your own virtual machines (VMs), including the software that you choose to run on top ofthem. This is in contrast to companies such as Salesforce.com, which offers Software as a Service (SaaS), or Microsoft, which offers Windows Azure as aPlatform as a Service (PaaS).

Many misconceptions surround AWS in the IT community. IT pros think that AWS is a developer technology or that only VMs that run Linux can run on theservice. It doesn't help that many AWS-specific terms can be confusing. What, for example, is Elastic Block Storage (EBS)? Fortunately, getting an AWSaccount and a Windows Server VM running on the service is straightforward and inexpensive. In this article, I'll go through the steps to create such aVM and connect to it via Microsoft Remote Desktop Protocol (RDP).

Sign Up, Sign In

The first thing you'll need is an AWS account. If you already have an Amazon.com account, you're practically there. Head over to aws.amazon.com andclick the Sign Up Now button on the right side of the page. (If you don't already have an Amazon.com account, you can create one here.) Sign in withyour Amazon.com email address and password, then complete the remaining AWS sign-up steps.

After you've signed up and signed in, you're presented with a rather stark dashboard, as Figure 1 shows. The top tabs show the various services thatAWS offers. Take some time and explore them all. Some have an additional Sign Up button that you can click if you want to enable that particular AWSservice for use. There's no harm in enabling access to all these services: With AWS, you pay only for the resources that you're actually using.

Figure 1: A brand new AWS dashboard 

After you're familiar with the dashboard offerings, click the EC2 tab. This is where you'll create and work with your Windows Server VMs.

Create an Instance

To get your Windows Server VM going, click the Launch Instance button. This action brings up the Request Instances Wizard, in which you can select anAmazon Machine Image (AMI) to run. AMIs come from a variety of sources, including the AWS community and Amazon itself. You'll use the Microsoft WindowsServer 2008 R2 Base AMI that's presented in the Quick Start tab, as Figure 2 shows. (Unfortunately, no Windows AMIs currently qualify for the AWS freeusage tier, which specifies the use of Linux. Still, for a quick test of the service, you'll be paying literally a few cents. Click the link for more informationabout AWS pricing.)

Figure 2: Choosing an AMI 

After you select the AMI image, the next screen of the wizard prompts you for details about the Elastic Compute Cloud (EC2) instance that you want tocreate. As Figure 3 shows, you need only one instance; the Availability Zone doesn't matter in this situation. I selected a large instance type to upthe available RAM from 613MB to 7.5GB and add an additional CPU core.

Figure 3: Setting up an instance 

On this screen, you'll supply more details about the instance that you want. Here, you run into some of that confusing terminology. You don't need toselect a particular Kernel ID or RAM Disk ID, but what are Termination Protection and Shutdown Behavior? In AWS parlance, when you select Shut Downfrom the Windows Start Menu, the EC2 instance can be either stopped or terminated. It might be better to think of these options as "dormant" or"destroyed." You can restart a stopped instance, at will. A terminated instance is destroyed and cannot be restarted, hence the Termination Protectioncheck box for those who choose Terminate as a shutdown behavior. I want my instance to stop only when I select Shut Down, so I'm leaving the ShutdownBehavior default set to Stop.

The next screen allows for user-specified key-value pairs, to ease management. You don't need to define any of these, so simply move on.

On the following screen, you need to create a key pair to gain access to the EC2 instance. (The AMI that you selected has a default Administratorpassword. Of course, you don't know that password; if it was merely a default that anyone who used AWS knew, an attacker could connect to your newlylaunched EC2 instance before you could. So, you'll create a key pair that can be used to gain access to the Administrator password.) Type a name foryour key pair, then click Create and Download Keypair. Save the resulting .pem file somewhere that's easy for you to access. The wizard automaticallymoves on to the next screen, which Figure 4 shows.

Figure 4: Configuring the firewall 

You now configure the firewall settings that are needed to gain access to whichever services you intend to run on the EC2 instance. Fortunately, thewizard offers to create a security group, called quick-start-1, that allows access from any IP address to RDP port 3389. This is exactly what you wantfor now, so click Continue to move on.

As Figure 5 shows, the final screen presents a summary, to which you can make changes if needed. If everything is copasetic, click Launch. A messageappears, stating that the instance is now launching and providing a link to view it on the Instances page. Click the link, and you'll see somethingsimilar to Figure 6. When the status of the instance is listed as running and displays a green orb, you're ready to connect via RDP. First, however,you need to obtain the IP address of the EC2 instance, and grab the Administrator password, by using the key pair that we created earlier.

Figure 5: Reviewing the instance

Figure 6: AWS dashboard, with an instance 

Get Connected

Get the IP address first. Select the check box to select the running instance, then scroll down in the lower window pane until you see the Public DNSfield. This field contains the hostname that will resolve to the IP address that's currently assigned to your EC2 instance. Make a note of thisaddress.

Now for the Administrator password. Click the Instance Actions drop-down arrow to view the Instance Management menu, which Figure 7 shows. Select GetWindows Admin Password. A window appears with the encrypted password. Paste the text from the .pem file that you downloaded earlier into the PrivateKey box, and then click Decrypt Password. You're presented with the decrypted password and the public DNS name of the instance, as a reminder. Make anote of both pieces of information.

Figure 7: Managing the instance 

You can now use RDP to connect to your EC2 instance. This step is as easy as launching Remote Desktop Connection and entering the public DNS name inthe Connect To box. Log on using the Administrator account and the decrypted password, and you'll be in familiar territory, as Figure 8 shows. Feelfree to explore all you want -- it's a real Windows Server VM!

Figure 8: Connecting through RDP 

When you've finished, select Shut Down from the Start Menu. Now, take another look at the AWS dashboard. As Figure 9 shows, the instance status is nowshown as stopped and displays a red orb. You can restart the instance by selecting its check box and clicking the Launch Instance button. One caveat:By default, the public DNS name of the instance doesn't survive across launches, so make sure that you note the new public DNS name when you relaunchthe instance.

Figure 9: Stopping the instance 

Finally, you'll terminate the instance. Why not just leave it in the stopped state? Billing for AMI disk storage continues if the instance isn'tterminated. You don't want that for this tutorial, so select the instance, return to the Instance Management menu, and choose Terminate under InstanceActions. The status for the instance in the AWS dashboard changes to terminated, next to a red orb. Soon thereafter, the instance will disappearentirely from the dashboard.

Just the Beginning

This tutorial just scratches the surface of what you can do with Windows Server running as an EC2 instance on AWS. The possibilities include buildingyour own AMIs, using a static IP address, and monitoring your instance so that you can be alerted if there are any problems. It's even possible, albeitwith some configuration caveats, to run an Active Directory (AD) domain within EC2 instances. I encourage you not to fear the cloud -- wade deeper intothe AWS pool and experiment.