Customers want to use desktop services to deliver business-critical applications and desktops to their end users at scale. Our mission in the Amazon End User Computing (EUC) organization is designed to enable customers to securely get work done from anywhere and from any device.

To help us deliver on this mission, we launched Amazon WorkSpaces Core. WorkSpaces Core offers managed virtual desktop infrastructure designed to work with third-party management solutions. WorkSpaces Core is part of the Amazon WorkSpaces Family services. AWS EUC service offerings within the WorkSpaces Family services share a common infrastructure stack, maximizing customers’ and partners’ flexibility and choice.

In February 2023 we announced Workspot Cloud PCs powered by Amazon WorkSpaces Core. With this integration, you can provision, monitor, and manage your global Cloud PC implementation via the Workspot Control management console. This solution combines Workspot’s enterprise-proven Software-as-a-Service (SaaS) platform for delivering Cloud PCs with the security, global reliability, and cost efficiency of the AWS infrastructure.

In this blog, you will learn how to setup Workspot Cloud PCs powered by WorkSpaces Core. You will build the solution shown in the architecture diagram below. You will setup WorkSpaces Core, deploy the Workspot components, create a Workspot template, and create the WorkSpaces Core desktop pools.

Architecture

Architecture of Workspot integration with Amazon WorkSpaces Core

Prerequisites

  • The latest version of the AWS CLI.
  • An AWS account.
  • An Amazon Virtual Private Cloud (VPC). You can create a new VPC in the region that you are deploying Workspot resources.
  • Permissions to create AWS Identity and Access Management (IAM) roles.
  • Permissions to perform all the WorkSpaces tasks for BYOL Workspaces.
  • Access to Microsoft Active Directory resources in the AWS account.
    • WorkSpaces Core requires Microsoft Active Directory for user authentication.
    • Amazon WorkSpaces also requires Microsoft Active Directory (AD). You can use a standalone domain or a domain trust with an existing AWS Managed Microsoft AD. You can also utilize your existing AD with AD Connector.
  • Access to Workspot Control.
    • Request a Workspot Control account from the Workspot Customer Success Team.
    • Make a note of the Workspot Control email address you’ve requested this with.
    • When the Workspot Customer Success Team replies, they will provide an Amazon Resource Name (ARN) for an IAM user. This user will be used to integrate Workspot Control and Core via IAM AssumeRole.

Integrating Workspot Control and WorkSpaces Core using IAM AssumeRole

  1. Create an IAM policy JSON file and save it as workspot-trust-policy.json. Replace <workspot-arn> with the ARN of the Workspot IAM user sent by the Workspot Customer Success Team.
{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Principal": {
            "AWS": "<workspot-arn>"
        },
        "Action": "sts:AssumeRole"
    }
}
  1. Create an IAM role, take note the ARN created for later use.

aws iam create-role --role-name workspot-admin-role --max-session-duration 43200 --assume-role-policy-document file://workspot-trust-policy.json

  1. Attach additional AWS managed IAM policies to the IAM role.
    • Amazon Elastic Compute Cloud (Amazon EC2) Read Only Access

aws iam attach-role-policy --role-name workspot-admin-role --policy-arn "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"

    • Directory Services Read Only Access

aws iam attach-role-policy --role-name workspot-admin-role --policy-arn "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess"

aws iam attach-role-policy --role-name workspot-admin-role --policy-arn "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin"

  1. Confirm all three policies are attached.

aws iam list-attached-role-policies --role-name workspot-admin-role

  1. Provide the following information back to your Workspot Customer Success Team contact:
    • ARN of the workpot-admin-role.
    • Your AWS Account ID.
    • Region(s) for Amazon WorkSpaces.

The Workspot Customer Success Team will complete the remaining steps for Assumed Roles and Core will appear under Cloud Subscriptions in Workspot Control.

WorkSpaces Core configuration

Below are the steps to set up WorkSpaces Core for this integration. You will configure the account, import an initial image, create a bundle from that initial image, deploy the bundle, install the Workspot agent, and create a final image with all the software we needed.

  1. Your AWS account must be set up for Amazon WorkSpaces Bring Your Own License (BYOL) and Bring Your Own Protocol (BYOP). See BYOL document on how to request BYOL and BYOP.
  2. Configure a security group assigned to your WorkSpaces directory that enables communication between your end users, Workspot Connection Servers, and Amazon WorkSpaces.
  3. Create a WorkSpaces BYOP base image by following the steps 1 through 5 in the WorkSpaces admin guide.
  4. Once the image has been imported into EC2, you will then create a WorkSpace based on that imported Amazon Machine Image (AMI).
  5. Import the image into Amazon WorkSpaces using the AWS Command Line Interface (CLI) found in the reference documentation. (Note, the WorkSpaces console is not supported for BYOP image imports. You must use ingestion-process switch BYOL_REGULAR_BYOP or BYOL_GRAPHICS_G4DN_BYOP).
    aws workspaces import-workspace-image --ec2-image-id ami-xxxxxxxxxx --ingestion-process BYOL_REGULAR_BYOP --image-name win10-ent-img01 --image-description “Windows 10 Enterprise” --region region-id
  6. Capture the WorkSpace image and then create a custom bundle.
  7. The custom bundle is used to deploy WorkSpaces. You can create the custom bundle through the AWS Management Console or using the CLI.
    aws workspaces create-workspace-bundle --bundle-name win10-bundle-workspot --bundle-description “Workspot - Windows 10” --image-id wsi-xxxxxxxxx --compute-type “Name=STANDARD” --user-storage “Capacity=10”
  8. Deploy a WorkSpace using the custom BYOP bundle .
    • Make a note of the WorkSpace IP address and computer name. You will need them later when contacting your Workspot Customer Success Team.
  9. Remotely connect to the BYOP WorkSpace. Since no WorkSpaces protocols are installed by the BYOP import process, you will need to connect to the desktop using the Remote Desktop Protocol (RDP).
  10. Install and configure the Workspot agent:
    • Download the latest Workspot Agent.
    • Install Agent as an Administrator and provide your Workspot Control Admin credentials (see Workspot Agent Installation and Configuration).
    • As an administrator, browse to the C:\Program Files\WorkspotAgent folder.
    • Launch WorkspotConfigEditor.exe.
    • Select the option for “Do Not Domain Join” and choose “Submit.”
  11. Once the Workspot agent has been installed and configured, create another WorkSpaces custom image.
  12. Create a WorkSpaces bundle with the image containing the Workspot agent, per step 6 previously.
    • Make a note of the Workspot bundle name, Workspot bundle id, and bundle configuration (vCPU, RAM, Storage). You will need them later when contacting your Workspot Customer Success Team.
  13. Your Workspot Customer Success Team will use this image to create a template. To do this reach out to to your Workspot Customer Success Team contact and provide the below information.
    • IP address – the IP address of the WorkSpace used to create the Workspot BYOP image
    • Computer name – the computer name of the WorkSpace used to create the Workspot BYOP image
    • Bundle name – the WorkSpaces bundle name using the Workspot BYOP image
    • Bundle id – the WorkSpaces bundle id using the Workspot BYOP image
    • Bundle configuration – the WorkSpaces bundle configuration (vCPU, RAM, Storage)
    • Workspot Control admin email – Workspot Control administrator’s email address
    • Region – the AWS Region in which the bundle has been created

Setup Workspot Enterprise Connector and Workspot RD Gateway setup

  1. Create an Amazon EC2 instance in the Workspot infrastructure VPC and install the Workspot Enterprise Connector. See Workspot Enterprise Connector for steps.
  2. Create an Amazon EC2 instance in the Workspot infrastructure VPC and install the Microsoft Remote Desktop Gateway role. Contact the Workspot Customer Success Team for guidance and assistance.
  3. Add the Remote Desktop Gateway configuration in Workspot Control by navigating to Setup then RD Gateway then Add RD Gateway.

The Workspot Customer Success Team should have created your Workspot template, for the previous steps, under Manage Subscriptions.

Create Desktops in Workspot Control

  1. In Workspot Control, navigate to Resources then Add Pool.
  2. Create the pool as described in Workspot documentation, Control: Desktop Pools.
  3. Once the pool is created, choose Resources then select your pool name to see the individual desktops. Assign desktops to end-users.
  4. Desktops are provisioned on assignment.

Connecting to Workspot Cloud PCs with the Workspot Client

  1. On a client machine, download and install the latest Workspot client for your operating system.
  2. Login to the desktop.

Clean up

To clean up the environment you built following this blog, terminate the 2 Amazon EC2 instances running the Workspot Enterprise Connector and Workspot RD Gateway and terminate any WorkSpaces Core instances.

Conclusion

In this blog, you integrated Workspot Control and Amazon WorkSpaces Core. You then created a WorkSpaces Core instance with the Workspot agent installed on it and associated it to a Workspot template. You then deployed an Workspot Enterprise Connector and Workspot RD Gateway, and deployed an instance for your user. This solution combines Workspot’s enterprise-proven SaaS platform for delivering Cloud PCs with the security, global reliability, and cost efficiency of the AWS infrastructure.

Ivan O'MahonyIvan O’Mahony is a Senior Product Manager for AWS End User Computing services, specifically Amazon WorkSpaces Core. He helps partners build and scale their cloud solutions for end customers using AWS services.
Andrew KlomanGlobal Technology Lead, Digital Workplace Partners – Partner Solutions Architect at Amazon Web Services



Original article Source link

TivuStream affiliate Alcuni dei link che compaiono sul sito od articoli sono link di affiliazione dai quali, in caso di acquisto o sottoscrizione, TivuStream percepisce una commissione commisurata al tipo, durata ed importo dell'acquisto-sottoscrizione.
Visualizzazioni: 0

0 commenti

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *