Working with on-premises directories
During this course we will explore the enterprise applications that AWS provides, including Amazon WorkSpaces, Amazon WorkDocs and Amazon WorkMail. We will start with a basic overview of each service, one by one, then move on to a more practical experience by demonstrating an integration of all these services with an on-premises network, and a discussion of the available options to configure these services to make them suit your company's needs.
We assume you have some pre-requisites for this course. You need to have some general IT understanding plus some AWS knowledge, including the core AWS services such as EC2, IAM, and VPC. In addition, because all the services in the enterprise applications category make use of the Directory Service, you will also need to be familiar with this service.
This course is for anyone getting started with the AWS cloud, but is particularly geared toward systems engineers and windows administrators.
About the Author
Eric Magalhães has a strong background as a Systems Engineer for both Windows and Linux systems and, currently, work as a DevOps Consultant for Embratel. Lazy by nature, he is passionate about automation and anything that can make his job painless, thus his interest in topics like coding, configuration management, containers, CI/CD and cloud computing went from a hobby to an obsession. Currently, he holds multiple AWS certifications and, as a DevOps Consultant, helps clients to understand and implement the DevOps culture in their environments, besides that, he play a key role in the company developing pieces of automation using tools such as Ansible, Chef, Packer, Jenkins and Docker.
Hi, and welcome to this lecture. During this lecture, we will talk about Amazon WorkSpaces, and during the next minutes, we will discuss what is it, how it works, and also talk about pricing. Then we'll go to the AWS console and have a demonstration on how to configure and use this service.
So Amazon WorkSpaces basically is a way to launch desktops on the cloud. It's a managed service, meaning that AWS will take care of a few management and security tasks for you, and it will provide you a Windows 7 experience. It doesn't mean that it will give you a Windows 7 machine. It does mean that you'll receive a Windows server 2008 R2 machine with desktop experience. And it works on many devices. You can install Amazon WorkSpaces on Windows and Mac computers. You can install it on Kindle, Chromebook, or iPads, and Android Tablets.
So how it works. First, you have to download the application to your device. The application will try to connect to the WorkSpaces service, and the WorkSpaces service needs to authenticate you against a directory service. Since we are going to use directory service, it's possible to host our directory only on the cloud or also connect to our on-premises directory. So back on how it works. After a user gets authenticated against directory service, Amazon WorkSpace will allow the user to have access to his personal machine.
So about the pricing. AWS has some hardware options, you will pay more depending on the hardware that you choose and you'll be charged on a monthly basis. This means that if you fire up a new WorkSpace machine, you will need to pay for the whole month. If you start a new machine and then terminate it after two weeks, for example, you would still have to pay for the whole month. You have an option also to bring your own Windows 7 license which would give you a discount in the price, and you can also choose for a value package that would increase the value a little bit, but it would give you some benefits like Microsoft Office Professional and other tools.
So let's now go ahead to the AWS console and have a demonstration on how to configure and use this service. So here at the console first, we need to configure a VPC because directory service needs a VPC in order to work. So in our case, I used the default VPC, and I don't need to go here in the directory service in order to start a new directory. I will go ahead and click on workspaces and in here we have a wizard to do almost everything for us.
So we just need to get started. I will choose the advanced setup and in here I will create a new simple ID. I use CA-enterprise.com as my DNS name, put some passwords in here. I have to select the subnets for my default VPC and if you notice and also if you have watched the AWS Security Fundamentals course, you'll notice that this screen is the same screen that you would use to create a standard directory on the directory service console. So I'll click on next, create simple ID, and now we have to wait a few minutes until the directory gets created. So I will stop the recording and get back once it's done.
So the directory was created. Now it's time for us to register this directory with the WorkSpace service. And it's very simple, you just have to select the directory and register it. And in here we have also the option to enable Amazon WorkDocs. I will choose yes because we are going to talk about Amazon WorkDocs in the next lecture. We have to wait a little bit and we can go now here on WorkSpaces and launch a new workspace machine.
We choose the directory that we just created and in here since this directory is new, we don't have any users on it. We have to create one user in order to associate this user with the workspace that we are going to create. So I will create a new user. And this is important. We have to provide a valid email. Since we are going to create a new user, AWS will send us a link to create a password for these users. So it's important that you put in here a valid email. Okay, we can go next. I'll choose the most cheap option, next. We have also the option to encrypt our data. We could encrypt the C: or the D: drive, but I won't encrypt any of those drives. So I will just click next, and we can review in here the settings and launch WorkSpaces. The WorkSpace is being created so I will stop the video and come back once it's done.
So the WorkSpace was created. We can see in here that the status is available. If we click in the details you can see more details about the WorkSpace itself. So another thing that we need to pay attention is the email that we will receive during the creation process, and we need to click on this link to set a password for the user that we just created. So I set the password, and now we can see that we were forwarded to the page where we can download the application for the device that we want to use with the WorkSpace service. What I will do is go back and access the WorkSpace app because I already have it in here. And you see that we need to provide the registration code. We can find this information in the email that we received or also in here in this AWS console with screen. I will copy and past the information and...we are ready to connect to our Amazon WorkSpace. It will take some time to launch especially because it's the first time that we are trying to access our WorkSpace. So I will pause the visual, and again, come back once it's available.
So finally, this is our WorkSpace machine. It took a while because since it was the first time that we were accessing our machine, Windows has to create the profile for us and some other stuff. We can see here also that it's very similar indeed to the Windows 7 operating system, but we know that it's not. We see that we are using the JKlimber user that we just created, and if we go on the computer, we see that we have the D: drive here. The D: drive is our personal drive and in here we have the users folder. It means that all your personal information, your documents, downloads, email, will be stored in the D: drive, in this folder. Also, you might notice that we don't have a C: drive, but actually, we have it. It's just hidden. If you put C: and you have access to it. So let me open a browser and go to our website. So we have internet connection. That's awesome.