Desktop as a Service in AWS

DaaS in AWS – A perfect harmony of rapid deployment and IT Management

The IT department of most organizations is responsible for deploying desktops to end-users and can be considered a routine task that can be optimized from a cost and time standpoint.

With AWS Workspaces, deploying desktops via the GUI (up to 20 at a time) or via the CLI (up to 25 at a time) can be accomplished very quickly for any sized organization. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.

You can pay either monthly or hourly, just for the WorkSpaces you launch, which helps you save money when compared to traditional desktops and on-premises VDI solutions.

Amazon WorkSpaces helps you eliminate the complexity in managing hardware inventory, OS versions and patches, and Virtual Desktop Infrastructure (VDI), which helps simplify your desktop delivery strategy. With Amazon WorkSpaces, your users get a fast, responsive desktop of their choice that they can access anywhere, anytime, from any supported device.

With the end of Windows 7 support in 10 months, there has never been a better time for organizations to migrate their managed IT desktops to Windows 10.

From a high-level, here are the easy steps on how to get started within WorkSpaces which can be accomplished within 1 hour.

1.  Create AWS account and setup with best practices

2.  Create VPC, subnets and any additional networking. For this step, using a CloudFormation template can save time and reduce the potential for provisioning error(s).

3.  When setting up the VPC, configure it with one public subnet and two private subnets using a NAT Gateway as illustrated.

4.  Amazon WorkSpaces uses a directory, either AWS Directory Service or AWS Managed Microsoft AD, to authenticate users. Users access their WorkSpaces by using a client application from a supported device or, for Windows WorkSpaces, a web browser, and they log in by using their directory credentials. The login information is sent to an authentication gateway, which forwards the traffic to the directory for the WorkSpace. After the user is authenticated, streaming traffic is initiated through the streaming gateway.

Note: You can also configure Microsoft AD using a standard EC2 instance and manage it yourself but strongly consider using an AWS service to reduce costs and overall management

5.  Client applications use HTTPS over port 443 for all authentication and session-related information. Client applications uses port 4172 for pixel streaming to the WorkSpace and for network health checks. Each WorkSpace has two elastic network interfaces (ENI) associated with it: an ENI for management and streaming (eth0) and a primary ENI (eth1). The primary ENI has an IP address provided by your VPC, from the same subnets used by the directory. This ensures that traffic from your WorkSpace can easily reach the directory. Access to resources in the VPC is controlled by the security groups assigned to the primary ENI.

6.  This architectural diagram taken from AWS illustrates all components within WorkSpaces

7.  To create a Workspace from the CLI, perform the following:

8.  This example creates a WorkSpace for user jimsmith in the specified directory, from the specified bundle.  aws workspaces create-workspaces –cli-input-json file://create-workspaces.json

9.  This is the contents of the create-workspaces.json file:

Input:

{

“Workspaces” : [

{

“DirectoryId” : “d-906732325d”,

“UserName” : “jimsmith”,

“BundleId” : “wsb-b0s22j3d7”

}

]

}

Output:

{

“PendingRequests” : [

{

“UserName” : “jimsmith”,

“DirectoryId” : “d-906732325d”,

“State” : “PENDING”,

“WorkspaceId” : “ws-0d4y2sbl5”,

“BundleId” : “wsb-b0s22j3d7”

}

],

“FailedRequests” : []

}

Reference link – https://docs.aws.amazon.com/cli/latest/reference/workspaces/create-workspaces.html

Have a question?

Innovative Solutions is an Advanced Consulting Partner with expertise in Microsoft Workloads. Innovative is a service delivery partner for Windows on EC2 and part of the Service Delivery Program.

Learn more about our CLOUD services

Contact us to START THE conversation

Subscribe to Our Newsletter

Download

  • This field is for validation purposes and should be left unchanged.