Desktop and Application Streaming
Failover strategies for on-premises VDI with Amazon End User Computing
Introduction
A well-architected failover strategy for on-premises virtual desktop infrastructure (VDI) is an important consideration for any business. Most organizations are unable to provide sufficient failover for both their applications and virtual desktops. In the wake of COVID-19, Hurricane Ian, and an increase in security breaches, organizations must reimagine how to reliably provide applications. This is especially true for on-premises VDI deployments, where flexibility to offer highly available applications during an interruption is essential.
Due to the COVID-19 pandemic, power company EDF provided employees workflows to remotely serve citizens within a matter of weeks. AWS End User Computing (EUC) accelerated their failover through automation. They deployed a thousand Amazon WorkSpaces for their remote teams in a safe and reliable manner using infrastructure as code.
Time to read | 30 minutes |
Learning level | 100 |
Services used | Amazon WorkSpaces Amazon WorkSpaces Web Amazon AppStream 2.0 |
Failover Strategies
Browser-based
The first and simplest failover strategy is Browser-based. With this strategy, organizations must provide users with a minimal viable set of protected SaaS apps to keep the business operating. Organizations must do so without incurring substantial incremental costs. This is achieved using WorkSpaces Web, a low-cost, pay as you go EUC service that is easy to set up. WorkSpaces Web is a fully-managed remote browser service designed to facilitate secure access to internal websites and software-as-a-service (SaaS) applications. It provides this without the administrative burden of appliances, managed infrastructure, specialized client software, or virtual private network (VPN) connections.
Pattern | Anti-pattern |
Users must access a subset of SaaS applications during an interruption. | Users need all of the applications in their primary environment replicated. |
Users are able to perform most tasks locally and may need periodic access to protected web applications. | Users only leverage thick client applications. |
Anticipated usage is not predictable and difficult to forecast. | Primary work desktop must be mirrored. |
Pay as you go. | Microsoft Active Directory domain join is required. |
User’s experience is seamless as user state is managed by SaaS provider. | Users need to modify and persist their desktop system state. |
Application Plus
The second failover strategy, Applications plus, provides users with a base set of applications that remain on standby and ready for a failover scenario. Amazon AppStream 2.0 provides a flexible and cost-effective way to ensure that an organization’s critical applications remain available during an outage. Individual fleet instances are non-persistent, but the user state is selectively persisted between sessions. Customers use AppStream 2.0 Elastic Fleets, which incur no cost when not in use. As an alternative, they can use AppStream 2.0 On-Demand Fleets with a minimal cost to reserve capacity.
Pattern | Anti-Pattern |
Users’ primary desktop environment is augmented with remote applications. | Users require a fully persistent desktop. |
Applications are packaged within virtual disk for either Windows or Linux. | No cost when not in use and Microsoft Active Directory domain join is required. |
Pay as you go. | Users need to modify and persist their desktop system state. |
Desktop Protection
The third failover strategy, Desktop protection, provides users with a fully persistent desktop with Amazon WorkSpaces. Amazon WorkSpaces is a Desktop as a Service for provisioning cloud-based Microsoft Windows, Amazon Linux 2, or Ubuntu desktops. Users can access their desktop environment from anywhere, anytime and on any device. Microsoft Windows WorkSpaces support de-coupling the user persona with FSLogix Profile Containers. Profile Containers are used by many organizations to replicate user personas, ideal for Virtual Desktop Infrastructure failovers.
Pattern | Anti-Pattern |
User identities are primarily stored in Windows Active Directory. | Users primarily work with applications that only perform adequately when run locally. |
Users require full system and user data persistence. | Support for diverse peripherals. |
Users require self-service functions including workspace reboot, restore, rebuild, etc. | Support for mature 3rd party remoting protocols. |
Users depend on their workspace as their primary work environment. | N/A |
Pay as you go. | N/A |
Webcam support. | N/A |
Support for Microsoft Windows 10 Bring Your Own License (BYOL). | Users want to bring their Microsoft Office license without an exception from Microsoft. |
WorkSpaces Core
A final strategy is WorkSpaces Core, which supports failover from on-premises VDI to AWS within existing VDI management tooling. This support is identical to the way VDI has been deployed on AWS. For example, companies can use WorkSpaces Core to spin up WorkSpace instances using their existing VMware Horizon management console.
Pattern | Anti-Pattern |
User identities are primarily stored in Windows Active Directory. | Users primarily work with applications that only perform adequately when run locally. |
Users require full system and user data persistence. | N/A |
Users require self service functions including workspace reboot, restore, and rebuild. | N/A |
Users depend on their workspace as their primary work environment. | N/A |
Pay as you go. | N/A |
Support for diverse peripherals. | N/A |
Support for Microsoft Windows 10 Bring Your Own License (BYOL). | N/A |
Support for mature 3rd party remoting protocols. | N/A |
Regardless of the chosen failover strategy, Amazon WorkSpaces now natively supports multi-region resilience. This capability enables a seamless failover to standby WorkSpaces in a secondary region in the event of an interruption. Failover is possible by automatically copying the primary WorkSpace bundle images to the secondary region. It then automatically provisions new standby WorkSpaces in that location.
Conclusion
In this post, we discussed different failover strategies for on-premises VDI workloads to AWS. We discussed some patterns and anti-patterns for each approach. AWS EUC services are an effective, flexible, and cost-efficient way to ensure business continuity in the event of a disaster or other unplanned outage. Get started with WorkSpaces Web for a browser-based failover strategy and how to setup Amazon AppStream 2.0 Elastic fleets for the Application plus failover approach. Learn how to import Windows 10 images to Amazon WorkSpaces for desktop protection failover. Finally, learn how to extend VMWare Horizon using Amazon WorkSpaces Core.
About the Authors
Aisha Bello Senior Solutions Architect |
|
Stephen Stetler Solution Architect Leader, End User Computing |