Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)

2,095 views

Published on

Your enterprise has decided it is exiting the traditional desktop business and migrating to Amazon WorkSpaces. Your challenge: how do you provide end users a high quality experience using DaaS while integrating key enterprise services? Focusing on user adoption and simplified operational management DaaS offers significant benefits over traditional physical desktops and VDI solutions. These benefits include hourly consumption pricing, sizing flexibility, linear scalability, and simplified management.

We will dive into the methodology and design decisions that Informa, a global leader in business intelligence and part of the Information Economy, made to migrate to Amazon WorkSpaces. The goal of this strategy for Informa was to provide their end users with a Windows 10 desktop that could scale across three AWS regions.

Following this session you will be equipped with a methodology for migrating to Amazon WorkSpaces and key design decision points that will assist your organization in rolling out this service for your end users. Best practices will be presented and there will be discussion on the capabilities required to build an enterprise-scale solution around WorkSpaces. All of this will include the fundamental value proposition AWS has brought to market with their industry-leading DaaS offering. Session sponsored by AHEAD.

Published in: Technology
  • Be the first to comment

AWS re:Invent 2016: Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience (ENT201)

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Nick Frank, Practice Lead Mobility and End User Computing, AHEAD Normann Vogel, Senior System Architect, Informa November 30, 2016 ENT201 Deploying Amazon WorkSpaces at Enterprise Scale to Deliver a New Desktop Experience
  2. 2. What to Expect from the Session • Case study featuring Informa: A Global Leader in Business Intelligence • Architecture decision points • Example architecture diagrams and configurations • Key considerations for a successful design and implementation
  3. 3. About the speakers Nick Frank Practice Lead Mobility and End User Computing, AHEAD • Leads solutions and services at AHEAD based in Chicago • 9 years in Architecture, Design, and Implementation for EUC and VDI solutions Normann Vogel Senior System Engineer, Informa • Senior System Engineer Mobility & Desktop, Informa • Principal Engineer for AWS-based VDI solutions • 5 years experience in shifting enterprise services and workloads into AWS
  4. 4. Informa Current state prior to Amazon WorkSpaces project • Was current AWS customer • 60% hosted on AWS • Running 650+ Server 2008R2 Amazon WorkSpaces in prod • Migrating to Office 365 • Migrating to Windows 10 • Global growth via acquisition • Expanding user population in US
  5. 5. Informa Use case overview Migration Standardize BYOD Enable 50% of users by end of 2017 Automation Provisioning, de- provisioning, etc. Monitoring In-guest OS metrics and support From Citrix and physical PCs Windows 10
  6. 6. AHEAD Initiative approach • We must identify and answer key decision points before we can move forward • Automation and Lifecycle are required to be successful • Always plan to fail – AWS Advice • Plan for region failover, not AZ failover “Plans are worthless; planning is everything” – Dwight D. Eisenhower
  7. 7. Informa Global footprint – deploy to three regions Ireland Singapore East Coast • Decision based on PCoIP Thresholds for performance • Less than 100 ms = Fast • More than 200 ms = Unacceptable
  8. 8. Informa Environmental design considerations • How do we build VPCs? • Transit vs. AWS Direct Connect VPCs • How did we define subnets, Active Directory connectors, and network groups? • Why did we decide to use application layering to manage application presentation?
  9. 9. Transit VPC Single direct connect back to on-premises data center Benefits: • Simplify network topology • Provides cross-region VPC connectivity • Create single direct connect to on- premises data center Informa VPC decision – What is best for you? AWS Direct Connect VPC Create individual direct connects for all VPCs back to on-premises data center Benefits: • Allows for cost transparency per direct connect
  10. 10. Informa Transit VPC logical architecture
  11. 11. Informa Transit VPC architecture • Transit VPC Architecture Summary • Leverage security appliances for layer 7 filtering • Control access to application instances or application VPCs from Amazon WorkSpaces • VPC peering only if no content filtering required • Simplify Direct Connect usage and billing Transit VPC How To: https://aws.amazon.com/answers/networking/transit-vpc/
  12. 12. Informa How do we manage applications? • Tie application entitlements to AD security groups • Allows for automation and simplified management • Centrally manage applications across regions from a globally accessible file share • Accomplishes DR and Application availability requirements • Single image management • One app = one VHD file • Leverage versioning for lifecycle and rollback functionality Conclusion: You need a 3rd-party tool
  13. 13. AHEAD Application layering and file services architecture
  14. 14. AHEAD Implementation considerations • How do we automate from day 1? • How do we configure our Active Directory Connectors?
  15. 15. Informa What ServiceNow workflows did we design? Amazon WorkSpace Creation • Create a new Amazon WorkSpace from a custom bundle • Integrate with custom tagging for cost management and chargeback Amazon WorkSpace Rebuild • Reset existing workspace back to previous snapshot (taken every 12 hours) • This is only a stopgap and not a replacement for desktop backups Amazon WorkSpace Decommission • Delete the WorkSpace – User data and applications are redirected • Configure ServiceNow to remove computer object and user accounts from AD
  16. 16. Informa How should we configure our ADCs? • Each Active Directory Connector (ADC) requires: • Two Subnets • One Bind DN • Service account to create machine objects • Must point to a single Organizational Unit (OU) (this should be dedicated to Amazon WorkSpaces) • Each AD domain requires a separate ADC (at a minimum). • Be careful: You cannot change IP subnets after the fact. When you are out of IPs you need to create a new ADC.
  17. 17. AHEAD Monitoring solutions Use multiple monitoring solutions to get the complete picture • Leverage Amazon CloudWatch for infrastructure performance • Evaluate 3rd-party solutions that can perform remote assistance • Evaluate 3rd-party solutions that can kill in-guest OS processes
  18. 18. Manage Your WorkSpaces Monitoring success • Know your KPIs – With thresholds for alerting • CPU utilization per process – 100% utilization for 5+ seconds • PCoIP RTT latency – 100 ms or more • PCoIP Bandwidth – 500 Kbps per second • Memory usage per application – Depends…but size per bundle • and more! • Reporting and alerting • Be both proactive and reactive
  19. 19. Conclusion
  20. 20. AHEAD and Informa Conclusion and lessons learned • Summary of Informa roll out – current progress
  21. 21. 23 HELPINGYOU ACCELERATE ADOPTION OF AWS INTHE ENTERPRISE DevOps Amazon WorkSpaces ServiceNow Visit AHEAD at Booth #1037
  22. 22. Thank you!
  23. 23. Remember to complete your evaluations!

×