AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop...
-
Upload
amazon-web-services -
Category
Technology
-
view
213 -
download
2
Transcript of AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop...
![Page 1: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Nick Frank, Practice Lead Mobility and End User Computing, AHEAD
Normann Vogel, Senior System Architect, Informa
November 30, 2016
ENT201
Deploying Amazon WorkSpaces at Enterprise
Scale to Deliver a New Desktop Experience
![Page 2: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/2.jpg)
What to Expect from the Session
• Case study featuring Informa:
A Global Leader in Business Intelligence
• Architecture decision points
• Example architecture diagrams and
configurations
• Key considerations for a successful design
and implementation
![Page 3: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/3.jpg)
About the speakers
Nick Frank
Practice Lead Mobility and End User Computing, AHEAD
• Leads solutions and services at AHEAD based in Chicago
• 9 years in Architecture, Design, and Implementation for EUC and
VDI solutions
Normann Vogel
Senior System Engineer, Informa• Senior System Engineer Mobility & Desktop, Informa
• Principal Engineer for AWS-based VDI solutions
• 5 years experience in shifting enterprise services and
workloads into AWS
![Page 4: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/4.jpg)
![Page 5: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/5.jpg)
![Page 6: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/6.jpg)
Informa
Current state prior to Amazon WorkSpaces
project
• Was current AWS customer
• 60% hosted on AWS
• Running 650+ Server 2008R2 Amazon WorkSpaces in prod
• Migrating to Office 365
• Migrating to Windows 10
• Global growth via acquisition
• Expanding user population in US
![Page 7: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/7.jpg)
Informa
Use case overview
Migration Standardize
BYODEnable 50% of users
by end of 2017
Automation
Provisioning, de-provisioning, etc.
Monitoring
In-guest OS metrics and support
From Citrix and physical PCs
Windows 10
![Page 8: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/8.jpg)
AHEAD
Initiative approach
• We must identify and answer key decision points before
we can move forward
• Automation and Lifecycle are required to be successful
• Always plan to fail – AWS Advice
• Plan for region failover, not AZ failover
“Plans are worthless; planning is everything” – Dwight D. Eisenhower
![Page 9: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/9.jpg)
Informa
Global footprint – deploy to three regions
Ireland
Singapore
East Coast
• Decision based on PCoIP Thresholds for performance
• Less than 100 ms = Fast
• More than 200 ms = Unacceptable
![Page 10: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/10.jpg)
Informa
Environmental design considerations
• How do we build VPCs?
• Transit vs. AWS Direct Connect VPCs
• How did we define subnets, Active Directory connectors,
and network groups?
• Why did we decide to use application layering to
manage application presentation?
![Page 11: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/11.jpg)
Transit VPC
Single direct connect back to
on-premises data center
Benefits:
• Simplify network topology
• Provides cross-region VPC
connectivity
• Create single direct connect to on-
premises data center
Informa
VPC decision – What is best for you?
AWS Direct Connect VPC
Create individual direct connects for all
VPCs back to on-premises data center
Benefits:
• Allows for cost transparency per direct
connect
![Page 12: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/12.jpg)
Informa
Transit VPC logical architecture
![Page 13: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/13.jpg)
Informa
Transit VPC architecture
• Transit VPC Architecture Summary
• Leverage security appliances for layer 7 filtering
• Control access to application instances or application VPCs from
Amazon WorkSpaces
• VPC peering only if no content filtering required
• Simplify Direct Connect usage and billing
Transit VPC How To: https://aws.amazon.com/answers/networking/transit-vpc/
![Page 14: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/14.jpg)
Informa
How do we manage applications?
• Tie application entitlements to AD security groups
• Allows for automation and simplified management
• Centrally manage applications across regions from a
globally accessible file share
• Accomplishes DR and Application availability requirements
• Single image management
• One app = one VHD file
• Leverage versioning for lifecycle and rollback functionality
Conclusion: You need a 3rd-party tool
![Page 15: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/15.jpg)
AHEADApplication layering and file services architecture
![Page 16: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/16.jpg)
AHEAD
Implementation considerations
• How do we automate from day 1?
• How do we configure our Active Directory Connectors?
![Page 17: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/17.jpg)
Informa
What ServiceNow workflows did we design?
Amazon WorkSpace Creation
• Create a new Amazon WorkSpace from a custom bundle
• Integrate with custom tagging for cost management and
chargeback
Amazon WorkSpace Rebuild
• Reset existing workspace back to previous snapshot (taken every
12 hours)
• This is only a stopgap and not a replacement for desktop backups
Amazon WorkSpace Decommission
• Delete the WorkSpace – User data and applications are redirected
• Configure ServiceNow to remove computer object and user
accounts from AD
![Page 18: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/18.jpg)
Informa
How should we configure our ADCs?
• Each Active Directory Connector (ADC) requires:
• Two Subnets
• One Bind DN
• Service account to create machine objects
• Must point to a single Organizational Unit (OU) (this should
be dedicated to Amazon WorkSpaces)
• Each AD domain requires a separate ADC (at a
minimum).
• Be careful: You cannot change IP subnets after the fact.
When you are out of IPs you need to create a new ADC.
![Page 19: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/19.jpg)
AHEAD
Monitoring solutions
Use multiple monitoring solutions to get the
complete picture
• Leverage Amazon CloudWatch for
infrastructure performance
• Evaluate 3rd-party solutions that can perform
remote assistance
• Evaluate 3rd-party solutions that can kill
in-guest OS processes
![Page 20: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/20.jpg)
Manage Your WorkSpaces
Monitoring success
• Know your KPIs – With thresholds for alerting
• CPU utilization per process – 100% utilization for 5+ seconds
• PCoIP RTT latency – 100 ms or more
• PCoIP Bandwidth – 500 Kbps per second
• Memory usage per application – Depends…but size per
bundle
• and more!
• Reporting and alerting
• Be both proactive and reactive
![Page 21: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/21.jpg)
Conclusion
![Page 22: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/22.jpg)
AHEAD and Informa
Conclusion and lessons learned
• Summary of Informa roll out – current progress
![Page 23: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/23.jpg)
23
HELPING YOU ACCELERATE ADOPTION OF AWS IN THE ENTERPRISE
DevOpsAmazon
WorkSpacesServiceNow
Visit AHEAD at Booth #1037
![Page 24: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/24.jpg)
Thank you!
![Page 25: AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)](https://reader031.fdocuments.in/reader031/viewer/2022030306/586f7b1f1a28ab10258b76b9/html5/thumbnails/25.jpg)
Remember to complete
your evaluations!