getting started with amazon enterprise applications | aws public sector summit 2016

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Nathan McGuirt, AWS Senior Solutions Architect

June 20, 2016

Getting Started with AWS Enterprise Applications

Amazon WorkSpaces, Amazon WorkMail, Amazon WorkDocs, and AWS Directory Service

Expectations

• Introduce the services and their features• Discuss prerequisites and potential architectures• Discuss high-level deployment steps

AWS Directory Service

Managed High-Availability AD in AWS

Directory Service – three flavors

• Microsoft AD• Simple AD• AD Connector

Prerequisites and requirements

• VPC with 2 subnets in different AZs• VPC must be default tenancy• For Simple AD and Microsoft AD

• Subnet ACLs that allow replication• For AD Connector

• Network path to an AD domain• Privileged user account in domain

Example architectures – Simple AD & Microsoft AD

DMZ A

APP BDMZ B

APP B DATA A

DATA B

Customer Operated VPC

AWS Operated Account(s)

DC

DC

Example architectures – AD Connector

DMZ A

APP BDMZ B

APP A DATA A

DATA B

DC

DC

Customer Operated VPC

AWS Operated Account(s)

Corporate DC

Secure, Cost Effective, Managed Cloud Desktop

Amazon Workspaces

Amazon WorkSpaces use cases

Temporary workers

Dev/Test

Securing data BYOD

Training and labs Demos

WorkSpaces features and benefits• Persistent desktop experience for users• Users authenticate against your directory• Data stored in AWS, not on devices• Support for inexpensive thin clients and tablets• API Support• Amazon CloudWatch metrics• Microsoft Windows 7 BYOL support• Tagging support

Prerequisites and requirements

• Directory Service directory registered with WorkSpaces

• Supported device with client installed• Client network with <250 ms latency to service

eth0 serves WorkSpaces pixels back to the client

device

eth1 serves traffic to:• Internet • Resources in

VPC• Resources on-

premiseseth0 eth1

On Premises Network

Customer

eni

Internet Gateway

Internet

AWS Direct ConnectAmazon WorkSpaces are dual-homed Windows Server 2008 R2 instances

with Windows 7 experience

eth1 is in the customer VPC

Amazon WorkSpaces data flows

Amazon

Client connects to a “WorkSpaces gateway” between your device and your WorkSpaces

PCoIPTCP and UDP

4172

Internet

Deeper architecture view

DMZ A

APP BDMZ B

APP A DATA A

DATA B

Customer Operated VPC

AWS Operated Account(s)

Corporate DC

Internet

P

Secure, Managed Business Email

Amazon WorkMail

Features

• General availability • Built-in data-at-rest encryption with AWS KMS• Native Outlook support on Windows or Mac OS X• ActiveSync Mobile Client support• Mobile device policies for PIN and encryption

Requirements

• Active Directory• Simple AD, Microsoft AD, or AD Connector

• Supported client• Domain (optional)

Architecture

Secure, Managed Enterprise File Storage and Sharing

Amazon WorkDocs

Features

• Comment on files, send to others for feedback• Access and sync across multiple devices• Encrypted in transit and at rest• Mobile app for iOS, Android, Fire• Windows and Mac OS sync clients

Requirements

• Active Directory• Simple AD, Microsoft AD, or AD Connector

Architecture

Demo

Thank you!