Working Remotely with Cloud Desktops

Working Remotely with Cloud Desktops

We love Amazon WorkSpaces. It’s a great tool that lets employees work remotely and still have access to everything. With the current state of affairs, we thought we would show you a way to get workers set up right away. Of course, this is just a framework – if you need to make a custom image or would like to connect this infrastructure to your existing infrastructure, we can assist you. Just contact us and let us know.

Here’s a diagram of what we’re going to be building:

Things you need first

Before you jump right into things, you’re going to need a few things.

  • AWS account
  • Basic understanding of networking


1. Create a VPC for your WorkSpaces

Create a new VPC and give it an address range that can be subnetted down. We’re going to create two private subnets and one public subnet. The public subnet will facilitate getting Internet access to our WorkSpaces. The private subnets will host our directory and WorkSpace ENIs. We used

2. Create the subnets

You will now need to create three total subnets. Each subnet will be in its own Availability Zone. We named our subnets workspaces-public-use-1a, workspaces-private-use-1b, and workspaces-private-use-1c. Each subnet will be a /28, the smallest subnet you can make in AWS. Of course, if you’re launching a fleet, you may need to adjust this as required.

3. Update and create route tables and add Internet access

We now need to create a public route table and update the existing route table for routing the private networks. First, find the route table created with the VPC. In the name column, click the pencil to rename it. Call it workspaces-private-rtb. Edit the subnet associations and add the two private subnets.

Now create a new route table. Call it workspaces-public-rtb and associate it with the WorkSpaces VPC. Associate the public subnet.

Find Internet Gateways on the left menu. Create a new Internet Gateway. Call it workspaces-igw and attach it to the VPC.

Now we need an Elastic IP. Click on Elastic IP in the left menu and then allocate a new IP from Amazon’s pool. Now click on NAT Gateways and create a NAT Gateway. Associate the public WorkSpaces subnet and the Elastic IP. Create a tag called Service and assign the value Amazon WorkSpaces and create the gateway.

Once the NAT Gateway is created, we need to update the route tables.

Find your public route table. Add a default route to the Internet Gateway. Find your private route table and add a default route to the NAT Gateway.

4. Setup WorkSpaces

In the Services menu, find End User Computing and click on WorkSpaces. In order to launch a WorkSpace, we need a directory. Click on Directories. You’re going to have a few options – AWS Managed Microsoft AD, Simple AD (Linux using Samba AD-compatible), and AD Connector (proxy for existing AD). Use Simple AD since this is going to be a stand-alone environment. Select the small directory size, set your organization name, directory DNS name (it doesn’t have to resolve, but it should be a real domain you own), NETBIOS (optional), and the administrator password.

Now set up the networking for the directory. Select your WorkSpaces VPC and your two private subnets.

Create the directory. This will take a few minutes to complete. Now you can actually create a WorkSpace once your directory is showing Active. Click on WorkSpaces and Launch WorkSpaces. Select the directory you created and your private subnets. Select your configuration options. Note: Self-service will allow the end-user to upgrade or change the running mode of their WorkSpace.

Now you can create users in your directory. Make sure the email address is filled out with a valid email. When the WorkSpace is provisioned, Amazon will email the users a link to set their password and download the Amazon WorkSpaces client.

Now we need to select a bundle and assign it to the user. You can adjust the root volume (where programs are installed) and the user volume (where user data is stored). You can select either Linux or Windows as well as Windows with Office 2016. Make sure AutoStop is enabled. If a user is inactive for an hour (or more, you can change it), their WorkSpace will shut down. You can also enable encryption of both volumes from here as well. Once you’ve selected everything, review and launch. It can take 20-60 minutes to launch. Once it’s launched, the user will receive an email from Amazon on how to set their password. This email can end up in the spam folder so if you don’t get it, check their first.

5. Enjoy using WorkSpaces

You can now fire up the client and connect to your WorkSpace.

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *