DAAS(Desktop as a Service)/VDI

Amazon Workspaces:

AWS Workspaces is a Daas (Desktop As a Service) offering from Amazon, which enables you to provision virtual, cloud-based Microsoft Windows or Amazon Linux desktops for your users, known as WorkSpaces. Amazon WorkSpaces eliminates the need to procure and deploy hardware or install complex software. You can quickly add or remove users as your needs change. Users can access their virtual desktops from multiple devices or web browsers.

I have prepared the following video with instructions on how to create your Workspaces with Advanced setup Option, or if you want to do a Quick Launch then the following instructions can be used,


a)     Choose your operating system (Windows or Amazon Linux) and select from a range of hardware configurations, software configurations, and AWS regions. For more information, see Amazon WorkSpaces Bundles.
b)    Connect to your WorkSpace and pick up from right where you left off. Amazon WorkSpaces provides a persistent desktop experience.
c)    Amazon WorkSpaces provides the flexibility of either monthly or hourly billing for WorkSpaces.
d)     Deploy and manage applications for your WorkSpaces by using Amazon WorkSpaces Application Manager (Amazon WAM).

e)     For Windows desktops, you can bring your own licenses and applications, or purchase them from the AWS Marketplace for Desktop Apps.
f)     Create a standalone managed directory for your users, or connect your WorkSpaces to your on premises directory so that your users can use their existing credentials to obtain seamless access to
corporate resources.
g) Use the same tools  such as SCCM etc to manage WorkSpaces that you use to manage on-premises desktops.
h)    Use multi-factor authentication (MFA) for additional security.
i)     Use AWS Key Management Service (AWS KMS) to encrypt data at rest, disk I/O, and volume snapshots.
j)    Control the IP addresses from which users are allowed to access their WorkSpaces.

Before You Begin
• You must have an AWS account to create or administer a WorkSpace. Users do not need an AWS
account to connect to and use their WorkSpaces.
• When you launch a WorkSpace, you must select a WorkSpace bundle. A Workspace bundle is a combination of OS, Storage, vCPU, software utilities for the Workspaces instances
• When you launch a WorkSpace, you must specify profile information for the user, including a
username and email address. Users complete their profiles by specifying a password. Information
about WorkSpaces and users is stored in a directory.
• Amazon WorkSpaces is not available in every region. Therefore check the region before launching your Workspaces whether the service is available in that region or not.

Creating the Workspaces:

To launch a WorkSpace
1. Open the Amazon WorkSpaces console at https://console.aws.amazon.com/workspaces/.
2. Choose Get Started Now.

3. On the Get Started with Amazon WorkSpaces page, next to Quick Setup, choose Launch.
Refer the diagram below:

4) After that select the required bundle for the users as the need may be, below is an example for bundle:

5) Now enter the user details i.e.Username, First name, Last Name and Email:

6)   Choose Launch Workspaces.

7)  Choose View the WorkSpaces Console. The initial status of the WorkSpace is PENDING. When the launch is complete, the status is AVAILABLE and an invitation is sent to the email address that you specified for the user.

When you do a Quick Launch, then it performs the following tasks on your behalf,
• Creates an IAM role to allow the Amazon WorkSpaces service to create elastic network interfaces and list your Amazon WorkSpaces directories. This role has the name workspaces_DefaultRole.
• Creates a virtual private cloud (VPC).
• Sets up a Simple AD directory in the VPC that is used to store user and WorkSpace information. The directory has an administrator account and it is enabled for Amazon WorkDocs.
• Creates the specified user accounts and adds them to the directory.
• Creates WorkSpace instances. Each WorkSpace receives a public IP address to provide Internet
access. The running mode is AlwaysOn.
• Sends invitation emails to the specified users.

Connect to the WorkSpaces:
After you receive the invitation email, you can connect to the WorkSpace using the client of your choice.
After you sign in, the client displays the WorkSpace desktop.
To connect to the WorkSpace
1. If you haven't set up credentials for the user already, open the link in the invitation email and follow the directions. Remember the password that you specify as you will need it to connect to your
WorkSpace. Note that passwords are case-sensitive and must be between 8 and 64 characters in length,inclusive. Passwords must contain at least one character from three of the following categories:
lowercase letters (a-z), uppercase letters (A-Z), numbers (0-9), and the set ~!@#$%^&*_-+=`|\(){}

2. When prompted, download one of the client applications or launch Web Access.
If you aren't prompted and you haven't installed a client application already, open https://
clients.amazonworkspaces.com and follow the directions.

3. Start the client, enter the registration code from the invitation email, and choose Register.

4. When prompted to sign in, type the username and password, and then choose Sign In.

5. (Optional) When prompted to save your credentials, choose Yes.

Ports for Client Applications
The Amazon WorkSpaces client application requires outbound access on the following ports:

Port 443 (TCP)
This port is used for client application updates, registration, and authentication. The desktop client
applications support the use of a proxy server for port 443 (HTTPS) traffic. To enable the use of
a proxy server, open the client application, choose Advanced Settings, select Use Proxy Server,
specify the address and port of the proxy server, and choose Save.

Port 4172 (UDP and TCP)
This port is used for streaming the WorkSpace desktop and health checks. It must be open to the
PCoIP Gateway IP address ranges and health check servers in the region that the WorkSpace is in.

Amazon WorkSpaces Web Access requires inbound and outbound access for the following ports:
Port 53 (UDP), Port 80 (UDP/TCP), Port 443 (UDP/TCP)

(Ref: https://docs.aws.amazon.com/workspaces)