Hi everyone,
It has been quite a while since I dived in to Amazon Workspaces. It’s been my general goto Desktop in the Cloud (but since I havent needed one for a while I haven’t kept up on it). However I recently started seeing some interesting things come out of Amazon Workspaces that I thought I could write about.
These are some recent announcements of features, capabilities, etc. that I am hoping will be of interest to anyone looking for a Desktop as a Service Capability. I will write a few blogs over coming days on this topic as I dive in a little. I hope to deep into some of these features but I may not be able to screenshot everything due to some features not being easy to test in a home lab
Still this will be fun.
BYOL Windows 10 and 11 Licensing now supported for Amazon Workspaces Pools
This was announced by AWS early September 2024 (Ref: Amazon WorkSpaces Pools now allows you to bring your Windows 10 or 11 licenses – AWS) and this capability allows customers who have existing Microsoft Licensing agreements that meet the appropriate conditions from Microsoft to use these licenses in Amazon Workspaces.
What is the requirements/Limitations?
There are some limitations but these are not put on you by Amazon Web Services but rather by the requirements Microsoft have put on running their OS Licenses (particularly desktop software) in the Cloud. These are:
- Dedicated Hardware: This has been a requirement of Microsoft Windows Desktop License use in the cloud for many years (it was one of the reasons I used to run Citrix XenDesktop on a Windows Server OS rather than a Desktop OS back in the day)
- Minimum of 100 Virtual Desktops per region: this is in line with the requirement that it must run on dedicated hardware and is documented by AWS as the minimum for running Workspaces pools on dedicated hardware
- Minimum of 4 AlwaysOn or 20 AutoStop GPU-Enabled Workspaces per region (When using GPU workspaces): This requirement comes in to play if you plan to ruany GPU Bundles (such as Graphics.g4dn or GraphicsPro.g4dn)
- Windows-N editions not supported: There isn’t support currently for Windows 10 or Windows 11 N editions
- You have a VM running one of the following supported Windows versions:
- Windows 10 Version 22H2 (November 2022 Update)
- Windows 10 Enterprise LTSC 2019 (1809)
- Windows 10 Enterprise LTSC 2021 (21H2)
- Windows 11 Enterprise 23H2 (October 2023 release)
- Windows 11 Enterprise 22H2 (October 2022 release)
- Microsoft Office is supported (either AWS Licensed or otherwise): Customers can have Microsoft Office Applications in their bundled images. Depending on whether they are AWS Licensed or not determines how that occurs.
- AWS Licensed: the bundle BYOL image ingestion process provided the option to subscribe to Office 2016 or 2019. As one would expect there is an additional cost on the desktop use if you license through AWS
- Existing Microsoft 365 licensing: If you have licensing for Microsoft 365 Office Desktop Applications then these must be installed in the bundle AFTER the ingestion process through application management.
There are some additional (more detailed requirements and complexities documented in the AWS documentation (such as firewall ports, credentials, etc.). For this level of detail you can go here:
Bring Your Own Windows desktop licenses in WorkSpaces – Amazon WorkSpaces
How to configure it
Enabling BYOL for an eligible AWS account is fairly simple.
- Open the Workspaces Console: https://console.aws.amazon.com/workspaces
- Browse to Account Settings
- Under BYOL Licensing select Enabled
You might be presented with a message like the below instead:
If you see this then assuming you will need to reach out to AWS (your account manager if you have one) or AWS Support to confirm eligibility and once sorted you will be able to click enable.
AWS Provide a BYOL Checker Powershell script to run on the Source Virtual Machine and that can be downloaded from here: https://tools.amazonworkspaces.com/BYOLChecker.zip.
Download the script to the VM, extract it and then
Note: Powershell Execution policy must get set to AllSigned to allow the script to run
You may see failures or warnings as indicated above (I just ran the script against my desktop so I didn’t expect it to pass). You will need to evaluate any warnings and failures and remediate. The script needs to pass every test before you can ingest the bundle.
Export the VM and then Import into EC2
Once it is passed you will use the existing mechanisms available to export the VM into EC2. That is not something I will dive deep into because it is different depending on the flavour of hypervisor.
It is important however to take note of the requirements/limitations around VM Importing (such as VM’s with encrypted disks are not supported for import). These are all documented: VM Import/Export Requirements – VM Import/Export (amazon.com)
Create the BYOL Image in Amazon Workspaces and bundle
Assuming all goes well with the VM Import then the image can be used to create a workspaces image. This can be done from the console under Images -> Create BYOL Image
Once that is done you would create a custom bundle and a dedicated directory (a dedicated directory is required) and then launch
Note: If you have an existing Microsoft AD in AWS Directory services or a directory served elsewhere (that may be used for non BYOL Workspaces) you can use this directory by creating an AWS Managed Microsoft AD Connector that connects to the existing directory.
and voila 🙂
Lee Murphy is an AWS APN Ambassador working for Datacom Systems (AU) based in Melbourne, Australia. He has 20+ years IT infrastructure experience as well as 10+ years experience with Public Cloud and automation. He holds AWS Solutions Architect Professional, DevOps Engineer Professional, Advanced Networking Specialty Certifications and the Equivalent Microsoft Azure Expert level certifications. In his off time he does enjoy old fashioned music from the 50s-80s and is an avid TV and movie junkie.