Enabling developers with Docker Desktop on Amazon WorkSpaces Personal

This post was co-written with Eli Aleyner, Head of Tech Alliances; Chris McLellan, Principal Product Manager; and Dan Stelzer, Sr Manager Partner GTM at Docker Inc.

When we speak to customers, they tell us their developers have been unable to use Docker Desktop on Windows personal WorkSpaces due to the lack of support for nested virtualization, which is crucial for creating the Linux Virtual Machine (VM) that Docker Desktop uses to run containers. This limitation has forced developers to seek workarounds for running containers on WorkSpaces, which often results in increased complexity and reduced efficiency.

Amazon WorkSpaces Personal enables you to provision virtual, cloud-based Microsoft Windows desktops for your users. Docker Desktop is a key tool in the developer’s arsenal because it simplifies and accelerates the development process by providing an easy way to manage dependencies, streamline deployments, and maintain consistent development environments. Developers and organizations widely adopt Docker Desktop for its ability to create isolated environments for testing and development, significantly reducing the “it works on my machine” problem. However, developers have been unable to use Docker Desktop on Windows personal WorkSpaces due to the lack of support for nested virtualization, which is crucial for creating the Linux Virtual Machine (VM) that Docker Desktop uses to run containers.

In response to these challenges, Docker, an AWS Partner, is developing a new solution that addresses the difficulties of running Docker Desktop on WorkSpaces. This post will explore this new solution, detailing how it simplifies the deployment and management of Docker Desktop on AWS, thereby enhancing development experiences and productivity, which can lead to significant cost savings.

Overview of solution

Docker Desktop for Amazon WorkSpaces separates the Docker Desktop client from the Docker Engine and runs containers in managed, ephemeral Amazon Elastic Compute Cloud (Amazon EC2) instances. These EC2 instances can be managed by Docker on your behalf in Docker’s Amazon Virtual Private Cloud (Amazon VPC), or launched in your own VPC. This approach not only allows Docker Desktop to function in environments where nested virtualization is not supported, but also offers additional benefits for performance and resource management:

• Performance: Container operations are offloaded to the remote VMs, optimizing resource use and system performance and allowing Docker Desktop to run on much smaller and lower cost bundles..
• Simplicity and Flexibility: Docker manages the complexities, allowing engineers to focus on development tasks while also enabling the flexibility of having client teams operate the solution in a Bring-Your-Own-Cloud fashion.
• Security: Docker Engines are running on VM-isolated environments, with secure tunnels between the Docker Desktop client application and the container cluster.
• Low Latency: The collocation of Docker Engine and WorkSpaces allows for low latency.

Docker Desktop for Amazon WorkSpaces is powered by a highly available, scalable back end distributed globally across AWS Regions and Availability Zones, which provides a low-latency experience for customers worldwide. The underlying technology for the solution is already used by several organizations and has been operated by Docker for other use cases.

Prerequisites

For this walkthrough, you should have the following prerequisites:

• An AWS account.
• A personal Windows WorkSpaces with administrative rights for the user. Any Standard or larger bundle running Windows Server 2022 is supported.
• A WorkSpaces client.
• A Docker account associated with your organization.
• Visual Studio Code installed on the WorkSpace (optional).

Steps

1. Contact your Docker account manager or email amazon-workspaces@docker.com. You will receive a link to download a private distribution of Docker Desktop.
2. Connect to your WorkSpace.
3. Install the Docker Desktop private distribution.
4. Launch Docker Desktop. A pop-up window will appear, asking you to sign in with your Docker account.
5. Follow the instructions in Exploring Docker Desktop with a quick example to test your setup.
6. Follow the instructions in Docker Compose QuickStart.

Developers using Docker Desktop on Amazon WorkSpaces enjoy the same experience as running Docker Desktop locally, with zero configuration changes. Applications are still accessible via localhost ports, with Docker Desktop automatically handling the port mappings between the WorkSpace and the cloud-hosted Docker Engine. Likewise, where volumes and bind mounts are used within your project, Docker Desktop will detect this setup and automatically manage file synchronization for you, using Mutagen. This means that any changes made to code on the WorkSpace will be reflected almost instantaneously on the cloud-hosted Docker Engine, creating a rapid container-based developer experience for your teams.

Cleaning up

To avoid incurring additional charges, delete the WorkSpaces. For more information, see Delete a WorkSpace in WorkSpaces Personal.

Implementation Details

Docker has made significant investments in making the user experience of running Docker Desktop on Amazon WorkSpaces seamless. The solution is powered by a highly available control plane and a geo-distributed installation of the data plane. When Docker Desktop on Amazon WorkSpaces starts, the agent finds the closest, lowest-latency zone to determine where containers will be started. This architecture allows Docker to spin up containers, creating an experience virtually not different or even better than running containers locally on their local machines.

Security Concerns

Docker Desktop on Amazon WorkSpaces uses industry-standard VM-level isolation provided by Amazon EC2 for the container workloads, avoiding noisy neighbor-related constraints or security breaches between multi-tenant users. Once a container is created on behalf of Docker Desktop, a secure tunnel is established between the client and the remote VM, ensuring all communication is encrypted. Once the user stops using the containers, Docker Desktop on Amazon WorkSpaces will terminate the leased VM, so that malicious agents cannot exploit images/data.

Support for Bring Your Own Cloud (BYOC)

You may want to deploy the data plane in your own AWS account. Docker has accommodated such requests by developing a BYOC version of the solution. Docker is able to offer the data plane of the solution to be deployed in your VPC and operated under a shared responsibility model between you and Docker. Once you deploy the data plane, Docker Desktop for Amazon WorkSpaces can be configured to use only the Availability Zones used by your VPC subnets – allowing you to have extended control over the solution.

Conclusion

Docker Desktop for Amazon WorkSpaces is an innovative solution to overcome the challenge of nested virtualization on WorkSpaces. By separating the Docker Desktop client from the Docker Engine and using managed, ephemeral VMs on AWS, it provides developers with a seamless, efficient, and secure way to run Docker containers in virtualized environments, maintaining the same user experience as running these containers virtually. Docker Desktop for Amazon WorkSpaces enhances development efficiency and simplifies infrastructure management by optimizing performance, offering flexible management options, and low-latency global distribution.

If you’re interested in Docker Desktop on Amazon WorkSpaces, sign up for the private preview by emailing amazon-workspaces@docker.com.

About the authors

Abhi Karode is a Senior Solutions Architect in the AWS ISV team based in the San Francisco Bay Area. He has deep expertise in AWS, Kubernetes, and cloud-native architectures. He is passionate about helping businesses leverage the benefits of containerization and cloud computing to achieve their goals.

Miles Scott is an accomplished storage and data protection architect, with over ten years of experience in information technology. As a Senior Partner Solutions Architect with AWS, Miles is thrilled to work with technology partners to build highly resilient solutions for customers.