How Aviatrix Improves Amazon WorkSpaces Connectivity

By Karthik Balachandran
Cloud System Engineer, Aviatrix
April 19, 2018

In May 2016, the Amazon Web Services (AWS) website ran a blog post titled, “I Love My Amazon WorkSpace!” Since then, the virtual desktop infrastructure (VDI) has continued to get rave reviews.

BUT—and there’s always a ‘but,’ isn’t there?—some of the connectivity aspects of Amazon WorkSpaces have proven to be complex and a hassle to manage. That’s why Aviatrix stepped in, to make it easy to manage Amazon WorkSpaces beyond AWS, providing essential network connectivity to the datacenter and branch offices.

Making Connections to Active Directory

Amazon WorkSpaces offers several ways to authenticate against your existing Active Directory (AD), the user directory and  identity management solution that allows login to your enterprise resources. You can spin up AD in your Amazon WorkSpaces environment, which synchronizes with your on-premises AD server to give you identity management in the cloud. Or you can use AD Connect, a lightweight software that helps you access AD on-prem.

To accomplish any of these options, you will need secure network connectivity between your Workspaces environment in AWS and your on-prem network. Given the sensitive nature of so much user data—including email addresses and other personal information—these connections should be encrypted. As soon as you try connecting Amazon WorkSpaces to other on-prem or public cloud resources, you’re squarely in the realm of traditional networking technologies and processes. Thus, to enable WorkSpaces with AD, someone has to configure VPN, IPsec, or Direct Connect to establish connectivity.

Aviatrix purpose-built cloud networking software provides cloud and DevOps teams with a self-sufficient, point-and-click UI for making quick, simple connections between your on-premises AD and your Amazon WorkSpaces environment in the cloud. Now, your desktop teams can operate like part of your cloud team, no longer relying on trouble tickets and enduring long wait times for provisioning and troubleshooting.

Providing Policy-Based Access to Enterprise Applications

Once you have your Amazon WorkSpaces desktop in the cloud, you need access to all your enterprise applications, no matter where they’re located.

Here’s one scenario: A user in HR wants access to the enterprise HR system to run reports. The HR application is running on-prem, with all the right policies set up. How do you set up and manage firewall permissions from the user’s workspace to the approved applications? How do you segment this HR traffic from, say, finance users accessing financial apps? This kind of segmentation is really difficult to implement and manage natively in AWS WorkSpaces.

By using Aviatrix gateways, you can get the job done thanks to an easy-to-use web console or using APIs (if you practice infrastructure as code). The network segmentation is enforced by the Aviatrix gateways using a built-in stateful firewall. The Aviatrix gateways enable Amazon WorkSpaces users to access approved enterprise applications, whether the applications are located on-prem, in another cloud environment, or hosted as SaaS. The gateways segment and filter traffic for the respective Amazon WorkSpaces to their required applications. This traffic flow can be logged to analytic systems such as Splunk, Datadog, Sumologic, and others, for audit and compliance reasons.

In addition, the Aviatrix solution addresses the issue of IP address conflicts when connecting applications between on-prem datacenters and public clouds. The solution could potentially eliminate the need to re-factor or re-IP on-prem environments to avoid conflicts with AWS networks.


Comments are closed for this post.

Latest Posts

Aviatrix Now Provides FIPS 140-2 Validated Encryption
By Sam Ghardashem, June 14, 2019

How Aviatrix’s intelligent orchestration and control eliminates unwanted tradeoffs encountered when deploying Palo Alto Networks VM-Series Firewalls with AWS Transit Gateway
By Sam Ghardashem, June 7, 2019

How to Use Aviatrix SD Cloud Routing to Build Azure Networks
By Karthik Balachandran, March 20, 2019

The Cloud in 2019 and Beyond: More of the Same, Only Better
By Steven Mih, December 6, 2018

Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Top Tags

Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FireNetAviatrix Firewall Network ServiceAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS Transit Gateway (TGW)AWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud Gatewaycloud governanceCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)FIPS 140-2GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNext Generation Firewalls (NGFW)NiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSafeLogicSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringUse Casesvalidated encryptionVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVMwareVNet ConnectivityVPCVPC PeeringVPN