Five essential Amazon WorkSpaces management tasks

Amazon WorkSpaces alleviates much of the management headache and overhead of traditional desktops, but there are still five management tasks cloud admins need to handle.

Amazon WorkSpaces is a cloud-based desktop service that lets enterprises avoid most of the management and infrastructure overhead of traditional desktops. While it's reasonable to think of Amazon WorkSpaces as a type of software as a service, there's still a fair amount of management work that goes into an enterprise-wide deployment.

Cloud admins work with these five Amazon WorkSpaces management tasks:

  1. Synchronizing data
  2. Applying patches
  3. End-user authentication and authorization
  4. Resolving performance issues
  5. Removing Amazon WorkSpaces

Synchronizing data across devices

Amazon WorkSpaces implements synchronization in a few ways. Provisioned desktops have C: and D: drives. The D: drive is backed up every 12 hours. Amazon Web Services (AWS) can restore the D: drive if there is a problem and that drive is lost. This feature is a course-grade form of synchronization suitable for data protection; more granular synchronization operations require WorkSpaces Sync.

WorkSpaces Sync is an application you can install into a WorkSpaces device; it's also compatible with Windows or Mac clients. The application continuously backs up WorkSpaces files to Amazon Simple Storage Service (S3)

Workspace Sync is configured at the directory-level, so you can't configure it on a per-user basis. You can configure synchronization on a per-client device level, but that requires you to install the WorkSpaces Sync client, and then configure folders on the client you want to sync.

Patching Amazon WorkSpaces software

There are two categories of software patches in AWS WorkSpaces: operating system patches and application and WorkSpaces patches. AWS manages WorkSpaces patches by pushing them to the service during the regularly scheduled maintenance windows (currently between midnight and 4:00 a.m. on Sundays). AWS will also push out emergency patches at any time. Users and desktop admins have no control over WorkSpaces' patching.

Desktop administrators must perform OS and application patching. Windows desktops are automatically configured to update the OS and Microsoft Office on a regular basis (currently 2 a.m. on Sunday mornings). You have full control over the desktop and installed applications, so you can change patching configurations if needed. Test patching procedures for any additional software you install on the desktop.

Authenticating and authorizing users

Once you set up Amazon WorkSpaces and provision desktops, users can log in and start using the service. Authentication is available with or without an Active Directory configuration. If WorkSpaces is configured to use Active Directory, users can log in with those credentials, otherwise users must create a password when first using the desktop.

Amazon WorkSpaces authorizes users as local administrators by default. You would not want a user with local administrator privileges accidently disabling antimalware, so you can alter this setting for users who aren't familiar with Windows operations. Use group policies to further lock down the desktop if you do not want users to change wallpaper, create shortcuts or customize the desktop in any way. In the current version of Amazon WorkSpaces, a user can have only a single workspace.

Resolving performance issues

If virtual desktop infrastructures (VDI) have an Achilles Heel, it's performance.

Virtualized desktop performance can be a step down for those accustomed to working with desktops and laptops outfitted with multicore processors, large amounts of RAM and flash drives. And though you can't configure hardware in a desktop service like Amazon WorkSpaces, there are some infrastructure parameters and design guidelines.

Test network latency between the Amazon data centers and end-user locations. AWS recommends no more than a 100 milliseconds (ms) of latency for optimal performance, but up to 250 ms is acceptable. If you are experiencing latency longer than 250 ms, try a different AWS region. WorkSpaces is currently available in U.S.-East (Virginia), U.S.-West (Oregon), EU (Ireland) and Asia Pacific (Sydney) AWS Availability Zones.

Finally, if your network supports quality-of-service controls, Amazon recommends prioritizing user datagram protocol traffic on Port 4172.

Removing Amazon WorkSpaces

You can delete VDIs when they are no longer needed. All data on the volume attached to the virtual desktop also will be deleted. Make sure data that should persist after the workspace has been removed and is copied to S3, synched to a client device or backed up.

About the author:
Dan Sullivan holds a Master of Science degree and is an author, systems architect and consultant with more than 20 years of IT experience. He has had engagements in advanced analytics, systems architecture, database design, enterprise security and business intelligence. He has worked in a broad range of industries, including financial services, manufacturing, pharmaceuticals, software development, government, retail and education. Dan has written extensively about topics that range from data warehousing, cloud computing and advanced analytics to security management, collaboration and text mining.

This was first published in August 2014

Dig deeper on Amazon WorkSpaces and other DaaS options

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudApplications

SearchSOA

TheServerSide

SearchSoftwareQuality

SearchCloudComputing

Close