Date post: | 06-Jan-2017 |
Category: |
Technology |
Upload: | amazon-web-services |
View: | 213 times |
Download: | 2 times |
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Nick Frank, Practice Lead Mobility and End User Computing, AHEAD
Normann Vogel, Senior System Architect, Informa
November 30, 2016
ENT201
Deploying Amazon WorkSpaces at Enterprise
Scale to Deliver a New Desktop Experience
What to Expect from the Session
• Case study featuring Informa:
A Global Leader in Business Intelligence
• Architecture decision points
• Example architecture diagrams and
configurations
• Key considerations for a successful design
and implementation
About the speakers
Nick Frank
Practice Lead Mobility and End User Computing, AHEAD
• Leads solutions and services at AHEAD based in Chicago
• 9 years in Architecture, Design, and Implementation for EUC and
VDI solutions
Normann Vogel
Senior System Engineer, Informa• Senior System Engineer Mobility & Desktop, Informa
• Principal Engineer for AWS-based VDI solutions
• 5 years experience in shifting enterprise services and
workloads into AWS
Informa
Current state prior to Amazon WorkSpaces
project
• Was current AWS customer
• 60% hosted on AWS
• Running 650+ Server 2008R2 Amazon WorkSpaces in prod
• Migrating to Office 365
• Migrating to Windows 10
• Global growth via acquisition
• Expanding user population in US
Informa
Use case overview
Migration Standardize
BYODEnable 50% of users
by end of 2017
Automation
Provisioning, de-provisioning, etc.
Monitoring
In-guest OS metrics and support
From Citrix and physical PCs
Windows 10
AHEAD
Initiative approach
• We must identify and answer key decision points before
we can move forward
• Automation and Lifecycle are required to be successful
• Always plan to fail – AWS Advice
• Plan for region failover, not AZ failover
“Plans are worthless; planning is everything” – Dwight D. Eisenhower
Informa
Global footprint – deploy to three regions
Ireland
Singapore
East Coast
• Decision based on PCoIP Thresholds for performance
• Less than 100 ms = Fast
• More than 200 ms = Unacceptable
Informa
Environmental design considerations
• How do we build VPCs?
• Transit vs. AWS Direct Connect VPCs
• How did we define subnets, Active Directory connectors,
and network groups?
• Why did we decide to use application layering to
manage application presentation?
Transit VPC
Single direct connect back to
on-premises data center
Benefits:
• Simplify network topology
• Provides cross-region VPC
connectivity
• Create single direct connect to on-
premises data center
Informa
VPC decision – What is best for you?
AWS Direct Connect VPC
Create individual direct connects for all
VPCs back to on-premises data center
Benefits:
• Allows for cost transparency per direct
connect
Informa
Transit VPC logical architecture
Informa
Transit VPC architecture
• Transit VPC Architecture Summary
• Leverage security appliances for layer 7 filtering
• Control access to application instances or application VPCs from
Amazon WorkSpaces
• VPC peering only if no content filtering required
• Simplify Direct Connect usage and billing
Transit VPC How To: https://aws.amazon.com/answers/networking/transit-vpc/
Informa
How do we manage applications?
• Tie application entitlements to AD security groups
• Allows for automation and simplified management
• Centrally manage applications across regions from a
globally accessible file share
• Accomplishes DR and Application availability requirements
• Single image management
• One app = one VHD file
• Leverage versioning for lifecycle and rollback functionality
Conclusion: You need a 3rd-party tool
AHEADApplication layering and file services architecture
AHEAD
Implementation considerations
• How do we automate from day 1?
• How do we configure our Active Directory Connectors?
Informa
What ServiceNow workflows did we design?
Amazon WorkSpace Creation
• Create a new Amazon WorkSpace from a custom bundle
• Integrate with custom tagging for cost management and
chargeback
Amazon WorkSpace Rebuild
• Reset existing workspace back to previous snapshot (taken every
12 hours)
• This is only a stopgap and not a replacement for desktop backups
Amazon WorkSpace Decommission
• Delete the WorkSpace – User data and applications are redirected
• Configure ServiceNow to remove computer object and user
accounts from AD
Informa
How should we configure our ADCs?
• Each Active Directory Connector (ADC) requires:
• Two Subnets
• One Bind DN
• Service account to create machine objects
• Must point to a single Organizational Unit (OU) (this should
be dedicated to Amazon WorkSpaces)
• Each AD domain requires a separate ADC (at a
minimum).
• Be careful: You cannot change IP subnets after the fact.
When you are out of IPs you need to create a new ADC.
AHEAD
Monitoring solutions
Use multiple monitoring solutions to get the
complete picture
• Leverage Amazon CloudWatch for
infrastructure performance
• Evaluate 3rd-party solutions that can perform
remote assistance
• Evaluate 3rd-party solutions that can kill
in-guest OS processes
Manage Your WorkSpaces
Monitoring success
• Know your KPIs – With thresholds for alerting
• CPU utilization per process – 100% utilization for 5+ seconds
• PCoIP RTT latency – 100 ms or more
• PCoIP Bandwidth – 500 Kbps per second
• Memory usage per application – Depends…but size per
bundle
• and more!
• Reporting and alerting
• Be both proactive and reactive
Conclusion
AHEAD and Informa
Conclusion and lessons learned
• Summary of Informa roll out – current progress
23
HELPING YOU ACCELERATE ADOPTION OF AWS IN THE ENTERPRISE
DevOpsAmazon
WorkSpacesServiceNow
Visit AHEAD at Booth #1037
Thank you!
Remember to complete
your evaluations!