There’s a lot to like about Amazon Workspaces. It’s easy to get started, there are a variety of different instance types available, there’s a persistent user disk, and the user experience is great, among other things. It’s no wonder Amazon is putting as many resources into it as they are, and they’re gaining quite a lot of attention because of it. There are, however, some places that FSLogix can improve the Workspace experience, and that’s the point of this article.
About Amazon Workspaces
First, let’s take a look at how Amazon Workspaces are managed. Workspaces desktops are effectively persistent desktops. They are full copies of a base image, after which time they are left to be managed by the same means you’d use to manage any other traditional desktop. Workspaces desktops belong to a domain, and you can either use your existing AD, stand up a new one in AWS, or use AWS’ Managed AD service. Apps can be pushed to it via SCCM or AWS WAM, for example, and updates can be done by WSUS.
Additionally, all user data is stored in a persistent location separate from the base image, so it isn’t locked specifically to a Workspaces desktop instance. This user data is backed up via snapshot every 12 hours, so it can restored independently of the OS.
Pushing out a new base image is possible, and the process of doing this is what Workspaces calls a “rebuild,” which replaces the OS and reverts the user’s persistent storage to the most recent snapshot, which can be as old as 12 hours. This process, by which the OS image is copied in full to each VM, can take upwards of 20 minutes, and, depending on what user data has been saved to the persistent storage since the last snapshot, can result in lost information (Amazon recommends that users store their personal data in WorkDocs or some other location not specifically tied to Workspaces). In other words, a rebuild is something you do in an emergency, not as a best-practice way of managing desktops.
This approach is useful for companies that are accustomed to managing desktops individually, but for companies that are used to pushing out application and OS updates by updating the base image, having to do a rebuild each time a new image is deployed (with the risk of losing user data) can be a showstopper. Depending on your strategy, you could also end up with either a number of base images, or lots of individual desktops and their differing combinations of applications to manage.
Additionally, each instance of Workspaces is tied to a specific region, so a Workspaces environment created in US West will always reside in US West. This isn’t a problem if your users all work in the US West region, but if they travel their desktops won’t automatically follow them. This may not be a huge deal if the travel is to adjacent regions, but in large organizations with users around the world, having all your users access a single region means that someone, somewhere will likely have a degraded user experience.
Currently, moving Workspaces desktops between regions involves standing up a new Workspaces instance in a region, then copying their user data either directly to the new instance (if the security between instances is configured properly) or by copying the user data to a third-party location, then back to the new instances. This is a manual process, so if this user is spending a week in London, when that week is up, you’d have to reverse the process to get the user data back to the US West region.
How FSLogix can help
Despite these constraints, Amazon Workspaces can be a powerful tool for an organization, and by combining it with the features of the FSLogix Apps suite, Workspaces can be used in more situations, with greater ease, than ever before.
For example, our App Masking product will allow you to build a base image with all of your applications on it. Then, using the directory that comes with Workspaces, you can hide/show applications on a per user or group basis, meaning all your users can share the same base image so you only have one image to maintain. The same applies to Java Control, which, if you run multiple versions of Java in your organization, means that you require a separate base image with each version. FSLogix Java Control lets you collocate different versions of Java on the same image and map them to specific applications or URLs.
Admittedly, App Masking and Java Control alone don’t solve the problem of the rebuilds or regional availability. In fact, if managing a single image and pushing that out to your users is the goal, it will result in more rebuilds than Amazon intended when they devised their platform. Fortunately, FSLogix Profile Container can help with both problems.
FSLogix Profile Container places the entire user profile in a VHD file that lives on a Windows file server. In addition to the user profile, individual folders/files outsides the user profile that need to follow a user (for example, from poorly-written apps that place user data in Program Files) can be placed in the container as well. Using this approach with a file server in EC2 (leveraging S3, EFS, or EBS), user data can now be stored in a container that is always up-to-date and persistent between rebuilds. Since the rebuild process copies the base image to all the VMs, they’ll still take time to complete, but there will be no risk of losing data that changed since the last snapshot.
Additionally, with the profile data stored in EC2, it can be easily replicated around to other regions within AWS, meaning you can stage the users’ data in any region from which they’ll be using a Workspaces desktop. You’ll still need to create a new Workspaces instance in the appropriate region, but you can use your same base image with App Masking and connect the user to the same data they would have in their home region.
You can even use our new Cloud Cache technology to stage the data if you don’t want to use AWS’ own functionality to replicate the data between regions. By simply configuring multiple storage locations (which in this case are SMB file servers that reside in various EC2 regions), you can make sure your users’ data is in all the locations it needs to be, all the time.
Amazon Workspaces is a fantastic platform for cloud-based desktops, and using it with FSLogix can add the functionality that can make it a truly global, enterprise-class solution. AWS is a valued partner of ours, and we look forward to working with them on additional ways that we can enhance their offering. If you'd like to try out FSLogix's App Masking, Profile Container, or any of our products, head over to our eval page.