Amazon Workspaces
When you consider that Amazon created AWS as part of an exercise in delivering customer configurable e-commerce solutions, the uses that it has been since put have dwarfed its modest beginnings.
Amazon Workspaces uses AWS to deliver virtual desktops centrally controlled by an IT Team to adjust to changing business circumstances rapidly.
DaaS, or Desktop As A Service, isn’t unique to Amazon, but it's an area that they’ve expressed an interest in exploiting to expand their indirect customers for AWS.
The increase in home working has boosted the number of people using a DaaS model and revealed some commercial opportunities for those with the right combination of flexibility and pricing.
Let’s look at Amazon WorkSpaces and see if it delivers the true DaaS experience or a me-too offering.
Plans and pricing
Pricing is complicated due to all the potential variations that Amazon has in terms of the virtual systems, storage and if you go with a flat monthly fee or monthly fee and hourly pricing.
However, if you wish to try it out yourself, Amazon offers a Free Tier that includes two Standard bundle WorkSpaces with 80 GB Root and 50 GB User volumes, running in AutoStop mode, for up to 40 hours of combined use per month, for two calendar months.
The virtual spaces can be Linux or Windows Server (Not Windows 10!), starting with a single virtual CPU and 2GB of memory, 80GB Root and 10GB User volumes. Linux users are charged $29 per month or $10 a month + $0.26 per hour, and Windows users pay $33 per month or $10 a month + $0.30 per hour.
Costs scale up to 8 virtual processors, 32GB of RAM, a 175 GB Root and 100GB User volume. A workspace of that specification would cost a flat fee of $172 per month or $21 a month + $1.68 per hour.
Extra storage can be included for $0.12 per GB, and for 32-bit Windows users Microsoft Office 2016 Professional Plus can be added for $15 per month, and 64-bit users have Microsoft Office 2019 Professional Plus for $14.75 per month.
Each Windows Bundle Option includes a Microsoft Remote Desktop Services (RDS) Subscriber Access License (SAL) per WorkSpace, and AWS also has options for Windows 10 BYOL (Bring Your Own Licensing), should you want that.
Compared with other DaaS solutions these costs are reasonable, and it enables businesses to rapidly deploy virtual Windows installations to employees without heavy upfront investment in hardware and being able to tailor the solution to their exact needs.
The DaaS business model
When explaining DaaS to a non-technical person, there is a point in the conversation where they’ll look confused. Because in some respects, the economics of a solution like Amazon WorkSpaces appears contradictory at best.
In Amazon WorkSpaces, as with most DaaS solutions, a virtual desktop is initialised on a huge massively parallel system, the user’s local computer system is relegated to being merely a portal for keyboard and mouse commands and display the virtual interface.
Therefore, to have access to a virtual desktop, you need a real system, though that could be a very inexpensive device like a Chromebook or an iPad.
If you start with a business where the computers have already been bought, using DaaS only offers great IS management potential if you have remote sites that you want to operate like they’re all in the same building.
However, if you start with no computers, then a company can buy inexpensive input devices, like Chromebooks, but provide users with Windows or Linux desktops and a suite of office applications.
And, as the virtual desktops can be configured to have multiple cores, 32GB of RAM and even a dedicated GPU, they can emulate a powerful and expensive system.
In theory, it is like the desktop systems are adjustable in performance for the job they are doing, and this can be increased or decreased as needs change.
Most users will be fine using a single CPU and 2GB of RAM, but upgrades can be selected without changing the physical machines used to access Amazon WorkSpaces.
With so much variation available on the instances, the economics of this can become complicated. And with so much data flowing to and from the virtual desktops, additional overheads need to be considered for the bandwidth of internet connections, offsetting some of the advantages.
Where this model makes the best sense is when a business is in a very dynamic state, where it might grow or shrink over a short timeframe, and computing resources need to be highly flexible. It’s also a solution biased toward larger companies where centralised management, security and efficient resourcing are critical.
Features
What’s important to realise from the outset is that the virtual space that AWS offers comes in three distinct flavours; Windows Server 2016 with the Windows 10 Desktop experience, a Windows 10 BYOL option or Amazon Linux 2.
In addition to the platform, you can define the specification of the virtual system and how that might perform with the software you install on it.
The term used by Amazon to define these resources is ‘bundle’, and you need the right bundle for the chosen OS and applications you intend to run in that space.
What makes this facility very flexible is that you can alter the bundle dynamically should you need more processors/RAM/storage, or you need less and want to reduce the cost.
There are also GPU connected bundles available if the workload requires graphics processing, although it isn’t practical to play interactive 3D games using these virtual spaces.
Each Workspace can be set as always on, making it instantly accessible 24/7, or it can be set to Autostop. The Autostop mode shuts the instance down when not in use, and it takes around 60 seconds to bring that instance into operational status when required. As with most of the features in Amazon Workspaces, it is possible to toggle between these two options.
One aspect that needs to be defined and not changed is how directory services are managed, and that needs to be aligned with what the business is already doing.
If, for example, the business is already using Microsoft Active Directory services in its local network, then this control mechanism can be extended into the Windows virtual spaces. The global control mechanism will see the AWS virtual space as a new location, and an Active Directory connector can be used to point to those servers.
Or, if no existing directory services are in use, a managed directory service by AWS can be used in the virtual space. For Linux users, a simple AD is available that provides similar functionality for those that need it.
Support and Security
As with all Amazon’s AWS services, WorkSpaces comes with 24/7 customer support that can be chat, email or phone-based. However, there are some specific areas where you do pay for additional support if required.
The security side of this solution has both all the encryption and resilience that comes with being on AWS, and its inbuilt security and user management layers that can make it ultra-secure for those that need that. That can include security dongles, 2FA and tiered user and group security protocols.
Admins can change these dynamically, even giving users the power to change their instances storage and bundle should they need more power or space. Equally, they can kill an instance, reboot it or recreate it.
The best security aspects of Amazon WorkSpaces are that all data travelling to and from the instances is encrypted, it’s possible to encrypt both the Root and user data spaces, devices can be locked to specific users, and it’s a fast-track to achieving CMMC Level 3 certification.
But, a compromised machine could be used to access a WorkSpace, if they aren’t effectively secured.
In use
To use Amazon WorkSpaces requires an AWS account, and creating one of those is free to anyone.
Once you’ve got an account, the AWS Workspaces Manager can be used to create your first Workspace. For those exploring this aspect for the first time and wanting to use the free tier, there are a few idiosyncrasies that are worth understanding.
Once inside the manager, it displays the account name and where you will get your service from on the top left of the web application. This service location defaulted to America, and as your reviewer is UK-based, it was tempting to set this to London. But, what isn’t apparent is that this facility has a ‘Quick Setup’ capability that is only available from some geographic locations. The nearest one of those to the UK is Ireland, and that change allowed access to the Quick Setup instead of only the Advanced Setup options.
Once past that hurdle, you can pick the bundle of choice, and the free tier eligible ones are highlighted, and you can initiate the creating of that instance.
As part of this process, a user account is defined for each instance, and an email is sent to the user telling them that a WorkSpace has been created for them.
The generation of the instance isn’t immediate, typically taking about 20 minutes before it is ready to be logged into.
From the client perspective, you can use just about any computer or mobile device to access the WorkSpace, and client tools are available for Windows, Mac OS and all the popular mobile operating systems. And, you can connect purely by browser if the machine you are using is owned by someone else or has a non-standard OS.
The user experience is much as you might expect. We created a Windows instance and installed applications on it like we would any local system. We used the Windows 64-bit client, and it comes with a driver that patches USB devices through to the virtual session, enabling external drives and other devices to be accessible in the virtual space.
However, the only USB drives that are sanctioned to work with the system are those by YubiKey, so you can't copy files from a standard external drive or vice versa.
Then again, you can copy them to OneDrive or Google Drive, and sync that with local storage, circumventing that issue to a degree.
Our only major reservation is that each WorkSpace has a unique login for that user, and user accounts can’t be cloned on to new WorkSpaces. Therefore, if you want a Windows and Linux WorkSpace for the same person, all that management needs to be done twice.
That’s a bit clunky, and a minor inconvenience could become major if scaled.
Performance ranged from excellent to being somewhat sluggish, depending on what we tried to do. Our general perception is that if you compared a local desktop system with the same amount of processing cores and RAM, then it would be quicker than the virtual session. Therefore, you might want to allocate a reasonable virtual machine from the outset and then enhance it if the performance isn’t acceptable.
Where this solution is slightly disappointing is how long it can take for the instance to be rebooted and its occasional petulance in disconnecting if it deems the connection isn’t optimal. Developers working on code that can crash their OS will probably find the downtime between resets too much, and ill-timed disconnections are always unwelcome.
What’s all missing here is the ability to pool desktop solutions for workers in multiple time zones and to have temporary instances for those that come to work for short periods or occasionally. And, that lack of flexibility is indicative of Amazon starting with AWS and wondering how it can best monetise it, rather than starting with a virtual desktop solution and then making it work with AWS.
Final verdict
There are things about Amazon WorkSpaces we liked and other things that we wish were different.
What’s important to realise is that Amazon is interested in companies making the most out of AWS, and WorkSpaces is one of many tools intended to encourage its use.
But, even if a company doesn’t use AWS, getting to the WorkSpaces management console is relatively straightforward and configuring it to create the exact WorkSpaces shouldn’t phase any experienced IT personnel.
For less experienced staff, there is a concern that you will make mistakes with cost implications, but it is easy enough to downgrade instances if you excessively empower them.
What might put off some potential customers are the nature of the bundles on offer, specifically that the Windows isn’t Windows 10, but Server 2016 with a Desktop experience to make it look like Windows 10. For those developing software where the target platform is Windows 10, that’s close, but no guarantee that it will work the same when it gets deployed. Some software won’t work on Server 2016 that would work on Windows 10 or 11, which might be an issue for some developers.
For Linux users, it’s also slightly disappointing that Amazon Linux 2, based on Red Hat Enterprise Linux (RHEL) is the bundle platform. It isn’t an especially recent distro and given a choice, most would prefer the latest Ubuntu or something equally concurrent.
Ironically Amazon WorkSpaces greatest weakness is a lack of management tools, as hand generating user accounts could get stale soon for a big business.
There are third-party tools that fill in the gaps that Amazon left in its control mechanisms, but that undermines the concept of flat-fee pricing that initially attracts customers.
In the end, Amazon Workspaces doesn’t offer the bundles and user control that big businesses might want, though it’s good for smaller teams that need a virtual workspace to test software or share concepts.
- We've also highlighted the best virtual desktop services
0 comments:
Post a Comment