Amazon WorkSpaces offers you an easy way to provide a secure, managed, cloud-based virtual desktop experience to your end-users. Unlike traditional on-premises Virtual Desktop Infrastructure (VDI) solutions, you don’t have to worry about procuring, deploying, and managing a complex environment – Amazon WorkSpaces takes care of the heavy lifting and provides a fully managed service. With Amazon WorkSpaces, you can deliver a high quality portable desktop, and applications, to your users on the device of their choice.
Whether you are managing traditional desktops or an on-premises solution for Virtual Desktop Infrastructure (VDI), both of these approaches require significant capital investment and are often difficult to deploy and manage. Using a cloud-based virtual desktop environment eliminates the need for up-front investment and ongoing management of infrastructure, providing you with an easy, cost-effective way to bring a secure and broadly accessible desktop experience to your users.
For a low, pay-as-you-go fee, Amazon WorkSpaces provides a complete cloud-based virtual desktop service, including compute, persistent solid-state storage (SSD), and applications. Your users get a better experience and more functionality than a traditional PC, and you get a simpler way to provision desktops for users, at half the cost of an on-premises VDI solution.
Amazon WorkSpaces utilizes streaming protocols to provide users a secure and high quality experience. These protocols analyze the hosted desktop, network, and user’s device to select compression and decompression algorithms (codecs) that encode a rendering of the user's desktop and transmit it as a pixel stream to the user's device. Amazon WorkSpaces offers both WorkSpaces Streaming Protocol (WSP) and PCoIP from Teradici.
Amazon WorkSpaces Bundles
To get started, select from a choice of Amazon WorkSpaces bundles that offer different hardware and software options, and launch the number of WorkSpaces you require. When WorkSpaces are provisioned, users receive an email providing instructions on where to download the WorkSpaces client applications they need, and how to connect to their WorkSpace. Users can access their WorkSpace from Windows, Mac or Linux (Ubuntu) computers, Chromebooks, iPads, Fire tablets, Android tablets, and supported web browsers. Your users’ applications and data remain persistent, so they can easily switch between devices without losing their work.
With Amazon WorkSpaces you can create a standalone, managed directory for users, or you can integrate with your existing Active Directory environment so that your users can use their current credentials to obtain seamless access to corporate resources. This integration works via a secure hardware VPN connection to your on-premises network using Amazon Virtual Private Cloud (VPC) or with AWS Direct Connect. You can manage your WorkSpaces with the existing tools you use for your on-premises desktops to maintain full administrative control.
Amazon WorkSpaces offers a range of bundles that provide different hardware and software options to meet your needs. You can choose from Value, Standard, Performance, Power, PowerPro, Graphics, GraphicsPro, Graphics.g4dn, and GraphicsPro.g4dn bundles that offer different CPU, GPU, memory, and storage resources (SSD volumes) options, based on the requirements of your users. You can select the amount of storage that you need for both root and user volumes when you launch new WorkSpaces, and you can increase storage allocations at any time. Graphics.G4dn and GraphicsPro.g4dn also offer temporary local instance store for applications that require frequent access to locally stored data. With hardware bundle switching, you can switch between the Value, Standard, Performance, Power, or PowerPro hardware bundles as needed. For GPU-enabled WorkSpaces bundles, you can switch the hardware between Graphics.g4dn and GraphicsPro.g4dn.
To launch WorkSpaces with an additional bundle of software already pre-installed, including Microsoft Office, Trend Micro Worry-Free Business Security Services, and a utilities bundle, choose from the Value Plus, Standard Plus, Performance Plus, Power Plus, PowerPro Plus, Graphics Plus, or GraphicsPro Plus bundles. You can also create a custom image from one of your WorkSpaces to create your own installed software bundle.
|Video Memory GiB||4||8||16||16|
|SSD Root Volume GB*||80||80||80||175||175||100||100||100||100|
|SSD User Storage GB*||10||50||100||100||100||100||100||100||100|
|SSD Temporary Local Storage GB||125||225|
|Software||Utilities software bundle||Utilities software bundle||Utilities software bundle||Utilities software bundle||Utilities software bundle||Utilities software bundle||Utilities software bundles||Utilities software bundles||Utilities
To help you determine the size of your WorkSpace, the following table includes examples of various workload kinds.
|End-user Category||Workload Type||Example Users||Use Cases||Recommended Bundle(s)|
|End-users who conduct single task and use minimal applications||Light||Task workers, Front desk users||Data entry applications, Text editing, Bastion host||Value|
|Light-to-Medium||Task workers, Front desk users, Contact center employees||Data entry applications, Text editing, Bastion host, Live chat, Email, Messaging apps||Standard|
|End-users who create complex spreadsheets, presentations, and large documents||Medium||Task workers, Contact center employees, Business analysts||Data entry applications, Live chat, Email, Messaging apps, Audio conferencing||
|End-users with high performance workloads||Medium-to-Heavy||Contact center employees, Knowledge worker, Software developers, Business intelligence analysts||Audio/Video conferencing, Software development using an Integrated Development Environment (IDE)||Power|
|Heavy||Contact center employees, Knowledge worker, Software developers, Data scientists||Audio/Video conferencing, Screen sharing, Software development using an Integrated Development Environment (IDE), Big data analysis||PowerPro|
|End-users with workloads that require graphics and heavy compute/memory resources||Heavy-to-Accelerated||Graphics/Architecture designers, CAD/CAM users||Graphics-intensive applications, such as remote graphics workstations, Computer||
|Accelerated||Video editors, Gamers and game developers, Data miner, GIS data engineers, AI scientists||Video transcoding and 3D rendering, Photo-realistic design, Graphics workstations, Game streaming, ML model training, ML inference||GraphicsPro,
Local Instance Store for GPU-enabled Bundles
In additional to persistent storage for the root volumes and the user volume, Graphics G4dn bundles offers local NVMe-based SSD storage known as the instance store. The instance store is ideal for temporary content like caches and buffers, because the data stored in instance store volumes is not persistent through instance stops, terminations, or hardware failures. Graphics.g4dn offers 125 GB of local instance store and GraphicsPro.g4dn provides 225 GB of temporary local instance store. You cannot change the size of the local instance store. You will find the local instance store volume named as “E:/Temp_SSD” on your WorkSpace. Learn more about instance store lifetime, see Amazon EC2 Instance Store.
Bring Your Own Licenses
You can bring your existing Windows 10 or Windows 11 Desktop licenses to Amazon WorkSpaces and run them on hardware that is physically dedicated to you. When you bring your existing Windows licenses to WorkSpaces, you can save up to 16% ($4 per month per WorkSpace) over WorkSpaces with a new Windows license included. To be eligible, your organization must meet the licensing requirements set by Microsoft, and you must commit to running at least 100 Amazon WorkSpaces in a given AWS region each month. If you plan to use GPU-enabled (Graphics, GraphicsPro, Graphics.g4dn, and GraphicsPro.g4dn) bundles, verify that you will run a minimum of 4 AlwaysOn or 20 AutoStop GPU-enabled WorkSpaces in a Region per month on dedicated hardware.To learn more about this licensing option. To learn more about this licensing option, please see the Amazon WorkSpaces FAQ.
Beginning August 1, 2023, use your Microsoft 365 Apps for enterprise license with WorkSpaces services to provide users access to Microsoft productivity apps.
Provisioning desktops with Amazon WorkSpaces is easy. Whether you choose to launch one or many Amazon WorkSpaces, all you need to do is to choose the bundles that best meet the needs of your users, and the number of Amazon WorkSpaces that you would like to launch. Once your Amazon WorkSpaces have been provisioned, users receive an email providing instructions on where to download the Amazon WorkSpaces client applications they need, and how to connect to their Amazon WorkSpace. When you no longer need a particular Amazon WorkSpace, you can easily delete it.
Secure and encrypted
Active Directory and RADIUS integration
Amazon WorkSpaces allows you to use your on-premises Microsoft Active Directory to manage your WorkSpaces and your end user credentials. By integrating with your on-premises Active Directory, your users can log in with their existing credentials, you can apply Group Policies to your WorkSpaces, you can deploy software to your WorkSpaces using your existing tools, and you can use your existing RADIUS server to enable multi-factor authentication (MFA). You can integrate with your on-premises Active Directory in two ways – either by establishing a secure trust relationship between your on-premises Active Directory and your AWS Directory Service for Microsoft Active Directory (Enterprise Edition) domain controller, or by using the AWS Directory Service Active Directory Connector.
SAML 2.0 identity providers
Amazon WorkSpaces allows you to bring your SAML 2.0 identity provider (IdP) to authenticate end users to their WorkSpaces. With SAML 2.0 authentication, your end users can access their virtual desktop by authenticating to your existing identity provider, creating a seamless single sign-on experience consistent with the way your users access other enterprise applications and resources. IdP integration allows you to extend security features available from your IdP to WorkSpaces, including multi-factor authentication (MFA), and contextual access. For a passwordless login experience, Amazon WorkSpaces supports certificate-based authentication with SAML 2.0 identities.
The Zoom media plugin for Windows delivers audio/video(AV) optimization for smooth video conferencing on Amazon WorkSpaces. This feature enhances Zoom meeting webcam performance on WorkSpaces by offloading the audio/video traffic to the local device for processing. The plugin is intended for users who want native AV performance when using Zoom on their PCoIP WorkSpaces. Using this feature will reduce latency, improving worker productivity. Zoom media optimization can also help lower VDI expenses by reducing the CPU/RAM requirements of the virtual desktop, offloading video encoding/decoding to the endpoint device.
Amazon WorkSpaces Multi-Region Resilience automates the process of redirecting users to a secondary Region when the primary Amazon WorkSpaces Region is unreachable due to disruptive events, without requiring users to switch registration codes. With Multi-Region Resilience, you can use fully qualified domain name (FQDN) as the Amazon WorkSpaces registration code for your users. When the service is unavailable in your primary Region, you can redirect users to the secondary Amazon WorkSpaces Region based on your Domain Name System (DNS) failover policies for the FQDN. If you use Amazon Route 53, you can benefit from health checks that monitor Amazon CloudWatch alarms when devising a cross-region redirection strategy for WorkSpaces.
Amazon WorkSpaces standby configuration for Multi-Region Resilience automates the creation and management of a standby deployment. After setting up a user directory in your preferred secondary Region, simply select the WorkSpaces in your primary Region that you want to create standby WorkSpaces for, either through the AWS management console or the AWS SDK. The system will automatically provision standby WorkSpaces in your secondary Region, using the latest image of your primary WorkSpaces without copying the user volume (D drive) or root volume (C drive).
Amazon WorkSpaces provides each user with access to varying amounts of persistent storage (SSD Volumes) in the AWS cloud based on the bundle selected. Data that users store on the 'user volume' attached to the WorkSpace is automatically backed up to Amazon S3 on a regular basis. Amazon S3 is designed for 99.999999999% durability of objects, providing you with peace of mind about your users’ data.
Amazon WorkSpaces users can also use Amazon WorkDocs Drive. With Amazon WorkDocs Drive, users can access all of their content stored on Amazon WorkDocs on-demand through a mounted drive connected to their WorkSpace. Users can use Windows File Explorer to copy a shareable link, lock, unlock, or open a file in the web client with a right click. All content on Amazon WorkDocs Drive is automatically synced to Amazon WorkDocs over an encrypted connection and available on their other devices. Data synced to Amazon WorkDocs is encrypted in transit and at rest.
Desktop, mobile, and web access
Amazon WorkSpaces can be accessed from Windows and Mac computers, Chromebooks, iPads, Fire tablets, and Android tablets through the Amazon WorkSpaces client application. Amazon WorkSpaces can also be accessed using supported web browsers. When Amazon WorkSpaces are provisioned, users receive an email providing instructions on where to download the Amazon WorkSpaces client applications they need, and instructions on how to connect to their Amazon WorkSpace.
The Amazon WorkSpaces client applications for Windows, Mac, and Chromebooks provide users with a high quality Windows desktop experience. The client applications for iPad, Fire tablets, and Android tablets provide users with a tablet-optimized desktop experience. Users can use multi-touch gestures to show or hide an on-screen keyboard, access a touch-based mouse interface, and scroll and zoom. A slide-out radial control can be accessed by a thumb swipe from the left of the screen and gives users access to a variety of commands. With a Fire or Android tablet, users can connect a keyboard or touch pad for a laptop experience from their tablet. Using a supported web browser allows users to easily access their Amazon WorkSpaces on any network, without needing to download a client application first.