AWS WorkSpaces
Amazon WorkSpaces, a fully managed and secure desktop computing service that runs in the AWS cloud, is available to you.
WorkSpaces can be used as a replacement for traditional desktops by using a cloud-based virtual desk.
WorkSpaces eliminates the need for hardware procurement and deployment, as well as the complexity of managing inventory and OS versions, patches, and VDI. This simplifies desktop delivery.
A WorkSpace is a combination of compute resources, storage space and software applications that allows a user to perform daily tasks much like using a traditional desktop.
WorkSpaces makes it easy to create cloud-based virtual desktops. Users can access the documents, apps, and resources they need from any device supported, including computers, Chromebooks and iPads, Fire tablets and Android tablets.
Each WorkSpace runs in a unique instance for the user assigned. Applications and user’s documents and settings are always persistent.
WorkSpaces client application requires a supported client device (PC or Mac, iPad, Kindle Fire or Android tablet) and an Internet connection with UDP port 4172 openWorkSpaces Applications Manager – WAM.
WAM is a fast, flexible and secure way to deploy, manage, and monitor WorkSpaces applications.
WAM speeds up software deployment, upgrades and patching by putting Microsoft Windows desktop apps into virtualized containers that run like natively installed.
WorkSpaces must have an internet connection in order to receive applications via WAM.
WorkSpaces Security
Users can be quickly added and removed.
Users can log into the WorkSpace with their own credentials, which they have set up when the instance was provisioned
It integrates with Active Directory domains so users can sign in using their regular Active Directory credentials.
Integrates with the existing RADIUS server for multi-factor authentication (MFA).
Supports access restriction based upon the client OS type and using digital certificate
VPC Security groups are used to restrict access to resources on the network or the Internet via WorkSpaces
IP Access Control Group allows you to configure trusted IP addresses that can access WorkSpaces.
PCI compliant and conforms with the Payment Card Industry Data Security Standard(PCI DSS).WorkSpaces Maintenance and Backup
WorkSpaces allows maintenance windows to be set up for both AlwaysOn WorkSpaces and AutoStop WorkSpaces automatically.
AlwaysOn WorkSpaces offers a default between 00h00 and 04h00 on Sunday morning
AutoStop WorkSpaces automatically begin once per month to install updates
AWS backs up user volume every 12 hours. If the WorkSpace is lost, AWS can restore the volume using the backupWorkSpaces encryption
supports root volume and user volume encryption
Uses EBS volumes that are able to be encrypted on WorkSpace creation. This provides encryption for data stored at rest and disk I/O to volume. It also allows snapshots to be created from volume.
Integrates with the AWS KMS to allow you to specify which keys you want to encrypt volumes. WorkSpaces Architecture
WorkSpaces launches WorkSpaces in a VPC
It is recommended that you configure your VPC with one private subnet and two public subnets if you use AWS Directory Service to create AWS Managed MS or a Simple AD.
Configure a NAT gateway on the public subnet to provide internet access for WorkSpaces. Configure the directory to launch WorkSpaces in private subnets. Questions for the AWS Certification Exam
Questions are collected via the Internet. The answers are marked according to my knowledge and understanding (which may differ from yours).
AWS services are constantly updated and the answers and questions may be out of date soon. So make sure to research accordingly.
AWS exam questions do not get updated to keep you current.