In 2013, Amazon launched AWS WorkSpaces, a Desktop-as-a-Service platform that eliminates the need to constantly restock laptops and desktops, reducing hassle, cost, and security risks.

Despite it’s fair time in the market, I’ve only heard about it recently (because of the COVID-19 pandemic), and jumped on the opportunity to give it a try.

I was very skeptical about how viable of an alternative it could be to a traditional desktop experience, and so this is going to be more of an opinion article rather than a tutorial like what I usually post. Now that we got that out of the way, Let’s give it a look.

In order to get started with Amazon WorkSpaces you’ll need a directory. You can either choose to create an AWS managed Active Directory, which means your domain infrastructure will be hosted on the cloud, or use an AD connector to connect your on-prem Active Directory to AWS.

Both options cost money and are charged an hourly rate, but I was apparently eligible for a 30-day free trial, who am I to refuse that?
Once you create/synchronize a directory, it should take a few minutes for it to set itself up, but it took mine over 15 minutes.

After the directory is set up, you’ll need to register it if you haven’t done so already.
Registering your directory simply means choosing 2 different subnets in your VPC to make the directory available to the WorkSpaces you’re about to create.

---

First Contact

---

Now we’re ready to create a WorkSpace!
You’ll first be prompted to create a user or choose an existing one to assign to the WorkSpace, setup instructions will be sent to the user in the email you specify when the WorkSpace is created.

The process is straight-forward and simple, as expected from a major cloud provider such as AWS. In the WorkSpace creation screen, you’ll be prompted with a wide variety of options to choose from. These consist of either Windows 10 Experience (which is a reskinned Windows Server 2016 for some reason) or Amazon Linux with varying hardware configurations.
Some of them are Free Tier Eligible (and there’s a special promotion due to COVID-19)!

Once you choose your desired OS and hardware configuration, you’ll be asked with whether you’d like the WorkSpace to be in AlwaysOn or AutoStop mode, which is pretty neat and can lead to reduced cost when the WorkSpace is not in use, as a snapshot of the WorkSpace can be automatically created after a preconfigured timeout and resumed on demand.

For the purposes of this post I have played around with both Windows 10 Experience and Amazon Linux instances, both packing 2 vCPUs and 4GB of RAM.
I first started the Amazon Linux instance and tried to access it using the Web Access client only to be greeted with the not-so-informative error below.

After digging around the documentation for a bit I have discovered that Amazon Linux WorkSpaces can’t be accessed through the web client. Bummer. Off I went to download the Linux client to try on my Zorin OS laptop.

Right now the only available linux client is for Ubuntu 18.04-based distros only, which is, again, kind of a bummer. In terms of Linux accessibility (both regarding the client and the WorkSpace itself), we’re off to a pretty lukewarm start.

After installing the native Linux client I launched it and typed in my registration code, aaand…

Off I went to hit the books again. Who’s got time to read the documentation and only then approach the product, am I right?
Turns out Linux and Web clients are blocked by default. I went to modify the directory settings to allow it and was finally able to log into my Amazon Linux machine via the Linux client. Now let’s spin up a Windows machine so I can compare my experience with both of them.

---

Security

---

I was very pleased with the plethora of security tweaks and configurations I could play with. This comes as no surprise but it’s still nice to know.
You can restrict IP addresses, client types, unauthorized devices as well as removing internet access or assigning security groups to the directory.

The video stream itself is AES-256 encrypted and you can also encrypt the root and user volumes on each WorkSpace.

You can give or take away local administrator rights but unfortunately you cannot fine tune it per user. You could probably hack something together via GPO if you’re using Windows 10 Experience machines but the AWS managed AD dashboard takes a bit of getting used to.
You can also set up MFA if you have an on-premise AD as well as an AWS managed one.

---

Performance

---

I was very skeptical at first and expected performance similar to using Microsoft’s RDP but to my surprise the stream was fairly smooth. The resolution automatically adjusts to the window size, even on mobile. Most of the time, I completely forgot that I’m working on a desktop in the cloud. The WorkSpace also supports completely full-screen, multiple monitors in the click of a button.

I was able to even stream music with ease, with very infrequent, short freezes. The real bottleneck was streaming video.
When viewing video on AWS WorkSpaces, regardless of the OS, it becomes rather unusable, stuttering uncontrollably both visuals and sound.

To combat the increased traffic the WorkSpaces client will reduce the quality of the transmission, resulting in a still-rather-unusable, but now far more pixelated experience. Once you stop playing video things go back to normal rather quickly. Amazon are obviously not magicians.

The product is rather impressive, but with video being such an integral part of our daily lives, it’s a pretty big deal. The Amazon Linux machine was kind of wonky, Taking more time to resize and feeling a little more laggy in general.

---

Pitfalls

---

I mentioned video streaming quality as a disappointment, but that’s not all.
Whenever I would try to play videos in a WorkSpace by using the Android client, the client would very quickly crash.

The Amazon Linux machine did not resize properly when in full screen mode on the Linux client (I’d say it’s ironic but I guess not), adding insult to the injury stated earlier about the Linux client only supporting Ubuntu 18.04 based distros.

Amazon boasts about your ability , scrolling on Android doesn’t work as you’d usually expect in a smartphone. Touching the screen clicks and moves the mouse around, resulting in entering selection mode rather than scrolling. There’s a trackpad mode but all it really does is move the mouse in a different (and frankly, much less convenient) way.

You also have to manually open the keyboard every time you want to type, which consists of sliding a sidebar into place and activating the keyboard. It’s exhausting and unintuitive.

Web access is as web access does, and so the web console gives off a vSphere type of vibe with it’s low framerate, lack of ability to copy text from your host to the WorkSpace and inability to use keyboard shortcuts.

Speaking of copy operations, you if you’re using the Linux or Windows client, you can copy text to the WorkSpace, but not documents as you would be able to do in Microsoft’s RDP implementation. It’s understandable, but it could be pretty neat if that was an option.

---

Conclusion

---

I was left with a bittersweet taste after tinkering around with this product.
It’s very advanced, elegant and something I consider a leap in the right direction, but in my opinion, it’s not the most viable option if you’re not willing to compromise.
We all choose our sacrifice in IT, and this one is a fierce dilemma between spending money on hardware and keeping stock, or saving costs but dealing with the slightly-less-convenient nature of desktops in the cloud.
Who knows what the future may hold.