Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

[AWS Days Microsoft-LA 2015]: Amazon Workspaces-Running Microsoft Windows Desktops in the Cloud

3.089 visualizaciones

Publicado el

Amazon WorkSpaces address the problem of traditional VDI environments – complexity in building, managing, and scaling remote desktops globally – by providing desktops as a service and enabling customers to securely access Microsoft Windows in the cloud from nearly anywhere with nearly any device. WorkSpaces help customers transform their traditional corporate networks into next-generation models that give employees secure access, and solve the difficult challenges with on-boarding third-parties, vendors, and contractors into the corporate network. This presentation will cover how WorkSpaces can be provisioned quickly and at scale from custom images, and work with traditional patch, asset, and software distribution management tools such as Microsoft SCCM.

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

[AWS Days Microsoft-LA 2015]: Amazon Workspaces-Running Microsoft Windows Desktops in the Cloud

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. December 9, 2015 | Los Angeles, CA Microsoft Windows Desktops in the Cloud
  2. 2. What is WorkSpaces?
  3. 3. Desktop as a Service Microsoft Windows desktops on AWS • realizing the “virtual desktop dream” The cloud replacement to VDI • no-hassle performance, capacity • improved accessibility, security Decentralization meets consumerization • “Corporate IT meets Consumer IT” • device and location independence
  4. 4. Why WorkSpaces?
  5. 5. Ease of Deployment On-demand, pay-as-you-go Launch the number of WorkSpaces needed Heavy lifting taken care of by AWS
  6. 6. Standard Windows Management Treat like any other Microsoft Windows desktop environment! • Policy: Active Directory, GPOs • Patching: WSUS, SCCM • Distribution: SCCM, App-V • Automation: Powershell
  7. 7. Template to Desktop Create custom images Map to hardware types Launch from bundles Simple to Provision
  8. 8. Keep Data Secure and Available No data stored on end-user device Only streaming protocol pixels delivered to users (Teradici PCoIP) User volume backed by Amazon S3
  9. 9. Desktop, Laptop: PC, Mac Tablets: iOS, Android, Kindle, Win Zero, Thin Clients Chrome OS Support Multiple Devices
  10. 10. Integrate with Active Directory IT: Control policies with familiar tools Users: Use existing enterprise credentials
  11. 11. Protect with MFA IT: Integrate with existing MFA solution Users: Get to use existing one-time tokens
  12. 12. Automation Support Manage and provision with CLI or API (Powershell, .NET, and more)
  13. 13. WorkSpaces Monitoring • Automatically respond to desktop health and connection issues • Alert on custom metrics and events
  14. 14. Monthly Pay as You Go All WorkSpaces Bundles provide the Windows 7 Experience to users (provided by Windows Server 2008 R2 with RDS). Monthly Price in N. Virginia and Oregon AWS regions. More here: http://aws.amazon.com/workspaces/pricing/ Value Plus Value 1 vCPU, 2 GB memory 10 GB storage $25 - Value $40 - Value Plus Performance Plus Performance 2 vCPU, 7.5 GiB memory 100 GB storage $60 - Performance $75 - Performance Plus Standard Plus Standard 2 vCPU, 4 GB memory 50 GB storage $35 - Standard $50 - Standard Plus
  15. 15. The User Experience
  16. 16. A Typical User Journey with WorkSpaces Discover Corporate Pilot Office Access Home Access Other Devices No More Desktop
  17. 17. User Expectations for WorkSpaces Work Anywhere High Productivity Help, not Hinder Familiar Robust 100% Available
  18. 18. What Users Like It Just Works Transparent Single Environment Sense of Permanence Centralized Support Different Experience
  19. 19. Moving to WorkSpaces
  20. 20. Service Availability 6 Regions • Oregon • Northern Virginia • Ireland • Tokyo • Singapore • Sydney http://aws.amazon.com/about-aws/global-infrastructure/ (as of December 2015) Amazon WorkSpaces
  21. 21. Common Enterprise Deployment Model • Regional proximity to users • Tie into the global corporate network via DX • Use existing IP space • Restrict corporate network access when necessary • Enable future expansion Global Enterprise Corporate Network (10.0.0.0/8) 10.44.192.0/20 10.44.208.0/20 10.44.224.0/20 10.44.240.0/20 TBD TBD This is EC2 at scale. lots of worldwide users
  22. 22. Authentication Gateway Active Directory corp servers Direct Connect Customer Corp Net Users Customer Streaming Gateway WorkSpaces Service Broker A) AWS-managed (public) B) customer-managed (public and/or private) MFA Accessing Corporate WorkSpaces WorkSpacesVGW Internet Session Gateway secure protocols, analogous to VPN (SSL and PCoIP w/ IPSec AES-256) 1 2 3 Client authenticates (AD and MFA) via Authentication Gateway (SSL) Client brokers desktop session with Session Gateway (SSL) Client accesses desktop through Streaming Gateway (PCoIP w/ IPSec AES-256) How Client Traffic Flows access from Corp (wired, wireless, VPN) customer-provided hardware From the Enterprise Corporate Network Zero Client Gateway B Customer VPC A Sophos source filtering by IP Transit InfoSec Logging all corporate network access untrusted prior to filtering US East Employees us-east-1 • regional proximity • tie into corp via DX redundant private VIFs • use existing IP space 10.44.208.0/2010.x.x.x/8 • restrict corp network access KEY POINT Kerb/TGT ticket Streaming Gateway IP
  23. 23. Authentication Gateway Active Directory corp servers Direct Connect Customer Corp Net Users Customer Streaming Gateway WorkSpaces Service Broker A) AWS-managed (public) B) customer-managed (public and/or private) MFA Accessing Corporate WorkSpaces WorkSpacesVGW Internet Session Gateway secure protocols, analogous to VPN (SSL and PCoIP w/ IPSec AES-256) 1 2 3 Client authenticates (AD and MFA) via Authentication Gateway (SSL) Client brokers desktop session with Session Gateway (SSL) Client accesses desktop through Streaming Gateway (PCoIP w/ IPSec AES-256) How Client Traffic Flows access from ANY network BUT customer corporate customer-provided hardware From ANY Network Outside of the Enterprise Zero Client Gateway B Amazon.com VPC A Sophos source filtering by IP Transit InfoSec Logging all corporate network access untrusted prior to filtering Standalone Network • BYOD: use ANY device, not just corporate hardware • BYON: more than just BYOD … bring your own network -or- BYOD • NEXT-GEN: the new corporate network
  24. 24. The Evolution of Automation CLI Tools on A-Linux #!/usr/bin/ruby #!/usr/bin/perl #!/bin/bash • fast and easy start – “just go” • many operations need data (dir-id, wsb, region)  CSV files over API calls • as data increases, fast and easy not so fast and easy anymore • oh, right … no AWS SDK support for Perl • object notation, AWS SDK support Web-Based UI Self-Service Portal for End-Users Admin Portal for Helpdesk (Python) (Ruby) API Gateway Lambda DynamoDB create-workspaces describe-workspaces reboot-workspaces terminate-workspaces Public APIs { “key1”: “val1”, “key2”: “val2” } json transport Common API Development
  25. 25. Event Handling create-workspace terminate-workspace • delete object from Active Directory • email users • post-install hooks for other activities poll API with cron CloudTrail CloudWatch Logs Kinesis Lambda API events create-workspace  ENI terminate-workspace 25-30 minutes IP ready only at end Implement workflow-driven behavior. Code
  26. 26. User Migration Efforts WorkDocs DFS File Share cloud-based Sync Storage • install WorkDocs sync agent on existing desktops and WorkSpace • data stored securely in S3, synced across all devices Zero Clients, Tablets, Chromebooks • initial access from existing desktops, laptops • Chromebooks solve a lot of problems • customer explores tablets, zero clients • Amazon does not support full desktop migrations today • excitement around thin client solutions
  27. 27. Thank You! • Questions? • Comments? • Feedback and thoughts?

×