ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStream 2

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.
Jeff Ferris
Principal Specialized Solutions Architect - End User Computing
ENT307
Modernize Your Desktop and
Application Delivery with AWS

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What to Expect from the Session
• Overview of Amazon WorkSpaces
• Overview of Amazon AppStream 2.0
• Active Directory integration
• Access to corporate resources
• Bringing it all together
What are we covering…

Security Threats
In 2017, the average
data breach cost
$3.62M
WannaCry ransomware
attack estimated to have
cost $4.0B
Evolving Workforce
43% of US employees
worked remotely in 2016
Dynamic Organizations
Global mergers and
acquisitions reached
$3.7T in 2017
Business Landscape Is Changing

What Customers Are Telling Us
What’s not
working?
Personal Computers
 Manage inventory
 Secure endpoints
 BYOD is complicated
 Data must be backed up
 Expensive to scale
On-Premises VDI
 Upfront investment
 Weeks to deploy
 Requires management
 Servers must be secured
 Expensive to scale
Embrace
Personal
Devices
Support
Contract
Workers
Access for
Mobile
Workers
Data
Security
Agility
Data Storage
 Stored on multiple devices
 Limited control
 Accessing large files
 Collaborating
 Hard to secure

AWS End User Compute Solutions
Fully managed, secure
virtual cloud desktops
running on AWS
Easily stream desktop
applications to any device
running a web browser
Secure file collaboration
and management,
simplified

Managed Cloud Desktops
Secure
Pay as you go Simple
to deploy and manage
Provide high-performance persistent
cloud desktops to users
Scale and
consistent performance

End the PC Lifecycle Treadmill
Start PC
refresh
Deploy new
technology
Inventory
management
Build and
images
Service
desk
support
Retirement
• Extend the life of your client
hardware
• Support BYOD
• Use PCs, macOS, tablets,
Chromebooks, and Zero
Clients
• Support self service
• Quickly scale up or down
• Use perpetual PCs in the
cloud
• Move to OPEX model
Every
2–4
years

Global organizations
Mobile workers
M&A activity
Developer productivity
Modern Organizations
Temporary workers
Contractors
Training
Project-Based Work
Secure applications and data
Support BYOD
Meet compliance requirements
Security and Compliance
Amazon WorkSpaces Use Cases

Plays Well with Existing Tools
Microsoft Active
Directory
Multi-factor
authentication
(MFA)
(RADIUS)
SCCMIntranet
Amazon WorkSpaces integrates easily with your on-premises tools and network
Certificate
Authority

Improves Security
Desktop stream
encrypted in transit
No sensitive data on
users’ devices
Amazon WorkSpace data
encrypted at rest
Amazon WorkSpaces encrypts data and streams, and keeps information off devices

Ready to Meet Security and Compliance Needs
PCI DSS
Level 1
compliant,
SOC 1, SOC 2,
ISO 9001, and
ISO 27001
certification
HIPAA-eligible
with business
associate
agreement
EU General Data
Protection
(GDPR) ready
Manage access
to Amazon
WorkSpaces
using digital
certificates

Flexible Billing Options
HourlyMonthly
Best for
 Full-time staff
 Simplifying your AWS bill
 Instant access
 Running scheduled tasks
Best for
 Students & part-time staff
 Optimizing your AWS bill
 Quick access
 Running ad hoc tasks

Customer Success Story: Endemol Shine Nederland
“With Amazon WorkSpaces, we can provide new workers with
a Windows desktop and the applications they need within hours
instead of days. Amazon WorkSpaces makes it easy for
workers to use their preferred device and for Endemol Shine
Nederland to maintain our security requirements. Because
Amazon WorkSpaces is cost effective and requires no upfront
payment, we have been able to save 30% of our desktop
operations costs and 70% on capital expenditure.”
– Leon Backbier, IT Manager, Endemol Shine Nederland

File Collaboration and Management
Secure, fully managed, file
collaboration and management
service with an extensible SDK
Anywhere access
Rich collaboration and
sharing
Pay as you go
Easily integrated

Amazon WorkSpaces and Amazon WorkDocs
• 50 GB free tier for Amazon WorkSpaces users
• Upgrade to 1 TB for $2 per user/month
• Amazon WorkDocs Drive can be a default user storage
solution
+

Fully managed application-streaming service
that provides users instant access to their desktop applications

Desktop Application Streaming
Stream desktop applications securely
to any web browser
Pay as you go
Secure
applications and data
No infrastructure
to manage
Scale globally

Import existing apps
with no changes or
rewrites and start
streaming
Integrates with existing
apps, identity,
entitlements, and
backend
No hardware or
software to install, add
your apps and start
streaming
One streaming instance
per user—no shared
instances
Benefits of Amazon AppStream 2.0

Managed streaming solution
for desktop applications
Business and public sector
Move desktop applications
to cloud with no rewrite
ISVs
Pre and post process
visualization on AWS
Design and engineering
Amazon AppStream 2.0 Use Cases

Multiple Instance Families
• General purpose – Knowledge worker apps
• Compute optimized – Compute-bound applications that benefit from high-
performance processors
• Memory optimized – Applications that process large datasets in memory
• Graphics optimized – High graphics requirements
One session: One VM = Consistent performance
Match app workload to instance characteristics:

Graphics Instance Families
https://aws.amazon.com/blogs/compute/delivering-graphics-apps-with-amazon-appstream-2-0/
Instance Family
Graphics
Design
Graphics
Desktop
Graphics
Pro
Number of
instance sizes
4 1 3
Price $0.25–$2.00 $0.50 $2.05–$8.20
GPU Memory 1–8 GiB 4 GiB 8–32 GiB
vCPU 2–16 8 16–64
Instance Memory 8–61 GiB 15 GiB 122–488 GiB
GPU Vendor AMD NVIDIA NVIDIA
Libraries
Supported
DirectX; OpenGL;
OpenCL
CUDA; DirectX;
OpenGL; OpenCL
CUDA; DirectX;
OpenGL; OpenCL

Customer Success
Story
“With AppStream 2.0, we can configure a single instance of E3D and deliver it
to any number of engineers training with AVEVA Experience anywhere in the
world. Because AppStream 2.0 runs inside their browser, customers don't
need to worry about configuring and securing their computers or network.
They can immediately start learning E3D with a responsive, fluid experience
that is indistinguishable from a native installation on a workstation.”
– Patrick Pando, VP Cloud Sales, AVEVA

Deployment Considerations

The Scenario
• Existing AWS customer
• Hybrid architecture, mix of applications on premises and in the cloud
• Existing Active Directory environment for Identity
• AWS Direct Connect already in place
• 4,000+ users
• ~30% contingent workforce
• ~10% with high performance or GPU workloads
Mergers and
acquisitions
BYOD Mobile workers Temporary
workforce
Secure
access

The Approach
• Decide on user segmentation
• Select the initial use cases
• Evaluate performance
characteristics
• Build the pilot solution
• Run user acceptance testing
• Deploy
• Iterate!

AWS Account Structure
Primary/Payer account
Logging Config Billing
Dev
Prod
User
…Isolated
app/Third
party
Shared services
Active
Directory MFA AD
FS
…
All log files flow to primary
VPC/VPN
Peering
Linked accounts
Key recommendations
• Payer/Linked account structure
• Only central logging in payer account
• User environment in
separate account

Network Design – Subnets
 Amazon WorkSpaces requires two subnets in
different Availability Zones.
 Amazon AppStream 2.0 should be deployed
across two subnets in different Availability
Zones.
 Size subnets to accommodate the target end-
state capacity.

Elastic Network Interfaces
 An instance in either service has two network
interfaces
 ETH0 is the service interface
 ETH1 is the interface in your VPC
 Routing rules and security groups affect ETH1;
you have full control of this interface
 User traffic can route to file servers, backend
databases, licensing servers, and so on, either in
your VPC, in a peered VPC, or on-premises

• All Amazon WorkSpaces will be joined
to an Active Directory domain
• AWS Directory Service is required to
connect users to their Amazon
WorkSpace
• Fleets can be domain-joined or
standalone
• AD-joined fleets integrate via
SAML with your identity
provider
Directory Integration

Active Directory Recommendations
 Extend your Active Directory into AWS on EC2
instances
 Use cross-account VPC peering for
communications to a Shared Services VPC
 Define your VPCs in Active Directory Sites and
Services
 Separate Active Directory OUs by service and
region

Demo

Global Availability

Try It Now
Try Amazon WorkSpaces; Free
Tier available!
Run two Standard bundle
WorkSpaces for 40 hours a
month, for up to two calendar
months.
Windows 7 or Windows 10
Experience, including Amazon
WorkDocs with 50 GB storage.
Try Amazon AppStream 2.0
with no setup required!
Try sample applications –
business, design,
engineering, and developer.
Upload your own files, test a
workflow, save your work,
and print.
Try Amazon WorkDocs; Free
Tier available!
30-day free trial with 1 TB of
storage per user for up to 50
users.
WorkSpaces users receive
access to Amazon WorkDocs
for no additional charge.

Please complete the session survey in the
summit mobile app.

Submit Session Feedback
1. Tap the Schedule icon. 2. Select the session
you attended.
3. Tap Session
Evaluation to submit your
feedback.

Thank you!

ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStream 2

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStream 2

Similar to ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStream 2 (20)

More from Amazon Web Services

More from Amazon Web Services (20)

ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStream 2