Amazon WorkSpaces Documentation

Functionality

Amazon WorkSpaces offers you a way to provide a virtual desktop experience to your end-users. With Amazon WorkSpaces, you can deliver a portable desktop, and applications, to your users on the device of their choice.

Amazon WorkSpaces provides a cloud-based virtual desktop service, including compute, persistent solid-state storage (SSD), and applications.  

Streaming protocols

Amazon WorkSpaces utilizes streaming protocols.  These protocols analyze the hosted desktop, network, and user’s device to select compression and decompression algorithms (codecs) that encode a rendering of the user's desktop and transmit it as a pixel stream to the user's device. 

Amazon WorkSpaces Bundles

To get started, select from a choice of Amazon WorkSpaces bundles that offer different hardware and software options, and launch the number of WorkSpaces you require. When WorkSpaces are provisioned, users receive an email providing instructions on where to download the WorkSpaces client applications they need, and how to connect to their WorkSpace. Users can access their WorkSpace from computers tablets, and supported web browsers. Your users’ applications and data remain persistent, so they can switch between devices without losing their work.

With Amazon WorkSpaces you can create a standalone, managed directory for users, or you can integrate with your existing Active Directory environment so that your users can use their current credentials to obtain access to corporate resources. This integration works via a hardware VPN connection to your on-premises network using Amazon Virtual Private Cloud (VPC) or with AWS Direct Connect. You can manage your WorkSpaces with the existing tools you use for your on-premises desktops.

Amazon WorkSpaces offers a range of bundles that provide different hardware and software options to meet your needs. You can select the amount of storage that you need for both root and user volumes when you launch new WorkSpaces, and you can increase storage allocations at any time. 

Easy provisioning

Whether you choose to launch one or many Amazon WorkSpaces, all you need to do is to choose the bundles that best meet the needs of your users, and the number of Amazon WorkSpaces that you would like to launch. Once your Amazon WorkSpaces have been provisioned, users receive an email providing instructions on where to download the Amazon WorkSpaces client applications they need, and how to connect to their Amazon WorkSpace. When you no longer need a particular Amazon WorkSpace, you can delete it.

Encrypted

With WorkSpaces, your organization’s data is not sent to or stored on end-user devices.   

WorkSpaces lets you manage which client devices can access your WorkSpaces based on IP address, client device type, or through the use of your digital certificates. Using IP address-based Control Groups, you can define trusted IP addresses that may access your WorkSpaces.   

Amazon WorkSpaces integrates with the AWS Key Management Service (KMS) to provide you the ability to encrypt the storage volumes of WorkSpaces using KMS customer master keys (CMK). You now have the option to encrypt the storage drives at launch of a new WorkSpace, so data in transit and at rest, along with snapshots created from the volume, are encrypted. 

Active Directory and RADIUS integration

Amazon WorkSpaces allows you to use your on-premises Microsoft Active Directory to manage your WorkSpaces and your end user credentials. By integrating with your on-premises Active Directory, your users can log in with their existing credentials, you can apply Group Policies to your WorkSpaces, you can deploy software to your WorkSpaces using your existing tools, and you can use your existing RADIUS server to enable multi-factor authentication (MFA). You can integrate with your on-premises Active Directory in two ways – either by establishing a secure trust relationship between your on-premises Active Directory and your AWS Directory Service for Microsoft Active Directory (Enterprise Edition) domain controller, or by using the AWS Directory Service Active Directory Connector.

Persistent storage

Amazon WorkSpaces provides each user with access to varying amounts of persistent storage (SSD Volumes) in the AWS cloud based on the bundle selected. Data that users store on the 'user volume' attached to the WorkSpace is backed up to Amazon S3 on a regular basis. 

Amazon WorkSpaces users can also use Amazon WorkDocs Drive. 

Desktop, mobile, and web access

Amazon WorkSpaces can be accessed from computers and tablets through the Amazon WorkSpaces client application. Amazon WorkSpaces can also be accessed using supported web browsers. When Amazon WorkSpaces are provisioned, users receive an email providing instructions on where to download the Amazon WorkSpaces client applications they need, and instructions on how to connect to their Amazon WorkSpace. 

The Amazon WorkSpaces client applications computers provide a Windows desktop experience. The client applications for tablets provide users with a tablet-optimized desktop experience. Users can use multi-touch gestures to show or hide an on-screen keyboard, access a touch-based mouse interface, and scroll and zoom. A slide-out radial control can be accessed by a thumb swipe from the left of the screen and gives users access to a variety of commands. Using a supported web browser allows users to easily access their Amazon WorkSpaces on any network, without needing to download a client application first. 

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.