Amazon WorkSpaces offers you an easy way to provide a secure, managed, cloud-based virtual desktop experience to your end-users. Unlike traditional on-premises Virtual Desktop Infrastructure (VDI) solutions, you don’t have to worry about procuring, deploying, and managing a complex environment – Amazon WorkSpaces takes care of the heavy lifting and provides a fully managed service. With Amazon WorkSpaces, you can deliver a high quality portable desktop, and applications, to your users on the device of their choice.

Whether you are managing traditional desktops or an on-premises solution for Virtual Desktop Infrastructure (VDI), both of these approaches require significant capital investment and are often difficult to deploy and manage. Using a cloud-based virtual desktop environment eliminates the need for up-front investment and ongoing management of infrastructure, providing you with an easy, cost-effective way to bring a secure and broadly accessible desktop experience to your users.

For a low, pay-as-you-go fee, Amazon WorkSpaces provides a complete cloud-based virtual desktop service, including compute, persistent solid-state storage (SSD), and applications. Your users get a better experience and more functionality than a traditional PC, and you get a simpler way to provision desktops for users, at half the cost of an on-premises VDI solution. 

Amazon WorkSpaces bundles

To get started, select from a choice of Amazon WorkSpaces bundles that offer different hardware and software options, and launch the number of WorkSpaces you require. When WorkSpaces are provisioned, users receive an email providing instructions on where to download the WorkSpaces client applications they need, and how to connect to their WorkSpace. Users can access their WorkSpace from any Windows or macOS computer, iPad, Android tablet, and the Chrome and Firefox web browsers. Your users’ applications and data remain persistent, so they can easily switch between devices without losing their work.

With Amazon WorkSpaces you can create a standalone, managed directory for users, or you can integrate with your existing Active Directory environment so that your users can use their current credentials to obtain seamless access to corporate resources. This integration works via a secure hardware VPN connection to your on-premises network using Amazon Virtual Private Cloud (VPC) or with Amazon Direct Connect. You can manage your WorkSpaces with the existing tools you use for your on-premises desktops to maintain full administrative control.

Amazon WorkSpaces offers a range of bundles that provide different hardware and software options to meet your needs. You can choose from Value, Standard, Performance, Power, or PowerPro bundles that offer different CPU, memory, and storage resources (SSD volumes) options, based on the requirements of your users. You can select the amount of storage that you need for both root and user volumes when you launch new WorkSpaces, and you can increase storage allocations at any time. With hardware bundle switching, you can switch between the Value, Standard, Performance, Power, or PowerPro hardware bundles as needed.

To launch WorkSpaces with an additional bundle of software already pre-installed, including Microsoft Office, Trend Micro Worry-Free Business Security Services, and a utilities bundle, choose from the Value Plus, Standard Plus, Performance Plus, Power Plus, or PowerPro Plus bundles. You can also create a custom image from one of your WorkSpaces to create your own installed software bundle.

  Value Standard Performance Power
vCPUs 1 2 2 4 8
Memory GiB 2 4 7.5 16 32
SSD Root Volume GB* 80 80 80 175 175
SSD User Storage GB* 10 50 100 100 100
Software Utilities software bundle Utilities software bundle Utilities software bundle Utilities software bundle Utilities software bundle

Bring Your Own Licenses

You can bring your existing Windows 10 Desktop licenses to Amazon WorkSpaces and run them on hardware that is physically dedicated to you. When you bring your existing Windows licenses to WorkSpaces, you can save up to 16% over WorkSpaces with a new Windows license included. To be eligible, your organization must meet the licensing requirements set by Microsoft, and you must commit to running at least 200 Amazon WorkSpaces in a given Amazon Web Services China Region each month. To learn more about this licensing option, please see the Amazon WorkSpaces FAQ.

Easy provisioning

Provisioning desktops with Amazon WorkSpaces is easy. Whether you choose to launch one or many Amazon WorkSpaces, all you need to do is to choose the bundles that best meet the needs of your users, and the number of Amazon WorkSpaces that you would like to launch. Once your Amazon WorkSpaces have been provisioned, users receive an email providing instructions on where to download the Amazon WorkSpaces client applications they need, and how to connect to their Amazon WorkSpace. When you no longer need a particular Amazon WorkSpace, you can easily delete it.

Secure and encrypted

Amazon WorkSpaces provides a high quality desktop experience that helps you meet compliance and security requirements. With WorkSpaces, your organization’s data is not sent to or stored on end-user devices. The PC-over-IP (PCoIP) remote display protocol used by WorkSpaces provides the familiar desktop experience to the user while the data remains in the Amazon Web Services cloud or in your on-premises environment.
WorkSpaces lets you manage which client devices can access your WorkSpaces based on IP address, client device type, or through the use of your digital certificates. You can manage access for iOS, Android, Chrome OS, and zero clients, as well as the WorkSpaces web access client. For macOS and Microsoft Windows PCs, you can use your digital certificates to limit WorkSpaces access to trusted devices. Using IP address-based Control Groups, you can define trusted IP addresses that may access your WorkSpaces.
Amazon WorkSpaces integrates with the Amazon Key Management Service (KMS) to provide you the ability to encrypt the storage volumes of WorkSpaces using KMS customer master keys (CMK). You now have the option to encrypt the storage drives at launch of a new WorkSpace, ensuring that data in transit and at rest, along with snapshots created from the volume, are all encrypted.

Active Directory and RADIUS integration

Amazon WorkSpaces allows you to use your on-premises Microsoft Active Directory to manage your WorkSpaces and your end user credentials. By integrating with your on-premises Active Directory, your users can log in with their existing credentials, you can apply Group Policies to your WorkSpaces, you can deploy software to your WorkSpaces using your existing tools, and you can use your existing RADIUS server to enable multi-factor authentication (MFA). You can integrate with your on-premises Active Directory in two ways – either by establishing a secure trust relationship between your on-premises Active Directory and your Amazon Directory Service for Microsoft Active Directory (Enterprise Edition) domain controller, or by using the Amazon Directory Service Active Directory Connector.

Persistent storage

Amazon WorkSpaces provides each user with access to varying amounts of persistent storage (SSD Volumes) in the Amazon Web Services cloud based on the bundle selected. Data that users store on the 'user volume' attached to the WorkSpace is automatically backed up to Amazon S3 on a regular basis. Amazon S3 is designed for 99.999999999% durability of objects, providing you with peace of mind about your users’ data.

Desktop, mobile, and web access

Amazon WorkSpaces can be accessed from Windows and Mac computers, iPads, and Android tablets through the Amazon WorkSpaces client application. Amazon WorkSpaces can also be accessed using Chrome and Firefox web browsers. When Amazon WorkSpaces are provisioned, users receive an email providing instructions on where to download the Amazon WorkSpaces client applications they need, and instructions on how to connect to their Amazon WorkSpace.

The Amazon WorkSpaces client applications for Windows, and macOS provide users with a high quality Windows desktop experience. The client applications for iPad, and Android tablets provide users with a tablet-optimized desktop experience. Users can use multi-touch gestures to show or hide an on-screen keyboard, access a touch-based mouse interface, and scroll and zoom. A slide-out radial control can be accessed by a thumb swipe from the left of the screen and gives users access to a variety of commands. With an Android tablet, users can connect a keyboard or touch pad for a laptop experience from their tablet. Using Chrome or Firefox allows users to easily access their Amazon WorkSpaces on any network, without needing to download a client application first.

PCoIP® technology

To provide users with a secure, high quality experience, Amazon WorkSpaces incorporates PC-over-IP (PCoIP) technology from Teradici. The PCoIP remote display protocol is used between users’ devices and their WorkSpaces. This protocol compresses, encrypts, and encodes the users’ desktop computing experience and transmits ‘pixels only’ across any standard IP network to users’ stateless PCs, laptops, mobile devices, and zero clients.

Your data never leaves your data center or the Amazon Web Services cloud. The PCoIP protocol enables support for high resolution, full frame rate graphics and HD media, multiple large displays, and high definition audio, all connected over the corporate network or Internet.