DEV Community

Arun Kumar for AWS Community Builders

Posted on

3

AWS Workspaces overview

Introduction

This document briefs about high level overview, design and architecture of AWS Workspaces.

Architecture

1

Design

Desktop:

  • Provision either Windows or Linux desktops and quickly scale to provide thousands of desktops to workers.

Client:

  • Users access their WorkSpaces by using a client application from a supported device or, for Windows WorkSpaces, a web browser, and they log in by using their directory credentials.

SOE:

  • Create your own custom image which you can use for provisioning new Amazon WorkSpaces.

Security:

  • Use MFA for additional security. Use AWS KMS to encrypt data at rest, disk I/O, and volume snapshots.

Pricing:

  • You can pay either monthly or hourly, just for the WorkSpaces you launch.

AD:

  • Create a standalone managed directory for your users, or connect your WorkSpaces to your on-premises directory using Active Directory Connector, Create a new directory using Microsoft AD and add users, assign Amazon WorkSpaces to users in your Microsoft AD.

  • There must be a VPN or Direct Connect circuit in place between your VPC and your on-premises environment.

  • Also, various ports have to be opened between your VPC and your on-premises environment to allow AD Connector to communicate with your on-premises directory.

Association:

  • Each WorkSpace is associated with a virtual private cloud (VPC), and a directory to store and manage information for your WorkSpaces and users.

  • Directories are managed through the AWS Directory Service, which offers the following options:

  • Simple AD, AD Connector, or AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD to authenticate users.

Gateway:

  • The login information is sent to an authentication gateway, which forwards the traffic to the directory for the WorkSpace.
  • After the user is authenticated, streaming traffic is initiated through the streaming gateway.

ENI:

  • Each WorkSpace has two elastic network interfaces (ENI) associated with it: an ENI for management and streaming (eth0) and a primary ENI (eth1).
  • The primary ENI has an IP address provided by your VPC, from the same subnets used by the directory.
  • This ensures that traffic from your WorkSpace can easily reach the directory.
  • Access to resources in the VPC is controlled by the security groups assigned to the primary ENI.

Workspace:

  • It creates VPC, IGW by default.
  • Sets up a Simple AD directory in the VPC.
  • Creates the specified user accounts and adds them to the directory.

Clean Up:

  • Remove WorkSpaces, Deregister/Delete directory.

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay