Mais conteúdo relacionado Semelhante a Modernize Your Desktop and Application Delivery with AWS - AWS Online Tech Talks (20) Mais de Amazon Web Services (20) Modernize Your Desktop and Application Delivery with AWS - AWS Online Tech Talks1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Jeff Ferris - Principal Specialized SolutionsArchitect, End User Computing
April 2018
ModernizeYour Desktop and
Application Delivery with AWS
2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What to Expect from the Session
• Overview ofAmazonWorkSpaces
• Overview of AmazonAppStream 2.0
• Active Directory integration
• Access to corporate resources
• Bringing it all together
What are we covering…
3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security Threats
In 2017, the average data
breach cost $3.62M
WannaCry ransomware
attack estimated to have
cost $4.0B
EvolvingWorkforce
43% of US employees
worked remotely in 2016
Dynamic Organizations
Global mergers and
acquisitions reached
$3.7T in 2017
Business Landscape Is Changing
4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What Customers AreTelling Us
What’s not working?
Personal Computers
Manage inventory
Secure endpoints
BYOD is complicated
Data must be backed up
Expensive to scale
On-PremisesVDI
Upfront investment
Weeks to deploy
Requires management
Servers must be secured
Expensive to scale
Embrace
Personal
Devices
Support Contract
Workers
Access for
MobileWorkers
Data Security Agility
Data Storage
Stored on multiple devices
Limited control
Accessing large files
Collaborating
Hard to secure
5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS End User Compute Solutions
Fully managed, secure
virtual cloud desktops
running on AWS
Easily stream desktop
applications to any device
running a web browser
Secure file collaboration and
management, simplified
6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Managed Cloud Desktops
Secure
Pay as you go Simple
to deploy and manage
Provide high-performance persistent
cloud desktops to users
Scale and
consistent performance
8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
End the PC LifecycleTreadmill
Start PC
refresh
Deploy new
technology
Inventory
management
Build and
images
Service desk
support
Retirement
• Extend the life of your client
hardware
• Support BYOD
• Use PCs, macOS, tablets,
Chromebooks, and Zero Clients
• Support self service
• Quickly scale up or down
• Use perpetual PCs in the cloud
• Move to OPEX model
Every
2–4
years
9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Global organizations
Mobile workers
M&A activity
Developer productivity
Modern Organizations
Temporary workers
Contractors
Training
Project-Based Work
Secure applications and data
Support BYOD
Meet compliance requirements
Security and Compliance
Amazon WorkSpaces Use Cases
10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Plays Well with ExistingTools
Microsoft Active
Directory
Multi-factor
authentication
(MFA) (RADIUS)
SCCMIntranet
Amazon WorkSpaces integrates easily with your on-premises tools and network
Certificate
Authority
11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Improves Security
Desktop stream
encrypted in transit
No sensitive data on
users’ devices
AmazonWorkSpace data
encrypted at rest
AmazonWorkSpaces encrypts data and streams, and keeps information off devices
12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ready to Meet Security and Compliance Needs
PCI DSS
Level 1 compliant,
SOC 1, SOC 2, ISO
9001, and ISO 27001
certification
HIPAA-eligible
with business
associate
agreement
EU General Data
Protection (GDPR)
ready
Manage access to
Amazon
WorkSpaces using
digital certificates
13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Flexible Billing Options
HourlyMonthly
Best for
Full-time staff
Simplifying your AWS bill
Instant access
Running scheduled tasks
Best for
Students & part-time staff
Optimizing your AWS bill
Quick access
Running ad hoc tasks
14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customer Success Story: Endemol Shine Nederland
“With AmazonWorkSpaces, we can provide new workers with a
Windows desktop and the applications they need within hours instead
of days. AmazonWorkSpaces makes it easy for workers to use their
preferred device and for Endemol Shine Nederland to maintain our
security requirements. Because AmazonWorkSpaces is cost effective
and requires no upfront payment, we have been able to save 30% of
our desktop operations costs and 70% on capital expenditure.”
– Leon Backbier, IT Manager, Endemol Shine Nederland
15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Secure, fully managed, file
collaboration and management
service with an extensible SDK
Anywhere access
Rich collaboration and
sharing
Pay as you go
Easily integrated
File Collaboration and Management
16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon WorkSpaces and Amazon WorkDocs
• 50 GB free tier for AmazonWorkSpaces users
• Upgrade to 1TB for $2 per user/month
• AmazonWorkDocs Drive can be a default user storage solution
+
17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Fully managed application-streaming service
that provides users instant access to their desktop applications
18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Desktop Application Streaming
Stream desktop applications securely to
any web browser
Pay as you go
Secure
applications and data
No infrastructure
to manage
Scale globally
19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Benefits of Amazon AppStream 2.0
Import existing apps
with no changes or
rewrites and start
streaming
Integrates with
existing apps,
identity,
entitlements, and
backend
No hardware or
software to install,
add your apps and
start streaming
One streaming
instance per user—no
shared instances
20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Managed streaming solution
for desktop applications
Business and public sector
Move desktop applications
to cloud with no rewrite
ISVs
Pre and post process
visualization on AWS
Design and engineering
Amazon AppStream 2.0 Use Cases
21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Multiple Instance Families
• General purpose – Knowledge worker apps
• Compute optimized – Compute-bound applications that benefit from high-
performance processors
• Memory optimized – Applications that process large datasets in memory
• Graphics optimized – High graphics requirements
One session: OneVM = Consistent performance
Match app workload to instance characteristics:
22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Graphics Instance Families
https://aws.amazon.com/blogs/compute/delivering-graphics-apps-with-amazon-appstream-2-0/
Instance Family Graphics Design
Graphics
Desktop
Graphics
Pro
Number of
instance sizes
4 1 3
Price $0.25–$2.00 $0.50 $2.05–$8.20
GPU Memory 1–8 GiB 4 GiB 8–32 GiB
vCPU 2–16 8 16–64
Instance Memory 8–61 GiB 15 GiB 122–488 GiB
GPUVendor AMD NVIDIA NVIDIA
Libraries
Supported
DirectX;OpenGL;
OpenCL
CUDA; DirectX;
OpenGL; OpenCL
CUDA; DirectX;
OpenGL; OpenCL
23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customer Success Story
“With AppStream 2.0, we can configure a single instance of E3D and deliver it to any
number of engineers training with AVEVA Experience anywhere in the world. Because
AppStream 2.0 runs inside their browser, customers don't need to worry about
configuring and securing their computers or network.They can immediately start
learning E3D with a responsive, fluid experience that is indistinguishable from a native
installation on a workstation.”
– Patrick Pando, VP Cloud Sales, AVEVA
24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Deployment Considerations
25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Scenario
• Existing AWS customer
• Hybrid architecture, mix of applications on premises and in the cloud
• Existing Active Directory environment for Identity
• AWS Direct Connect already in place
• 4,000+ users
• ~30% contingent workforce
• ~10% with high performance or GPU workloads
Mergers and
acquisitions
BYOD Mobile workers Temporary
workforce
Secure
access
26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Approach
• Decide on user segmentation
• Select the initial use cases
• Evaluate performance characteristics
• Build the pilot solution
• Run user acceptance testing
• Deploy
• Iterate!
27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Account Structure
Primary/Payer account
Logging Config Billing
Dev
Prod
User
…Isolated
app/Third
party
Shared services
Active
Directory MFA AD FS
…
All log files flow to primary
VPC/VPN
Peering
Linked accounts
Key recommendations
• Payer/Linked account structure
• Only central logging in payer account
• User environment in
separate account
28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Network Design – Subnets
Amazon WorkSpaces requires two subnets in different
Availability Zones.
Amazon AppStream 2.0 should be deployed across two
subnets in different Availability Zones.
Size subnets to accommodate the target end-state
capacity.
29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Elastic Network Interfaces
An instance in either service has two network interfaces
ETH0 is the service interface
ETH1 is the interface in yourVPC
Routing rules and security groups affect ETH1; you have
full control of this interface
User traffic can route to file servers, backend databases,
licensing servers, and so on, either in yourVPC, in a
peeredVPC, or on-premises
30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Directory Integration
• AllAmazon WorkSpaces will be joined
to an Active Directory domain
• AWS Directory Service is required to
connect users to their Amazon
WorkSpace
• Fleets can be domain-joined or
standalone
• AD-joined fleets integrate via SAML
with your identity provider
31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Active Directory Recommendations
Extend your Active Directory intoAWS on EC2
instances
Use cross-accountVPC peering for
communications to a Shared ServicesVPC
Define yourVPCs inActive Directory Sites and
Services
SeparateActive Directory OUs by service and
region
32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Demo
33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Global Availability
34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Try It Now
Try AmazonWorkSpaces; FreeTier
available!
Run two Standard bundle
WorkSpaces for 40 hours a month, for
up to two calendar months.
Windows 7 orWindows 10 Experience,
including AmazonWorkDocs with 50
GB storage.
Try Amazon AppStream 2.0
with no setup required!
Try sample applications –
business, design, engineering,
and developer.
Upload your own files, test a
workflow, save your work, and
print.
Try AmazonWorkDocs; Free
Tier available!
30-day free trial with 1TB of
storage per user for up to 50
users.
WorkSpaces users receive
access to Amazon WorkDocs for
no additional charge.
35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank You!