Your Resource for All Things Apps, Ops, and Infrastructure

What I Learned at AWS re:Invent 2016: The Top 10 Things Customers are Asking About WorkSpaces

This past December, I was given the opportunity to present on behalf of AHEAD at AWS re:Invent on the topic of WorkSpaces, Amazon’s Desktop as a Service (DaaS) solution. Throughout the duration of the conference preceding the presentation, I stood alongside my peers at AHEAD’s booth providing demos and talking up WorkSpaces in preparation for my time on stage. During this time, I met with several customers, prospects, and partners alike who expressed their interest in learning more about the solution, many of which asked similar questions to dig deeper into finding out more. In this post, I have described the top 10 questions asked of me at re:Invent pertaining to Amazon WorkSpaces for those interested in DaaS solutions to review.

For a comprehensive overview of Amazon WorkSpaces, check out my presentation recording from the event titled Deploying Amazon WorkSpaces at Scale to Deliver a New Desktop Experience.

The top 10 questions asked at AWS re:Invent 2016:

1. What are the best use cases for Amazon WorkSpaces?

At AHEAD, we have seen customers be very successful deploying to temporary workers or third-party contractors, enabling BYOD (Bring Your Own Device), providing secure network access, deploying temporary desktops to part-time employees, increasing security compared to physical devices, and reducing costs to high user turnover environments. The biggest reason beyond these use cases is also moving from a capital expense model where companies pay for hardware and software up front and hope they get the full value of their investment based on usage to an operational expense or subscription model. In the subscription-based model, companies are only paying for resources they are actually using. This also provides full cost transparency of the environment and detailed costs per user, which is much easier to manage than traditional VDI costs.

2. How do users connect to their Amazon WorkSpace?

There are two options for end users connecting to their Amazon WorkSpace: 1) A locally installed client or 2) Web access, which does not require a client to be installed on the local device. The Amazon WorkSpaces client is supported on a wide range of devices and operating systems like Windows, Mac OS X, Chromebooks, iPads, and Android Tablets. A full list of devices and download links for each device can be found here. The clientless connection option requires either Chrome 53 or later or Firefox 49 or later running on the device.

3. How do I provision Amazon WorkSpaces at scale?

Provisioning at scale, or more accurately, managing your Amazon WorkSpaces environment at scale, is something that becomes critical for success as the environment grows past a pilot implementation. This becomes foundational to controlling costs and simplifying management of the entire environment. Automation for provisioning and deprovisioning is an important component of any sizable Amazon WorkSpaces deployment and should be designed and implemented during phase one of the rollout. AHEAD is leveraging solutions like ServiceNow and RES Automation Manager to provision and decommission Amazon WorkSpaces in the AHEAD Lab and can be demonstrated as part of a briefing or web demonstration.

4. AppStream 2.0 was released at re:Invent. What is it? Is it different than Amazon WorkSpaces?

In short, AppStream is application publishing from a Windows Server operating system. What makes it different from WorkSpaces is only the published application is presented to the user and not to the entire server desktop. This service also supports customers publishing their own custom Windows applications directly to its user community. This process uses a tool called the Interactive Deployment Wizard to take an .EXE, .MSI, etc. and installs it into an EC2 instance using an Amazon GUI. Once complete, that application can be published to an end user, which they can access from a web browser as a seamless application.

5. Amazon WorkSpaces charges me as a customer by the month or by the hour based on how I configure each desktop. How can I minimize cost and make sure I am configuring the right billing model for the right users?

Cost management is an important part of any Amazon WorkSpaces deployment. Automating the change from monthly to hourly or hourly to monthly when appropriate for users is a simple idea but complex to implement. For a detailed description on selecting the right billing model, check out a couple of recent blog posts from Bryan Krausen, giving a high-level overview of the billing models available for WorkSpaces, and from Derek Wise, for a total cost analysis of using DaaS vs. VDI and the pricing models associated with each.

6. Can I use a Windows 10 custom desktop image with Amazon WorkSpaces?

Yes. The Bring Your Own License (BYOL) program allows customers to leverage a Windows 10 desktop OS as a custom image. This is different than the default bundle type that is provided by Amazon. The provided Amazon image is a Windows Server 2016 OS with the Windows 10 Experience enabled. This provides the appearance of Windows 10 but is actually running a Windows Server OS. Using a custom desktop image allows customers to lower costs by using existing Microsoft Windows licensing. For a standard desktop, the difference in cost is $4 per user; $35 a month vs $31 a month by using the BYOL program. This also allows customers to use existing management tools for Windows patching and updates across all desktops (physical, virtual, and Amazon WorkSpaces) because they are all using the same desktop image.

7. How do I integrate Amazon WorkSpaces with my Active Directory?

Amazon WorkSpaces leverages a service called AD Connector that sends LDAP authentication requests to an existing on-premises domain controller or a domain controller deployed in AWS. This service acts as a proxy for authentication requests without the need to store user credentials in AWS. Once an AD Connector is created, a “Directory” is generated to be used as the authentication mechanism for all new Amazon WorkSpaces provisioned. Each WorkSpace instance is assigned to a single Directory, restricting authentication to a single domain. If customers do not want to leverage AD, there are other options to create a new Directory that is hosted in AWS and can be used to create user accounts and manage passwords as part of an Amazon WorkSpaces deployment.

8. My CIO says, “We are going to the cloud”. How does WorkSpaces fit into my new strategy?

Amazon WorkSpaces is an easy way to adopt public cloud solutions. This is because it allows organizations to leverage the majority of the same tools and support processes it does for its existing Windows Server and desktop operating systems. Amazon WorkSpaces makes the learning curve manageable since most IT staff are already comfortable supporting users and Windows operating systems. Organizations may find Amazon WorkSpaces to be an even more simplified support model than a traditional VDI deployment because the infrastructure is managed by Amazon. This reduces complexity and simplifies support.

9. What is the best way to get metrics about my users and what they are doing once they are connected to their Amazon WorkSpace?

There is often monitoring or remote support software that is necessary to implement as a supplement to Amazon WorkSpaces, not because the Amazon WorkSpaces solution is problematic, but rather because Windows apps still need to be supported. For example, remote screen sharing, real time in-guest OS application performance metrics, application logs, and terminating individual application processes becomes even more critical when the desktop isn’t running in your office or on-premises data center. There are numerous third-party tools that we often recommend customers evaluate to support their Amazon WorkSpaces deployment but choosing the best one needs to be based on your environment and specific requirements. If this is something you need assistance with, we’d be more than happy to help.

10. Who is AHEAD, anyway? What were you guys even doing at re:Invent?

AHEAD is a consulting company that helps enterprises transform how and where they run applications and infrastructure. From strategy, to implementation, to ongoing managed services, we create tailored cloud solutions for enterprises at all stages of the cloud journey.

AHEAD is an AWS Advanced Consulting Partner and with over 50 combined AWS certifications, we’re able to provide consulting, implementation, and managed services for Amazon WorkSpaces. AHEAD was a Platinum Sponsor at this year’s re:Invent conference. For more information on our sponsorship at the event, you can read the official announcement in our blog.

AHEAD is focused on helping customers successfully adopt, operationalize, and leverage best practices for Amazon WorkSpaces. Our team has experience consulting, designing, and implementing large scale AWS and Amazon WorkSpaces environments while also integrating other solutions like ServiceNow. Using our framework and methodology, our customers are able to successfully migrate from physical PCs or traditional VDI solutions like Citrix or VMware to Amazon WorkSpaces, while integrating this new solution with their existing operational processes. For more information on how AHEAD can help you with your own WorkSpaces deployment or management, contact us today. For a glimpse of the WorkSpaces demos we gave at AWS re:Invent this year on migration and provisioning of your WorkSpaces environment, check them out on our website and sign up for a personalized WorkSpaces demonstration of your own. 


Subscribe to the AHEAD i/o Newsletter