Category: Amazon WorkSpaces
If you are a long-time reader, you know that I am a full-time user and huge fan of Amazon WorkSpaces (read I Love my Amazon WorkSpace to learn more). Having a single environment that I can access from a wide variety of devices and web browsers allows me to stay focused on my work and eliminates a lot of friction.
Today I would like to tell you about SSD volumes and a new cost optimizer for WorkSpaces.
New SSD Volumes
Starting today, all newly launched Amazon WorkSpaces will use general purpose SSD storage for root and user volumes at no additional cost. These volumes provide better performance than magnetic volumes so you’ll get faster boot times and a better user experience when you run applications that are sensitive to disk latency.
Existing WorkSpaces can be rebuilt to upgrade them to use SSD volumes for storage (this will restore the system drive (C:) to its original state and recreate the data drive (D:) using the contents of the most recent automatic snapshot). Any existing data on the system drive will be lost.
There’s no extra charge for the new SSD volumes, and they are available in all regions where Amazon WorkSpaces operates (see the WorkSpaces Pricing page to learn more about both).
You can launch new WorkSpaces from the console in order to benefit from SSD storage. Simply select the desired bundle and proceed as usual:
WorkSpaces Cost Optimizer
Our customers use Amazon WorkSpaces in many different ways. Within a single organization, some use it full time, while others use it part-time while traveling or for working on specific projects. In order to meet the needs of our customers, WorkSpaces offers hourly and monthly billing options, along with the ability to switch between them as desired.
Building on this flexibility, our new Amazon WorkSpaces Cost Optimizer analyzes WorkSpaces usage data and automatically applies the most cost-effective billing option based on what it finds.
The Cost Optimzer is delivered as an AWS Solution that is deployed through an AWS CloudFormation template. The solution makes use of several different AWS services and features including CloudWatch Events, CloudWatch Logs, AWS Lambda functions, Amazon S3, AWS Directory Service, and the WorkSpaces API. Here’s an overview:
The Lambda function runs once a day. It analyzes the log data, determines the most cost-effective billing option, and then calls the
ModifyWorkSpaceProperties function to set the option. All changes are logged to an S3 bucket.
You can use the solution as-is, customize it for your own environment, or take it apart and see how the combination of events, logging, serverless code, and APIs can be used to add efficiency to your organization in interesting ways.
We launched WorkSpaces in late 2013 (Amazon WorkSpaces – Desktop Computing in the Cloud) and have been adding new features at a rapid clip. Here are some highlights from 2016:
- November 2016 – WorkSpaces adds GPU-Powered Graphics Bundles.
- October 2016 – WorkSpaces becomes available in the EU (Frankfurt) Region.
- August 2016 – WorkSpaces offers hourly pricing for all WorkSpaces bundles & AWS Marketplace for Desktop Apps in the Asia Pacific (Singapore) Region.
- July 2016 – WorkSpaces allows you to bring your own Windows 10 desktop licenses.
- June 2016 – WorkSpaces now come with larger root volumes.
- May 2016 – WorkSpaces support tagging.
- April 2016 – AWS Marketplace for Desktop Apps in the EU (Ireland) Region.
- February 2016 – WorkSpaces Application Manager now available in the Asia Pacific (Sydney) and Asia Pacific (Singapore) Regions.
- January 2016 – Support for audio-in, high-DPI devices, and saved registrations.
Today we are adding to this list with the addition of Amazon WorkSpaces Web Access. You can now access your WorkSpace from recent versions of Chrome or Firefox running on Windows, Mac OS X, or Linux. You can now be productive on heavily restricted networks and in situations where installing a WorkSpaces client is not an option. You don’t have to download or install anything, and you can use this from a public computer without leaving any private or cached data behind.
To use Amazon WorkSpaces Web Access, simply visit the registration page using a supported browser and enter the registration code for your WorkSpace:
Then log in with your user name and password:
And here you go (yes, this is IE and Firefox running on WorkSpaces, displayed in Chrome):
This feature is available for all new WorkSpaces that are running the Value, Standard, or Performance bundles or their Plus counterparts. You can access it at no additional charge after your administrator enables it:
Existing WorkSpaces must be rebuilt and custom images must be refreshed in order to take advantage of Web Access.
As you can probably tell from my I Love My Amazon WorkSpace post I am kind of a fan-boy!
Since writing that post I have found out that I am not alone, and that there are many other WorkSpaces fan-boys and fan-girls out there. Many AWS customers are enjoying their fully managed, secure desktop computing environments almost as much as I am. From their perspective as users, they like to be able to access their WorkSpace from a multitude of supported devices including Windows and Mac computers, PCoIP Zero Clients, Chromebooks, iPads, Fire tablets, and Android tablets. As administrators, they appreciate the ability to deploy high-quality cloud desktops for any number of users. And, finally, as business leaders they like the ability to pay hourly or monthly for the WorkSpaces that they launch.
New Graphics Bundle
These fans already have access to several different hardware choices: the Value, Standard, and Performance bundles. With 1 or 2 vCPUs (virtual CPUs) and 2 to 7.5 GiB of memory, these bundles are a good fit for many office productivity use cases.
Today we are expanding the WorkSpaces family by adding a new GPU-powered Graphics bundle. This bundle offers a high-end virtual desktop that is a great fit for 3D application developers, 3D modelers, and engineers that use CAD, CAM, or CAE tools at the office. Here are the specs:
- Display – NVIDIA GPU with 1,536 CUDA cores and 4 GiB of graphics memory.
- Processing – 8 vCPUs.
- Memory – 15 GiB.
- System volume – 100 GB.
- User volume – 100 GB.
This new bundle is available in all regions where WorkSpaces currently operates, and can be used with any of the devices that I mentioned above. You can run the license-included operating system (Windows Server 2008 with Windows 7 Desktop Experience), or you can bring your own licenses for Windows 7 or 10. Applications that make use of OpenGL 4.x, DirectX, CUDA, OpenCL, and the NVIDIA GRID SDK will be able to take advantage of the GPU.
As you start to think about your petabyte-scale data analysis and visualization, keep in mind that these instances are located just light-feet away from EC2, RDS, Amazon Redshift, S3, and Kinesis. You can do your compute-intensive analysis server-side, and then render it in a visually compelling way on an adjacent WorkSpace. I am highly confident that you can use this combination of AWS services to create compelling applications that would simply not be cost-effective or achievable in any other way.
There is one important difference between the Graphics Bundle and the other bundles. Due to the way that the underlying hardware operates, WorkSpaces that run this bundle do not save the local state (running applications and open documents) when used in conjunction with the AutoStop running mode that I described in my Amazon WorkSpaces Update – Hourly Usage and Expanded Root Volume post. We recommend saving open documents and closing applications before disconnecting from your WorkSpace or stepping away from it for an extended period of time.
I don’t build 3D applications or use CAD, CAM, or CAE tools. However, I do like to design and build cool things with LEGO® bricks! I fired up the latest version of LEGO Digital Designer (LDD) and spent some time enhancing a design. Although I was not equipped to do any benchmarks, the GPU-enhanced version definitely ran more quickly and produced a higher quality finished product. Here’s a little design study I’ve been working on:
With my design all set up it was time to start building. Instead of trying to re-position my monitor so that it would be visible from my building table, I simply logged in to my Graphics WorkSpace from my Fire tablet. I was able to scale and rotate my design very quickly, even though I had very modest local computing power. Here’s what I saw on my Fire:
As you can see, the two screens (desktop and Fire) look identical! I stepped over to my building table and was able to set things up so that I could see my design and find my bricks:
Graphics WorkSpaces are available with an hourly billing option. You pay a small, fixed monthly fee to cover infrastructure costs and storage, and an hourly rate for each hour that the WorkSpace is used during the month. Prices start at $22/month + $1.75 per hour in the US East (Northern Virginia) Region; see the WorkSpaces Pricing page for more information.
In my recent post, I Love My Amazon WorkSpace, I shared the story of how I became a full-time user and big fan of Amazon WorkSpaces. Since writing the post I have heard similar sentiments from several other AWS customers.
Today I would like to tell you about some new and recent developments that will make WorkSpaces more economical, more flexible, and more useful:
- Hourly WorkSpaces – You can now pay for your WorkSpace by the hour.
- Expanded Root Volume – Newly launched WorkSpaces now have an 80 GB root volume.
Let’s take a closer look at these new features.
If you only need part-time access to your WorkSpace, you (or your organization, to be more precise) will benefit from this feature. In addition to the existing monthly billing, you can now use and pay for a WorkSpace on an hourly basis, allowing you to save money on your AWS bill. If you are a part-time employee, a road warrior, share your job with another part-timer, or work on multiple short-term projects, this feature is for you. It is also a great fit for corporate training, education, and remote administration.
There are now two running modes – AlwaysOn and AutoStop:
- AlwaysOn – This is the existing mode. You have instant access to a WorkSpace that is always running, billed by the month.
- AutoStop – This is new. Your WorkSpace starts running and billing when you log in, and stops automatically when you remain disconnected for a specified period of time.
A WorkSpace that is running in AutoStop mode will automatically stop a predetermined amount of time after you disconnect (1 to 48 hours). Your WorkSpaces Administrator can also force a running WorkSpace to stop. When you next connect, the WorkSpace will resume, with all open documents and running programs intact. Resuming a stopped WorkSpace generally takes less than 90 seconds.
Your WorkSpaces Administrator has the ability to choose your running mode when launching your WorkSpace:
The Administrator can change the AutoStop time and the running mode at any point during the month. They can also track the number of working hours that your WorkSpace accumulates during the month using the new UserConnected CloudWatch metric, and switch from AutoStop to AlwaysOn when this becomes more economical. Switching from hourly to monthly billing takes place upon request; however, switching the other way takes place at the the start of the following month.
All new Amazon WorkSpaces can take advantage of hourly billing today. If you’re using a custom image for your WorkSpaces, you’ll need to refresh your custom images from the latest Amazon WorkSpaces bundles. The ability for existing WorkSpaces to switch to hourly billing will be added in the future.
To learn more about pricing for hourly WorkSpaces, visit the WorkSpaces Pricing page.
Expanded Root Volume
By popular demand we have expanded the size of the root volume for newly launched WorkSpaces to 80 GB, allowing you to run more applications and store more data at no additional cost. Your WorkSpaces Administrator can rebuild existing WorkSpaces in order to upgrade them to the larger root volumes (read Rebuild a WorkSpace to learn more). Rebuilding a WorkSpace will restore the root volume (C:) to the most recent image of the bundle that was used to create the WorkSpace. It will also restore the data volume (D:) from the last automatic snapshot.
Some WorkSpaces Resources
While I have your attention, I would like to let you know about a couple of other important WorkSpaces resources:
- Getting Started – Our WorkSpaces Getting Started page includes a new step-by-step WorkSpaces Implementation Guide and other handy documentation.
- Recorded Webinar – Late last month my colleague Salman Paracha delivered the Intro to Amazon WorkSpaces webinar. Watch it to learn how WorkSpaces can be used to support a diverse and dynamic global workforce and improve your organization’s security position while providing users with a familiar and productive desktop experience.
- Whitepapers – Our new Best Practices for Deploying Amazon WorkSpaces whitepaper addresses network considerations, directory services for user authentication, security, monitoring, and logging. The Desktop-as-a-Service whitepaper reviews the greater operational control, reduced costs, and security benefits of WorkSpaces.
- Case Studies – The Louisiana Department of Corrections and Endemol Shine Group case studies will show you how AWS customers are putting WorkSpaces to use.
The features that I described above are available now and you can start using them today!
Early last year my colleague Steve Mueller stopped by my office to tell me about an internal pilot program that he thought would be of interest to me. He explained that they were getting ready to run Amazon WorkSpaces on the Amazon network and offered to get me on the waiting list. Of course, being someone that likes to live on the bleeding edge, I accepted his offer.
Shortly thereafter I started to run the WorkSpaces client on my office desktop, a fairly well-equipped PC with two screens and plenty of memory. At that time I used the desktop during the working day and a separate laptop when I was traveling or working from home. Even though I used Amazon WorkDocs to share my files between the two environments, switching between them caused some friction. I had distinct sets of browser tabs, bookmarks, and the like. No matter how much I tried, I could never manage to keep the configurations of my productivity apps in sync across the environments.
After using the WorkSpace at the office for a couple of weeks, I realized that it was just as fast and responsive as my desktop. Over that time, I made the WorkSpace into my principal working environment and slowly severed my ties to my once trusty desktop.
I work from home two or three days per week. My home desktop has two large screens, lots of memory, a top-notch mechanical keyboard, and runs Ubuntu Linux. I run VirtualBox and Windows 7 on top of Linux. In other words, I have a fast, pixel-rich environment.
Once I was comfortable with my office WorkSpace, I installed the client at home and started using it there. This was a giant leap forward and a great light bulb moment for me. I was now able to use my fast, pixel-rich home environment to access my working environment.
At this point you are probably thinking that the combination of client virtualization and server virtualization must be slow, laggy, or less responsive than a local device. That’s just not true! I am an incredibly demanding user. I pound on the keyboard at a rapid-fire clip, I keep tons of windows open, alt-tab between them like a ferret, and I am absolutely intolerant of systems that get in my way. My WorkSpace is fast and responsive and makes me even more productive.
Move to Zero Client
A few months in to my WorkSpaces journey, Steve IM’ed me to talked about his plan to make some Zero Client devices available to members of the pilot program. I liked what he told me and I agreed to participate. He and his sidekick Michael Garza set me up with a Dell Zero Client and two shiny new monitors that had been taking up space under Steve’s desk. At this point my office desktop had no further value to me. I unplugged it, saluted it for its meritorious service, and carried it over to the hardware return shelf in our copy room. I was now all-in, and totally dependent on, my WorkSpace and my Zero Client.
The Zero Client is a small, quiet device. It has no fans and no internal storage. It simply connects to the local peripherals (displays, keyboard, mouse, speakers, and audio headset) and to the network. It produces little heat and draws far less power than a full desktop.
During this time I was also doing quite a bit of domestic and international travel. I began to log in to my WorkSpace from the road. Once I did this, I realized that I now had something really cool—a single, unified working environment that spanned my office, my home, and my laptop. I had one set of files and one set of apps and I could get to them from any of my devices. I now have a portable desktop that I can get to from just about anywhere.
The fact that I was using a remote WorkSpace instead of local compute power faded in to the background pretty quickly. One morning I sent the team an email with the provocative title “My WorkSpace has Disappeared!” They read it in a panic, only to realize that I had punked them, and that I was simply letting them know that I was able to focus on my work, and not on my WorkSpace. I did report a few bugs to them, none of which were serious, and all of which were addressed really quickly.
The reality of my transition became apparent late last year when the hard drive in my laptop failed one morning. I took it in to our IT helpdesk and they replaced the drive. Then I went back up to my office, reinstalled the WorkSpaces client, and kept on going. I installed no other apps and didn’t copy any files. At this point the only personal items on my laptop are the registration code for the WorkSpace and my stickers! I do still run PowerPoint locally, since you can never know what kind of connectivity will be available at a conference or a corporate presentation.
I also began to notice something else that made WorkSpaces different and better. Because laptops are portable and fragile, we all tend to think of the information stored on them as transient. In the dark recesses of our minds we know that one day something bad will happen and we will lose the laptop and its contents. Moving to WorkSpaces takes this worry away. I know that my files are stored in the cloud and that losing my laptop would be essentially inconsequential.
It Just Works
To borrow a phrase from my colleague James Hamilton, WorkSpaces just works. It looks, feels, and behaves just like a local desktop would.
Like I said before, I am demanding user. I have two big monitors, run lots of productivity apps, and keep far too many browser windows and tabs open. I also do things that have not been a great fit for virtual desktops up until now. For example:
Image Editing – I capture and edit all of the screen shots for this blog (thank you, Snagit).
Music – I installed the Amazon Music player and listen to my favorite tunes while blogging.
Video – I watch internal and external videos.
Printing – I always have access to the printers on our corporate network. When I am at home, I also have access to the laser and ink jet printers on my home network.
Because the WorkSpace is running on Amazon’s network, I can download large files without regard to local speed limitations or bandwidth caps. Here’s a representative speed test (via Bandwidth Place):
Sense of Permanence
We transitioned from our pilot WorkSpaces to our production environment late last year and are now provisioning WorkSpaces for many members of the AWS team. My WorkSpace is now my portable desktop.
After having used WorkSpaces for well over a year, I have to report that the biggest difference between it and a local environment isn’t technical. Instead, it simply feels different (and better). There’s a strong sense of permanence—my WorkSpace is my environment, regardless of where I happen to be. When I log in, my environment is always as I left it. I don’t have to wait for email to sync or patches to install, as I did when I would open up my laptop after it had been off for a week or two.
Now With Tagging
As enterprises continue to evaluate, adopt, and deploy WorkSpaces in large numbers, they have asked us for the ability to track usage for cost allocation purposes. In many cases they would like to see which WorkSpaces are being used by each department and/or project. Today we are launching support for tagging of WorkSpaces. The WorkSpaces administrator can now assign up to 10 tags (key/value pairs) to each WorkSpace using the AWS Management Console, AWS Command Line Interface (CLI), or the WorkSpaces API. Once tagged, the costs are visible in the AWS Cost Allocation Report where they can be sliced and diced as needed for reporting purposes.
Here’s how the WorkSpaces administrator can use the Console to manage the tags for a WorkSpace:
Tags are available today in all Regions where WorkSpaces is available: US East (Northern Virginia), US West (Oregon), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), and Asia Pacific (Sydney).
If you have found my journey compelling and would like to learn more, here are some resources to get you started:
- Amazon WorkSpaces home page – Complete technical and pricing information.
- Amazon WorkSpaces Testimonials – Learn how Yamaha, Endemol Shine Nederland, and the Louisiana Department of Corrections are using WorkSpaces.
- Deploying Amazon WorkSpaces at Scale with Johnson & Johnson – A detailed presentation from one of our enterprise customers.
- How Amazon.com is Moving to Amazon WorkSpaces – A detailed recounting of our journey, including a lot of information on how we decided on our networking configuration. I have a brief appearance at the end as the “customer.”
- AHEAD Desktop As a Service – Learn how AWS Partner AHEAD is delivering Desktops as a Service (DaaS) using WorkSpaces. You can also register and watch their recorded webinar.
Request a Demo
If you and your organization could benefit from Amazon WorkSpaces and would like to learn more, please get in touch with our team at email@example.com.
Regular readers of this blog will know that I am a huge fan of Amazon WorkSpaces. In fact, after checking my calendar, I verified that every blog post I have written in the last 10 months has been done from within my WorkSpace. Regardless of my location—office, home, or hotel room—performance, availability, and functionality have all been excellent. Until you have experienced a persistent, cloud-based desktop for yourself you won’t know what you are missing!
Today, I am pleased to be able to tell you about three new features for WorkSpaces, each designed to make the service even more useful:
- Audio-In – You can now make and receive calls from your WorkSpace using popular communication tools such as Lync, Skype, and WebEx.
- High DPI Device Support – You can now take advantage of High DPI displays found on devices like the Surface Pro 4 tablet and the Lenovo Yoga laptop.
- Saved Registration Codes – You can now save multiple registration codes in the same client application.
Being able to make and to receive calls from your desktop can boost your productivity. Using the newest WorkSpaces clients for Windows and Mac, you can make and receive calls using popular communication tools like Lync, Skype, and WebEx. Simply connect an analog or USB audio headset to your local client device and start making calls! This functionality is enabled for all newly launched WorkSpaces; existing WorkSpaces may need a restart. With the launch of this feature, voice communication with headsets is available to you at no additional charge in all regions where WorkSpaces are available today.
When a WorkSpace is created using a custom image, the audio-in updates are applied during the provisioning process and will take some time. To avoid this, you (or your WorkSpaces administrator) can create a new custom image after the updates have been applied to an existing WorkSpace.
High DPI Devices
To support the increasing popularity of high DPI (Full HD, Ultra HD, and QHD+) displays, we added the ability to automatically scale the in-session experience of WorkSpaces to match your local DPI settings. This means that fonts and icon sizes will match your preferred settings on high DPI devices making the WorkSpaces experience more natural. Simply use the newest WorkSpaces clients for Windows and Mac and enjoy this enhancement immediately.
Saved Registration Codes
Many customers access multiple WorkSpaces spread across several directories and/or regions and would prefer not to have to copy and paste registration codes to make the switch. You can now save up to 10 registration codes within the client application, and switch between them with a couple of clicks. You can control all of this through the new Manage Registrations screen:
To learn more about Amazon WorkSpaces, visit the Amazon WorkSpaces page.
As I have noted in the past, I am a huge fan and devoted user of Amazon WorkSpaces. In fact, every blog post that I have written and illustrated over the last 6 or 7 months has been written on my WorkSpace. The most recent set of AWS podcasts were edited on the same WorkSpace.
Several months ago the hard drive in my laptop crashed and was replaced. In the past, I would have spent several hours installing and customizing my apps and my environment. All of my work in progress is stored in Amazon WorkDocs, so that aspect of the recovery would have been painless. At this point, the only truly personal items on my laptop are the 12-character registration code for my WorkSpace and my hard-won set of stickers. My laptop has become little more than a generic display and I/O device (with some awesome stickers).
I have three pieces of good news for Amazon WorkSpaces users:
- You can now bring your Windows 7 Desktop license to Amazon WorkSpaces.
- There’s a new Amazon WorkSpaces Client App for Chromebook.
- The storage volumes used by WorkSpaces (both root and user) can now be encrypted.
Bring Your Windows 7 Desktop License to Amazon WorkSpaces (BYOL)
You can now bring your existing Windows 7 Desktop license to Amazon WorkSpaces and run the Windows 7 Desktop OS on hardware that is physically dedicated to you. This new option entitles you to a discount of $4.00 per month per WorkSpace (a savings of up to 16%) and also allows you to use the same Windows 7 Desktop golden image on-premises and the AWS cloud. The newly launched images can be activated using new or existing Microsoft activation servers running in your VPC, or that can be reached from your VPC.
To take advantage of this option, at a minimum your organization must have an active Enterprise Agreement (EA) with Microsoft and you must commit to running at least 200 WorkSpaces in a given AWS region each month. To learn more, take a look at the WorkSpaces FAQ.
In order to ensure that you have adequate dedicated capacity allocated to your account and to get started with BYOL, please reach out to your AWS account manager or sales representative or create a Technical Support case with Amazon WorkSpaces.
New Amazon WorkSpaces Client App for Chromebook
Today we are making Amazon WorkSpaces even more flexible and accessible by adding support for the Google Chromebook. These low-cost “thin client” laptops are simple and easy to manage. They run Chrome OS and were designed specifically for internet users. This makes them a great match for Amazon WorkSpaces because you can access your cloud desktops, your productivity apps, and your corporate network from devices that are simple to manage, secure, and available at a low cost.
The newest Amazon WorkSpaces client app runs on Chromebooks (version 45 of Chrome OS and newer) with ARM and Intel chipsets, and supports both touch and non-touch devices. You can download the WorkSpaces client for Chromebook now and install it on your Chromebook today.
The Amazon WorkSpaces client app is also available for Mac OS X, iPad, Windows, Android Tablet, and Fire Tablet environments.
Encrypted Storage Volumes Using KMS
Amazon WorkSpaces enables you to deliver a high quality desktop experience to your end-users and can also help you to address regulatory requirements or to conform to organizational security policies.
Today we are announcing an additional security option: encryption for WorkSpaces data in motion and at rest (this includes the disk volume and the snapshots associated with it). The WorkSpaces administrator now has the option to encrypt the C: and D: drives as part of the launch and configuration process for each newly created WorkSpace. This encryption is performed using a customer master key (CMK) stored in AWS Key Management Service (KMS).
Encryption is supported for all types of Amazon WorkSpace bundles including custom bundles created within your organization, but must be set up when the WorkSpace is created (encrypting an existing WorkSpace is not supported). Each customer master key from KMS can be used to encrypt up to 30 WorkSpaces.
Launching a WorkSpace with an encrypted root volume can take additional time. Once launched, you can expect to see a minimal impact on latency or IOPS. Here is how you (or your WorkSpaces administrator) choose the volumes to be encrypted along with the KMS key at launch time:
The encryption status of each WorkSpace is also visible from within the WorkSpaces Console:
There’s no charge for the encryption feature, but you will pay the standard KMS charges for any keys that you create.
PS – Before you ask, I am planning to ditch my laptop in favor of a Chromebook immediately after AWS re:Invent!
AWS customers are deploying Amazon WorkSpaces at scale in medium and large organizations. For example, health care company Johnson & Johnson is using WorkSpaces to realize the long-promised security and efficacy benefits of virtual desktops, in a world populated by a diverse workforce that would like to use their own computing devices if possible (also known as BYOD – Bring Your Own Device). You can view their new video (Deploying Amazon WorkSpaces at Scale with Johnson & Johnson) to learn more about what they did and how they now support BYOD for 16,000 contractors and employees, along with zero clients for another 8,000 users. You can also take a look at the SlideShare presentation, Deploying Amazon WorkSpaces at Scale.
In order to help our customers to monitor their WorkSpaces deployments, we recently added additional Amazon CloudWatch metrics for WorkSpaces. These metrics are designed to provide administrators with additional insight in to the overall health and connection status of individual WorkSpaces and of all of the WorkSpaces that belong to a particular directory.
The new metrics are enabled by default and are available to you at no extra charge. Here’s what you get:
- Available – WorkSpaces that respond to a status check are counted in this metric.
- Unhealthy – WorkSpaces that do not respond to the same status check are counted in this metric.
- ConnectionAttempt – The number of connection attempts made to a WorkSpace.
- ConnectionSuccess – The number of successful connection attempts.
- ConnectionFailure – The number of unsuccessful connection attempts.
- SessionLaunchTime – The amount of time taken to initiate a session, as measured by the WorkSpaces client.
- InSessionLatency – The round trip time between the WorkSpaces client and WorkSpaces, as measured and reported by the client.
- SessionDisconnect – The number of user initiated and automatically closed sessions.
Here’s how you create an alarm that will fire if a user cannot connect to their WorkSpace:
The new metrics are available now and you can start monitoring them today!
To learn more, read about Monitoring Amazon WorkSpaces.
I’m a big fan of Amazon WorkSpaces and currently spend most of my day using a single WorkSpace that I can access from multiple locations, devices, and device types (I can’t wait to share even more details about this use case with you).
Up until now, all actions on a WorkSpace had to be initiated through the AWS Management Console. This access method offered point-and-click convenience, but did not lend itself to integration with existing business processes and workflows. There was, for example, no way to automatically create a WorkSpace for a new employee.
API & CLI
Today we are making WorkSpaces even more useful by adding API and CLI (Command-Line Interface) support. You can now describe available directories and bundles, create and describe WorkSpaces, and perform maintenance operations (rebuild, reboot, and terminate WorkSpaces) from your own code. For example, you could build an internal administrative tool or a self-service “give me a desktop” portal. The actions that are performed on a WorkSpace via the AWS SDK and the CLI can be recorded via AWS CloudTrail. Also, permissions for these actions and the WorkSpaces resources can be controlled via an IAM policy.
Let’s walk through the provisioning process using the CLI, taking on the role of the WorkSpaces Administrator (the same steps apply to the AWS Tools for Windows PowerShell or to code that calls the WorkSpaces API):
The first step is to list (describe) the directories:
As you can see from the output, there’s one directory (internal.exampleco.com). The next step is to describe the WorkSpace bundles that can be used to create a WorkSpace:
And now we have all of the information needed to create a WorkSpace for a new user (in this example the user is named olivia in the directory listed above):
Then we can describe the WorkSpace to check on its creation status:
We can also describe all of the WorkSpaces associated with the AWS account in the current Region:
We can reboot a single WorkSpace by referencing the user’s name:
And we can check on the status of the reboot:
As usual, this new functionality is available now. You can start using it today in all of the regions where you can use WorkSpaces (currently US East (Northern Virginia), US West (Oregon), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), and Asia Pacific (Sydney)).
PS – If you are in the process of evaluating WorkSpaces to see how it could work for you, be sure to check out our new WorkSpaces Application Manager.
Over the last month or two I have become a devoted user of Amazon WorkSpaces. I am able to maintain a single, consistent working environment that I can access from my home, my office, an airport gate, a hotel room, and so forth. Regardless of where I am sitting, I have access to the same applications, files, browser tabs, and inbox. My PuTTY sessions remain open and I no longer have to waste any time or mental energy in context-switching between environments. Later this month I plan to start using a Zero Client device at the office (see my post, Amazon WorkSpaces Supports PCoIP Zero Clients for more information).
Application Delivery Made Easy
Today we are making WorkSpaces even more useful by adding a new WorkSpaces Application Manager (WAM). This new service gives you on-demand access to centrally managed desktop applications. Delivery is secure, scalable, and streamlined; you can choose your applications from a catalog (built by your IT Manager) and start using them within seconds, with an economical user-based pricing model.
If you are an IT Manager, you can use WAM to provide your users with access to a curated collection of commercial (licensed), open source, and in-house applications using a simple and straightforward distribution model that will allow you to maintain control and accountability. You can also reduce the operational costs that are traditionally associated with installing, patching, and retiring applications, even as your user base scales to thousands or tens of thousands of WorkSpaces desktops.
Apps are deployed to Amazon WorkSpaces using application virtualization technology, which allows Amazon WAM to safely encapsulate and isolate applications in dedicated containers that run using resources provided by Amazon WorkSpaces. The application virtualization technology transforms Windows applications into centrally managed virtual applications. Apps are never installed, which streamlines application life-cycle management for IT admins.
There are two different subscription levels for Amazon WAM:
- WAM Basic provides you with access to the AWS Marketplace for Desktop Apps, along with a limited set of administrative controls. It is available to all users of Amazon WorkSpaces at no extra charge.
- WAM Standard adds fine-grained controls for provisioning and policies for users and groups, including controlling access, managing versions and updating. It also supports auditing of application usage. This level costs $5 / user / month, but is available at no charge until July 1, 2015.
In this post I will look at the WorkSpaces Application Marketplace from two very distinct points of view: the WorkSpaces users and the IT Manager / WorkSpaces Administrator.
The User View
My IT Manager can designate certain apps as “Required” for me. Apps that have been flagged in this way will be deployed to my WorkSpace automatically.
The Amazon WAM desktop app runs within my WorkSpace and allows me to browse the apps that my IT Manager has made available to me for optional installation. I can click on All Apps to see what’s available:
After I find the desired application I simply click on Install and it will be delivered to my WorkSpace and ready to use within seconds. Once installed, the application can be launched from the Windows Start menu, a desktop shortcut, or from within the Amazon WAM client. Perhaps I’d like to run Visual Studio (as you can see from the screen shot, my IT Manager designated Visio Standard as required and I don’t need to install it):
I can find all of the applications that are ready to run:
The IT Manager View
Let’s switch hats and become the IT Manager with responsibility for maintaining an application catalog for my users. I can use the WAM Console to take care of the following tasks:
- Manage the application catalog
- Control access by users
- Track usage
My catalog can contain any desired combination of applications that I already own and applications that I find in the AWS Marketplace for Desktop Apps and then subscribe to in the WAM Console.
Any 32-bit or 64-bit application that is compatible with Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows Server 2008 R2, and Microsoft Windows Server 2012 can be delivered to a WorkSpace using WAM.
I can also use Amazon WAM to deliver my own line-of-business applications or applications that I have already licensed. In this case I would use the Amazon WAM packaging tools to prepare my applications via these steps:
- Package / Capture – In this step I launch an EC2 instance that has been equipped with the requisite packaging utility, formally known as the Amazon WAM Admin Studio. I simply install the application in the desired fashion and Admin Studio will capture all of the changes made to the file system, registry, and environment. Then I finalize my application package and upload it to WAM. At this point it will be marked as Pending.
- Validate– In this step I install the pending application on a fresh EC2 instance, use the Amazon WAM Admin Player to launch it as if I were a normal user, and then verify that it works as expected. Once I am satisfied that all is well, I approve the package to mark it as completed.
- Publish – In this step I create a new application from the application package and make it available for use within my organization’s application catalog, all from within the WAM Console.
Here is the WAM Admin Studio:
And here is the WAM Admin Player:
I can also subscribe to applications in the AWS Marketplace for Desktop Apps (a new category within the AWS Marketplace) using a monthly subscription. Here is how I would add an application to my catalog via the Marketplace:
A subscription is activated and charged the first time a user in my organization launches an application and will renew monthly until access to the application is removed for that user, with a prorated charge for the first month. I can purchase licenses for my organization from within the WorkSpaces console instead of negotiating with individual vendors. All of the software charges will appear on my organization’s AWS bill.
In the Marketplace
We are launching the AWS Marketplace for Desktop Apps with an initial set of over 100 applications in the following categories:
- Business Intelligence
- Collaboration & Productivity
- Illustration & Design
- Programming & Web Development
We are planning to add more categories and more applications in the coming weeks and months. If you are an ISV and you would like to talk to us about getting your products in to the AWS Marketplace for Desktop Apps, please email us at firstname.lastname@example.org .
WAM is available today to use with your WorkSpaces in the US East (Northern Virginia) and US West (Oregon) regions.