2. What Customers Are Telling Us
What’s not working?
Personal Computers
§ Manage inventory
§ Secure endpoints
§ BYOD is complicated
§ Data must be backed up
§ Expensive to scale
On-Premises VDI
§ Upfront investment
§ Weeks to deploy
§ Requires management
§ Servers must be secured
§ Expensive to scale
Embrace
personal
devices
Support
contract
workers
Access for
Mobile
Workers
Data
Security
Agility
3. Introducing Amazon Enterprise Applications
WorkSpaces
WA
WorkMail WorkDocs
Productivity
WorkSpaces
Application
Manager
Desktop & Apps
Secure, managed end-user computing services on the AWS cloud
4. A cost-effec*ve, managed cloud desktop
Secure
Pay-as-you-go
Simple management
Highly interactive cloud desktops
your users will love
Scale consistently
5. Desktop Experience Your Users Will Love
A formal BYOD policy is four times more likely to result in increased
employee productivity and decreased IT support issues1.
Portable
Desktop
Consistent
Performance
Available on Any
Device
1. Enterprise Strategy Group: TechTruths: BYOD and Productivity, 2015
6. Supports Multiple Devices
Desktop, Laptop: PC, Mac
Tablets: iOS, Android, Kindle, Surface
Zero Clients
Thin Clients *
Chrome OS, ChromiumReuse your existing devices, or
acquire to fit your needs.
* OEM-specific, OS-specific
7. Plays Well With Existing Tools
Microsoft Active
Directory
Multifactor
Authentication
(Radius)
SCCMIntranet
Amazon WorkSpaces integrates easily with your on-premises tools and network
8. Improves Security
• Data is stored on the AWS cloud, not on devices
• Data is encrypted in in transit with 256-bit encryption
• Volume encryption with AWS Key Management Service
• Users authenticated against your corporate directory
• Deploy multi-factor authentication (MFA) for additional security
• Certification – SOC 1, SOC 2, ISO 9001 and ISO 27001No sensitive
data on users’
devices
9. Improve Flexibility and Scale
• Quickly add or remove WorkSpaces as your business requires
• Expand to new regions without additional costs
• Easily support temporary and remote workers
• Choose from several desktop configuration options
• Bring your own licenses and applications or purchase from AWS
10. Simple Management
Centrally manage WorkSpaces using the AWS Management Console or
existing tools
• Integrate your existing corporate network and directory
• Auth and Policy: Active Directory, GPOs
• Patching: WSUS, SCCM, 3rd-party
• Distribution: SCCM, App Layering, App Virt
• Profile Management: 3rd-party
• Automation: Powershell, .NET, and more
11. No servers to
manage
Scale
on demand
Amazon WorkSpaces removes the burden of management, and scales instantly
Available
globally
Cloud Economics
Pay only for
what you use
12. Reduce Costs
• Pay-as-you-go means no infrastructure acquisition cost
• Eliminate underutilization of desktop management infrastructure
• Expensive PCs can often be replaced with cheaper thin clients or
repurposed
• CapEx can be switched to OpEx
• Pay for what you use with Monthly and Hourly Options
13. Amazon WorkSpaces Use Cases
Call centers
Temporary workers
Dev/Test
Amazon WorkSpaces can help you realize benefits across many scenarios
Mergers and
acquisitions
Securing data Compliance
requirements
Mobile workers BYOD
Training and labs Demos
14. Amazon WorkSpaces Capabilities
• User Experience
§ Support for multiple devices including Tablets, Windows, MAC,
Zero clients and Chrome devices
§ Local printing with Windows and Mac clients
§ High DPI device support
§ Audio input (Make Skype/WebEx calls from WorkSpaces)
• Management
§ Custom images
§ WorkSpaces Application Manager (WAM)
§ API support (via AWS SDK, CLI)
• Monitoring
§ Amazon CloudWatch and AWS CloudTrail integration
§ Network health checks and health check website
15. Amazon WorkSpaces Capabilities
• Performance, Cost, and Flexibility Enhancements
§ Value Bundle
§ Upgrade Standard Bundle at no additional cost
§ Bring your own license (BYOL) for Microsoft Windows 7
• Security and Compliance
§ Storage Volume Encryption
§ Multi-Factor Authentication
§ Certification – SOC 1, SOC 2, ISO 9001 and ISO 27001
16. WorkSpaces Monitoring
• CloudWatch Alarms
• CloudWatch Events/Rules
• CloudWatch Logs to alert on specific events
• Based on two dimensions: WorkSpaceID and DirectoryID
• Units are Time and Count
• Statistics Available: Average, Sum, Maximum, Minimum, Data
Samples
23. • Endemol Shine Nederland uses contract video crews in
locations around the world to create their shows
• Preparing for a project took two weeks as the team had to set
up, secure, and ship hardware to a production site
• Endemol Shine Nederland decided to provide contract video
crews with Amazon WorkSpaces to run on their own devices
• The switch saved Endemol Shine Nederland 70% in PC
capex, 30% in PC operations, and reduced preparation time
to two hours.
Leon Backbier
IT Manager, Endemol Shine Nederland
”
“
Endemol Shine Nederland is a world leading creator,
producer and distributor of multiplatform entertainment with a
portfolio that includes Big Brother, MasterChef, Man vs.
Food, The Biggest Loser, and Wipeout.
“With Amazon WorkSpaces, we are able to
provide video crews with a secure cloud
desktop they can run on their own devices while
onsite. By using Amazon WorkSpaces, we
have saved 70% on PC capital expenditure, and
30% on desktop operations, while reducing our
preparation time from two weeks to two hours.”
Use Case | Contract Workers
Endemol Shine Nederland: Contract Workers
24. The Louisiana Department of Public Safety and
Corrections manages nine state correctional
facilities housing 19,000 prisoners.
Rehabilitation through
education is now a reality
thanks to ATLO and Amazon
WorkSpaces.
• State department of corrections wanted to improve
inmate education and improve post-prison outcomes
• Needed to replace on-premises learning solution
• Using Amazon WorkSpaces allows LDoC to offer
secure, cloud-based learning program
• Enables better outcomes for inmates
• Team can now launch new training labs in 90 minutes
”
“
ATLO Software is a software provider that partners with local
and state organizations to offer virtual learning environments.
Dawson Andrews
IT Director,
Louisiana Department of Corrections
Louisiana Department of Corrections: Secure Training
25. • Provides fast, secure desktops with consistent performance that users will love
• Simplifies desktop management
• Scales globally within minutes
• Plays well with existing tools
• Provides flexibility and agility
• Lowers complexity and cost
Summary
26. A secure, fully managed enterprise storage and sharing service
with strong administrative controls and feedback capabilities
that improve user productivity
27. Amazon WorkDocs Benefits
• Easy access to documents from anywhere, across devices
• Share and comment directly on documents – no more attachments
• Request feedback with deadlines, and control document versions
• Set sharing rules and manage document access centrally
• Store files securely on the AWS cloud in the regions of your choice
• Use your corporate directory and MFA to authenticate users
28. Access and Sync From Any Device
• Web application
• iOS Phone and tablet apps
• Android Phone and tablet apps
• Amazon Fire app
• Windows & Mac OS desktop sync
29. Securing Data
• Your data is encrypted in transit and at rest
• Choose your AWS region and adhere to data sovereignty laws
• Implement policies and roles for site access and sharing behavior
• Store content securely in WorkDocs instead of sending via email
• Authenticate using corporate directory and MFA
30. Amazon WorkDocs Pricing
• Pay-as-you-go: $5 per user per month for 200 GB
• Bundled *: $2 per WorkSpaces user per month for 200 GB
• Free trial for 50 users for 30 days
• Additional storage available at regular S3 prices
* Amazon WorkSpaces users receive access to Amazon WorkDocs
for no additional charge. This includes 50 GB of storage per
WorkSpaces user.
32. A secure, fully managed business email and calendaring service
33. Managed business email and calendar service
• Eliminate up-front investments to license and provision on-premises email servers
• WorkMail automatically handles patches, back-ups, and upgrades.
• Integrates with your existing on-premise directory.
• As needs grow, add more users with a few clicks in the AWS Console
34. Enterprise grade security
Encryption using
customer managed
keys
Regional data
control
Secure mobile
access
Protection from
malware, spam, and
viruses
36. Microsoft Outlook on Windows
• Support for Outlook 2007, 2010, 2013, 2016
• Native support (Outlook Anywhere)
• No additional software/plugins needed
• Autodiscover for easy setup
37. Mac OS X support
• Support for Exchange Web Services (EWS) protocol
• Support for Outlook 2011 and Mac Mail
• Outlook 2016 in progress
38. Mobile device support
• Native mobile support through Exchange ActiveSync protocol
• Supported devices:
• iPhone, iPad
• Android
• BlackBerry 10
• Windows Phone
• Fire
39. WorkMail Features
• Global Address Book
• Shared calendars
• Resource booking
• Advanced permissions and delegation
• Server-side rules
• Out-of-office rules
• Interoperability with Microsoft Exchange (launching soon)
• Encryption using customer managed keys
40. Mobile Device Management
• Policy support for:
• Password required
• Password strength
• Automatic screen lock
• Device encryption
• Remote wipe when device is lost or stolen
41. WebMail client features
• Access to your email, contacts, and
calendar
• Shared calendars
• Access to free/busy information
• Amazon WorkDocs integration
• Accessibility (support for screen readers &
keyboard-only usage)
42. Pricing and availability
• Pay-as-you-go
• Cost-effective -- $4/user/month for 50GB mailbox
• Bundled with WorkDocs -- $6/user/month
• 30-day free trial for up to 25 users
• Currently available in US East (N. Virginia), US West
(Oregon), and EU West (Ireland) regions
49. Integrate Amazon WorkMail with your existing
email environment
• Email routing between on-premises email system and WorkMail
• Calendar free/busy lookups between on-premises email systems and WorkMail
• Provide users with a unified global address book containing all users, groups, and
resources
50. AD Connector architecture
Availability Zone
Availability Zone
VPN
connection
corporate data center
AD
LDAP &
Kerberos
requests proxied
to on-premises
over VPN
AD Connector
proxy instance
AD Connector
proxy instance
51. Set up interoperability support
Add-AvailabilityAddressSpace -ForestName
example.awsapps.com -AccessMethod OrgWideFB
-Credentials <Credential>
• Add all domains to WorkMail
• Convert users on Microsoft Exchange to mail enabled users with external mail addresses
that point to Amazon WorkMail
• Set up free/busy service accounts in Microsoft Exchange and Amazon WorkMail
• Specify EWS URL for on-premise environment in Amazon WorkMail
• Set up Availability Address Space in Microsoft Exchange
52. Email routing in an integrated environment
On-premises environment Amazon WorkMail
example.com
example.com
example.awsapps.com
Forward to:
john@example.aws
apps.com
Primary: john@example.com
Alias: john@example.awsapps.com
john@example.com
targetAddress:
john@example.awsapps.com
To: john@example.com
53. Calendar free/busy interoperability
On-premises environment Amazon WorkMail
example.com
4. Free/busy lookup for Mary
with WM service account
john
1. Free/busy lookup for Mary
targetAddress:
mary@example.awsapps.com
Primary: mary@example.com
Alias: mary@example.awsapps.com
2
3
5
54. Unified Global Address Book
• Interoperability support will automatically sync all Microsoft Exchange users,
groups, and resources to WorkMail
• Object changes must be done using Exchange Management Console
• Enabling users for WorkMail still done through AWS Management Console