Category: Amazon WorkDocs
As I have told you in the past, we like to drink our own Champagne at Amazon. Practically speaking, this means that we make use of our own services, tools, and applications as part of our jobs, and that we supply the development teams with feedback if we have an idea for an improvement or if we find something that does not work as expected.
I first talked about Amazon WorkDocs (which was originally called Zocalo) back in the middle of 2014, and have been using it ever since (at busy times I often have drafts of 7 or 8 posts circulating).
I upload drafts of every new blog post (usually as PDFs) to WorkDocs and then share them with the Product Manager, Product Marketing Manager, and other designated reviewers. The reviewers leave feedback for me, I update the draft, and I wait for more feedback. After a couple of iterations the draft settles down and I wait for the go-ahead to publish the post. The circle of reviews often grows to include developers, senior management, and so forth. I simply share the document with them and look forward to even more feedback. My job is to read and to process all of the feedback (lots of suggestions, and the occasional question) as quickly as possible and to make sure that I did not miss anything.
Today I would like to tell you about some recent recent enhancements that makes WorkDocs even more useful. We have added some more commenting and reviewing features, along with an activity feed.
Over the course of a couple of revisions, some comments will spur a discussion. There might be a question about the applicability of a particular feature or the value of a particular image. In order to make it easier to start and to continue conversations, WorkDocs now supports threaded replies. I simply click on Reply and respond to a comment:
It is displayed like this:
If I click on Private, the comment is accessible only to the person who wrote the original.
In order to strengthen my message, I can also use simple formatting (bold, italic, and strikethrough) in my comments. Here’s how I specify each one:
And here’s the result:
Clicking on the ? displays a handy guide to formatting:
When the time for comments has passed, I can now disable feedback with a single click:
As the comments accumulate, I sometimes need to draw a reviewer’s attention to a particular comment. I can do this by entering an @ in the comment and then choosing their name from the popup menu:
The user will be notified by email in order to let them know that their feedback is needed.
From time to time, a potential reviewer will come in to possession of a URL to a WorkDocs document but will not have access to the document. They can now request access to the document like this:
The request will be routed to the owner of the document via email for approval.
Similarly, someone who has been granted Viewer-level access can now request Contributor-level access:
Again, the request will be routed to the owner of the document via email for approval:
With multiple blog posts out for review at any given time, keeping track of what’s coming and going can be challenging. In order to give me a big-picture view, WorkDocs now includes an Activity Feed. The feed shows me what is going on with my own documents and with those that have been shared with me. I can watch as files and folders are created, changed, removed, and commented on. I can also see who is making the changes and track the times when they were made:
I can enter a search term to control what I see in the feed:
And I can further filter the updates by activity type or by date:
These features are available now and you can start using them today.
I am a heavy-duty user and a big fan of Amazon WorkDocs. With AWS re:Invent just days away, I have nearly two dozen draft blog posts underway. I use WorkDocs to make sure that all of the interested parties are reviewing and commenting on the most recent version of each draft.
Today I am happy announce that we are launching a public preview of an Administrative SDK for WorkDocs. I have been looking forward to this announcement and can’t wait to build some tools to streamline my blogging and reviewing workflow. This SDK opens the doors to many types of value-added integration including advanced content management, document migration, virus scanning, data-loss prevention, and ediscovery.
The SDK provides full, administrator-level access to the resources contained within a WorkDocs site. You can build applications that manage users, content, and permissions and sell them on AWS Marketplace for deployment through the WorkDocs administrator console.
Resources and Actions
The Administrative SDK gives you Create, Read, Update, and Delete actions on WorkDocs users, folders, files, and permissions along with the ability to subscribe to notifications that are sent when an action is performed on them. Permission to access specific functions and resources is granted by AWS Identity and Access Management (IAM).
Here’s an overview of the functions provided by the SDK:
The SDK is available for Java and Python developers and works in all six AWS Regions where WorkDocs is available. The download is free and there is no charge for calls to the API during the Public Preview period.
During the Public Preview, we are looking for developers who are ready to commit engineering resources to the construction of a Proof of Concept application that uses the SDK, and who are willing to meet with the WorkDocs team to provide status updates and share feedback.
If you have an idea for a great application and would like to apply for the Public Preview, sign up today.
Early last year my colleague Steve Mueller stopped by my office to tell me about an internal pilot program that he thought would be of interest to me. He explained that they were getting ready to run Amazon WorkSpaces on the Amazon network and offered to get me on the waiting list. Of course, being someone that likes to live on the bleeding edge, I accepted his offer.
Shortly thereafter I started to run the WorkSpaces client on my office desktop, a fairly well-equipped PC with two screens and plenty of memory. At that time I used the desktop during the working day and a separate laptop when I was traveling or working from home. Even though I used Amazon WorkDocs to share my files between the two environments, switching between them caused some friction. I had distinct sets of browser tabs, bookmarks, and the like. No matter how much I tried, I could never manage to keep the configurations of my productivity apps in sync across the environments.
After using the WorkSpace at the office for a couple of weeks, I realized that it was just as fast and responsive as my desktop. Over that time, I made the WorkSpace into my principal working environment and slowly severed my ties to my once trusty desktop.
I work from home two or three days per week. My home desktop has two large screens, lots of memory, a top-notch mechanical keyboard, and runs Ubuntu Linux. I run VirtualBox and Windows 7 on top of Linux. In other words, I have a fast, pixel-rich environment.
Once I was comfortable with my office WorkSpace, I installed the client at home and started using it there. This was a giant leap forward and a great light bulb moment for me. I was now able to use my fast, pixel-rich home environment to access my working environment.
At this point you are probably thinking that the combination of client virtualization and server virtualization must be slow, laggy, or less responsive than a local device. That’s just not true! I am an incredibly demanding user. I pound on the keyboard at a rapid-fire clip, I keep tons of windows open, alt-tab between them like a ferret, and I am absolutely intolerant of systems that get in my way. My WorkSpace is fast and responsive and makes me even more productive.
Move to Zero Client
A few months in to my WorkSpaces journey, Steve IM’ed me to talked about his plan to make some Zero Client devices available to members of the pilot program. I liked what he told me and I agreed to participate. He and his sidekick Michael Garza set me up with a Dell Zero Client and two shiny new monitors that had been taking up space under Steve’s desk. At this point my office desktop had no further value to me. I unplugged it, saluted it for its meritorious service, and carried it over to the hardware return shelf in our copy room. I was now all-in, and totally dependent on, my WorkSpace and my Zero Client.
The Zero Client is a small, quiet device. It has no fans and no internal storage. It simply connects to the local peripherals (displays, keyboard, mouse, speakers, and audio headset) and to the network. It produces little heat and draws far less power than a full desktop.
During this time I was also doing quite a bit of domestic and international travel. I began to log in to my WorkSpace from the road. Once I did this, I realized that I now had something really cool—a single, unified working environment that spanned my office, my home, and my laptop. I had one set of files and one set of apps and I could get to them from any of my devices. I now have a portable desktop that I can get to from just about anywhere.
The fact that I was using a remote WorkSpace instead of local compute power faded in to the background pretty quickly. One morning I sent the team an email with the provocative title “My WorkSpace has Disappeared!” They read it in a panic, only to realize that I had punked them, and that I was simply letting them know that I was able to focus on my work, and not on my WorkSpace. I did report a few bugs to them, none of which were serious, and all of which were addressed really quickly.
The reality of my transition became apparent late last year when the hard drive in my laptop failed one morning. I took it in to our IT helpdesk and they replaced the drive. Then I went back up to my office, reinstalled the WorkSpaces client, and kept on going. I installed no other apps and didn’t copy any files. At this point the only personal items on my laptop are the registration code for the WorkSpace and my stickers! I do still run PowerPoint locally, since you can never know what kind of connectivity will be available at a conference or a corporate presentation.
I also began to notice something else that made WorkSpaces different and better. Because laptops are portable and fragile, we all tend to think of the information stored on them as transient. In the dark recesses of our minds we know that one day something bad will happen and we will lose the laptop and its contents. Moving to WorkSpaces takes this worry away. I know that my files are stored in the cloud and that losing my laptop would be essentially inconsequential.
It Just Works
To borrow a phrase from my colleague James Hamilton, WorkSpaces just works. It looks, feels, and behaves just like a local desktop would.
Like I said before, I am demanding user. I have two big monitors, run lots of productivity apps, and keep far too many browser windows and tabs open. I also do things that have not been a great fit for virtual desktops up until now. For example:
Image Editing – I capture and edit all of the screen shots for this blog (thank you, Snagit).
Music – I installed the Amazon Music player and listen to my favorite tunes while blogging.
Video – I watch internal and external videos.
Printing – I always have access to the printers on our corporate network. When I am at home, I also have access to the laser and ink jet printers on my home network.
Because the WorkSpace is running on Amazon’s network, I can download large files without regard to local speed limitations or bandwidth caps. Here’s a representative speed test (via Bandwidth Place):
Sense of Permanence
We transitioned from our pilot WorkSpaces to our production environment late last year and are now provisioning WorkSpaces for many members of the AWS team. My WorkSpace is now my portable desktop.
After having used WorkSpaces for well over a year, I have to report that the biggest difference between it and a local environment isn’t technical. Instead, it simply feels different (and better). There’s a strong sense of permanence—my WorkSpace is my environment, regardless of where I happen to be. When I log in, my environment is always as I left it. I don’t have to wait for email to sync or patches to install, as I did when I would open up my laptop after it had been off for a week or two.
Now With Tagging
As enterprises continue to evaluate, adopt, and deploy WorkSpaces in large numbers, they have asked us for the ability to track usage for cost allocation purposes. In many cases they would like to see which WorkSpaces are being used by each department and/or project. Today we are launching support for tagging of WorkSpaces. The WorkSpaces administrator can now assign up to 10 tags (key/value pairs) to each WorkSpace using the AWS Management Console, AWS Command Line Interface (CLI), or the WorkSpaces API. Once tagged, the costs are visible in the AWS Cost Allocation Report where they can be sliced and diced as needed for reporting purposes.
Here’s how the WorkSpaces administrator can use the Console to manage the tags for a WorkSpace:
Tags are available today in all Regions where WorkSpaces is available: US East (Northern Virginia), US West (Oregon), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), and Asia Pacific (Sydney).
If you have found my journey compelling and would like to learn more, here are some resources to get you started:
- Amazon WorkSpaces home page – Complete technical and pricing information.
- Amazon WorkSpaces Testimonials – Learn how Yamaha, Endemol Shine Nederland, and the Louisiana Department of Corrections are using WorkSpaces.
- Deploying Amazon WorkSpaces at Scale with Johnson & Johnson – A detailed presentation from one of our enterprise customers.
- How Amazon.com is Moving to Amazon WorkSpaces – A detailed recounting of our journey, including a lot of information on how we decided on our networking configuration. I have a brief appearance at the end as the “customer.”
- AHEAD Desktop As a Service – Learn how AWS Partner AHEAD is delivering Desktops as a Service (DaaS) using WorkSpaces. You can also register and watch their recorded webinar.
Request a Demo
If you and your organization could benefit from Amazon WorkSpaces and would like to learn more, please get in touch with our team at firstname.lastname@example.org.
I have become a devoted user of Amazon WorkDocs. I draft my blog posts (including this one) and then use WorkDocs to route them to the appropriate people and teams for review and translation. On an average day I probably upload new versions of 4 or 5 draft blog posts and review and respond to feedback on a similar number.
Today we are making WorkDocs even more useful by introducing additional sharing and ownership options for folder and documents. Let’s take a look at these new features!
Folder Link Sharing
You can now share a WorkDocs folder by creating and then sending a link. You can share read only or read & write access to the folder. To share a folder using a link, select the folder and then click on Share Link:
Then choose the type of access that you would like to share:
Copy the resulting link and send it to the lucky recipients. If you share read only access, the link recipient can only read the contents of the folder. If you share read & write access, the recipient can read the contents of the folder, provide feedback on the contents, and upload new versions of any of the documents or folders within. To learn more, read Creating a Shared Link in the WorkDocs Web Client Help.
Sharing with Groups
You can now share individual documents and entire folders with Active Directory (AD) groups. This will share the items with all of the members of group. You can do this by entering the name of the group when you share the item:
You can now make your colleagues and collaborators into co-owners of your documents and files. A co-owner can rename and delete documents and folders, and can also re-share them. Here’s now I would share my draft posts with Werner:
These features are available now and you can start using them today!
Have you ever had to set up, run, and scale an email server? While it has been a long time since I have done this on my own, I do know that it is a lot of work! Users expect to be able to access their email from the application, device, or browser of their choice. They want to be able to send and receive large files (multi-megabyte video attachments and presentations often find their way in to my inbox). Email administrators and CSO’s are looking for robust security measures.
Paradoxically, email is both mission-critical and pedestrian. Everyone needs it to work, but hardly anyone truly understands what it takes to make this happen!
Introducing Amazon WorkMail
Today I would like to introduce Amazon WorkMail. This managed email and calendaring solution runs in the Cloud. It offers a unique set of security controls and works with your existing desktop and mobile clients (there’s also a browser-based interface). If your organization already has a directory of its own, Amazon WorkMail can make use of it via the recently introduced AWS Directory Service. If not, Amazon WorkMail will use Directory Service to create a directory for you as part of the setup process.
Amazon WorkMail was designed to work with your existing PC and Mac-based Outlook clients including the prepackaged Click-to-Run versions. It also works with mobile clients that speak the Exchange ActiveSync protocol.
Our 30-day free trial will give you the time and the resources to evaluate Amazon WorkMail in your own environment. As part of the trial, you can serve up to 25 users, with 50 gigabytes of email storage per employee. In order to help you to move your organization to Amazon WorkMail, we also provide you with a mailbox migration tool.
Amazon WorkMail makes use of a number of AWS services including Amazon WorkDocs (formerly known as Amazon Zocalo), the Directory Service, AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), and Amazon Simple Email Service (SES).
Amazon WorkMail Features
You can set up Amazon WorkMail for a new organization in a matter of minutes. As I mentioned earlier, you can use your existing directory or you can have Amazon WorkMail set one up for you. You can send and receive email through your existing domain name by adding a TXT record (for verification of ownership) and an MX record (to route the mail to Amazon WorkMail to your existing DNS configuration).
As a Amazon WorkMail user, you have access to all of the usual email features including calendaring, calendar sharing, tasks, contact lists, distribution lists, resource booking, public folders, and out-of-office (OOF) messages.
The browser-based interface has a full array of features. It works with a wide variety of browsers including Firefox, Chrome, Safari, and newer (IE 9 and higher) versions of Internet Explorer. The interface gives you access to email, calendars, contacts, and tasks. You can access shared calendars and public folders, book resources, and manage your OOF.
Amazon WorkMail was designed to work in today’s data-rich, email-intensive environments. Each inbox has room for up to 50 gigabytes of messages and attachments. Messages can range in size all the way up to 25 megabytes.
As part of this launch we are renaming Amazon Zocalo to Amazon WorkDocs! Amazon WorkMail can be used in conjunction with WorkDocs for simple, controlled distribution of documents that contain sensitive information.
Amazon WorkMail Security Controls
Let’s talk about security for a bit. Amazon WorkMail includes a number of security features and controls that will allow it to meet the needs of many types of organizations. Here’s an overview of some of the most important features and controls:
- Location Control – The Amazon WorkMail administrator can choose to create mailboxes in any supported AWS region. All mail and other data will be stored within the region and will not be transferred to any other region. During the Preview, Amazon WorkMail will be supported in the US East (Northern Virginia) and EU (Ireland) regions, with more to follow over time.
- S/MIME – Data in transit to and from Outlook clients and certain iPhone and iPad apps is encrypted using S/MIME. Data in transit to other clients is encrypted using SSL.
- Stored Data Encryption – Data at rest (messages, contacts, attachments, and metadata) is encrypted using keys supplied and managed by KMS.
- Message Scanning – Incoming and outgoing email messages and attachments are scanned for malware, viruses, and spam.
- Mobile Device Policies & Actions – The Amazon WorkMail administrator can selectively require encryption, password protection, and automatic screen locking for mobile devices. The administrator can also remotely wipe a lost or mislaid mobile device if necessary.
Getting Started with Amazon WorkMail
Let’s walk through Amazon WorkMail while wearing our email administrator hats! I need to create a Amazon WorkMail organization. In most cases, I would use a single organization for an entire company.
I start by opening up the AWS Management Console and choosing Amazon WorkMail:
I click the Get started button. At this point I can choose between a Quick setup (Amazon WorkMail will create a new directory for me) or a Custom setup (Amazon WorkMail will use an existing directory that I configure):
I’ll go for the quick setup today. I need to pick a unique name for my organization:
This will automatically create a directory and then create and initialize my organization. It will also initiate the Amazon SES domain verification process (for jeffbarr.awsapps.com in this case) and create a set of DKIM keys so that I can send DKIM-signed mail. The entire process takes 10 to 20 minutes and requires no additional work on my part. The organization’s status will start out as creating and will transition to active before too long:
After the creation process completes I can begin to add Amazon WorkMail users to my organization (if I had used an existing directory in the previous step I could simply select them from a list at this point). I’ll begin by adding myself:
Then I specify the email address and password. If I have associated one or more domain names with the organization, I can use the name as the basis for the email address:
I can browse all of the organization’s users:
I can also create groups, attach domains, and manage mobile device policies, all from the Console.
The Amazon WorkMail Browser-Based Interface
Let’s take a look at the browser-based interface to Amazon WorkMail. Here’s my inbox:
And my calendar:
This is just a sampling of the features that are available in the Amazon WorkMail.
Pricing and Availability
We are launching a Preview of Amazon WorkMail in the US East (Northern Virginia) and EU (Ireland) regions today and you can sign up for the Preview if you are interested in joining.
After the 30-day free trial (25 users and 50 gigabytes of storage per user), pricing is on a per-user, pay-as-you-go basis. You will be charged $4 per month for a 50 gigabyte Amazon WorkMail mailbox, or $6 per month for a bundle that includes Amazon WorkMail and WorkDocs. There is no separate charge for the use of SES to send messages.