© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Nick Frank, Practice Lead Mobility and End User Computing, AHEAD

Normann Vogel, Senior System Architect, Informa

November 30, 2016

ENT201

Deploying Amazon WorkSpaces at Enterprise

Scale to Deliver a New Desktop Experience

What to Expect from the Session

• Case study featuring Informa:

A Global Leader in Business Intelligence

• Architecture decision points

• Example architecture diagrams and

configurations

• Key considerations for a successful design

and implementation

About the speakers

Nick Frank

Practice Lead Mobility and End User Computing, AHEAD

• Leads solutions and services at AHEAD based in Chicago

• 9 years in Architecture, Design, and Implementation for EUC and

VDI solutions

Normann Vogel

Senior System Engineer, Informa• Senior System Engineer Mobility & Desktop, Informa

• Principal Engineer for AWS-based VDI solutions

• 5 years experience in shifting enterprise services and

workloads into AWS

Informa

Current state prior to Amazon WorkSpaces

project

• Was current AWS customer

• 60% hosted on AWS

• Running 650+ Server 2008R2 Amazon WorkSpaces in prod

• Migrating to Office 365

• Migrating to Windows 10

• Global growth via acquisition

• Expanding user population in US

Informa

Use case overview

Migration Standardize

BYODEnable 50% of users

by end of 2017

Automation

Provisioning, de-provisioning, etc.

Monitoring

In-guest OS metrics and support

From Citrix and physical PCs

Windows 10

AHEAD

Initiative approach

• We must identify and answer key decision points before

we can move forward

• Automation and Lifecycle are required to be successful

• Always plan to fail – AWS Advice

• Plan for region failover, not AZ failover

“Plans are worthless; planning is everything” – Dwight D. Eisenhower

Informa

Global footprint – deploy to three regions

Ireland

Singapore

East Coast

• Decision based on PCoIP Thresholds for performance

• Less than 100 ms = Fast

• More than 200 ms = Unacceptable

Informa

Environmental design considerations

• How do we build VPCs?

• Transit vs. AWS Direct Connect VPCs

• How did we define subnets, Active Directory connectors,

and network groups?

• Why did we decide to use application layering to

manage application presentation?

Transit VPC

Single direct connect back to

on-premises data center

Benefits:

• Simplify network topology

• Provides cross-region VPC

connectivity

• Create single direct connect to on-

premises data center

Informa

VPC decision – What is best for you?

AWS Direct Connect VPC

Create individual direct connects for all

VPCs back to on-premises data center

Benefits:

• Allows for cost transparency per direct

connect

Informa

Transit VPC logical architecture

Informa

Transit VPC architecture

• Transit VPC Architecture Summary

• Leverage security appliances for layer 7 filtering

• Control access to application instances or application VPCs from

Amazon WorkSpaces

• VPC peering only if no content filtering required

• Simplify Direct Connect usage and billing

Transit VPC How To: https://aws.amazon.com/answers/networking/transit-vpc/

Informa

How do we manage applications?

• Tie application entitlements to AD security groups

• Allows for automation and simplified management

• Centrally manage applications across regions from a

globally accessible file share

• Accomplishes DR and Application availability requirements

• Single image management

• One app = one VHD file

• Leverage versioning for lifecycle and rollback functionality

Conclusion: You need a 3rd-party tool

AHEADApplication layering and file services architecture

AHEAD

Implementation considerations

• How do we automate from day 1?

• How do we configure our Active Directory Connectors?

Informa

What ServiceNow workflows did we design?

Amazon WorkSpace Creation

• Create a new Amazon WorkSpace from a custom bundle

• Integrate with custom tagging for cost management and

chargeback

Amazon WorkSpace Rebuild

• Reset existing workspace back to previous snapshot (taken every

12 hours)

• This is only a stopgap and not a replacement for desktop backups

Amazon WorkSpace Decommission

• Delete the WorkSpace – User data and applications are redirected

• Configure ServiceNow to remove computer object and user

accounts from AD

Informa

How should we configure our ADCs?

• Each Active Directory Connector (ADC) requires:

• Two Subnets

• One Bind DN

• Service account to create machine objects

• Must point to a single Organizational Unit (OU) (this should

be dedicated to Amazon WorkSpaces)

• Each AD domain requires a separate ADC (at a

minimum).

• Be careful: You cannot change IP subnets after the fact.

When you are out of IPs you need to create a new ADC.

AHEAD

Monitoring solutions

Use multiple monitoring solutions to get the

complete picture

• Leverage Amazon CloudWatch for

infrastructure performance

• Evaluate 3rd-party solutions that can perform

remote assistance

• Evaluate 3rd-party solutions that can kill

in-guest OS processes

Manage Your WorkSpaces

Monitoring success

• Know your KPIs – With thresholds for alerting

• CPU utilization per process – 100% utilization for 5+ seconds

• PCoIP RTT latency – 100 ms or more

• PCoIP Bandwidth – 500 Kbps per second

• Memory usage per application – Depends…but size per

bundle

• and more!

• Reporting and alerting

• Be both proactive and reactive

Conclusion

AHEAD and Informa

Conclusion and lessons learned

• Summary of Informa roll out – current progress

23

HELPING YOU ACCELERATE ADOPTION OF AWS IN THE ENTERPRISE

DevOpsAmazon

WorkSpacesServiceNow

Visit AHEAD at Booth #1037

Thank you!

Remember to complete

your evaluations!