Compliant and Cost-Effective Microsoft Dynamics 365 CE Implementation on AWS

Q: When it comes to Microsoft Dynamics 365, most customers default to the SaaS offering. How did you help guide your customers to explore alternatives such as on AWS deployment?

While organizations choose the SaaS offering, they discover its challenges and limitations during detailed assessment. Banking and Financial Services Industry (B&FSI) organizations operate under strict regulatory mandates for data residency. AWS Region deployment addresses this by providing Dynamics 365 Customer Engagement in locations where SaaS coverage remains unavailable.

CRM systems require integrations with existing technology landscapes. Organizations need direct API connections, database triggers, and workflows for their business processes. SaaS deployment introduces additional operational considerations for these integration requirements. For example, SaaS deployment model uses API-first approach, meaning there is a need for additional middleware.

Q: How do you help customer overcome challenges with Microsoft Dynamics 365 CE SaaS offerings?

We helped our customers select and implement Microsoft Dynamics 365 CE solution on AWS cloud through a three-step process:

1. Assessment: We conduct targeted workshops to identify specific customer requirements and business challenges.
2. Solution Design: We analyze Dynamics 365 SaaS features against AWS deployment benefits, comparing costs, licensing requirements, deployment options, and integration capabilities. Based on this analysis, we create a solution architecture and refine it through iterative design reviews with stakeholders.
3. Validation: We build Proof of Concepts (PoCs) to resolve technical requirements. Our working demonstrations prove how AWS deployment overcomes SaaS limitations while delivering control over data residency, system integration, and improved cost optimization.

AWS deployment gives organizations control over data storage, backup strategies, and disaster recovery plans. Our architecture leverages multiple Availability Zones (AZ) to deliver high availability.

Solutions Architecture

Q: Can you give us an architecture overview of the solution you deployed on AWS?

Figure 1. Microsoft Dynamics 365 CE on AWS architecture

Our Dynamics 365 Customer Engagement on AWS architecture aligns with AWS Well-Architected Framework and incorporates these key elements:

• Security: We isolated the solution within Amazon Virtual Private Cloud (VPC) and implement security groups to control traffic to AWS resources. The architecture separates workloads into Web, App, and Database (DB) subnets for network segmentation. Amazon Elastic Block Store (EBS) encryption secures data-at-rest and data-in-transit between instances and storage. AWS Site-to-Site VPN establishes secure connections between on-premises workloads and AWS cloud resources.
• Reliability & Performance Efficiency: The architecture distributes mission-critical workloads across multiple Availability Zones using Application Load Balancer (ALB) and Network Load Balancer (NLB). We automatically scale-out by adding EC2 instances when load is high and scale-in by removing instances when load is low using EC2 Auto Scaling Groups (ASG). AWS Transit Gateway integrates with Site-to-Site VPN to provide multi-AZ failover, eliminating single points of failure through dynamic traffic routing across VPN tunnels.
• Operational Excellence: Amazon CloudWatch monitors AWS resources and applications through metrics collection and tracking. AWS Systems Manager handles resource management tasks. AWS CloudFormation provisions the infrastructure through Infrastructure as code (IaC).
• Cost Optimization: Our analysis determined Microsoft SQL Server Standard Edition meets performance requirements at lower cost compared to Enterprise Edition. Auto Scaling groups optimize computing costs by matching resources to actual workload demands.

Q: What implementation security challenges did you encounter, and how did you resolve them?

We addressed three critical security requirements:

1. Strict network access required Dynamics 365 to be accessible only to corporate users on corporate network. We implemented a defense-in-depth approach: Application Load Balancer (ALB) serves as the entry point for Dynamics 365, with Amazon EC2 Web Servers deployed within a VPC. Users from the corporate data center connect through AWS Site-to-Site VPN, giving us precise control over ingress traffic.
2. Certificate-based authentication: We implemented Active Directory Federation Service (AD FS) to validate trusted company devices. However, SSL termination at the Application Load Balancer (ALB) disrupted the end-to-end encryption needed for certificate validation. Our solution combined ALB for session management with a Network Load Balancer (NLB) for SSL passthrough, preserving the certificate authentication process while maintaining security controls.
3. Identity management integration: Our customer uses JumpCloud to master user credentials, requiring integration with Dynamics 365 CE. We deployed Active Directory on EC2 and configured JumpCloud Active Directory Integration (ADI) to synchronize users and groups. This architecture provide authentication across Dynamics 365 and AWS workloads. We implemented Role-Based Access Control (RBAC) within Dynamics 365, mapping AD groups to specific roles and permissions.

To validate our solution, we conducted end-to-end testing through Proof-of-Concept, demonstrating the authentication flow and access controls to stakeholders.

Q: How did you architect the solution for both reliability and performance efficiency?

We deployed Web-tier EC2 instances and App-tier EC2 instances into two Auto Scaling Groups (ASG) across multiple Availability Zones (AZs). Each tier scales independently based on actual workload demands, maximizing performance efficiency.

To achieve this with Commercial-Off-The-Shelf (COTS) software such as Dynamics 365 CE, we used EC2 Image Builder to create EC2 Golden Image, then used these as the Amazon Machine Image (AMI) in the launch template for the EC2 Auto Scaling Group. This approach delivers faster scaling compared to using EC2 user data, while automated patching reduces operational tasks.

For the Database Tier, we implemented it as Microsoft SQL Server Always On Failover Cluster Instance (FCI). The architecture deploys primary and secondary nodes across two AZs, enabling automated failover. We selected SQL Server Standard Edition over Enterprise Edition based on our performance and cost analysis.

Q: How did you optimize SQL Server licensing costs while maintaining high availability?

Our SQL Server assessment focused on two key elements. Feature requirements for Dynamics 365 CE and Licensing costs, as SQL Server requires separate license to Dynamics 365 CE.

Microsoft SQL Server Standard Edition fulfills the functional requirements at a lower cost than Enterprise Edition. For high availability and disaster recovery, we implemented SQL Server Standard Edition with Always-On Failover Cluster Instances (FCI), utilizing Amazon FSx for NetApp ONTAP as shared storage. This configuration delivers fully managed storage across multiple Availability Zones, ensures high-performance database operations, enables automatic failover, and incorporates built-in multi-AZ redundancy.

Our cost optimization extended beyond SQL Server licensing. We conducted a Total Cost of Ownership (TCO) analysis comparing on-premises, SaaS, and AWS deployments. The analysis measured infrastructure capital expenditure, maintenance costs, scaling requirements, growth projections, customization needs, and operational expenses. Through an AWS Optimization and Licensing Assessment (OLA), we validated our license selections, instance sizing, and AWS service choices. The final analysis revealed that while the SaaS offering costs 18% more than on-premises deployment, our AWS architecture reduced costs by 36% compared to on-premises deployment.

Conclusion

The successful Microsoft Dynamics 365 Customer Engagement deployment on AWS cloud demonstrated the value of expanding beyond standard SaaS deployment models. HCLTech executed a structured three-step process Assessment, Design, and Validation to deliver an enterprise-grade solution on AWS cloud that maximizes Microsoft Dynamics 365(CE)’s capabilities while ensuring high availability, resiliency, performance, and security.

Organizations considering Microsoft Dynamics 365 Customer Engagement implementations should evaluate AWS deployment options to achieve the optimal balance of regulatory compliance, operational efficiency, and cost management.

HCLTech – AWS Partner Spotlight

HCLTech is an AWS Premier Tier Services Partner and Managed Service Provider (MSP) that serves hundreds of global enterprises to solve day-to-day and complex challenges with a dedicated full-stack business unit. To learn more contact awsecosystembu@hcltech.com

Contact HCLTech | Partner Overview | AWS Marketplace | Case Studies

About the Microsoft workloads on AWS Partner Spotlight series

Please continue to join us in this blog series as we highlight our AWS Partners’ capabilities in migrating and modernizing Microsoft workloads on AWS. Let AWS Partners with their specific niche offerings help you assess how your company gets the most out of cloud.

TAGS: Microsoft workloads on AWS Partner Spotlight

_____________________________________________________________________

AWS has significantly more services, and more features within those services, than any other cloud provider, making it faster, easier, and more cost effective to move your existing applications to the cloud and build nearly anything you can imagine. Give your Microsoft applications the infrastructure they need to drive the business outcomes you want. Visit our .NET on AWS and AWS Database blogs for additional guidance and options for your Microsoft workloads. Contact us to start your migration and modernization journey today.