Amazon WorkSpaces App is used to connect to an Amazon WorkSpace – a cloud desktop that you can use for your day-to-day business tasks such as editing documents, accessing web applications, and sending/receiving company email. You need an existing Amazon WorkSpaces account to use this app. Amazon WorkSpaces users receive access to WorkDocs for no additional charge. This includes 50 GB of storage per WorkSpaces user. For a discounted rate of $2 per WorkSpaces user per month, this can be upgraded to 1 TB of storage.
The Amazon WorkSpaces App connects you to an Amazon WorkSpace. Amazon WorkSpaces provides a fully-managed desktop service in the cloud. You can use Amazon WorkSpaces for all of your day-to-day computing needs such as editing documents, accessing web applications, and sending/receiving email.
It’s been nearly two years since I first heard rumors about Amazon Workspaces, the AWS foray into Desktops-as-a-Service. Amazon Workspaces is a nifty little solution for spinning up some desktops. Maybe nifty, however, isn’t good enough in the world of DaaS – certainly “little” isn’t. Although we think that the public cloud is a solid place to host DaaS, if you’re planning on deploying any large-scale initiative of virtual workspaces, you’ll need a complete toolset. So, what’s a person who wants a full DaaS solution on AWS to do?
A mile-high view of Amazon Workspaces
An Amazon Workspace is, essentially, a Windows Server instance that is allocated to a single user. They are built from master bundles provided by Amazon, which may include Microsoft Office or other applications. One nifty aspect is that you can create custom bundles, which are handy for quickly provisioning new Workspaces with your specific applications installed.
Also nifty is that the data drives are stored separately from the operating system drive, and workspaces takes twice daily, automatic snapshots of the data drive. If you need to update a workspace, you rebuild it from the latest bundle image without losing your data (assuming you time it right in that twice-a-day cycle).
Workspaces integrate with AWS Directory Services, which comes as no surprise as Amazon does an amazing job making sure their services play nicely together. That integration gives you the features you associate with domain-joined desktops, like group policies.
Not only are Workspaces automatically added to a directory, they are spun up in a Virtual Private Cloud (Workspaces will even create the VPC, if you don’t yet have one.) From there, you can manually do things like allow file transfers between instances or to an instance defined as a file server. The key word there, however, was “manually”. The Workspaces documentation tells you how, but you need to configure this yourself.
That all sounds great, right? And, it is if you need a handful of persistent desktops. The wizard creates the VPC, Directory Services, and Workspaces with very limited input from you.
If you want pooled and non-persistent desktops, want more control over your AWS compute costs, want to manage desktops in multiple VPCs for multiple customers, or do a host of other tasks often required for a successful DaaS solution, however, you need to look beyond.
What’s missing for a true DaaS solution?
How To Download Amazon Workspace
In my previous blog, I outlined why AWS is a great place to host DaaS. My claim, now, is that Workspaces just isn’t the greatest tool for managing that DaaS solution. To get the most out of DaaS on AWS, you need to invest in tools outside of the AWS umbrella, like Leostream!
To start, let’s mention that Leostream includes the core pieces that make AWS nifty, namely integrating with VPC and Directory Services (although, not automatically creating them for you), and spinning up instances from your custom images. With these commodity features in place, let’s look at what Leostream does beyond Workspaces.
Scaling
First, consider how your DaaS solution scales. In Workspaces, you define each user and launch their workspace individually. For a large number of users, that’s tedious. Instead, Leostream gives you tools that spin up batches of desktops, and then assign those workspaces out to users based on policies. In Leostream, a policy is a set of rules that indicate which desktop to assign to a user, based on who the user is and where the log in from.
Advanced Policies
Using policies, Leostream automatically assigns new users to desktops without any intervention from you. Onboarding new users is a simple matter of adding them to your directory services. And, notice the desktop assignment is based on who the user is and where they log in from. So, if you want to give the user access to desktops in different AWS regions when they travel, Leostream can automatically do that, too.
Persistent and Non-Persistent Desktops
Second, consider all the workflows you need to satisfy. Leostream policies can manage persistent or non-persistent desktops. A persistent desktop behaves like an Amazon Workspace. A non-persistent desktop is an entirely different beast. In non-persistent mode, the desktop is available for a single use, say for a user who needs one-time access to an application. The non-persistent desktop is terminated as soon as the user logs out, and a clean desktop created to take its place. Basically, you have a pool of shared desktops.
Cost Control
Next, look at how you accrue AWS costs. Amazon Workspaces are available at a flat monthly rate. How do you handle customers who want to host legacy applications that are accessed only rarely over the course of the month? Leostream policies also make sure users have compute available when they need it, and that the compute is either off or completely terminated when not in use. By creating careful schedules, you can minimize your AWS costs and maximize your profits.
Multi-tenancy
Lastly, what about multi-tenancy. If you want to keep all your customer desktops in your master AWS account, you need to make sure to isolate the customers into separate VPCs. Each pool of desktops you create in Leostream can be provisioned into its own VPC, allowing you to manage multiple customer accounts from a single Leostream interface.
And, the list of important DaaS features goes on, but you’ll have to request a demo to learn more. I love AWS (almost as much as I love OpenStack, but that’s a topic for another day!) I’m just not convinced on Workspaces in a large environment. I’d be curious to hear from anyone using Workspaces. Are you using it at scale? Have you considered using it for DaaS, meaning to manage desktops for a customer? If you have, give Leostream a call. We’d love to hear about your successes and trials!
Companies have been leveraging on various virtualization technologies for the past few years. However, with the increased need for mobility and scalability, cloud-based virtual desktops are raising in popularity. With companies encouraging their employees to work from home and increasing security vulnerabilities, time is ripe to embrace Desktop as a Service.
While employees’ “working from home” norm is great for productivity and business continuity, companies cannot depend on legacy IT infrastructure for this. It takes many functions to run a company successfully and they all have diverse infrastructure needs. While some teams like design teams work on GPU intense tasks, other work on processing intense tasks. The cloud-based virtual desktops address this need for diverse IT landscapes.
In some scenarios, companies might need to rapidly scale up or down. In scenarios like mergers and acquisitions, companies might need to create or delete thousands of desktops within a short period of time. This rapid provisioning is the need of the day.
Why Amazon WorkSpaces?
Desktop Delivered - Simplifed via Cloud
Amazon WorkSpaces simplifies desktop delivery to employees. Traditional desktops/laptops are rigid, diffcult to manage and prone to vulnerabilities. Amazon WorkSpaces rises above these limitations to provide a secure and managed cloud based desktop environment that can be provisioned seamlessly. DaaS through Amazon WorkSpaces also reduces the stress on procuring, deploying and managing a large amount of inventory.
Mitigate your Capital Cost on IT Infrastructure
With DaaS, IT infrastructure expense can be significantly brought down without compromising on the infrastructure capabilities. You can also pay for what you use by the hour. This helps companies mitigate IT expenditure for temporary demand which can quickly later turn into dead investment.
Uncompromised Security
Amazon WorkSpaces deployment provides a comprehensive security cover that helps companies mitigate security threats. Additionally, Cloud4C offers a comprehensive role control mechanism allowing companies to have a tight control over their data and other digital assets.
Control the Instances from Anywhere in the World
By letting go of physical assets, companies do not risk losing any control over their IT infrastructure. Amazon WorkSpaces provide a feature-rich provisioning service that can help create, provision or delete a large number of workspaces within minutes. This coupled with Bring-Your-Own-Device (BYOD) can give a lot of control for the IT staff without compromising their security or breaking the bank.
Deploy Linux or Windows instances within minutes
Amazon WorkSpaces does not restrict from using any software or hardware. Users have the flexibility to choose OS, hardware and software. In fact, users can even save a small amount on the Amazon WorkSpace bill if they bring their own licenses.
Offload Infrastructure Management
IT staff no longer need to spend substantial amount of time on maintaining hardware inventory, OS updates, patch roll out etc. With Amazon Workspaces in place, they can now focus more on the core functions.
Cloud4C’s Managed Amazon Workspaces Offering
While AWS WorkSpaces is a great DaaS solution, clients still have to build their preparedness to adopt it. This includes choosing the right tier of AWS offering, creating the right kind of WorkSpace to suit their requirements and managing the offering. Cloud4C team has more than a decade of experience in building and maintaining virtualized desktop environments including DaaS.
AWS PlatformManagement
Compliance andauditing
Why Cloud4C to deploy Amazon Workspaces for you
To make the most of DaaS offering such as Amazon Workspaces, companies need the best of the tools along with a full suite of managed services. Cloud4C helped many companies successfully leverage on DaaS to take their infrastructure to the next level. Due to our comprehensive service portfolio, our customers can depend on us via a single SLA that covers all the services. Our processes and deployment approach are based on decades of experience in helping our clients.
Key highlights of Cloud4C are:
2000+ certified Cloud experts
24X7 support via NOC and SOC, even during difficult times like COVID-19 lockdown
Total ownership through single SLA for all the services
We successfully deployed and managed 5000+ VDI instances
Pay-as-you-go Model - No capital cost towards IT infrastructure
Automated deployment and management - Designed to save cost and time
Continuous monitoring of industry compliance and security control
Scale as per your business need within minutes
Workspace For Mac
Cloud4C Amazon Workspaces Deployment Strategy
Cloud4C created a high level plan so that our customers can start using Amazon Workspaces as effective as possible from Day 1.
1. Network and Access to AWS WorkSpaces
While most companies today have all the necessary tools for accessing AWS WorkSpaces, we need to make sure all the necessary inventory is in place and the basic setup is done. At this stage, we setup VPC - private subnets and NAT Gateway. We ensure that the users have the necessary connectivity and associated protocols defned like S2S and VPN tools. We also look at the IP allocation and other HDLP aspects such as web and data access, IP access control, and trusted devices.
2. Authentication and User Access Management
At this stage, we use Microsoft Active Directory (AD) to create authentication and user access protocols. We create an AD on AWS and map it to the on-premise domain. This enables users to access fles that are part of the on-premise domain.
3. Security and Data Protection
This is a vital step where we create a security layer for all the data that is being transferred in the network. Encryption of data, mapping protocols for secure data transfer, deploying HDLP software, antivirus and any security features needed to ensure compliance, are done at this stage. This will make sure that using Amazon WorkSpaces does not violate any compliance norms.
4. Monitoring and Management
While ensuring security from all aspects, it is still workspaces. We install tools and create processes to track events and metrics of the network to auto- very important to monitor and manage the matically create performance reports periodically. We also make sure regulars backups are created for the data.
Cloud4C Phase-wise Approach and Implementation
We believe that successful adoption of AWS WorkSpaces is possible only by making sure the onboarding process is done the right way in addition to the necessary maintenance. To achieve this, we have created a phase-wise approach and implementa- tion process.
Introduction of Cloud4C AWS CCoE & CAF
Introduction to Cloud4C
DaaS use case and scenarios
Understand the landscape for building the DaaS -> AD / File servers / Desktops / Laptops / DaaS (on premise if deployed)
Understand the Organization Security / Compliance needs
Planning Data Protection , IAM, Resilience ,Infrastructure Security, Backup & DR Planning
Data migration from on-premise to Cloud
Commercial Estimates
Deployment Timelines
Deployment / Migration of DaaS Environment
AWS Account Setup
Building Landing Zone
Ideality integration
Confgure MFA and other security controls
Build Image and launch workspaces
Test Profles and Client experiences
Migrate on-premise data
Test and Commission
Operationalize & Confgure Backup
Optional -Confgure advanced application catalogs using AWS WAM, AWS appstream, Custom Bundles, BYOL, cross region DR and other advanced features
Introduction to Our Processes and Practices
We initially introduce our customers to the standard templates we follow for each use case and scenario. After we pick the closest scenario, we go about customizing it to suit the requirements of the specifc customer. We also understand what infrastructure do they currently have and what additional infra they have to obtain for this project. Additionally, we understand the customers’ security needs to create a suitable offering.
Prepare Deployment Plan and Landing Zone Design
To start with, we will profle end users of the DaaS product for providing apt solutions to them. Based on this informa- tion, we create user category bundle mapping to make it easy for IT administrators to provision services. We also lever- age on AWS Landing Zone and Active Directory to create the necessary provisioning infrastructure for the WorkSpac- es.
Additionally, we investigate, plan and estimate the need for security, IAM, compliance, resilience, infrastructure securi- ty, backup and disaster recovery. The project scope is understood based on these aspects.
Deployment of and Migration to Amazon WorkSpaces
Once we understand our customer expectations and we agree upon the requirements, we get to execution of the project. Starting from setting up the AWS account to operationalizing and confguring the backup, we have a predefned set of processes which are executed meticulously.