The forced transition to a remote mode of operation has become an incentive for many companies to try new formats of work. The peak in IT demand was in the virtual workspace. Our clients also needed it. Traditionally, we decided to first test such a solution on ourselves, before offering it to customers. After trying several infrastructure options for "remote", we settled on the option with a workspace in the AWS cloud - Amazon WorkSpaces, which we are talking about.
Anatomy of the modern "remote"
Working remotely today can be no different in efficiency from working in the office, but under one basic condition. The workspace, the environment in which an employee operates, must have all the familiar tools that employees use to solve everyday tasks.
Today, in the overwhelming majority of cases, these are IT services, applications, corporate systems and databases, access to which is provided remotely via the Internet, FTP and other protocols. By and large, the entire transition to a remote mode rests on the company's ability to provide an employee with access to his familiar desktop anywhere in the world.
At the same time, in addition to a well-designed set of IT tools and online solutions, the speed and quality of communication, as well as the security of all operations, are extremely important.
All existing solutions for organizing remote work are divided into three basic types in terms of their functionality:
- solutions for online synchronization of team interaction (video conferences, instant messengers, task progress trackers, etc.),
- file sharing and editing,
- deployment of virtual desktops.
An obvious but worth mentioning point: when creating your own configuration of an IT solution for remote control, you should carefully consider the choice of data centers for hosting the infrastructure. Do not stop at comparing data centers by prices, check their positions in the ratings, read customer reviews, look for publications about them in the media.
What is Amazon WorkSpaces
With all factors in mind, as well as experience in testing various tools from all three categories, we chose to deploy an IT environment for remote office work on Amazon WorkSpaces.
Amazon WorkSpaces is a remote desktop in the Amazon cloud, implemented using the Desktop-as-a-Service - DaaS model.
The service provides on-demand access to desktops in the cloud and eliminates the need to buy backup computers. The amount of computing resources, RAM and disk space of such desktops are configured depending on the tasks of the company and the needs of specific users.
Amazon WorkSpaces can be used to deploy Windows or Linux desktops. The service allows you to quickly scale resources and create literally thousands of desktops for employees around the world.
Billing is performed on the basis of actual resources used, which allows you to optimize costs compared to traditional desktops and on-premises solutions using virtual desktop infrastructure (VDI). Of course, for effective cost management, it is important to understand at the start of work what parameters of virtual machines are necessary for your tasks so as not to overpay for excess resources.
You do not need to own and manage hardware, update OS versions and apply patches, or administer a virtual desktop infrastructure (VDI).
How the service works: nuances and subtleties
WorkSpaces uses AWS Directory Service, which is an AWS Managed Microsoft AD service, to manage information about users connecting to remote desktops.
That is, Amazon WorkSpaces cannot function without AWS Directory Service, and therefore both require payment. However, it's worth noting that both Amazon WorkSpaces and AWS Directory Service have free packages for up to 1,500 hours. Accordingly, it is possible to test the solution.
In addition to standard workstations, Amazon WorkSpaces is available with vGPU.
This package offers a high performance virtual desktop. It is great for 3D application and model developers, engineers using CAD, CAM or CAE tools.
This package is available in all regions where WorkSpaces are currently offered and can be used with any device. Such a solution can become an alternative to powerful office workstations in design studios, which during the isolation period turned out to be impossible to deliver to employees' homes, for which companies had to either organize the purchase of expensive laptops or offer employees work on personal devices.
Also, Amazon WorkSpaces with GPUs can be used to analyze and visualize data. Because the graphics suite's capacities sit alongside core services such as EC2, RDS, Amazon Redshift, S3, and Kinesis, you can analyze the data on the server and then visualize the results in a contiguous workspace.
You can use this combination of AWS services to create applications that would not be cost-effective to develop when running in conventional, non-GPU virtual machines.
How was testing
We tested the service by checking the availability of a remote desktop from the Internet and from a test virtual machine in our cloud in St. Petersburg.
1. Established connectivity between our infrastructure in the data center and our VPC (virtual private cloud) in AWS. Everything is standard here - setting BGP, DCC, Virtual Gateway.
2. Decided on AD (Active Directory).
According to Amazon documentation, it is possible to use both Amazon managed and on-premises AD.
3. For the test, we chose a schema with AD managed by Amazon.
With this scheme, you need to keep in mind that the VPC must have at least two subnets from different Availability Zones. This is an AWS requirement and is based on the need to physically isolate AD servers from each other. At least two servers are required.
For example, in the region eu-central-1 (Frankfurt) there are three Availability Zones - eu-central-1a, eu-central-1b, eu-central-1c.
4. For the test, make one prefix in eu-central-1a, one prefix in eu-central-1b.
When creating a subnet, specify AZ:
5. The two subnets we created:
6. Create Active Directory and WorkSpace.
7. After setting up, a letter is sent to the specified mail, which contains a link to change the password on the desktop and to download Amazon WorkSpaces for different platforms - Windows, Linux, MacOS, etc.
8. The desktop is ready.
Direct connection to AWS
Most companies with their own AD will be interested in a connection scheme with their own AD. To do this, you additionally need to set up a direct dedicated connection to AWS, through which the client can connect his AD and company resources located on-premises with the Amazon cloud.
Schematically it looks like this:
It should be borne in mind that for the stable operation of the service, the delay between the host from which the connection to the desktop is made and the AWS location where the WorkSpaces are located should not exceed 100ms according to the Amazon recommendation.
In our case, we offer customers a connection via Frankfurt - RTT (round-trip time) from Linxdatacenter in Moscow and St. Petersburg to FR5 (points of presence based on Equinix data center in Frankfurt) is less than 40ms, which fully meets AWS recommendations.
Installing Amazon WorkSpaces on a Workstation
1. Install the application on the workstation with which we plan to connect.
2. Enter the Registration Code, which is the desktop identifier, and the username / password specified when creating the WorkSpace.
3. The desktop is available on the employee's laptop.
Screenshot of the Amazon WorkSpaces application window connected to a remote desktop.
4. Now let's link it to the systems in the company. In our case, using the example of connecting to a VM in the Linxdatacenter cloud in St. Petersburg.
5. In the opposite direction (VM in the cloud in St. Petersburg -> remote desktop), connectivity also works.
Deploying and configuring a package with vGPU does not differ from the standard configuration. At the moment when the system prompts you to choose a package for deployment, you need to find the one we need with the graphics and select it for installation.
Minimum vGPU package parameters:
- Display - NVIDIA GPU with 1,536 CUDA cores and 4 GiB of graphics memory.
- Processing - 8 vCPUs.
- Memory - 15 GiB.
- System volume - 100 GB.
- User volume - 100 GB.
Unfolded: what's next?
Desktops on Amazon WorkSpaces enable mobile and telecommuting workers to use any application they need to work from a cloud-based desktop, accessible from anywhere with an Internet connection.
The use of own device (BYOD) model works: the service supports all stationary PCs, Mac laptops, iPads, Kindle Fire, Android tablets, Chromebooks, as well as Firefox and Chrome browsers.
If a company faces the challenge of testing proprietary software innovations, Amazon WorkSpaces also solve this problem without increasing the cost and the need to store backup equipment. Most importantly, the source code will not be stored on developers' devices, which is additional protection.
Another current use case for Amazon WorkSpaces is the rapid merger of multiple IT departments to collaborate on a project, where large numbers of people need to be quickly synchronized.
That's all for today - ask questions in the comments.
PS I recommend to watch here is the video on Amazon WorkSpaces.