How Aviatrix Improves Amazon WorkSpaces Connectivity

karthik
By Karthik Balachandran
Cloud System Engineer, Aviatrix
April 19, 2018

In May 2016, the Amazon Web Services (AWS) website ran a blog post titled, “I Love My Amazon WorkSpace!” Since then, the virtual desktop infrastructure (VDI) has continued to get rave reviews.

BUT—and there’s always a ‘but,’ isn’t there?—some of the connectivity aspects of Amazon WorkSpaces have proven to be complex and a hassle to manage. That’s why Aviatrix stepped in, to make it easy to manage Amazon WorkSpaces beyond AWS, providing essential network connectivity to the datacenter and branch offices.

Making Connections to Active Directory

Amazon WorkSpaces offers several ways to authenticate against your existing Active Directory (AD), the user directory and  identity management solution that allows login to your enterprise resources. You can spin up AD in your Amazon WorkSpaces environment, which synchronizes with your on-premises AD server to give you identity management in the cloud. Or you can use AD Connect, a lightweight software that helps you access AD on-prem.

To accomplish any of these options, you will need secure network connectivity between your Workspaces environment in AWS and your on-prem network. Given the sensitive nature of so much user data—including email addresses and other personal information—these connections should be encrypted. As soon as you try connecting Amazon WorkSpaces to other on-prem or public cloud resources, you’re squarely in the realm of traditional networking technologies and processes. Thus, to enable WorkSpaces with AD, someone has to configure VPN, IPsec, or Direct Connect to establish connectivity.

Aviatrix purpose-built cloud networking software provides cloud and DevOps teams with a self-sufficient, point-and-click UI for making quick, simple connections between your on-premises AD and your Amazon WorkSpaces environment in the cloud. Now, your desktop teams can operate like part of your cloud team, no longer relying on trouble tickets and enduring long wait times for provisioning and troubleshooting.

Providing Policy-Based Access to Enterprise Applications

Once you have your Amazon WorkSpaces desktop in the cloud, you need access to all your enterprise applications, no matter where they’re located.

Here’s one scenario: A user in HR wants access to the enterprise HR system to run reports. The HR application is running on-prem, with all the right policies set up. How do you set up and manage firewall permissions from the user’s workspace to the approved applications? How do you segment this HR traffic from, say, finance users accessing financial apps? This kind of segmentation is really difficult to implement and manage natively in AWS WorkSpaces.

By using Aviatrix gateways, you can get the job done thanks to an easy-to-use web console or using APIs (if you practice infrastructure as code). The network segmentation is enforced by the Aviatrix gateways using a built-in stateful firewall. The Aviatrix gateways enable Amazon WorkSpaces users to access approved enterprise applications, whether the applications are located on-prem, in another cloud environment, or hosted as SaaS. The gateways segment and filter traffic for the respective Amazon WorkSpaces to their required applications. This traffic flow can be logged to analytic systems such as Splunk, Datadog, Sumologic, and others, for audit and compliance reasons.

In addition, the Aviatrix solution addresses the issue of IP address conflicts when connecting applications between on-prem datacenters and public clouds. The solution could potentially eliminate the need to re-factor or re-IP on-prem environments to avoid conflicts with AWS networks.


Comments

Comments are closed for this post.

Latest Posts


Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Implementing a Secure Transit DMZ Architecture with Next-Gen Firewalls
By Josh Hammer, October 16, 2018

Talking Innovation, Disruption and Software Defined Cloud Routing with Steve Mullaney
By Frank Cabri, September 28, 2018

Why the Economics of Adding a Network Engineer to the Cloud Engineering Team Doesn’t Add Up
By Neel Kamal, September 18, 2018

Navigating the New Networking Landscape In the Era of Public Cloud Computing
By Frank Cabri, September 7, 2018


Top Tags


Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud GatewayCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVLANVMwareVPCVPC PeeringVPN