Category: Amazon WorkMail

Amazon WorkMail – Now Generally Available

I first wrote about Amazon WorkMail last year when we made it available in preview form. At the time, I noted that Amazon WorkMail is a managed calendaring and email solution that runs in the Cloud and works with your existing desktop and mobile clients. In my initial post (Amazon WorkMail – Managed Email and Calendaring in the AWS Cloud) I discussed Workmail’s security features and controls. These include location control, encryption of stored data, message scanning for spam & virus protection, and policies & actions for controlling mobile devices.

Now Generally Available
I am happy to be able to announce that Amazon WorkMail is now generally available in three AWS regions (US East (Northern Virginia), US West (Oregon), and EU (Ireland)).

We continued to add features to Amazon WorkMail during the preview, with a focus on security, ease of use, and migration. Here’s a summary:

Integration with KMS – You (the email administrator) can use AWS Key Management Service (KMS) to create and manage the keys that are used to encrypt data at rest. To learn more, read How Amazon WorkMail Uses AWS KMS.

CertificationsAmazon WorkMail has achieved the ISO 27001, ISO 27017, and ISO 27018 certifications. You can learn more about these certifications on the AWS Cloud Compliance page.

Regional Data Control – You can choose the region where you want to store your mailboxes and be confident that the stored data will not leave the region. For more information, take a look at Amazon WorkMail Regions and Endpoints.

Easy Setup – By using Amazon WorkMail in conjunction with Simple AD, you can be up and running with a modest number of clicks, generally in 10 minutes or less. Read Getting Set Up to learn more.

Additional Client SupportAmazon WorkMail now supports clients that run on OS X, including Apple Mail and Outlook. It also supports clients that use the Microsoft Exchange ActiveSync protocol including iPhone, iPad, Kindle Fire, Fire Phone, Android, Windows Phone, and BlackBerry 10. To learn more, read about Desktop Clients and Mobile Clients (there’s also a web application).

Resource Creation – Users can now create and book resources such as meeting rooms and equipment. Read Working with Resources to learn more.

Migration & InteroperabilityAmazon WorkMail now includes a migration tool that you can use to migrate existing mailboxes to Amazon WorkMail (see Migrating Microsoft Exchange Mailboxes to Amazon Workmail for more info).

In the Works
We are working on interoperability support that will allow users of  Amazon WorkMail to benefit from a single Global Address Book, and to access free/busy calendar information across both environments. I’ll have more information on this feature in the near future.

We are also working on an email journaling feature. This feature will allow you to use your existing email archiving system to capture and preserve all Amazon WorkMail communication.

Getting Started
Amazon WorkMail costs $4 per user per month, including 50 GB of mailbox storage per user (see the Workmail Pricing page for details). There’s also a 30-day free trial for up to 25 users.

You can read Getting Started with Amazon Workmail to learn how to put WorkMail to use in your organization.


Amazon WorkMail – Managed Email and Calendaring in the AWS Cloud

Have you ever had to set up, run, and scale an email server? While it has been a long time since I have done this on my own, I do know that it is a lot of work! Users expect to be able to access their email from the application, device, or browser of their choice. They want to be able to send and receive large files (multi-megabyte video attachments and presentations often find their way in to my inbox). Email administrators and CSO’s are looking for robust security measures.

Paradoxically, email is both mission-critical and pedestrian. Everyone needs it to work, but hardly anyone truly understands what it takes to make this happen!

Introducing Amazon WorkMail
Today I would like to introduce Amazon WorkMail. This managed email and calendaring solution runs in the Cloud. It offers a unique set of security controls and works with your existing desktop and mobile clients (there’s also a browser-based interface). If your organization already has a directory of its own, Amazon WorkMail can make use of it via the recently introduced AWS Directory Service. If not, Amazon WorkMail will use Directory Service to create a directory for you as part of the setup process.

Amazon WorkMail was designed to work with your existing PC and Mac-based Outlook clients including the prepackaged Click-to-Run versions. It also works with mobile clients that speak the Exchange ActiveSync protocol.

Our 30-day free trial will give you the time and the resources to evaluate Amazon WorkMail in your own environment. As part of the trial, you can serve up to 25 users, with 50 gigabytes of email storage per employee. In order to help you to move your organization to Amazon WorkMail, we also provide you with a mailbox migration tool.

Amazon WorkMail makes use of a number of AWS services including Amazon WorkDocs (formerly known as Amazon Zocalo), the Directory Service, AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), and Amazon Simple Email Service (SES).

Amazon WorkMail Features
You can set up Amazon WorkMail for a new organization in a matter of minutes. As I mentioned earlier, you can use your existing directory or you can have Amazon WorkMail set one up for you. You can send and receive email through your existing domain name by adding a TXT record (for verification of ownership) and an MX record (to route the mail to Amazon WorkMail to your existing DNS configuration).

As a Amazon WorkMail user, you have access to all of the usual email features including calendaring, calendar sharing, tasks, contact lists, distribution lists, resource booking, public folders, and out-of-office (OOF) messages.

The browser-based interface has a full array of features. It works with a wide variety of browsers including Firefox, Chrome, Safari, and newer (IE 9 and higher) versions of Internet Explorer. The interface gives you access to email, calendars, contacts, and tasks. You can access shared calendars and public folders, book resources, and manage your OOF.

Amazon WorkMail was designed to work in today’s data-rich, email-intensive environments. Each inbox has room for up to 50 gigabytes of messages and attachments. Messages can range in size all the way up to 25 megabytes.

As part of this launch we are renaming Amazon Zocalo to Amazon WorkDocs! Amazon WorkMail can be used in conjunction with WorkDocs for simple, controlled distribution of documents that contain sensitive information.

Amazon WorkMail Security Controls

Let’s talk about security for a bit. Amazon WorkMail includes a number of security features and controls that will allow it to meet the needs of many types of organizations. Here’s an overview of some of the most important features and controls:

  • Location Control – The Amazon WorkMail administrator can choose to create mailboxes in any supported AWS region. All mail and other data will be stored within the region and will not be transferred to any other region. During the Preview, Amazon WorkMail will be supported in the US East (Northern Virginia) and EU (Ireland) regions, with more to follow over time.
  • S/MIME – Data in transit to and from Outlook clients and certain iPhone and iPad apps is encrypted using S/MIME. Data in transit to other clients is encrypted using SSL.
  • Stored Data Encryption – Data at rest (messages, contacts, attachments, and metadata) is encrypted using keys supplied and managed by KMS.
  • Message Scanning – Incoming and outgoing email messages and attachments are scanned for malware, viruses, and spam.
  • Mobile Device Policies & Actions – The Amazon WorkMail administrator can selectively require encryption, password protection, and automatic screen locking for mobile devices. The administrator can also remotely wipe a lost or mislaid mobile device if necessary.

Getting Started with Amazon WorkMail
Let’s walk through Amazon WorkMail while wearing our email administrator hats! I need to create a Amazon WorkMail organization. In most cases, I would use a single organization for an entire company.

I start by opening up the AWS Management Console and choosing Amazon WorkMail:

I click the Get started button. At this point I can choose between a Quick setup (Amazon WorkMail will create a new directory for me)  or a Custom setup (Amazon WorkMail will use an existing directory that I configure):

I’ll go for the quick setup today. I need to pick a unique name for my organization:

This will automatically create a directory and then create and initialize my organization. It will also initiate the Amazon SES domain verification process (for in this case) and create a set of DKIM keys so that I can send DKIM-signed mail. The entire process takes 10 to 20 minutes and requires no additional work on my part. The organization’s status will start out as creating and will transition to active before too long:

After the creation process completes I can begin to add Amazon WorkMail users to my organization (if I had used an existing directory in the previous step I could simply select them from a list at this point). I’ll begin by adding myself:

Then  I specify the email address and password. If I have associated one or more domain names with the organization, I can use the name as the basis for the email address:

I can browse all of the organization’s users:

I can also create groups, attach domains, and manage mobile device policies, all from the Console.

The Amazon WorkMail Browser-Based Interface
Let’s take a look at the browser-based interface to Amazon WorkMail. Here’s my inbox:

And my calendar:

This is just a sampling of the features that are available in the Amazon WorkMail.

Pricing and Availability
We are launching a Preview of Amazon WorkMail in the US East (Northern Virginia) and EU (Ireland) regions today and you can sign up for the Preview if you are interested in joining.

After the 30-day free trial (25 users and 50 gigabytes of storage per user), pricing is on a per-user, pay-as-you-go basis. You will be charged $4 per month for a 50 gigabyte Amazon WorkMail mailbox, or $6 per month for a bundle that includes Amazon WorkMail and WorkDocs. There is no separate charge for the use of SES to send messages.