AWS re:Invent 2020: Getting started with Amazon AppStream 2.0 and Amazon WorkSpaces

Hi, I'm Carla Blickensderfer, a member of the worldwide specialist
organization for end-user computing. I've been with Amazon
for almost four years and had been in various roles in the Amazon Web Services
and user computing organization. I started out as the North America
End-user Computing Partner Lead, then I moved into the End-user
Computing Sales organization. And now I'm a member of the Worldwide Specialist Organization
for End-user Computing. Later in the presentation,
I will be joined by Jeff Ferris, the worldwide Technical Leader
for AWS and User Computing. Jeff will give us a demonstration
of the AWS EUC services. Thank you so much for joining
our session today to talk about moving
your end users to AWS in user computing services. Let's get started. The data center is changing. Today, millions of
customers just like you are running solutions on AWS, which is the world's
most comprehensive and broadly adopted cloud. These customers include some
of the fastest growing start-ups, largest enterprises,
and leading government agencies who have moved from on-premise
data centers to AWS. And they've done so
for the following reasons.

The elasticity and agility
that is gained from AWS versus an on-premise
infrastructure is second to none. If you look at most companies
on-premise infrastructure to get a server typically takes
10 to 12 weeks or more. Then you have to build all the surrounding infrastructure
software components, like compute and storage, database,
analytics, machine learning. In the cloud, you can provision
thousands of servers in minutes. So, you get from idea
to implementation much faster. Another reason the data center
is changing is cost optimization. With traditional infrastructure,
you have to make decisions like: Do I provision on the low side
and worry about outages? Or do I build for peak capacity
which may sit unused? In the cloud, you just provision
what you need. If it turns out you need less,
you stop paying for it.

Many companies have a global presence
and need to support any country specific data
sovereignty requirements. AWS scales globally. Cloud security at AWS
is the highest priority. One of the great
things about AWS is that customers inherit
all the best practices of the AWS policies, architecture,
and operational processes built to satisfy the requirements of our most security
sensitive customers. Finally, AWS's reliability is proven. It's one of the main reasons
AWS has grown so fast. We build data centers
in multiple geographic regions as well as across multiple
availability zones within each region, to offer maximum resiliency
against system disruptions. And we design our data centers with significant access
bandwidth connections, so that if you have a major
disruption or if that occurs, there's sufficient capacity to enable
traffic to be load balanced to the remaining sites. Because we want to minimize
the impact on customers. Not only is the data center changing,
the way we work is changing.

The globalization of the economy
has driven the need to work from anywhere,
with anyone at any time. Today's workforces
increasingly mobile. People are working
remotely, on the go, moving from one project to the next, and collaborating across borders,
time zones and organizations. Organizations are increasingly
looking for options for employees to work
securely from any location. In fact, one in five jobs are now
being held by contractors. And 79% of organizations expect
an increase and merger and acquisition activity. And 70% of the workforce
is working remotely. Thus, security is becoming
increasingly challenging. You're trying to manage a user base
that's constantly changing, and the desktops and the notebooks,
applications and files and content each user needs, traveling around
the globe and outside your network or even within their homes. Companies want to follow the users
without compromising security, especially when 1 in 3
data breaches today are due to lost and stolen devices. Customers tell us
that these three things, changing the data center,
changing the workforce, and increasing security challenges are what's driving them to move
end-user computing to the cloud.

Half of all IT decision makers
are choosing to move their end-user computing to solutions
like desktop as a service or VDI. And this is up from 43%
just two years ago. With the data center changing
and the way that we work is changing, why are customers choosing AWS? Organizations are increasingly
looking for options for employees to work
securely from any location. And whether it's to support
work from anywhere, global workforce collaboration, or to ensure business continuity
in the face of disasters, organizations want
remote work solutions that they can depend on. Customers are choosing AWS to realize
many of the same core AWS benefits that they cannot get
from on-premise solutions. You may be thinking:
like what benefits? Moving to the cloud can provide
a better user experience by co-locating user desktops,
applications and data.

But it goes far beyond that. Increasing the agility to support
onboarding and off boarding of contractors and users
from around the world is a benefit, in addition to optimizing costs
by moving from massive capital expenditures for VDI
servers or physical PCs to a pay-as-you-go pricing model. As customers enable remote employees by deploying their solutions
in AWS regions across the world. Another benefit is improving security due to moving corporate data from on-premise VDI servers
and user devices to AWS. And this also improves reliability. Let's dive into how these benefits
empower in user computing.

Many customers find choosing AWS simply provides a better
user experience. You can let users securely work
from anywhere in the world with highly
responsive experience because your desktops, applications,
files are next to your data on AWS. Secondly, customers tell us agility
and elasticity are hard to achieve with on-premise VDI or physical PCs. When contractors
or new employees start from a merger
or acquisition activity, they need their desktops,
applications, files and content as soon as possible. But it takes months to onboard
new users sometimes, and when you're buying,
imaging, shipping and supporting devices
all over the world, or building out multiple data centers
for traditional VDI deployments, this can take time. With AWS, there's no hardware
to purchase or deploy and operate. This lets you securely onboard
your contractors and remote employees in hours or days, by streaming the desktop
applications and content that they need on demand.

And you can onboard new users
from a merger and acquisition without having to integrate
complicated IT environments. And because there's
no hardware to purchase, you're able to optimize your cost by paying for what you use
when you use it. It can be especially challenging
to forecast how many contractors or remote employees you'll have. Or purchase specialized hardware
for specialized applications. AWS lets you pay for what you use
when you use it.

There's no upfront
cost for infrastructure and you no longer purchase
and ship desktops around the world. Or you don't have to build out
VDI servers for peak user capacity that may sit unused. So, in many use cases I've
discussed, these are global. And that makes it even harder
sometimes to provide a great user experience. Because while you're trying
to maintain agility, elasticity and optimizing cost,
this can be difficult. Think about contractors
you're onboarding in India, or the company you
just acquired in Europe, or the remote team
that you started in Asia.

The complexity multiplies across
every country and time zone because traditional solutions require
you to build out VDI servers or distribute physical PCs
in each region. With AWS, you can centrally
manage your deployments and provide a responsive experience
to users across the world because AWS spans across
numerous geographic regions, and to do so without negotiating
any data center facility contracts. Customers are also choosing
AWS due to security because our customers can have
their desktops, applications and data secured on AWS instead of their user devices,
or on-premise VDI servers. In many cases, solutions
will be less complex, require less manual patching, and more easily meet compliance
requirements for HIPAA, PCI, SOC, ISO and more. IT teams can leverage AWS expertise
when securing their environments instead of learning
new solutions or tools. When you think about how
the data center is changing, the same security isolations
that would be found in a traditional data center, are included with AWS.

Like physical data center security,
separation of the network, isolation of the server hardware,
and isolation of storage. And finally, reliability. AWS EUC services offer a 99 9.9% SLA, which we hear, is higher than most
of our on-premise VDI deployments. To recap, customers are choosing
AWS EUC services because we give you the agility
to respond to the changing needs of your global workforce by being fully managed,
pay-as-you-go, reliable and secure. Instead of spending weeks or months
purchasing, building and securing virtual desktop infrastructure
and devices for users such as contractors, remote employees,
or have specialized applications or have merger and
acquisition activity, you simply deliver
what your users need on demand. However, it is important to note
that meeting some of our customers are also choosing to do a lift
and shift of their Citrix and VMware deployments to AWS. Many customers have built established
on-premise VDI deployments with substantial investments
in licensing and contracts. And while they may be running
on aging hardware that is struggling to support
their users, these customers aren't necessarily
looking to extend their current VDI to new use cases.

But they tell us that they want
to maximize the value of their current investments. AWS lets our customers
continue with consistent and familiar experience
on optimized infrastructure whether it's a hybrid solution
or lift and shift. It's important to mention,
but in this presentation, I'm going to focus
on the AWS EUC services. Let's talk about
the AWS EUC services. Customers are choosing
AWS EUC services because we give you
the agility to respond to the changing needs
of your global workforce by being fully managed,
pay-as-you-go, reliable and secure. Instead of spending weeks or months
purchasing, building and securing virtual desktop infrastructure
for devices, for contractors, or remote employee,
specialized applications, mergers and acquisitions, you just simply deliver
what your users need on demand, so that they can access
from a low-end or a home device or managed devices like Chromebooks.

And we enable this with a suite
of products including Amazon WorkSpaces, Amazon AppStream,
and Amazon WorkDocs. Amazon WorkSpaces
is our desktop service that lets users access
a full desktop on demand. Amazon AppStream 2.0
is our application streaming service that lets users access
distinct applications on demand. And Amazon WorkDocs
is our file storage service that lets users store and access
the files they need on demand. Who's using these products today? More than half of the 500 companies. These logos on this slide represent
a variety of use cases to include contractors, remote employees,
merger and acquisitions, specialized application support,
labs, jump boxes, and knowledge workers. All of these use cases
are for different industries like media and entertainment,
oil and gas, automotive, state and local government agencies,
education, ISV, healthcare and more. We believe you need more than manage
services to be truly agile.

This diagram shows how moving
from on-premise VDI to VDI on AWS removes hardware management, and moving from VDI to AWS
to AWS EUC services removes VDI software management. This lets you be more agile
and focus less on the undifferentiated heavy lift. Because even with VDI on AWS,
you'll have to spend weeks to months building out, tuning, configuring
and operating and optimizing your actual VDI infrastructure
with your file shares, your network appliances, and complicated multi
session environments, every time your workforce changes. We built AWS EUC services
to be fully managed, so you have the ability to onboard
contractors, remote employees, or even new users
from a merger and acquisition in hours or days, and deploy specialized
applications for users in minutes.

You simply integrate your IT,
select pre-configured bundles optimized for specific use cases. Then a few clicks or API codes deploy
what your users need. You manage your images,
applications and users. And we manage the rest. Even with fully
managed infrastructure, you need the freedom
from those complicated pricing plans, licensing negotiations,
and unexpected licensing changes to agilely respond to the changes
in your workforce. You can deploy what you need
on demand with AWS EUC services because they're fully managed
and pay-as-you-go for what you use when you use it. There's no long-term licensing
agreements to negotiate with AWS. This really lets you optimize
your costs by only paying for contractors
when they're on a project, or by scaling up your workforce
during surge periods, or by streamlining specialized
application to lower cost device when those specialized
capabilities are needed.

And by instantly onboarding
new users with low friction and easier processes
from your administrators. For more details on the pricing
of AWS EUC products, please see our public website. To give you an idea of our pricing, Amazon WorkSpace pricing starts
at about $21 per workspace per month, or $7.25 per month
plus $0.17 per hour usage fee. That's for most AWS regions. AWS AppStream 2.0 pricing starts
at $4.19 per user per month plus a $0.075
per hour in most AWS regions. You can also bring your
existing RDS licenses in order to avoid incurring
monthly user fees. WorkSpaces has two billing models, always on or hourly. If you're considering hourly
versus monthly pricing, there's a break-even point
of about 82 hours depending on the size of the instance
that you've assigned to your user. AWS provides the WorkSpaces
Cost Optimizer to take the guesswork out
of which pricing model you should choose
on a per user basis. The Cost Optimizer analyzes usage and it converts the running mode
of a workspace to the correct mode. This can also be used to understand
the usage patterns of your users for planning purposes.

Finally, AWS EUC services
are globally available in multiple AWS regions. AWS EUC services go beyond
the underlying infrastructure for reliability and security. Many of our services meet multiple
security and compliance standards, including HIPAA, PCI, FedRAMP,
GDPR, and more. Each service offers a service level
agreement commitment of 99.9%. With AWSE EUC services,
your sensitive company data is no longer flying around
the world to contractors or flowing out of your network
with remote employees, or put at risk because of outdated
desktops or applications or even complicated
by integrating networks due to our merger and acquisition. You no longer need to build out
infrastructure to support all this. Instead, you can focus on providing
the exact solution for your users. There are several use cases
that I will share with you about how customers are using
AWS services to include contractors, remote employees,
mergers and acquisitions, specialized applications,
and VDI replacements. First of all, let's talk about
the typical journey. When it comes to our customer
journey with Amazon EUC, we tend to see three
different patterns.

One, we increasingly see customers
migrate from their existing VDI infrastructure and move
away from their legacy VDI as they look to accelerate
their journey to the cloud. Often, this looks like a desktop
replacement using Amazon WorkSpaces. Secondly, we see
companies giving access to one to two complex applications like SAP or Esri ArcGIS Pro to targeted users through
Amazon AppStream 2.0. However, the most common
customer journey applies a combination of EUC
solutions over time across a set of personas. It often starts with a persona
where agility and security are at the top of the requirements, meaning where the workers are
most variable in their onboarding. Once these users have
success with EUC solutions, then over time,
administrators see the value and they add more and more personas. In practice, that means they start
with contractors and partners where on and off boarding
can happen at any time or in waves, and where the relationship
is typically third party.

Then we'll often see customers
add temporary or seasonal workers. In enterprises, this may include
an acquired company during a merger or acquisition. Or in training and education,
perhaps students in a learning lab. Then we'll see more and more remote
full-time employees being added. Remote meaning there could be
a satellite office without IT support or temporarily remote during
a disaster recovery event. Or they could just be
that typical traveling employee and they need to get access
to do their work. Finally, we'll see companies going
all in with their corporate staff, leveraging the benefits that come
with increased security and cloud economics, and the built-in benefits
of data backup and easy remote access that comes
with the products in our portfolio.

Let's talk about delivery options
for desktops via Amazon Web Services in user computing solutions. And why you would consider persistent
versus non-persistent desktops. Persistent desktops through Amazon
WorkSpaces is designed for users that require complete control
over their desktop environment, including the ability to add other
applications outside the base image. These users tend to be
power users, executives, user groups where administrative
rights are enabled. A majority of their day
is spent on the desktop. AWS also offers
non-persistent desktops. They are designed
for task and shift workers or other user groups that typically
don't have local admin rights. In other words, IT prefers
to have these devices locked down. Some examples include call centers,
back office operations, or the highly mobile
users that are task-oriented with lots of log-ons
and log-offs, sometimes like we see in health
care, or shop floor employees, or retail attendance. We talked about use cases
and delivery options. But let's dive a little deeper. Let's get more specific about
the personas and the journey.

Let's start with the task worker. Perhaps they're
in a contingent call center and they're using
the desktop experience that perhaps can run
on a standard bundle or have low hardware requirements. They're needing to access
a lot of web applications and they have low compute intensity
applications that they're accessing. These workers tend
to work on tools they're given. They have very specific
operation models for some general purpose
applications, like data entry. These workers can typically use our
standard bundle of Amazon WorkSpaces or our general purpose instances
on Amazon AppStream 2.0. Then there are the knowledge workers that generally are using
the office suite of products. They can probably get by with Amazon
WorkSpaces performance bundle, running WorkSpaces, something to run
their core applications, but they are still expecting
a full desktop experience with some variety
of applications over time. Then you have the specialist
and the remote workers. They may have
some higher requirements. You may hire them to do
a marketing program and they may need some higher
graphic capabilities.

In that case, you can spin off
a graphics workspace or use Amazon AppStream instance, if you're only looking to run
one or two graphics applications. These situations tend to be users
who are bringing their own device, or the device that is provided
to them is by a third party agency. They're going to expect to have
a more full desktop experience where they can customize tools,
and perhaps with things that are not in your
library of applications. I'm very excited to share
a story with you about's journey
for Amazon WorkSpaces. What started out as trying to solve
a merger and acquisition use case became a much larger project. And while the case study notes
25,000 Amazon WorkSpace users managed by two administrators, the project dramatically increased
over the last several months in response to some changing
business conditions. Many of our organizations are now
allocating workspaces by default, rather than sending out
physical assets.

Let's tell you a little
more about this story. It started off that the Amazon
client engineering team, the one that manages and supports
IT services within Amazon, they're responsible for managing
the company's devices for hundreds and thousands
of employees across the globe. Several years ago, a growing number of contractors
in the US and in the worldwide needed fast secure access
to desktops to perform their work. To accommodate these workers, the client engineering team needed
to strictly control access to specific internal sites. The client engineering team also
spent a long time configuring and shipping laptops to these workers
and sending laptops to remote sites. But sometimes those devices were held
up for inspection in customs and this would result
in site launch delays and sometimes security
concerns would be in order because of having these Amazon assets
leave our custody while the shipment.

Once these laptops reached
their destination, then contractors used VPN
to access the corporate network and they were often latency issues. It just wasn't an efficient or frugal
way for us to onboard contractors. Amazon WorkSpaces became the model
for onboarding new remote employees, contract workers and subsidiaries. This happened because
we started seeing the benefits that Amazon Workspaces provides
as a managed desktop as a service solution.

We can provision the desktops
in minutes versus provisioning the three months
that it used to take. As Amazon Workspaces is accessible
over the internet from anywhere this makes it easy. Based on the initial success
of the contractor program, the client engineering team expanded
the use of Amazon WorkSpaces following a company
acquisition in India. By using Amazon WorkSpaces, the team was able to onboard
the new employees very quickly using Amazon WorkSpaces. The number of users
grew from 70 to 2000 once the team saw the
benefits of simplified deployment with Amazon WorkSpaces, Amazon today is saving millions
of dollars in onboarding employees because WorkSpaces can be
deployed in many different regions, and the solution circumvents
the need for physical logistics like shipping hardware
and building out network connections.

Amazon WorkSpaces is expected
to contribute an annual savings of more than $17 million dollars. The scaling has exceeded
to over 25,000 users, all supported by two
Amazon engineers. Amazon WorkSpaces has become
the de facto model for onboarding new and remote employees,
contract workers and subsidiaries. And we see this as a way to help
client engineering be more agile and responsive to the business needs. I'm Jeff Ferris. I am the Tech Leader
for End-User Computing at AWS. I've been with AWS
for about six years, and most of that time
has been focused on the end-user computing space, mainly around our WorkSpaces
and our AppStream products. We have Getting Started guides
and admin guides that will walk you through the console and help you
actually launch our EUC services. But I wanted to spend some time today focused
on what these services look like from the perspective of the end user. Let's take a look. We're going to start with WorkSpaces. And you can see I'm already logged
into the WorkSpaces console. I have a couple of users
that I've already created.

And we're going to look
at the demo user today. I like to pre-populate my passwords
when I'm doing a demo because otherwise,
I'll inevitably type it incorrectly. Let's go ahead and start
that connection. As you can see, it's just
a standard Windows desktop. I have access to my programs
through the start menu like any other Windows system. On this environment, I have left
user self-service enabled as a user. If I decide that I need
a different compute type, Right now, I'm configured to use
a performance bundle with 2 vCPUs and 7.5 gigs of memory.

If I wanted to increase that
to 4 vCPUs and 16 gigs of memory, I can do that right
from the Self Service menu, change compute type,
pick that new type, and click Update. As soon as I do that, as a user, it's going to kick me back
to that WorkSpaces client, as the compute type changes. It's going to take a couple
of minutes for that to process. Let's look through the console to see some of the settings
to enable or disable those user self-service settings,
for your WorkSpaces users. On the console, go to Directories. For this one, we're
using the A21 directory, go to Actions and Update Details. Under User Self Service permissions, you can see that I've left
all of these functions enabled. If you don't want your users to be
able to change their compute type or change running mode between
always on and auto setup, you can make those changes
at the directory level, and they will apply to all users within that directory for your
WorkSpaces environment.

I'm not going to make
any changes here. But let's go back and see
how that's processing. We can see now in the console that the system status has changed
to Updating. It's going to take just a couple
more minutes for that to finish. In the meantime,
let's take a look at AppStream. On the AppStream side,
I've already created two stacks, one uses our application view,
and another uses our desktop view. We're going to take a look
first at the application view. I'm going to go ahead and launch
that in the Native Client. Once AppStream starts up,
you'll see the application launcher.

From there, you can execute
your individual applications. I'm using native application mode. They actually show up
like borderless Windows apps. You can see individual
icons in the taskbar. You can move them
to different monitors. The only difference is these applications are
running in the cloud. They are running on
the AWS infrastructure. They're not running
on the user's local endpoint. If we were to instead
use desktop view, the user will get the view
of an entire desktop.

Let's take a look at that real quick. In the application launcher, you'll actually see
the desktop view icon. But once an application's started, the user will receive
a full Windows desktop. They can launch their applications
from shortcuts on the desktop, or by using standard program
menu shortcuts. This is a non-persistent
desktop environment. With WorkSpaces, it's
a persistent desktop environment. With AppStream,
any changes the user makes will be reverted when they go back
and reconnect it at another time. Let's see if that WorkSpaces
update has finished. We can see here from the user
interface, the update has succeeded. You can reconnect
to that environment. It's the exact same experience
that the user had before. They've just now been updated
to that newer hardware stack. They're now running
that power bundle. We'll refresh the console here,
so we can see that status. You can see it's available which
matches the user's experience.

And as a reminder,
WorksSpaces gives your users that persistent virtual
desktop experience. Any changes that they make
to their workspace will persist between sessions. I hope that gives you a quick
introduction to the user experience behind both our WorkSpaces
and our AppStream products. WorkSpaces is that full persistent
desktop experience, while AppStream gives you a non-persistent application
delivery experience with the option for a full
non-persistent desktop. You can use these products
together or independently. It really comes down to your use case
and your user personas throughout your environment. Thanks for your time today. And, Carla, back to you. Thanks, Jeff. Now what? Here's some considerations
for your organization to discuss as you plan your virtual
desktop and application strategies. Think about these questions. Do you have existing VDI solution, and does it meet the needs of your
company and your company's vision? Do you have third party contractors
for who you're buying devices or creating a security risk? How do mergers and acquisitions
play into your growth plans? Do you operate in markets where you don't have
local IT infrastructure or support? As you think about
these considerations, I encourage you to take some next
steps to consider getting started with Amazon AppStream
2.0 and Amazon WorkSpaces.

Thank you for watching our session. Please take some time
to complete our session survey..

You May Also Like