AWS Workspace Certification Key Topics

AWS WorkSpaces

  • Amazon WorkSpaces is a fully managed, secure desktop computing service which runs on the AWS cloud.
  • WorkSpaces is a cloud-based virtual desktop that can act as a replacement for a traditional desktop
  • A WorkSpace is available as a bundle of compute resources, storage space, and software applications that allows a user to perform day-to-day tasks just like using a traditional desktop
  • WorkSpace allows user to easily provision cloud-based virtual desktops and provide users access to the documents, applications, and resources they need from any supported device, including computers, Chromebooks, iPads, Fire tablets, and Android tablets.
  • Each WorkSpace runs on an individual instance for the assigned user and Applications and users' documents and settings are persistent.
  • Security
    • User can login into the WorkSpace using their own credentials set when the instance is provisioned
    • WorkSpaces service integrates with existing Active Directory domain, users will sign in with their regular Active Directory credentials.
    • WorkSpaces also integrates with existing RADIUS server to enable multi-factor authentication (MFA).
    • Access Amazon WorkSpaces can be restricted based on the client OS type, and using digital certificates
    • VPC Security groups to limit access to resources in the network or the Internet from the WorkSpaces
    • IP Access Control Group enables configuration of trusted IP addresses that are permitted to access the WorkSpaces.
  • Backup
    • User volume is backed up every 12 hours and if the WorkSpace fails, AWS can restore the volume from the backup
  • Encryption
    • WorkSpaces supports root volume and user volume encryption
    • WorkSpaces uses EBS volumes that can be encrypted on WorkSpace creation, providing encryption for data stored at rest, disk I/O to the volume, and snapshots created from the volume.
    • WorkSpaces integrates with the AWS KMS service to allow you to specify the keys you want to use to encrypt the volumes.
  • Amazon WorkSpaces Application Manager (Amazon WAM)
    • WAM offers a fast, flexible, and secure way for you to deploy and manage applications for Amazon WorkSpaces.
    • WAM accelerates software deployment, upgrades, patching, and retirement by packaging Microsoft Windows desktop applications into virtualized application containers that run as though they are natively installed.
  • WorkSpaces client application needs supported client device (PC, Mac, iPad, Kindle Fire, or Android tablet), and an Internet connection with TCP ports 443 & 4172, and UDP port 4172 open
  • WorkSpaces launches the WorkSpaces in a VPC. If using AWS Directory Service to create an AWS Managed Microsoft or a Simple AD, it is recommended configure the VPC with one public subnet and two private subnets. To provide internet access to WorkSpaces in a private subnet, configure a NAT gateway in the public subnet. Configure the directory to launch the WorkSpaces in the private subnets.
 AWS Workspace Certification Key Topics

References

AWS_WorkSpaces

Loading... Please wait
Buy me a coffeeBuy me a coffee
<