When most IT managers think of AWS (Amazon Web Services), visions of nearly empty datacenters dance in their heads. AWS is well-known for virtually limitless on-demand storage and computer resources to allow customers to purchase only what they need and automatically scale up (and back down again) if, and when, the need arises. However, one AWS service that many aren’t aware of, but should be, is called “Amazon Workspaces.”
Amazon Workspaces provides a way to deploy and manage complete Windows workstations with the touch of a button. Users access their company workstations using a small client downloaded from Amazon that supports all common computing platforms, which means any internet-connected device can act as your office computer, freeing you to work as easily at home as at the office or on the train.
No need for continuous hardware upgrades
The IT department no longer needs to be on an endless schedule of hardware upgrades, since just a simple Chromebook or Apple/Android device connected to a docking station will do. A low-end Windows 10 machine bought for a few hundred dollars each today would be more than powerful enough for at least the next 5-10 years. If that physical workstation ever has any problem, you can easily replace it, since it holds no user-specific data. Though this may sound like similar offerings from Citrix and others, this is unique in that each workspace runs in its own independent VM, so if one user experiences a crash, nobody else will notice. (It’s also potentially much cheaper.)
Easy to manage updates and patches
All patches and updates can be easily managed in the Cloud via Automatic updates, keeping security happy because all workstations will stay current with the latest patches – no more worries about machines in the field that haven’t checked in for weeks. Additional patch management can be provided by 3rd party vendors if preferred. You also can control who has access and from where by using multi-factor authentication, and/or client certificates. Forensics and legal holds are much easier too, with snapshots accessible from anywhere, and no physical hardware to worry about. Is there a problem with a user’s desktop? Just delete it and create a new one in moments, saving hours of hardware troubleshooting and help desk calls. Need to upgrade the horsepower of the machine? Just change the Workspace’s specs in AWS and reboot! Using health monitoring to automatically reboot the instances if they have issues is another way to save effort.
It is also nice that there is no way for users to copy sensitive data to their local machines from the workspace environment. As a result though, this solution doesn’t work for everyone. For instance, someone in a manufacturing plant who needs to be directly connected to local systems will still probably want a traditional PC. Also, Workspaces aren’t great with video yet, so if you’re running a video conference, you may want to use a web browser, rather than within the workspace itself. Speaking of disadvantages, there’s no way to change the workspace’s IP address without creating a new one. The AWS rep I spoke with at re:Invent a few months ago sounded like these issues are all being worked on.
How to start
One way to ease your company into Workspaces is by starting out just using them for external contractors. Now you can tell contractors with computer issues to use their own company’s IT staff rather than ours. If you have a CMDB like ServiceNow, then you could set it up so that when a request to provision a new user comes in, ServiceNow could automatically trigger the creation of the user’s Workspace at the same time. Alternatively, you could build a self-service web portal and let users launch their own Workspace on their first day just by clicking a link. When they leave you can set up ServiceNow to automatically stop or terminate the Workspace. You can also use autostop and terminate unused workspaces when not in use to save money.
Even if you just try AWS Workspaces as cheap & easy Windows machines to use for application testing, it’s worth a look. Start small, and expand from there. Then use the money you save and the happier staff to give your company a reason to be excited about desktop IT again!
Senior Cloud Infrastructure Architect