Getting Started with Amazon WorkSpaces
Derek Sedlmyer
Posted on April 6, 2020
As I write this, the world is dealing with the COVID-19 pandemic. A majority of the world's citizens are under some sort of strict lockdown or stay-at-home orders by their government in an effort to slow the spread or "flatten the curve" in order to not overwhelm the hospital system. This has brought an immediate challenge to organizations to quickly enable a remote workforce in order to achieve business continuity.
One of the challenges facing organizations in this crisis is connecting remote workers in order to maintain productivity and data security. Organizations are faced with a number of issues at this time of crisis including hardware and network constraints, desktop software patching, endpoint security and others. The crisis is forcing many organizations to adapt to a new reality of remote workers.
With the influx of a large number of remote workers, on-premise networks including VPNs are unable to meet the new demands. Workers may have limited to no connectivity if corporate VPNs are out of capacity. Additionally, remote workers using legacy desktop applications on their laptops may face networking issues due to increased latency and limited bandwidth due to unplanned usage scenarios of legacy 2-tier desktop apps.
Some organizations may have workers that depend on higher performance workstation to support more demanding workloads. When workers are suddenly forced to work remote their productivity will be impacted due to the lack of access to the higher-performance hardware. They may be relegated to use underpowered laptops which can severely affect their productivity.
A solution to these issues is to use Desktop-as-a-Service (DaaS). DaaS is the next generation of Virtual Desktop Infrastructure (VDI). Previous VDI implementations required complicated capacity planning, large capital expenditures for hardware, complicated licensing agreements, long implementation schedules and scalability limitations that prohibit dynamic scaling for an increased remote workforce.
AWS offers Amazon WorkSpaces as a DaaS solution. Amazon WorkSpaces simplifies desktop delivery, keeps your data secure, reduces costs and allows an organization to centrally manage and scale global desktop deployments. Using Amazon WorkSpaces an organization can launch Windows or Linux desktops in a matter of minutes as well as scale to thousands of desktops to support workers across the globe.
In response to increased demand for virtual desktops due to COVID-19, Amazon Web Services recently announced a new offer for organizations to use Amazon WorkSpaces for up to 50 users at no charge beginning on April 1, 2020 and running through June 30, 2020. For more details refer to this blog post: https://aws.amazon.com/blogs/desktop-and-application-streaming/new-offers-to-enable-work-from-home-from-amazon-workspaces-and-amazon-workdocs/
Creating WorkSpaces
I have deployed Amazon WorkSpaces for a few organizations and found them to be very beneficial and easy to use. In this blog post, I'm going to walkthrough a quick start to stand up an Amazon WorkSpaces environment. This should allow an organization to begin using the offer from Amazon for 50 free WorkSpaces.
- Create an AWS account if you don't have one already. New accounts are eligible for the WorkSpaces free offer. Existing accounts are also eligible provided they haven't used WorkSpaces prior to the offer.
- Open the Amazon WorkSpaces console at https://console.aws.amazon.com/workspaces/
-
In the upper-right hand corner, be sure to choose a region that is closest to your users. WorkSpaces require minimal latency between the client and AWS. WorkSpaces is available in the following regions:
- US East (N. Virginia): us-east-1
- US West (Oregon): us-west-2
- Asia Pacific (Seoul): ap-northeast-2
- Asia Pacific (Singapore): ap-southeast-1
- Asia Pacific (Sydney): ap-southeast-2
- Asia Pacific (Tokyo): ap-northeast-1
- Canada (Central): ca-central-1
- Europe (Frankfurt): eu-central-1
- Europe (Ireland): eu-west-1
- Europe (London): eu-west-2
- South America (São Paulo): sa-east-1
At the console, click the Get Started Now button. The Getting Started Now button will be displayed if you haven't used WorkSpaces in the account.
-
At the Get Started screen, click Launch next to Quick Setup
At the Get Started with Amazon WorkSpaces screen, in the Bundles section choose an appropriate bundle. I chose Standard with Windows 10 and Office 2016 which will provide 2 vCPU and 4GiB of Memory. I'll write more about Bundles in another post.
In the Enter User Details section, add the list of users to create WorkSpaces. Required fields are Username, First Name, Last Name, and Email. Only one user is required at this time. Additional users can be added later.
-
Once complete, click the Launch Workspaces button. This will create a WorkSpace for each user. Once the WorkSpace is created, each user will receive an email message providing instructions on accessing their WorkSpace.
-
After WorkSpaces are launched, go back to the WorkSpaces console. It may take around 20 minutes to launch the WorkSpace. After the WorkSpace is successfully created, you will see the WorkSpace listed with a status set to AVAILABLE.
At this point, the user will have received an email notifying them that the WorkSpace is ready for use. It will provide instructions on how to install the WorkSpace client app on their device, register the WorkSpace in the client app and use the WorkSpace.
Configuring WorkSpaces Client
At this point, a system administrator has created a WorkSpace for a user. The user received an email from AWS notifying them that a WorkSpace has been created. The next steps are for the user to install the client app on their device and register the WorkSpace in the client app.
The email received by the user looks something like this:
-
From the email follow the link in Step 1 to complete user profile and download a client app. The following screen will be displayed:
Complete the form, by entering and confirming the password, then click Update User. Note that passwords are case-sensitive and must be between 8 and 64 characters in length, inclusive. Passwords must contain at least one character from three of the following categories: lowercase letters (a-z), uppercase letters (A-Z), numbers (0-9), and the set ~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/.
-
You will then be sent to the WorkSpaces Client Download page which will allow you to download the WorkSpaces client app for your device.
-
Download and install the client app appropriate for your device. Supported devices are:
- Windows
- iPad
- MacOS X
- Android Tablet
- Chromebook
- Fire Tablet
- Web Access
- Linux
The next step is to register the WorkSpace with the client app. Go back to the email and find Step 2. Copy the registration code to the clipboard.
-
Open the WorkSpaces client app on your device. The following screen will be displayed.
Paste your registration code in the text box and click Register
-
After successful registration, the login screen is displayed:
At the login screen, enter your username and password (set in Step 2) and click Sign In
What's Created
So far, I have shown how a WorkSpace is provisioned by a system administrator and how a user accesses the WorkSpace from their device. Next, I'll dive a little deeper to show the AWS resources that were created during this process.
- Virtual Private Cloud (VPC) was created during the Quick Start. The VPC has 2 public subnets, each residing in a different availability zone.
- Simple AD Directory created in the VPC. The Simple AD Directory is a basic Active Directory-compatible directory used to store user and WorkSpace information. The Simple AD is deployed across 2 availability zones for high-availability and redundancy.
- User Account in the Simple AD Directory, john.doe in this case.
- WorkSpace instance. The instance is associated with an elastic network interface in the VPC and the network interface is assigned a public IP address to provide internet access.
Summary and Next Steps
This blog post showed a quick start for standing up an Amazon WorkSpaces environment. While this is beneficial for training and sandbox purposes, deploying to WorkSpaces in a production environment for an organization requires more planning and architecture.
In future blog posts, I'll write about various WorkSpace features, pricing and best practices.
Stay tuned. In the meantime, please be safe.
Posted on April 6, 2020
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.