 Then you've got to use the other one, the one you have with the house, the one that I record you use this one. Okay. Okay, I'll be waiting for the audience. Okay, then you wait for them. Don't they say in a good, in a good way. Okay. So anyway, please. Okay. I'm sorry. Okay. Slide's okay. Slide's okay. Another full screen. Okay. Okay. Yeah. Hey, good evening everyone. And this is the last session. I will take 15 to 20 minutes and before that just want to share. This is my favorite place because the first time when I came in Singapore three years back, I came to deliver a training and this is the same place and few faces are familiar. And thank you AWS user group Singapore for this opportunity. And today my topic is around end user computing. I just would like to know that how many people are familiar and using any product from end user computing portfolio, be it like AppStream 2.0, WorkSpaces, WorkDoc, anyone familiar except AWS folks? Yeah. Anyone? Okay. Great. So we are aware about the services AWS is providing from the storage from the compute. But this is this is a field which especially like I explored in last 24 months because of the situation globally. And we were forced to work in in remote environment. And I am going to share the learning because I come across a certain opportunity from the customer point of view and few architecture diagram which I am going to share and there is a demo. So let's start small agenda just bit about what is AWS WorkSpaces some key consideration while deploying it and I have a demo before that I will give a walkthrough to the architecture and then we can have a Q&A. So WorkSpaces is a fully managed desktop as a service and we can get again the Windows 10 experience as well as the Linux experience out of the box. Again underneath it is running Windows Server 2016 2019 and but but again it will work for the client purposes. Don't take it that we need to make it as an AD and all those things because it is not giving that full flexibility what EC2 instances will give. And again as the value proposition of a managed service backup and all those things has been automatically taken care and we can install the application the clients and let's say our backend application is hosted on EC2 and all those things. So we can access it easily and we can leverage the Active Directory if it is existing especially in the enterprise world and we don't need to build everything from scratch that is where this is one of the prerequisite that Active Directory or kind of some user store need to be there to build this workspace. Well I will give a demo I will give a walkthrough around that area and if any organization is using any kind of radio server any MFA or any any SAS product that is also supported here and BYOL licenses is there and I bought a star mark because there is always a strings attached when we talk about Microsoft licensing. And important part that we can share our local camera like this gentleman is using this Logitech C9 I think 920 so this can also been been shared and we can use these workspaces or desktop to do our zoom call Microsoft teams or even chimes chime and it is fully supported which came I believe in last quarter of 2020. As again pandemic accelerated few innovation that is where AWS come up with some protocol name WSP which is specific for workspace protocol and then as it will be part of a VPC so we can utilize the other services using a private length security. So this is just a high level about AWS workspaces. So under the hood let me try to zoom because this is a bit busy architecture I think well this zoom or not okay so maybe I will take so workspaces is as a managed service so it will inject the ENI in our VPC. So point to consider here that it is the managed VPC always a public endpoint whether these ENIs are going to inject in our private subnet according to our VPC design the workspace can be accessible using its client. Obviously if there is no NAT gateway and all those things we will not able to access any internet or we will not able to do any internet browsing from these workspaces. But everything will be managed and it is availability zone specific and SLA is provided from the Amazon side. So this is the architecture I just created because most of the time it is confusing like directory service as I mentioned user data store is required whether we can leverage the existing AD. It can be on premises then we need to set up the VPN and all those things and there is a service or a feature name in the directory services known as AD connector or if we want a Samba base directory service or a full-fledged Microsoft Active Directory those kind of features are there. So we can leverage and then point to consider because the service is not available in all the region again as it is not that regular service but the demand is very high nowadays. So keep remember if you are going to work on such opportunity or going to propose in your own organization do your due diligence around the region availability. Same with the application compatibility even these are the full-fledged desktop but underneath it is running on the virtualized environment. So we know that AWS is using their virtualization layer nitro system and in the previous version of workspaces it may be the different virtualization so maybe nested virtualization is not there. I came across opportunity when I try to install Docker and because again virtualization on virtualization so it was not working in the case of Windows system but now I believe last six month there is an improvement happen and there is a way that we can run any container run time. You can follow the blog post it's very straightforward steps written there and the same with sizing requirement. It's not again the sizing what we see in the EC2 there is again the different terminology known as a bundle and you need to understand like whether you want any performance one which will be maybe a more vCPU and memory as well as if you need any kind of a graphics requirement those kind of things are there. And apart from that again as I mentioned about the public endpoint ports and protocol that is that is the most important part even it's a managed service it will set up by own but again following any kind of a security parameter and policy. You need to make sure the required ports will be open and AD will be able to connect with workspace those endpoints and the ENIs. Again there are two type of offering one is always on so if we know that the utilization pattern will be entire month so it's like we can opt for the always on model. But if there is some kind of let's say ad hoc basis our users are remotely or they are going to use only for few hours a day or according to that so auto stop is there. So we can set that that if there is no activity for 2 hours or even an hour it will go as a stop mode and there will be no charges. But read about the charges in detail about the auto stop model because it may happen in some cases I see it may be much expensive than the always on. Okay so the quota this is this is the important part how many people are having IWS account for your personal testing and all those things. Okay just check so by default there will be only two what I can say the number of work spaces we can provision in account. So if you come across the opportunity where you need to move make sure you plan it properly and you can read the support ticket and then then yeah good to go. And again the enterprise scale segment if someone is someone want to make it as a self service that is where the another service we can use known as AWS service catalog. How many people use that? Okay so yeah these are the services which are not that common but yeah this is really useful. I come across the opportunity where we connect what I can say service now yeah. So it connect with service now and the user can request that they want a desktop and they fill like because we prepare the catalog that how what kind of configuration can be provided to our department wise. And then good to go so make sure like these kind of things need to consider again this is a very deep area maybe in the upcoming we upcoming meet up we can discuss more around this. So I am coming to that now demo part so I have prepared a demo around that the scenario is the data need to remain in AWS and the application is already hosted and in my scenario the landing zone is already established. But while analyzing this requirement that we need to spin up the work spaces the work spaces are not available in that region. So yeah now we need to think that what we can do and then again VPC pairing not allowed that is kind of let's say our security policy because yeah VPC pairing is the easy method but again it has some its own limitation. And as I mentioned if the landing zone is already there there is involvement of transit gateway and all those things. So we need to make sure that VPC is VPC pairing is not part of the story. So now coming to the architecture of our demo that the above part is bit same like which I showed two three slides ago. So just just think that the down is a region where our application is hosted our full fledged landing zone is deployed here. So we are not going to touch anything we have a shared services VPC where our AD is there again it can be a AD full fledged on easy to or it can be a read replica. You can say replicated from the on premises scenario can be anything but understand that AD is here. Now in my demo I prepare the transit gateway like in shared services one transit gateway is there the above one is the reason where the AWS work spaces services are there. So I have created the transit gateway I have done the pairing part and AD connector I have used to AD connector works like as a proxy. AD connector works like a proxy let me see if I can zoom in a bit not sure from all this but let me see I am learning back nowadays guys sorry about that. So just to share so the above one so here I am using AD connector which works like a proxy. So to understand AD connector is not storing or caching any user data in itself it is just giving a proxy way and it is managed. So because my AD is there I want to use my AD privately to the another region that is where AD connector is fulfilling that requirement and I build the entire scenario like this. So let me jump in the console and show you give you a quick walk through. Okay I think can you confirm if anyone see my windows. Okay so this is my jump server okay and this is in the Singapore region let me quickly show from this side. So in my Singapore region I have selected by the way work spaces is available in both Singapore and the other region which in which I prepare a demo but please consider the scenario that in one region the work spaces are not there. So I have created my jump server and I have created my AD on EC2 you can see there is no public IP attached to this. It is a private IP 10.100.4.131 and I have RDP to my jump server and from a jump server here is my AD server. So let me open my AD again in AD I have created a service account as well as few users like on my own name. So this is just a AD scenario and to show here in VPC if I go to transit gateway is there which is paired with the other region transit gateway. Quickly I am going to the transit gateway. This is my Singapore region transit gateway and if I go in the route table and associations. So you can see it is having a pairing and it is connected with the VPC in which my AD is residing. So now I am going to the another region which is I just selected Mumbai okay. So here again the same kind of scenario my transit gateway is here and transit gateway has in a route table which is having the association and attachment of it is paired with the Singapore region transit gateway. As well as attachment of VPC in the Mumbai region. So in Mumbai region if I go to my work spaces the important part as I mentioned the directory. So we can set up a directory by this and again please check do your due diligence which feature of even directory services are available according to the region wise. So AD connector is there that's where I just selected AD connector. I will show like I have built all these. So in the in my Mumbai VPC I selected to private subnet and my AD connector is set up here and if I go to detail directory services I can show you the DNS. I just put it the 10 dot yeah that I believe you can see now it's a Singapore based AD. So there is no local DNS or no AD available in the Mumbai region. Only this single IP I have added to create this AD connector. So now my AD connector is ready. I would like to go to work spaces. Let's say I want to provision a new desktop. So I'm selecting a desktop again. I have a two different AD there again. Two different AD connector here. So I can select and from here I can ask like how many users are there. So I just added few users like CN, Chirag Nair Nair. Again I can add a user in AD and then when I will search it will auto populate here. You know everything is happening through the AWS backboard. So let's say I am selecting this as a user and then going to the next step. So important part as I mentioned the protocol we need to understand. There are two protocol one is PC over IP the another one is workspace protocol. Again the case to case space if you want to use any zero client kind of a scenario then WSP will not work on that. And if you want any kind of a graphic base workspace or desktop again WSP will not work. But if you want to use let's say you have some kind of agents support agents and you want to provide them a scenario and you want to set up your telephony system on this desktop. That is where WSP will work because you can share your let's say my mic as well as the camera. It will work inside that desktop and agents can talk. So this is kind of a small difference I am sharing because again there are many factors to consider. And after that again protocol wise we can filter and then we can select like what kind of size required. Again it is called a bundle performance as well as standard. According to that let's say I am just selecting randomly here this one and there is a root volume and there is a user volume. We can increase decrease and then we want encryption as well as in which mode we want to set up always on or auto stop mode. And then it is showing the yeah so let's say if I click launch workspace it will take 20 to 25 minutes and it will get launched. But I have already launched two different workspaces so let me show that part that how the experience look like. So I am going to my desktop now and again these workspaces are can be connected via client again requirement wise we need to understand. It can be work on most of the devices beta iOS iPad or any Android system as well as there is a new version of workspaces web is there. Even these version of workspaces can work on the web but most of the time I found that client experience is always much much better. So let me just because I install the client and there is a logging information is there from the documentation you can find or from the console. I just added all that information. Let me add the credentials. So it may take 10 to 15 seconds and then I'll show you the experience. Okay how many people are familiar with Amazon Linux 2. Amazon Linux 2 I think whenever we are following any course or any preparation of certification we spend up T2 or T3 micro something like that. So yeah now you can see the GUI experience of Amazon Linux 2. So this workspaces packed by Amazon Linux again I can use this for my development machine or anything. Let's say if I need to access the application I can install all those clients here. So yeah this is just a Linux version and if I want to show the Windows one which I have spent up just give me another. I think this is my Windows one the registration code is required. So I'm launching the Windows one so that you will see it will give the Windows 10 experience. So I can install any application even I can watch the YouTube inside that I have tested it and it worked like a charm. So that's about a demo. Just a last point in workspaces please consider it is for one user one workspace. This is kind of a catch point here. Okay it is not that for a one workspace you can add a 10 user maybe there are some different VDS solutions which will support such kind of thing. But in the workspace it's not like that. But it may happen that we can create a multiple directory services or like I am in my in my scenario I'm using a single AD but a two different AD connector. And the same you can say as a new user I'm just giving it a two different workspaces one is for the Linux and another is for the Windows. So this is the important part here. Okay with that yeah I just want to conclude my today's talk and open for any Q&A. Thank you. Yes yes thank you thank you for this question yes. Okay so because I showed just as a vanilla but there are the option that we can build the image like the AMI in the EC to the same kind of concept is here. We can build the image which can have a pre installed software. Let's say our 10 users need the same kind of software rather than installing one by one leveraging this power that we can build the image and from that we can spin up the 1050 according to that. Like I showed the scenario about connecting service catalog and service now so yeah so yeah the board you can say the advanced level things will the flexibility is there and the features are there. Any question again the security part and this is very vast area I can tell you I just show a small part here but many things can be controlled using IP access control even the certificates we can add. If you have any kind of a PKI infrastructure that only those users will be able to log in using the client any antivirus any any kind of product if we want to integrate that is also possible. So it's all about that following the entire any enterprise strategy how they are following their security framework. So this can be part of the workflow. I think I can add something since you use the TGW. Sorry TGW. You can integrate the data with a file so you can order the product. Yes. Yes yes the possibility is there yes. Okay any other question if no then maybe we can. Thank you.