Amazon WorkSpaces - Administration Guide - 192 168 188 1 admin setup

Amazon WorkSpaces

Administration Guide

Amazon WorkSpaces Administration Guide

Amazon WorkSpaces: Administration Guide

Copyright ? Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon.

Amazon WorkSpaces Administration Guide

Table of Contents

What is WorkSpaces? .......................................................................................................................... 1 Features .................................................................................................................................... 1 Architecture ............................................................................................................................... 1 Access your WorkSpace ............................................................................................................... 2 Pricing ...................................................................................................................................... 3 How to get started .................................................................................................................... 3

Get started: Quick Setup ..................................................................................................................... 4 Before you begin ....................................................................................................................... 4 What Quick Setup does .............................................................................................................. 5 Step 1: Launch the WorkSpace .................................................................................................... 5 Step 2: Connect to the WorkSpace ............................................................................................... 7 Step 3: Clean up (Optional) ......................................................................................................... 7 Next steps ................................................................................................................................. 8

Networking and access ....................................................................................................................... 9 Protocols for Amazon WorkSpaces ............................................................................................... 9 VPC requirements ..................................................................................................................... 10 Requirements ................................................................................................................... 10 Configure a VPC with private subnets and a NAT gateway ..................................................... 10 Configure a VPC with public subnets .................................................................................. 14 Availability Zones for WorkSpaces .............................................................................................. 17 IP address and port requirements ............................................................................................... 18 Ports for client applications ............................................................................................... 18 Ports for Web Access ........................................................................................................ 19 Domains and IP addresses to add to your allow list .............................................................. 19 ...................................................................................................................................... 25 ...................................................................................................................................... 26 Health check servers ......................................................................................................... 26 PCoIP gateway servers ...................................................................................................... 28 WSP gateway servers ........................................................................................................ 30 Network interfaces ........................................................................................................... 30 Network requirements .............................................................................................................. 34 Trusted devices ........................................................................................................................ 35 Step 1: Create the certificates ............................................................................................ 36 Step 2: Deploy client certificates to the trusted devices ......................................................... 36 Step 3: Configure the restriction ........................................................................................ 36 Smart card authentication ......................................................................................................... 37 Requirements ................................................................................................................... 37 Limitations ...................................................................................................................... 38 Directory configuration ..................................................................................................... 38 Enable smart cards for Windows WorkSpaces ...................................................................... 39 Enable smart cards for Linux WorkSpaces ............................................................................ 40 Internet access ......................................................................................................................... 44 Security groups ........................................................................................................................ 45 IP access control groups ............................................................................................................ 46 Create an IP access control group ....................................................................................... 46 Associate an IP access control group with a directory ............................................................ 47 Copy an IP access control group ......................................................................................... 47 Delete an IP access control group ....................................................................................... 47 PCoIP zero client ...................................................................................................................... 48 Set up Android for Chromebooks ............................................................................................... 48 Web Access .............................................................................................................................. 49 Step 1: Enable Web Access to your WorkSpaces ................................................................... 49 Step 2: Configure inbound and outbound access to ports for Web Access ................................. 49 Step 3: Configure Group Policy and security policy settings to enable users to log on ................. 50

iii

Amazon WorkSpaces Administration Guide

FIPS endpoint encryption .......................................................................................................... 52 Enable SSH connections ............................................................................................................ 53

Prerequisites for SSH connections to Amazon Linux WorkSpaces ............................................. 53 Enable SSH connections to all Amazon Linux WorkSpaces in a directory .................................. 54 Enable SSH connections to a specific Amazon Linux WorkSpace ............................................. 55 Connect to an Amazon Linux WorkSpace using Linux or PuTTY .............................................. 55 Required configuration .............................................................................................................. 56 Required routing table configuration .................................................................................. 56 Required service components ............................................................................................. 56 Directories ....................................................................................................................................... 59 Register a directory .................................................................................................................. 60 Update directory details ............................................................................................................ 61 Select an organizational unit ............................................................................................. 61 Configure automatic IP addresses ....................................................................................... 62 Control device access ........................................................................................................ 62 Manage local administrator permissions .............................................................................. 63 Update the AD Connector account (AD Connector) ............................................................... 63 Multi-factor authentication (AD Connector) ......................................................................... 63 Update DNS servers for WorkSpaces ........................................................................................... 64 Best practices .................................................................................................................. 64 Step 1: Update the DNS server settings on your WorkSpaces ................................................. 65 Step 2: Update the DNS server settings for Active Directory ................................................... 67 Step 3: Test the updated DNS server settings ...................................................................... 67 Delete a directory .................................................................................................................... 69 Enable Amazon WorkDocs for AWS Managed Microsoft AD ............................................................ 70 Set up Directory Administration ................................................................................................. 70 Launch a WorkSpace ......................................................................................................................... 73 Launch using AWS Managed Microsoft AD ................................................................................... 74 Before you begin .............................................................................................................. 74 Step 1: Create an AWS Managed Microsoft AD Directory ....................................................... 75 Step 2: Create a WorkSpace ............................................................................................... 75 Step 3: Connect to the WorkSpace ..................................................................................... 76 Next steps ....................................................................................................................... 77 Launch using Simple AD ........................................................................................................... 77 Before you begin .............................................................................................................. 77 Step 1: Create a Simple AD directory .................................................................................. 78 Step 2: Create a WorkSpace ............................................................................................... 79 Step 3: Connect to the WorkSpace ..................................................................................... 79 Next steps ....................................................................................................................... 80 Launch using AD Connector ....................................................................................................... 80 Before you begin .............................................................................................................. 81 Step 1: Create an AD Connector ......................................................................................... 81 Step 2: Create a WorkSpace ............................................................................................... 82 Step 3: Connect to the WorkSpace ..................................................................................... 82 Next steps ....................................................................................................................... 83 Launch using a trusted domain .................................................................................................. 83 Before you begin .............................................................................................................. 84 Step 1: Establish a trust relationship ................................................................................... 84 Step 2: Create a WorkSpace ............................................................................................... 84 Step 3: Connect to the WorkSpace ..................................................................................... 85 Next steps ....................................................................................................................... 86 Administer WorkSpace users .............................................................................................................. 87 Manage WorkSpaces users ......................................................................................................... 87 Edit user information ........................................................................................................ 87 Add or delete users .......................................................................................................... 87 Send an invitation email ................................................................................................... 88 Create multiple WorkSpaces for a user ........................................................................................ 88

iv

Amazon WorkSpaces Administration Guide

Customize how users log in to their WorkSpaces .......................................................................... 89 Enable self-service WorkSpace management capabilities for your users ........................................... 90 Administer your WorkSpaces .............................................................................................................. 93 Manage Windows WorkSpaces ................................................................................................... 93

Install the Group Policy administrative template for PCoIP .................................................... 95 Install the Group Policy administrative template files for WSP .............................................. 103 Set the maximum lifetime for a Kerberos ticket .................................................................. 111 Configure device proxy server settings for internet access .................................................... 111 Manage your Amazon Linux WorkSpaces ................................................................................... 111 Control PCoIP Agent behavior on Amazon Linux WorkSpaces ............................................... 112 Enable or disable clipboard redirection for Amazon Linux WorkSpaces ................................... 112 Enable or disable audio-in redirection for Amazon Linux WorkSpaces .................................... 113 Enable or disable time zone redirection for Amazon Linux WorkSpaces .................................. 113 Grant SSH access to Amazon Linux WorkSpaces administrators ............................................. 114 Override the default shell for Amazon Linux WorkSpaces ..................................................... 115 Protect custom repositories from unauthorized access ......................................................... 115 Use the Amazon Linux Extras Library repository ................................................................. 115 Use smart cards for authentication on Linux WorkSpaces ..................................................... 115 Manage the running mode ...................................................................................................... 115 AutoStop WorkSpaces ..................................................................................................... 116 Modify the running mode ................................................................................................ 116 Stop and start an AutoStop WorkSpace ............................................................................. 117 Modify a WorkSpace ............................................................................................................... 117 Change volume sizes ....................................................................................................... 118 Change bundle types ...................................................................................................... 119 Tag WorkSpaces resources ....................................................................................................... 120 WorkSpace maintenance .......................................................................................................... 121 Maintenance windows for AlwaysOn WorkSpaces ............................................................... 121 Maintenance windows for AutoStop WorkSpaces ................................................................ 122 Manual maintenance ....................................................................................................... 122 Encrypted WorkSpaces ............................................................................................................ 123 Prerequisites .................................................................................................................. 123 Limits ............................................................................................................................ 124 Overview of WorkSpaces encryption using AWS KMS .......................................................... 124 WorkSpaces encryption context ........................................................................................ 125 Grant WorkSpaces permission to use a CMK on your behalf ................................................. 125 Encrypt a WorkSpace ...................................................................................................... 128 View encrypted WorkSpaces ............................................................................................ 129 Reboot a WorkSpace ............................................................................................................... 129 Rebuild a WorkSpace .............................................................................................................. 129 Restore a WorkSpace .............................................................................................................. 130 Upgrade Windows 10 BYOL WorkSpaces ................................................................................... 131 Prerequisites .................................................................................................................. 132 Considerations ................................................................................................................ 132 Known limitations ........................................................................................................... 133 Summary of registry key settings ..................................................................................... 133 Perform an in-place upgrade ........................................................................................... 134 Troubleshooting ............................................................................................................. 136 Update your WorkSpace registry using a PowerShell script ................................................... 136 Migrate a WorkSpace .............................................................................................................. 137 Migration limits .............................................................................................................. 138 Migration scenarios ......................................................................................................... 138 What happens during migration ....................................................................................... 139 Best practices ................................................................................................................. 140 Troubleshooting ............................................................................................................. 140 How billing is affected .................................................................................................... 140 Migrating a WorkSpace ................................................................................................... 141

v

................
................

In order to avoid copyright disputes, this page is only a partial summary.

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Amazon WorkSpaces - Administration Guide

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches