shashank this side i hope everybody is doing well and safe at home as you can see on my screen topic for today is amazon workspaces this is one of an end-user computing module from amazon where we can use workspaces as a cloud-based virtual desktop environment what does that mean so in most of the organization we are familiar with the vdis virtual desktop to connect to the client environment we always use vdi and once we connected to the client environment using vdi we can access all the servers we can perform all sorts of scripting automation as per the networking what we have designed the same functionality we are getting with amazon workspaces where it is more secure more reliable manage services from amazon scalable as per the requirement to all the persistent desktop from any location so for example if you are operating from five six different regions within aws and every region has some sort of servers then we can use workspaces and the networking communication model to access those servers we can do a lot of automation from one place and we can access all the services all the resources based upon the access what we have given to our im role so amazon workspaces as i said it's a cloud-based virtual desktop that can act as a replacement for the traditional vdis a workspace is available as a bundle of operating system so we are getting flavors of windows and linux compute resources storage we are also getting storage and software application that allow you to perform day-to-day routine just like a traditional desktop so that's what amazon workspace in general the generic definition is all about where we can access all our resources from one place we are getting storage we are getting os as a bundle we are getting all your softwares on your system now uh this is the architecture that what we have given by aws so to create workspaces what we have to do we have to set up an aws directory so i have already covered aws directory services in detail so i'll share the link in the description section if you're not aware of it so this is kind of a manage ad you can say we'll be going to create our simple 80 within aws environment you can also use your on-premises ad environment to connect to the workspaces then you have to choose your workspace based upon the bundle of os windows or linux depend upon what we want to interact with if we are a linux based user then obviously will prefer to use linux based system or if we are more towards windows environment then we'll be going to choose the windows os as a bundle as a custom golden image then once we created those environment they're like few set of configuration to act to give access to the users and finally we'll be going to create our aws workspaces a centrally manager desktop and stream them to any users users are securely access their desktop through browser or native client so they're like two ways of accessing the workspace we get a browser-based interaction plus we also get a client base interaction so i use workspaces a lot into my different client environments and this is very useful it's like a 50 50 combination i use windows workspaces plus linux workspaces as well okay so in order to do the practical we have to jump into our aws management console so let's jump to our aws management console and try to create a workspace in order to create workspaces either you can search workspaces in the search bar or go to services end user computing and click on workspaces now to create workspace as i said earlier during our theoretical part we have to create the active directory services or the directory services in order to maintain and manage all the users what we have in our domain so click on get started now we have two kind of setup quick and advanced for this video i'm going for the advanced setup where at least you can understand how you can create the ad services and then on top of that we'll be going to have our workspaces landed click on launch now we have three option manage 80 simple ad and ad connector when you use ad connector you can use this as a proxy to your on-premises ad environment aws manage microsoft ad is a fully managed active directory services provided by aws i'm going with simple ad over here click next choose small company name let's go check in cloudy way then domain i'll go with dot com you can leave this optional admin password so it's test one two three four confirm test one two three four okay minimum eight characters then let's see if this works yes okay click next here you have to select your vpc i'm going with my vpc and private subnets so this is my private subnet one and let's see private subnet two in the to availability zone click next click create so 30 days again you will get a free trial for this but uh my account is already very old so and i have used lot of ad creation during my demos so it this will be going to cost a bit for me this will take time for the creation because uh it creates everything every module related to the active directory in the back end meanwhile let me show you the subnets that i have selected i have selected the private subnet so let's go to vpc i still have to create a nad gateway because i have deleted an ad gateway before creating this video so for that let's go to subnets first and before that let me grab the id of my vpc subnets and these are the four sub five subnets out of which this one i have selected if i go to the route table you can see i have nat but this nat is already deleted so it is not working even if i ssh or rdp into my workspace i might not be able to connect to the internet okay and this is my second private subnet again associated with the same nad if i go to nat gateway i don't have any nat gate we created so let me create a nad gateway quick one aws ws nat aws workspace snap and subnet i'm going to use only one nad gateway it's not a multi zonal so it has to be in public subnet so let's select which one public three let's go with this elastic ip allocate elastic iep over here and click on create so once this gets created i will associate this with my route table let's go back to our workspace still creating okay now if i go to the route table let's see which route table i am using for the private subnet it has to be a single one only uh yep this is the one so click on routes as you can see black hole because the previous nat gateway was already deleted long back now if i search for the nat gateway let's see still it's creating so it will take bit of time again i'm going outside internet then select not yeah we have to wait so i'll be going to have this video pause for a minute or two and once everything is available i'll resume it back so my directory is available and active but as you can see this is not registered yet so for that what we have to do click on action and click register and i'm going to use the same subnet same private subnet that what we have used for creating the directory now for that obviously i have to look at the number so let's see the id for the subnets so i use this one which is ending with b5b so let's go to directory register b5b first one and second one is ending with b8c okay b8c this is the one now you can enable the cell service permission management and work docs as well so this will allow you to configure everything at the directory level and manage the permissions click on register now this is in the registering phase meanwhile let's go to our route table which is this one click on routes edit and remove the old nat bring the new nat okay click on nat gateway wow still not created where is nat it's available in the public subnet let's see what subnet i have selected oh i selected a wrong subnet i believe let's see 10 35 i'm operating from 1002 so that's my mistake let's delete this delete create another one 1002 nat and the subnet that we'll be going to use is this one we can use allocate ip and create so let this be created first and we'll update our route table in some time now let's go back to our directory service as you can see it has been registered now in order to create the workspace on top of it what we have to do click on workspaces on the left so as you can see we are in workspace area and click on launch here by default we are getting our own directory that what we have created click next now since the directory is created is very new there is no user nothing is there in order to create a new user and add that user to a workspace for the login let's create a new one i'll create mine s abhishek s sheikh that's my first name last name and i'll give my email id so on this email id i will be receiving an email that with the set of instructions and everything what needs to be done next okay click on create user okay so one workspace 20 users can be selected at a time the only d made it what i see with this workspaces environment is like per user you can get one workspace multiple users cannot use one workspace okay click next here you have to select your bundle basically your os environment you can go with the amazon linux which is into the free tier then standard windows 2016 again in a free tier and 2019 is also available for the free tier i believe 2022 was also there but no idea no still not presented in the workspace area so or you can go with the windows 10 windows 2016 based server environment now for this video i am going to use windows 10 2019 which is an eligible tier here you can change the root volume if you want to have more volume like 120 or the user volume okay click next this is very important always on means every time your workspace will be in the available state and once it is done with always on it will be billed monthly here you can save lot of cost auto stop so for example if you're not using your workspace for let's say two hour or three hour it you can select the number of hours that you want to use and if it is an idle state it will go into the stop state so the bill happens by hour but always on build happens monthly so here you can auto stop you can save a lot of money over here you always have to encrypt your volume as part of the best security practices and the user encryption volume as well give the tag it belong to me and click next okay launch workspace this takes around 20 to 40 minutes to become into the available state from pending so again we have to wait for another 40 minutes or so once this becomes into the availability zone like it's available then i'll be going to resume my video back before pausing my video let's go to vpc route table and my subnet i mean my route basically let's see if we have nat gateway available or not yes we have save the changes now even if i try to log into my workspace rdp into it i'll be able to connect to my internet environment from there so let's wait for another 40 minutes i'll resume it back and i'll show you the result so my workspace is in available state now in order to access the machine the desktop itself they're like two ways either you use web client or you use desktop client to log into the environment before that let me show you an email that i have received from amazon your administrator has created and workspace for you this is the link to complete the profile we are getting a registration code and you can use this id which we have choose while creating the workspace to log into the environment you may download this client as well now i already have a client downloaded into my system but let me show you how you can download the client so click on the link clients.amazonworkspace.com based upon your laptop configuration you can download windows client ipad mac os chromebook so totally depend upon the requirement and the type of laptop you are using i'm using macbook that's why i have a client of mac installed on my machine second thing let's click on this link to complete our profile but now this is the user id okay srb shake and the new password let's give the new password okay some special character okay that looks fine yep update the user perfect so my user has been updated successfully next step is let's take down the registration code you can also get the registration code once you expand this particular web id so your username the name of the name of your user email id workspace ip address and the registration code as of now this is disconnected because i have not connected to my workspace so let's grab this and open our workspace give the registration code and wait for the login page to occur let's use our user id okay that should be the password launching our workspace starting our workspace perfect which means now we are joining into the workspace world of amazon that's a vdi and from here you can access all your resources again depend upon how the networking configuration will be going to work for you right so for example if you're originating from virginia and you want to connect to frankfurt then you have to open a transit gateway connection or a pairing connection between the two vpc ids right otherwise you won't be able to access anything now by default we get firefox this is the by default browser what amazon workspaces uses so i just want to show you i'm connected to the internet because i'm using a nat gateway so let's do google.com here we go so in order to check the nat gateway ip what is my ip 3.218254.11 let's go back to our vpc and let's see the workspace the nat gateway public ip address this is the one which is in use 3.218.254.11. so that's the outbound to the internet from your workspace that's how we've built a workspace in the world of amazon web services i hope this clears a lot in terms of the concept the configuration why we need the directory services to make it more secure how you can use ad as active directory to integrate with your workspaces and everything one more pointer i need to cover up over here so there are like few different options that you can explore with the workspaces where you have to select a workspace go to the actions tab you can reboot the workspace you can stop the workspace if something corrupted with your workspace bundle then you can restore rebuild the workspace from here plus if you want to remove the workspace you can do that if you want to modify your workspace let's say you want to modify the root volume or the user volume you can click the modify workspace and do that if you want to let's say change the metrics of your cpu and memory then you can go with the performance power and power pro based upon the usage that you have and remember this correspond to the cost the service itself is free but you have to pay for the use cases that you are doing with the workspace in terms of the modify state you can if you are doing any kind of maintenance then you can click on the admin maintenance and it will go into the maintenance phase and rest of the other stuff the patch and everything will get happen mostly once every month amazon do the maintenance on our workspaces mostly in somewhere around saturday or sunday i don't remember the time frame exactly but i mean since it's a managed services all the management if you're taking the bundle from amazon the maintenance and management done by the amazon web services apart from that if you want to create your own image or if you want to migrate your workspace to a different directory services then you can do that to migrate workspace as of now it's not selected at least 12 hours i have to wait for it after the creation so these are the few options that you can explore and also you can modify the run mode properties so today let's say i'm doing an auto stop every one hour you want to modify that you can do that from here if you want to make it always on and build monthly then you can go for that as well so these are the few options that what we get as power of workspaces so i hope this clears a lot and please try on to your environment show it to the management that instead of using vdis or bastion host let's use workspaces to connect to the on-premises environment to your any cloud vendor environment okay so place out a comment in comment section if you're facing an issue i'll be there to help you have a nice day