AWS WorkSpaces
- Amazon WorkSpaces is a fully managed, secure desktop computing service which runs on the AWS cloud.
- WorkSpaces is a cloud-based virtual desktop that can act as a replacement for a traditional desktop
- A WorkSpace is available as a bundle of compute resources, storage space, and software applications that allows a user to perform day-to-day tasks just like using a traditional desktop
- WorkSpace allows user to easily provision cloud-based virtual desktops and provide users access to the documents, applications, and resources they need from any supported device, including computers, Chromebooks, iPads, Fire tablets, and Android tablets.
- Each WorkSpace runs on an individual instance for the assigned user and Applications and users' documents and settings are persistent.
- Security
- User can login into the WorkSpace using their own credentials set when the instance is provisioned
- WorkSpaces service integrates with existing Active Directory domain, users will sign in with their regular Active Directory credentials.
- WorkSpaces also integrates with existing RADIUS server to enable multi-factor authentication (MFA).
- Access Amazon WorkSpaces can be restricted based on the client OS type, and using digital certificates
- VPC Security groups to limit access to resources in the network or the Internet from the WorkSpaces
- IP Access Control Group enables configuration of trusted IP addresses that are permitted to access the WorkSpaces.
- Backup
- User volume is backed up every 12 hours and if the WorkSpace fails, AWS can restore the volume from the backup
- Encryption
- WorkSpaces supports root volume and user volume encryption
- WorkSpaces uses EBS volumes that can be encrypted on WorkSpace creation, providing encryption for data stored at rest, disk I/O to the volume, and snapshots created from the volume.
- WorkSpaces integrates with the AWS KMS service to allow you to specify the keys you want to use to encrypt the volumes.
- Amazon WorkSpaces Application Manager (Amazon WAM)
- WAM offers a fast, flexible, and secure way for you to deploy and manage applications for Amazon WorkSpaces.
- WAM accelerates software deployment, upgrades, patching, and retirement by packaging Microsoft Windows desktop applications into virtualized application containers that run as though they are natively installed.
- WorkSpaces client application needs supported client device (PC, Mac, iPad, Kindle Fire, or Android tablet), and an Internet connection with TCP ports 443 & 4172, and UDP port 4172 open
- WorkSpaces launches the WorkSpaces in a VPC. If using AWS Directory Service to create an AWS Managed Microsoft or a Simple AD, it is recommended configure the VPC with one public subnet and two private subnets. To provide internet access to WorkSpaces in a private subnet, configure a NAT gateway in the public subnet. Configure the directory to launch the WorkSpaces in the private subnets.
