Movatterモバイル変換

[0]ホーム
URL:

Skip to content
DEV Community
Log in Create account

DEV Community

AWS Community Builders profile imageArun Kumar
Arun Kumar forAWS Community Builders

Posted on

     

AWS Workspaces overview

Introduction

This document briefs about high level overview, design and architecture of AWS Workspaces.

Architecture

1

Design

Desktop:

  • Provision either Windows or Linux desktops and quickly scale to provide thousands of desktops to workers.

Client:

  • Users access their WorkSpaces by using a client application from a supported device or, for Windows WorkSpaces, a web browser, and they log in by using their directory credentials.

SOE:

  • Create your own custom image which you can use for provisioning new Amazon WorkSpaces.

Security:

  • Use MFA for additional security. Use AWS KMS to encrypt data at rest, disk I/O, and volume snapshots.

Pricing:

  • You can pay either monthly or hourly, just for the WorkSpaces you launch.

AD:

  • Create a standalone managed directory for your users, or connect your WorkSpaces to your on-premises directory using Active Directory Connector, Create a new directory using Microsoft AD and add users, assign Amazon WorkSpaces to users in your Microsoft AD.

  • There must be a VPN or Direct Connect circuit in place between your VPC and your on-premises environment.

  • Also, various ports have to be opened between your VPC and your on-premises environment to allow AD Connector to communicate with your on-premises directory.

Association:

  • Each WorkSpace is associated with a virtual private cloud (VPC), and a directory to store and manage information for your WorkSpaces and users.

  • Directories are managed through the AWS Directory Service, which offers the following options:

  • Simple AD, AD Connector, or AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD to authenticate users.

Gateway:

  • The login information is sent to an authentication gateway, which forwards the traffic to the directory for the WorkSpace.
  • After the user is authenticated, streaming traffic is initiated through the streaming gateway.

ENI:

  • Each WorkSpace has two elastic network interfaces (ENI) associated with it: an ENI for management and streaming (eth0) and a primary ENI (eth1).
  • The primary ENI has an IP address provided by your VPC, from the same subnets used by the directory.
  • This ensures that traffic from your WorkSpace can easily reach the directory.
  • Access to resources in the VPC is controlled by the security groups assigned to the primary ENI.

Workspace:

  • It creates VPC, IGW by default.
  • Sets up a Simple AD directory in the VPC.
  • Creates the specified user accounts and adds them to the directory.

Clean Up:

  • Remove WorkSpaces, Deregister/Delete directory.

Top comments(0)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

Build On!

Would you like to become an AWS Community Builder? Learn more about the program and apply to join when applications are open next.

More fromAWS Community Builders

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account
[8]ページ先頭
©2009-2025 Movatter.jp