Amazon WorkSpaces two years on: Are we ready for cloud-hosted Windows desktops? Amazon Web Services (AWS) released WorkSpaces, Windows desktop-as-a-service, towards the end of March 2014. We took an early look, but encountered several niggling problems. "Don't dive in: it will get better," was my conclusion. It is time for another hands-on, but first a quick recap. WorkSpaces provides a Windows desktop …
Not feeling it, I suppose you can access your own desktop from any Internet connection, by using someone else's sufficiently equipped desktop, presumably already running an operating system. I can't help but feel this just increases machine count, bandwidth, licence cost, maintenance, and despite being 'OK, that's quite clever I suppose' must have extremely limited use cases.
But hooray for the attempt, the market will decide in time, in the meantime I'm unable to think of a case for me which isn't better solved other ways.
"I'm unable to think of a case for me which isn't better solved other ways."
It might not be aimed at you, not everything is. J&J seem happy with it, and their use-case is to ensure that none of their data leaves the AWS cloud. This implies all their research data lives up there too so from an IP protection standpoint it would appear this is worth while. While there's no reason they couldn't have done the same in their own data centre, there are plenty of AWS features which are cost prohibitive to do internally, and certainly that internal IT never do as well as Amazon.
In the article it says it is for a bring your own environment - so it is not clear who is paying for the terminal equipment. I think the idea is that this setup allows the employees to use a wide range of devices to access the their company desktops and also serves to isolate the corporate data and network from their private uses.
As to overall security and cost effectiveness well, the devil is in the details.
won't people who review this junk finally say that it is annoying, barely-usable, expensive crap? Is there some secret agreement that they won't actually tell the truth when reviewing this crapola? Like it has been the year of VDI for the last decade. No, really, this year virtual desktops will really take off. Citrix said so.
Microsoft probably won't do it because of the projected level of support calls and risk to an already battered reputation when people find out it isn't really a decent Windows experience. On a slow link it is flippin insufferable. Go ahead, use it on a plane with GoGo Inflight internet without going mildly to moderately bonkers.
Two decades, actually, at least in the non-mainframe world. I've been trying at least that long to do it locally and no, neither speed nor hardware were the problem. (As Amazon, licensing was.) It's not that hard to do this right (e.g. Johnson and Johnson) but then you've sufficient capabilities to make it so. Real world instead of your non sequitur example, it can work amazingly well. Obviously you've not met it.
won't people who review this junk finally say that it is annoying, barely-usable, expensive crap? Is there some secret agreement that they won't actually tell the truth when reviewing this crapola? Like it has been the year of VDI for the last decade. No, really, this year virtual desktops will really take off. Citrix said so.
Advertising revenue. The amount of money Microsoft throws out (or has to throw out) to sell its warez means it can buy pretty much any type of coverage. People have to eat, and we're apparently not helping by blocking malware ads, so the logical next step are advertorials. It's the text version of the (very, very, VERY bad) ads they insert in BBC content if you access BBC news from abroad.
Oh, I have seen this work, but that was always on a controlled network, inhouse. In that setting you have control over bandwidth, and the benefits of keeping data on the server help in situations where you have a requirement to protect information, regulatory or otherwise.
However, doing this over the Internet with an untrusted and IMHO untrustworthy supplier is indeed sheer folly but by the time this becomes apparent, the idiots that have implemented this will have had their bonus for saving money. Thus, I foresee a great future for this in government.
Well I didn't initially want to get onto my usual VDI is a solution looking for a problem, as this is RDSH not VDI, but I've been a long term detractor of VDI. It just takes the complexity of managing a traditional desktop environment and adds in the complexity and cost of the VDI components with all of the additional costs of high speed storage and/or other third party, expensive, add-ons.
Also the pricing is off the charts! I can buy a higher spec desktop for about half that these days and use it thick or connect to RDSH. And where the USP? You don't even get any systems management thrown in??
Just another expensive solution looking for a problem to solve. In house RDSH or traditional thick desktop would be cheaper and easier to support. What is this race to the cloud for absolutely everything? It suits some things well such as email but for things like this?
"1k/year is an awful lot for a system that could probably be set up in house for not much more than that"
I assume that in your calculations you included the cost per square foot of office space to make the data centre, cost of installation and maintenance of both resilient power and cooling systems, cost of structured cabling and data centre networking and routing equipment, and the licensing, design and configuration of the virtual platform on which the desktops will sit as well as the storage systems driving them?
I would put money on Amazon having properly done those sums...
@Lusty
Your argument is flawed. This isn't data center rack space we are talking about. This is user workstation virtualization. They still need a desk to sit at. Still need lights. Still need some method to connect to the VDI. In J&J's case, its byod. So that shifts the burden to the employee to provide some connecting device. However, the employer still needs networking gear to get these machines connected. It requires cabling, power, cooling. Other than not having to try and secure your own network (doubtful) I don't see the benefit. Not to mention, an 8 year old OS is your only choice.
The cost also doesn't make much sense. 16k employees, even at an aggressively reduced $500 a year for licensing is $8,000,000 a year. Or, you could buy decent workstations for every employee for $750 once every 5 years and only pay $2.4 Million a year. Add in annual licensing of O365 at $12 a seat and you are only adding another million/year.
Somewhere, someone was given a large kickback behind closed doors...
It is data centre rack space if we're comparing vdi on prem to this.
You're assuming that J&J paid list price. In my experience very few people end up paying list price for cloud, and at that scale Amazon certainly would have been happy to negotiate a bit. The cost of managing 16k machines is not insignificant, nor the cost of the various management and monitoring software required to support it. I'm not saying this is cheap, but I bet it's closer than you think it is, and they don't have to have all those miserable IT staff clogging up the place. That alone could have saved them 200 desktops, desks, floor space etc. Which adds to the cost difference. Those 200 staff also don't need HR, payroll, pensions, parking, company cars....
You could rent an ordinary Windows Server and get desktop access to it cheaper than that.
All the other costs you mention are therefore not necessary or not included in the Amazon deal either.
Honestly, OVH's sister company Kimsufi et al (cheap end, no doubt, let's not get into "I wouldn't use them" etc.) will rent you a fully dedicated Windows server in a datacenter for less than that:
https://www.kimsufi.com/uk/servers.xml
I know. I've been using one for the past few years rather than go down the VPS route. And technically, that server could run 8-10 of these kinds of systems with the resources it has available.
All you would need to know is how to convert Server Core to Server GUI, and install desktop experience. Any tech guy charged with such a project would do one Google and they're done.
Thin Client systems have always been expensive (lots of server side kit needed), done wrong (X-Windows) and the clients have always been as least as expensive as a standalone PC. Add to this Microsoft's stupid Windows desktop licencing (hence the use of Windows Server for this) - it is really a limited use case to either protect data, provide access to legacy software, or work around some stupid application licence...
"...Thin Client systems have always been expensive (lots of server side kit needed), done wrong (X-Windows) and the clients have always been as least as expensive as a standalone PC. Add to this Microsoft's stupid Windows desktop licencing (hence the use of Windows Server for this) - it is really a limited use case to either protect data, provide access to legacy software, or work around some stupid application licence..."
Actually there are good use cases for thin client solutions, for example, ones in high security environments where you don't want the sensitive data actually leaving the data centre.
Or cases where you're shifting large amounts of data around - if it doesn't have to leave your (usually) fast internal server network, you get much better performance than say copying down to a local HDD.
I realise that there are ways to make these things easier without thin client environments. I also realise that unless you stop email, printing, copy and paste, etc, or even ban mobile phones then there are always ways to get some of the information out of the system.
Thin client devices are an oddity in that to get anything like decent performance, you're spending as much, if not more than, a decent spec desktop, and you're tending to add in yet another layer of management requirements, but they have one major advantage over PC's in that when they are rebooted, none of the data is retained locally so for bank tellers etc, they are ideal.
Again, mixing up VDI and RDSH somewhat, but I do agree that MS could simplify their licensing (but if they did, they'd probably make less money as this is one area where confusion abounds, so companies tend to over-buy just to be sure they're covered).
How is it different to collaborating with anyone else over the internet. Sure, if you are collaborating with colleagues in the next cubicle other the GHz local network, its not going to be the same. But if you are collaborating with someone in another physical location or in another company the experience is not going to be much different.
If security of the connection is the concern then you would need to access the remote machine via a VPN connection from your location.
Really? Until it's (at most) half the current price, it really doesn't look like a viable product for anything other than uber-corporations with cash to burn and enormous tech teams to maintain it. The problems of managing the setup would appear to be at least as difficult as managing full fat machines, and much more complex than an in-house solution.
Just why?
I've been using a desktop on an Amazon EC2 instance for over 2 years and I have nothing but good things to say about it. I've not used Workspaces because it's expensive. It's much cheaper to buy a reserved instance and use it to run Windows. The benefit is that you can us Windows 2012 instead of Windows 2008. Once you've enabled 'Windows Experience' you have a client look-a-like.
"WorkSpaces still does not offer any assistance with patch management." Huh? Didn't get this point. The Windows updater works for Windows instances on AWS like it does for any other machine. Most software developed for Windows has an update process. There is no difference between Windows applications running on an AWS hosted machine and any other.
The benefits not mentioned in the report include:backup, always on and always repaired hardware. Plus I can add/remove memory CPU power on demand.
Backup
The ability to take a snapshot every night means the whole machine is backed up. It costs $0.05/GB/month but I have peace of mind that I have a complete backup. Every morning I have an email letting me know if the backup was successful.
Always on/available
I can use any local device as a thin client and so access it from anywhere (anywhere I trust). The AWS firewall allows you to define the devices from which any EC2 instance can be accessed so the machine is available only via specified IP address or via a VPN connection.
Always repaired
The hardware is not my responsibility. I can use any local device as a thin client but apart from this, I don't have to worry about the motherboard, CPU, BIOS patches, disk drive failing and so on. AWS takes care of all this. This is a post on a geek site any many here like tinkering with hardware. I'm not one so being able to outsource this is great. In the 2 years I've been using a remote desktop, it never once been unavailable because of a problem with AWS. My internet service provider is another story but that's when using a phone as a WiFi hotspot come into it own.
Upgrade/downgrade performance/cost
AWS has always allowed users to change the CPU power and RAM capacity. So if there is a time that it becomes necessary to boost CPU performance or add more RAM you can do that for as many hours as is necessary then down grade again.
Same with disk capacity. If you need to expand an existing disk or add a new one, its just a few clicks away. There's no running down to the local computer store to buy a new disk then copy the contents.
To be fair, a remote desktop is not great for everything,. For example, its no practical to use the desktop to watch a video but then I can watch the video on my phone or laptop.
Sirius...most of these comments are true of any RDSH / VDI environment.
As a user, you should have transparency of upgrades, updates, hardware failure and backups. You may or may not be able to request upgrades in virtual hardware (typically VDI) but no reason you shouldn't be able to.
At the end of the day, all this is and all you are talking about is RDSH hosted by Amazon. Nothing more, nothing less.
In terms of the update issue, I would assume that what they mean is that you don't get access to things like WSUS/SCCM etc to manage your patching. It's Windows Update or nothing.
$948 operational expense/year? That's less than a phone/year.
No capital expense for hardware? Okay, not none, but 1,000 BYOD is a million bucks saved
I could make this work at lots of clients who operate in the Windows environment.
And I prefer real Unixes. Especially since systemd sucks, based on my dealings with it in the past 2-3 years.
Need a money icon
YMMV
AAC
We have a chunk of offshore workforce reviewing and editing large graphic files, which happen to be sitting in the AWS cloud (uploaded there by users). Transmitting large chunks of data to a third-world country data center and maintaining decent quality storage in that data center is painful. Solutions like Zadara and EFS are not cheap.
We are evaluating Workspaces and so far things look promising. Graphics and performance are sufficient for the artwork reviewers to do their job, and the bandwidth consumption is far more manageable than sending huge files across the ocean. For us, at least, this might be worth it.
It is my second attempt in a year. Just run a Performance Test 9.0 on AWS Workspaces, Performance with Windows 7 and Office 2010 bundle. It’s got stuck on a 2D graphics test. Literally, just frozen. Also simply installing default Microsoft updates and restart collapsing Workspace to unusable!
Guide (screenshots) is 6 months outdate! The $45/h support is useless. I’ve got a feeling they hire illiterate bandits from 3d world villages. They simply bounce back my own questions or links to reduntant guide. They extort money by limiting instances and then you need pay to support to activate them.
Yes: storage, applications do work accelent, that is if you can manage them yourself. But soon or later they will sit on you.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
