"Work Anywhere with Amazon Workspaces 講師：Louis Wang, Cloud Support Engineer, AWS"

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Louis Wang
Cloud Support Engineer, AWS Support, Amazon Web Services
Work Anywhere with
Amazon WorkSpaces
Connect Your Microsoft Activity Directory to the Cloud and then Start Working Anywhere

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What to Expect from the Session?
• Overview of Amazon Workspaces
• On premise Active Directory integration
• Bringing it all together

3. Business Landscape Is Changing
Evolving Workforce
43% of US employees
worked remotely in 2016
Dynamic Organizations
Global mergers and
acquisitions reached
$3.7T in 2017
Security Threats
In 2017, the average
data breach cost
$3.62M
WannaCry ransomware
attack estimated to have
cost $4.0B
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

4. End the PC Lifecycle Treadmill
Retirement
StartPC
refresh
• Extend the life of your client
hardware
• Support BYOD
Service
desk
support
Every
2–4
years
Deploynew
technology
• Use PCs, macOS, tablets,
Chromebooks, and Zero
Clients
• Support self service
• Quickly scale up or down
• Use perpetual PCs in the
cloud
Build and
images
Inventory
management • Move to OPEX model
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

6. Amazon WorkSpaces Use Cases
Modern Organizations
Global organizations
Mobile workers
M&A activity
Developer productivity
Project-Based Work
Temporary workers
Contractors
Training
Security and Compliance
Secure applications and data
Support Bring Your ON Device(BYOD)
Meet compliance requirements
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

7. Improves Security
No sensitive data on
users’devices
Amazon WorkSpace data
encrypted at rest
Desktop stream
encrypted in transit
Amazon WorkSpaces encrypts data and streams, and keeps information off devices
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

8. Ready to Meet Security and Compliance Needs
Manage access
toAmazon
WorkSpaces
using digital
certificates
PCI DSS
Level 1
compliant,
SOC 1, SOC 2,
ISO 9001, and
ISO27001
certification
HIPAA-eligible
with business
associate
agreement
EU General Data
Protection
(GDPR) ready
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

9. Plays Well with Existing Tools
Multi-factor
Intranet
Microsoft Active
Directory
authentication
(MFA)
(RADIUS)
SCCM
Certificate
Authority
Amazon WorkSpaces integrates easily with your on-premises tools and network
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

10. Flexible Billing Options
Monthly Hourly
Best for
 Full-time staff
 Simplifying yourAWS bill
 Instant access
 Running scheduled tasks
Best for
 Students & part-time staff
 Optimizing yourAWS bill
 Quick access
 Running ad hoc tasks
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

11. Managed Cloud Desktops
Pay as you go
Secure
Provide high-performance persistent
cloud desktops to users
Simple
to deploy and manage
Scale and
consistent performance
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

12. Customer Success Story: Endemol Shine Nederland
“With Amazon WorkSpaces, we can provide new workers with
a Windows desktop and the applications they need within hours
instead of days. Amazon WorkSpaces makes it easy for
workers to use their preferred device and for Endemol Shine
Nederland to maintain our security requirements. Because
Amazon WorkSpaces is cost effective and requires no upfront
payment, we have been able to save 30% of our desktop
operations costs and 70% on capital expenditure.”
– Leon Backbier, IT Manager, Endemol Shine Nederland
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Active Directory Connector
(AD Connector)

14. AD Connector
• Integrate On-premise existing corporate with Amazon
WorkSpaces, Amazon WorkDocs, or Amazon WorkMail.
• Manage AWS resources like Amazon Elastic Coumpte
Cloud(EC2) instances or Amazon Simple Storage
Service(S3) buckets
• Consistently enforce existing security policies
• Enable multi-factor authentication
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

15. The Scenario
• Hybrid architecture, mix of applications on premises and
in the cloud
• Existing on premise Active Directory environment for
Identity
• Amazon Direct Connect or Classic VPN already in place
BYOD Mergers and
acquisitions
Mobile workers Temporary
workforce
Secure
access
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Private Cloud
corporate data center
AWS cloud
AD Connector
VPN
connection
mobile client
Internet
client
Domain Controller
Amazon
WorkDocs
Amazon
WorkSpaces

17. Directory Integration
• All Amazon WorkSpaces will be
joined to an Active Directory
domain
• AWS Directory Service is required
to connect users to their Amazon
WorkSpace
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

18. Network Design – Subnets
 Amazon WorkSpaces requires two
subnets in different Availability
Zones(AZ).
 Before you create AD Connector, please
create technical support cases for AZ
information.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Support Plan
• Developer
• Business hours access to Cloud Support Associates via email
• Business
• 24x7 access to Cloud Support Engineers via email, chat & phone
• Enterprise
• 24x7 access to Sr. Cloud Support Engineers via email, chat &
phone

20. Workspaces Type
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• Value
• 1 vCPU, 2 GiB Memory
• Standard
• 2 vCPU, 4 GiB Memory
• Performance
• 2 vCPU, 7.5 GiB Memory
• Power
• 4 vCPU, 16 GiB Memory
• Graphics
• 8 vCPU, 15 GiB Memory, 1 GPU, 4 GiB Video
Memory

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
DEMO
• Create AD connector
• Connect to on-premise DC
• Launch Amazon WorkSpace
• Access it any where

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Active Directory Recommendations
• Extend your Active Directory into AWS on Amazon Elastic
Compute Cloud(EC2) instances
• Define your VPCs in Active Directory Sites and Services
• Separate Active Directory OUs by service and region

23. The Approach
• Decide on user segmentation
• Select the initial use cases
• Evaluate performance
characteristics
• Build the pilot solution
• Run user acceptance testing
• Deploy
• Iterate!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Global Availability
Northern Virginia
Oregon
Montreal
São Paulo
Ireland
Frankfurt
London
Singapore
Tokyo
Seoul
Sydney

25. Try It Now
Try Amazon WorkSpaces; Free
Tier available!
Run two Standard bundle
WorkSpaces for 40 hours a month,
for up to two calendar months.
Windows 7 or Windows 10
Experience, including Amazon
WorkDocs with 50 GB storage.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Try Amazon Active Directory
Connector; Free Tier available!
30-day free trial includes 1,500 hours
WorkSpaces users receive access to
AD connector for no additional charge.
AD Connector

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.