Advancing business continuity with Amazon WorkSpaces Multi-Region Resilience

Amazon WorkSpaces Multi-Region Resilience offers cost-effective, easy-to-manage business continuity solutions with less than 30-minute recovery time objective (RTO) using WorkSpaces standby configuration. In this article, I describe the key concepts to set up Amazon WorkSpaces Multi-Region Resilience, including the WorkSpaces standby configuration with cross-Region redirection, configuring DNS service and DNS routing policies, and notifying WorkSpaces connection strings to end users.

Amazon WorkSpaces Multi-Region Resilience – Overview

Business continuity is a key consideration for customers who run critical operations on Amazon WorkSpaces. WorkSpaces is often the primary desktop because it provides secure, reliable access to their documents, applications, and resources wherever they are, anytime. If an AWS Region becomes unavailable for a period of time, customers want to make standby virtual desktops available for their workers, minimizing productivity loss while optimizing the infrastructure costs of a standby deployment in a secondary Region.

Amazon WorkSpaces Multi-Region Resilience offers cost-effective, easy-to-manage business continuity solutions with less than 30-minute recovery time objective (RTO) using WorkSpaces standby configuration.

WorkSpaces standby configuration automates the creation and management of a standby deployment. To begin, you must set up a user Directory Service in your preferred secondary Region. Next, select the WorkSpaces in your primary Region that need standby WorkSpaces; either through the AWS Management Console, or the AWS SDK. WorkSpaces standby configuration automatically provisions standby WorkSpaces in your secondary Region, using the latest bundle configurations of your primary WorkSpaces. WorkSpaces standby configuration does not copy the user volume(D drive) or root volume(C drive).

Amazon WorkSpaces Multi-Region Resilience uses cross-Region redirection (CRR). CRR streamlines the redirection of users to a secondary Region when their primary WorkSpaces Region is unreachable. With CRR, a fully qualified domain name (FQDN) is used as Amazon WorkSpaces registration codes. If the primary Region fails, users are directed to the secondary WorkSpaces Region based on your Domain Name System (DNS) failover policies for the FQDN. If you use Amazon Route 53, you can benefit from health checks that monitor Amazon CloudWatch alarms when devising a cross-Region redirection strategy.

Amazon WorkSpaces Multi-Region Resilience optimizes the costs of maintaining a standby deployment. You only access your standby WorkSpaces when performing maintenance work, or when your primary Region WorkSpaces are not reachable. Standby WorkSpaces are offered at a lower, fixed, monthly fee which includes an hourly meeting option. With Amazon WorkSpaces Multi-Region Resilience, you only pay a small, fixed monthly fee for infrastructure and storage, and a low flat rate for each hour of usage during the month.

“With tens of thousands of remote workers in virtual contact center environments around the globe, service availability is critical to our business.” Said Wylie Hartwell, Senior Vice President, Maximus. “If there’s an unexpected outage, Amazon WorkSpaces Multi-Region Resilience will failover our VDI deployments to our secondary AWS Region without disrupting our workers. WorkSpaces Multi-Region Resilience gives us a new level of confidence in our business continuity initiatives.”

The following diagram illustrates the deployment and end-to-end experience with Amazon WorkSpaces Multi-Region Resilience.

Figure 1 Example architecture for Multi-Region Resilience

Setting up Amazon WorkSpaces Multi-Region Resilience

1.     Deploy WorkSpaces in primary and secondary regions

• Create user directories in both primary and secondary regions.
• Create WorkSpaces in primary region and standby WorkSpaces in secondary region.
• Create and associate connection strings (FQDN) with user directories in both regions.

2. Configure DNS service and set up DNS routing policies

3. Notify region independent connection string to end users

Amazon WorkSpaces Multi-Region Resilience – User experience

Users log into WorkSpaces using single connection string (FQDN) for cross region redirection and are redirected to either US East (N. Virginia) or US West (Oregon) based on the fail policies via Route 53

Conclusion

Customers want to use desktop services to deliver business-critical application and desktops to their end users at scale. They want to make virtual desktop available for their key users to minimize the productivity loss during disruptive events; while optimizing the costs of maintaining standby deployment.

Amazon WorkSpaces Multi-Region Resilience offers cost-effective, easy-to-manage business continuity solutions that automate the process of redirecting users to a secondary AWS Region when the primary Region is unreachable due to disruptive events. It also reduces costs for business continuity by providing automated, redundant capacity in another AWS Region.

For more information, refer to Amazon WorkSpaces Multi-Region Resilience. To learn more about the pricing, please visit Amazon WorkSpaces Pricing Page.

Ariel Fu is a senior product manager at AWS End User Computing team. Ariel has 12 years of experience in the IT industry, including 10 years as product manager in both startups and large corporations. Over the years, she strives to lead cross-functional and cross-border teams to build mobile/desktop apps and SaaS solutions that customers love.