Amazon WorkSpaces cheat sheet: What you need to know about this DaaS product

Amazon’s Desktop as a Service product can virtualize the computing needs of your entire workforce, secure business data, and make life easier for remote employees and IT teams.

Illustration: Lisa Hornung/iStockPhoto

The modern workforce is more distributed than ever before, and the COVID-19 pandemic has only solidified the fact that working remotely is the way of the future for many businesses. That means the computing needs of modern businesses are changing as well—the perfect time for Desktop as a Service (DaaS) products like Amazon WorkSpaces to finally gain market traction.

SEE: Cloud data storage policy (TechRepublic Premium)

DaaS providers have been growing slower than expected over the past few years, but with the spread of the pandemic and the likely long-term shift to remote work, Gartner has reassessed its position on the battle between VDI and DaaS, calling DaaS one of the areas of tech experiencing the greatest growth due to the pandemic.

Because growth has been slow, many businesses may still be unaware of the advantages offered by products like Amazon WorkSpaces. Read on to learn why this new way of deploying workstations may be worth the investment, and the way of the future.  

What is Amazon WorkSpaces?

Amazon WorkSpaces is Amazon’s entry into the DaaS field and gives businesses the ability to create persistent, virtual, and cloud-hosted Windows and Linux workstations. Like other DaaS solutions, Amazon WorkSpaces is designed to scale up as businesses grow and new workstations are needed. 

Amazon describes WorkSpaces as “an easy way to provide a secure, managed, cloud-based virtual desktop experience to your end-users,” and said that its cloud-native, fully managed design means IT teams “don’t have to worry about procuring, deploying, and managing a complex environment.” 

SEE: Top cloud providers in 2020: AWS, Microsoft Azure, and Google Cloud, hybrid, SaaS players (ZDNet)

Amazon WorkSpaces virtual machines (VMs) can be deployed in both Linux and Windows formats and are designed to fill the role of basic end-user workstations. To fill various workstation roles, a number of different bundles are available that allocate more or less CPU power, GBs of RAM, GPUs, video memory, SSD root and user storage, and software.

IT teams can use default Windows/Linux images or create their own custom ones to ensure business-essential apps are installed on new VMs; Amazon also offers Amazon WorkSpaces Application Manager (Amazon WAM) for deploying and managing additional applications on WorkSpaces VMs. Amazon WAM packages applications into containers and makes them appear on user WorkSpaces instances as if they were locally installed, while administrators maintain the ability to manage them as containerized apps, which eliminates the need for time-consuming update, deployment, and retirement cycles. 

In terms of the security of WorkSpaces, Amazon said it uses encryption strong enough to meet HIPAA and PCI compliance through its PC-over-IP protocol, which encrypts traffic and doesn’t send any data to, or store anything sensitive on, end-user devices. User access can also be restricted via IP address, device type, or with digital certificates, and the entire system is integrated with AWS Key Management Service for encrypting storage volumes. 

SEE: Navigating data privacy (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

Credentialing for Amazon WorkSpaces access can be handled in a number of ways, including using pre-existing on-premise Microsoft Active Directory installations linked to AWS Directory Service. In that instance, users will be able to log in to their WorkSpaces instance using their existing credentials, and IT teams can apply group policy settings as usual, deploy software with existing tools, and use existing RADIUS servers to enable multifactor authentication.

On the user end, accessing an Amazon WorkSpaces VM can be done on pretty much any device imaginable: Downloadable clients exist for Windows 10, macOS, iPad, Fire tablets, Android, ChromeOS, and Linux. There’s also a web client for those who don’t want to install software, too. When a new Amazon WorkSpaces instance is provisioned for a user, they receive an email with a link to download the client (or use the web client), verify their identity, and that’s it–they’re all set to work on a virtual, managed, and secured desktop from wherever they are. 

What are use cases for Amazon WorkSpaces?

It’s not hard to see use cases for Amazon WorksSpaces almost immediately, especially in the post-COVID-19 age. The fact that remote workers can be issued an encrypted, managed, and persistent virtual machine to work from anywhere they are can be transformative. 

Amazon mentions several basic use cases on the WorkSpaces website that can be applied to any number of industries and organizations:

  • Quickly provision secure desktops for remote, mobile, and contract employees;
  • make BYOD more secure; 
  • create and scale desktops to test software on various types of simulated hardware;
  • build a standard, persistent set of machines for classroom and laboratory settings; and
  • quickly integrate new employees during a merger or acquisition.

Amazon WorkSpaces can also be used in a lot of end-user environments where it’s more advantageous to have a cloud-hosted desktop than a locally installed or personally owned one. 

Which industry compliance standards does Amazon WorkSpaces meet?

Amazon has done its part to get WorkSpaces certified for use in a variety of industries, and it currently meets the following standards

  • SOC 1,2, and 3 
  • PCI DSS
  • ISO/IEC 27001:2013, 27018:2019, and 9001:2015
  • FedRAMP Moderate and High
  • DoD CC SRG IL2, IL4, and IL5 
  • HIPAA BAA
  • IRAP 
  • MTCS 
  • C5 
  • ENS 
  • OSPAR 
  • HITRUST CSF
  • GDPR

Since it meets those various certifications, WorkSpaces can be used for online payments, storing customer data securely in the cloud, US government and Department of Defense computing, healthcare needs, and more.

SEE: AWS Summit Online highlights (free PDF) (TechRepublic)

What are DaaS alternatives, and how much does Amazon WorkSpaces cost?

In an article about top DaaS providers, TechRepublic editor in chief Bill Detwiler gave a rundown of the biggest names in DaaS and reasons why each one would be a good choice for different types of organizations. Aside from Amazon WorkSpaces, nine DaaS providers are mentioned in his article: Citrix Managed Desktops, Cloudalize DaaS, dinCloud dinWorkspace, Evolve IP, itopia Cloud Automation Stack, Microsoft Windows Virtual Desktop, MTM Technologies AnywhereApp, and VMware Horizon Cloud.

Of the DaaS options listed above, Amazon WorkSpaces may be the most affordable choice, or at the very least the most flexible: Many DaaS providers require a minimum number of seats, longer-term commitments, or their prices are simply higher for pay-as-you-go DaaS instances. 

Amazon WorkSpaces, on the other hand, has no minimum term, and prices for a single instance start at $7.25 per month plus 17 cents per hour. 

Like any kind of new technological investment, it’s important to look at each vendor and compare features and pricing to determine what best suits your needs. Amazon WorkSpaces offers a lot of good features, but if you’re not already an AWS customer, it may be better to look at another provider, like MTM Technologies AnywhereApp, which is compatible with AWS, Azure, CenturyLink, and Oracle public clouds. Organizations already operating on Azure would be better suited to using Microsoft’s own Windows Virtual Desktop, and Google Cloud Platform users only have one option from Detwiler’s list: itopia Cloud Automation Stack.

SEE: Virtualization policy (TechRepublic Premium)

Why choose Amazon WorkSpaces over a VDI product?

In the intro to this cheat sheet, I mentioned the battle between virtual desktop infrastructure (VDI) and DaaS, two completely different technologies that perform the same task: Creating virtual desktops for users to work on in place of their local machine.

VDI is not a cloud-based product–it’s the traditional virtualization product installed and operated from an organization’s data center. DaaS is VDI running on a cloud provider’s hardware. In the case of Amazon WorkSpaces, that hardware is owned and operated by Amazon Web Services. 

SEE: DaaS and VDI: New report underscores the high costs and challenges of virtual workforces (TechRepublic)

Several immediate reasons to choose Amazon WorkSpaces over a locally-installed VDI product come to mind immediately, particularly the elimination of in-house hardware dedicated to running VDIs. As organizations grow, VDI hardware may need to be scaled, it can get old and need replacing or repair, data center disasters can occur and cause downtime, and increasingly distributed workforces make managing VDIs difficult for IT teams.

DaaS solutions like Amazon WorkSpaces are just one more data center resource that can be foisted off on the cloud, freeing up space in the server room, eliminating hardware management needs, and ensuring more uptime. As COVID-19 transforms the work world into a largely remote one, DaaS solutions like Amazon WorkSpaces are becoming even more valuable for forward-looking companies that are considering permanently eliminating physical office spaces. In that kind of future, a VDI server is just one more piece of equipment that won’t have anywhere to go but the cloud.

How can I start using Amazon WorkSpaces?

It’s not too difficult to start with Amazon WorkSpaces: Interested parties will need an AWS account, basic knowledge of the AWS console in order to find the WorkSpaces section, and time to customize a WorkSpaces instance for deployment, all of which can be done in the AWS console. 

Amazon provides a helpful getting started with WorkSpaces guide on its website, which includes basic steps, starter projects, and best practices documentation. 

SEE: All of TechRepublic’s cheat sheets and smart person’s guides

How much does it cost to use Amazon WorkSpaces?

Organizations looking to enter the Amazon WorkSpaces DaaS sphere can do so free of charge using the WorkSpaces free tier, which provides two standard bundle WorkSpaces instances for up to 40 combined usage hours per month for two months. After that, the two instances are billed per hour. Educational pricing is also available for qualified Windows educational users, who will receive a discount of $3.52 per user per month, and a 3 cents per user per hour discount on hourly usage. 

Pricing varies greatly based on the type of machine, its specifications, and whether application bundles are needed. For pricing details, check out Amazon’s WorkSpaces pricing page.

Also see