AWS Workspaces – What You Need to Know

  • On June 15, 2018

Brief description

Amazon started selling the Windows Desktop-as-a-Service (DaaS) to consumers via Amazon Workspaces. The DaaS is a service where Amazon lets you create virtual desktops accessible from every point of the world, from practically every smart (-ish) device or computer. As it still gains traction and adoption, here is what you need to know about Amazon Workspaces before your competitors do.


Amazon Workspaces offers a desktop experience comparable to the one you’d have while working on your physical computer. There is a great video straight from AWS that describes the main idea. You can find it here.

Desktops are being delivered via PCoIP.

IT professionals have a great experience in managing each user and deploy persistent sessions. With Amazon Workspaces, desktop management is simplified and as this can either be integrated with an on-prem Active Directory for user authentication and user restrictions through use of group policies. Directories managed by Amazon Workspaces can also be created to manage authentication.

What do you need to know about Amazon Workspaces?

Amazon Workspaces packages

IT administrators have the power to create virtual desktops that look like windows 7. The desktops are instances of the windows server 2008 R2. Amazon workspace offers a variety of packages;

  • Standard option– includes 1vCPU (virtual CPU) with 4GB RAM, with a root volume of 80GB and 10GB user volume.
  • Performance option -for 2vCPUs and 8 GB RAM, with a root volume of 80GB and 10GB user volume.
  • Power option – 4vCPUs and 16GB RAM, with a root volume of 80GB and a user volume of 10GB.
  • Graphics option – 8 vCPU and 15 GB RAM, 1 GPU, 4 GB Video Memory with a root volume of 100GB and user volume of 100GB.

Our observations on the Standard edition are that the resources it provides are quite sufficient for most of the office applications – Word, Excel, browsing.

There is a default application bundle that has internet explorer, 7-zip and Firefox offered at no additional cost. Plus application bundle has Microsoft Office Professional, Trend Micro as the antivirus and the utilities which are Internet Explorer 11 that costs an additional $15.

You can manage applications in Amazon workspace suing Application manager. It includes provisioning of the application or removal from the workspace and any policy that applies to each workspace. Some applications may be obtained from Amazon marketplace and deployed to the workspace.

With Amazon workspace, you get to enjoy the pay as you go option and billing is done hourly or on a monthly basis. Note that billing is prorated for the first month.


More flexibility calls for an additional $15 to get Microsoft office 2010 professional and the Trend Micro antivirus. Alternatively, if you don’t want to pay AWS, you can get just the hardware option and obtain the applications from other sources and install them yourself.

You can bring your own Windows 7 and Windows 10 license and only acquire the hardware option for your workspace. It saves you up to $4 per month per user.

Remote connection

Teradicis PC powers the remote access to the Amazon workspaces over IP protocol. Alternatively, you can use Amazon’s software clients for all the major operating systems including Android, Kindle and OS X. The mobile OS’s (kindle and Android) support are attaching input devices, e.g. keyboards and touchpads.

The CEO of Teradici, Dan Cordingley said that Teradici has made their entire technology division available to Amazon but to know the detail of the deal, you have to talk to Amazon. It may mean that Amazon could be using Teradici Software encoders, hardware chips, PC over IP gateway, Network QoS stuff infused with Cisco, Riverbed and F5.


Any cloud consideration comes with many security fears and with very many requirements to comply with International security standards, and regulations call for scrutiny if Amazon workspace indeed complies with this regulations.

The good news is that Amazon workspace complies with most of this regulations. Amazon confirms compliance with PCI DSS and, HIPAA.

Multi-factor authentication is supported to add another layer of security for any user accessing Amazon workspace.

You can limit what devices can have access to the workspace through the configuration of trusted devices


When you get your Daas, you get to have full administrative rights over your VMs. Due to Microsoft’s licensing policies; you have to host single-user servers. You can then install any applications you want.

What does Amazon means when they say that their service (Amazon Workspaces) images are fully managed? Amazon once said in their technical description that they patch and maintain the product but the main question is, how do they do that when you connect the instance to your domain?

By default windows, the update is enabled. You can maintain your patching schedule or use any third party application to manage the patching.

The Workspace management console lets you manage all activities like a reboot, provision new workspace, and delete workspace. You can use Microsoft Active directory tools like Group policy to manage the workspace.

For more natural management, tags can be used to categories the workspace depending on the needs of an organisation. 50 tags per each workspace can be assigned.


As for the Service Level Agreement (SLA) agreement, there was no specific SLA for workspaces. The standard EC2 SLA allows for 4 hours of downtime monthly before they give you a 10% service credit. However, the S3 SLA allows for 8 hours downtime monthly before you are given credit.


Amazon claims to backup My Documents folder automatically to S3. Questions include; does Amazon allow users to access their files from an S3 client directly? Do system administrators have the power to perform specific point file level restores? Can we add more folders to the S3 bucket? Moreover, finally, can we change the automatic backup to save to Dropbox instead?

We are yet to see if this questions will be answered with new releases of Amazon Workspace.

Amazon workspace provides an option to rebuild the workspace which is recovered to the last snapshot that is automatically scheduled to run every 12hours. Any applications installed after the snapshot was taken is lost. Using IAM users, the task of rebuilding can be delegated or assigned accordingly.

Users can access user Workspace sync to automatically sync data from the Workspace to their local computer which can also be used to restore files in case of any eventuality.

Customers feel confident knowing that their data is safe in case of any hardware failure.


Amazon Workspaces is changing the way we think about Daas, and with Daas scheduled to take the world by storm, Amazon is already putting the idea of Daas into everyone’s head. Given amazon’s significant efforts in technology and the various processes around Daas, People are more inclined to use it since it’s cheaper than creating your Virtual Desktop Infrastructure (VDI). Pay for what you need and what you use, that’s it! No more upfront or hidden costs.

So head on over to the Amazon Workspaces site and check the offers and product details they offer.