Let’s say you’re traveling to a conference, and you want to leave your heavy laptop behind along with all of its power requirements. Or you have a long-running project that you manage from just about anywhere and want to keep a desktop active or suspended/resumed whenever you want.
Or, you’re a company that wants to roll out the same desktop to many different people but doesn’t want to worry about the user’s computer horsepower.
Amazon Workspaces fits those parameters.
I’ve been experimenting with Workspaces for a week now, and have configured an instance for aws re:Invent for those times I want to hack. Coupled with an iPad Air, a bluetooth mouse, and the keyboard case, I have desktop I can pull up anywhere.
Cloud Desktops are not new…
You’ve been able to run remote desktops in the cloud for a long time. See Keith Gregory’s blog post in 2015 about this very subject…
The most common approach is to use NoMachine remote desktops, which is supported by many AMIs out of the box.
What makes Amazon Workspaces somewhat nicer is the provisioning and automatic suspend/resume and timeout of the desktops, user management via Active Directory, and a package configuration and installation system for deploying applications either custom or off-the-shelf.
There are several levels of costs here. First, if you just want to experiment on your own, there is a “free tier”, which gives you a low-end 4GB of RAM, 2 VCPU instance with 50GB of disk (plenty enough for being a client to AWS or doing small programming tasks) for 40 free compute hours per month, for a total of two months. You can pick Windows 10 or Linux (I chose Linux). For that setup you’ll pay $31 / month for your desktop, or if you want to use it infrequently you can pay $9.75 / month plus $0.26 / hr. I chose the latter for the conference, since I’ll just keep it shut down afterward and put everything on Github or Google Docs.
The costs go up as you add features, such as more CPUs, memory, GPUs, etc. A one-month always-on 8 virtual-CPU, 32GB of RAM system with 275GB total disk is $140 / month. Used hourly, though, it’s $19/month + $1.53/hr. You can convert up and down to various CPU loads, but apparently you can only downsize once every 30 days, so watch your flip to an expensive 4vCPU system with 16GB of RAM – you might be stuck with a bigger bill for that month. See the Workspaces FAQ for details there.
For all the pricing options, including bringing your own Windows licenses to the instances, see the Pricing Page.
Other concerns
There are several other things to keep in mind if you want to use Workspaces.
Choosing a directory provider
You’ll have to pick a directory provider to work from. I chose the shared Amazon corporate directory (https://corp.amazonworkspaces.com) – it separates out your users but must share the service across many different accounts. For a production rollout, you may want to use Microsoft Active Directory (with associated licensing built-in to the hourly rate), or the open-source Samba Open Directory provider, or even a connector to your corporate Active Directory / LDAP instance.
This can get pricey, so for experiments keep in mind you just want the Amazon corporate directory.
Security Groups
You’ll also have to set up a Security Group to manage ingress and outbound traffic. From there, you can restrict the incoming remote desktop IPs to a safe zone, like your home and work addresses.
You also run these desktops within a VPC, so you can set which VPC they are installed in, and set up proper network ACLs and subnets to make services within your corporate VPC available to your Workspaces via a VPC-to-VPC peering connection.
Managing software
This is where it gets complex, and expensive, if you don’t go with some advice. First of all, in order to roll out software to multiple machines, you need to convert to a more expensive plan (or use the Windows instances with the “Plus applications bundle”, which includes a licensed Microsoft Office Professional, Trend Micro anti virus etc at $15 / user / month).
But I just wanted a linux instance with sudo access. And that’s where it gets a bit weird.
In order to use the Linux Software installer, or execute yum commands, you need to have a password that Linux has granted sudo access to. You’d think you have that, but you don’t out of the box. To fix this, you do the following (as of November 2019):
- Start your workspace
- Open a terminal in that workspace
- Use ‘passwd’ to change your password (please make it tough to remember and use a password manager, this will be your new Workspaces front-end password too)
- Reboot your instance (after the prior step, you won’t be able to connect at all)
- Log in again, and this time when using Software Installer or
sudo yum installeverything will work and you will besudo-powered.
Clients
This is where it gets interesting. They have clients for everything you use, sans Linux itself. Maybe that’s coming soon, I’m not sure. But they also have a (disabled by default) browser client, so maybe that will work. I’ll try that out and report back to this blog entry at some point.
For the iPad, you couple it with iOS 12+’s mouse support and a keyboard and you have a reasonably usable desktop. It won’t emulate a true mouse, more of a touch pointer, but it is good enough. It does show a mouse arrow, but that’s also shadowed by the circular cursor of the Touch Support in iOS.
For IDE users, [CTRL-SPACE] doesn’t quite work; by default it switches your iPad keyboard to use another keyboard type (Emojis, different languages, etc). You can turn that off, but it doesn’t enable the OS X CTRL-SPACE behavior. In using IntelliJ, I can get it to do code fill-in on a boundary (like a property name after hitting ‘.’), but otherwise it will require some creative keyboard shortcuts.
So it’s good enough for casual work, and if you’re mostly in the terminal or clicking on console entries, it’s fine. But if you’re really writing a lot of software you’ll want a ChromeBook or computer for its keyboard instead.
AlwaysOn or AutoStop
So you want to save money? Using the AutoStop mode runs the workspace for an hour once disconnected and then hibernates it. For an hourly plan, that’s great. You can switch over to the AlwaysOn mode if you pay by the month and have it ready to access instantly.
You can also adjust the AutoStop time. The clients have a Power icon so you can suspend it whenever you want.
Conclusions
AWS Workspaces are an interesting cloud PC option for users who want to keep a workload, admin tool, or general desktop going in the cloud. You pay rates for the level of compute power you want (read: DO NOT pick a high horsepower instance unless you want to pay a lot of money), and you can suspend/resume at will. Another enticing thing for me is access to an RDS database in a VPC, so I can use tools like pgAdmin or MySQLAdmin to query and edit the database without going through hoops.