How to use AWS workspace?

How to use AWS workspace?

Recently, I have some chance to do simple test for AWS workspace. Deploy is not difficult. However, there are some necessary factor to do best architecture.

1. Pre-requsite.

The AD system should be necessary, For this post, I will use AWS managed Microsoft AD service. I write a post which explain how to configure it. In directories, I can see the "Registered" directory.

2. Install and Configure for AWS workspace.

Launch Workspace at first.

 

Select the directory which I have create already. This directory offer user management service.

Select the user which I want to use. In my case, I will use AWS managed AD service. I have already created "crenetadmin" user in AD. Please note that, User information required First, Last name and E-mail address. (Please note a user can be assigned for single workspace only. I need other user for secondary worksapce.)

Select the OS type. In my case, I will select "Standard with WIndows 10".

Select "Running Mode", I will select "AutoStop" mode., which make the instance stopped when no usage is happend.

Review and Launch it.

3. Login and Run the AWS workspace.

In the detail after launching, I can see the client link "https://clients.amazonworkspaces.com/". From this, I can download client program. Also, weblogin is possible.

I have to remember the "Registration Code". Click "Web Access Login", and then I can see the Registration page.

On this page, I will insert Registration code.

If I meet this error message, I need client downloaded.

After download and Installation of AWS workspace client, I can see the I-con over desktop and I run it.

At the beginning, I can see the field to insert "Registration code". However, aT the left corner of the top, there are configuration button. Under this button, I can see "Manage Registrations". After Registration, I can see the login step.

 

With the username and password which are registered on AWS managed AD service. I can pass the next step. Select what I want.

Now, I can use workspace.

4. Troubleshooting and Deep-dive for AWS workspace.

However, this is so strange. I have not defined any network and security information. Look at the network interface information. 

This is other case. In this case, 11.5.80.110 is assigned.

There are 2 interface. "11.5.64.253" is the one of VPC network and "198.19.113.72" is new network which I have not known. 

And I try to send ICMP packets, one is for internet connection and the other is for internal connection. I will explain why this kinds of situation is happened. During the creation of the AWS managed Microsoft AD from this post, I selected 2 subnets. At this time, I selected subnets which is not possible for outbund traffic. Thus IP address for this workspace is assigned by this subnets. "11.5.64.253" is the one of IP address which the directory service have. "198.19.113.72" is the secondary IP address, which make connection from the user with client and weblogin. Therefore, I need to consider this properties to architecture for this service.

5. Security and Service Port

If you are use the internet network to access this workspace, it does not matter. However, if you are inside of the company, sometimes you need to open the firewall security policy for this service. you make huge trouble. It is not easy. Please refer this link https://docs.aws.amazon.com/ko_kr/workspaces/latest/adminguide/workspaces-port-requirements.html

Reference 

[ 1 ] http://createnetech.tistory.com/27

[ 2 ] https://docs.aws.amazon.com/ko_kr/workspaces/latest/adminguide/workspaces-port-requirements.html