1. Amazon WorkSpaces AWS Black Belt Tech Webinar 2014 ()

2. Agenda Amazon WorkSpaces Quick Setup Advanced Setup WorkSpaces Cloud Directory WorkSpaces Connect WorkSpaces Amazon Zocalo

3. AWS

4. Amazon WorkSpaces Windows/Mac/iPad/Kindle Fire/Android

5. vs. EC2 vs. App installs Scaling High availability Backups s/w patches s/w installs OS patches OS installation Server maintenance Rack & stack Power, HVAC, net App installs Scaling High availability Backups s/w patches s/w installs OS patches OS installation Server maintenance Rack & stack Power, HVAC, net App installs Scaling High availability Backups s/w patches s/w installs OS patches OS installation Server maintenance Rack & stack Power, HVAC, net XenDesktop on AWS WorkSpaces AWS

6. WorkSpaces Bundle WorkSpaces Bundle Standard 1 vCPU, 3.75 GiB Memory, 50 GB User Storage (Adobe Reader, Internet Explorer 11, Firefox, WinZip, Adobe Flash) Standard Plus 1 vCPU, 3.75 GiB Memory, 50 GB User Storage Microsoft Office Professional 2010, Trend Micro , (Adobe Reader, Internet Explorer 11, Firefox, WinZip, Adobe Flash) Performance 2 vCPU, 7.5 GiB Memory, 100 GB User Storage (Adobe Reader, Internet Explorer 11, Firefox, WinZip, Adobe Flash) Performance Plus 2 vCPU, 7.5 GiB Memory, 100 GB User Storage Microsoft Office Professional 2010, Trend Micro , (Adobe Reader, Internet Explorer 11, Firefox, WinZip, Adobe Flash)

7. Amazon WorkSpaces Quick Setup 20WorkSpace Advanced Setup VPC Active Directory

8. Quick Setup WorkSpaces

9. WorkSpace 20StatusPending Running

10.

11. WorkSpaces http://clients.amazonworkspaces.com

12. WorkSpaces

13. Quick Setup WorkSpaces VPC VPC WorkSpace WorkSpace

14. Quick Setup VPC Subnet Availability Zone Availability Zone Virtual Private Cloud AWS Cloud Internet Gateway Domain Controller VPC Subnet Domain Controller WorkSpaces WorkSpaces WorkSpaces WorkSpaces Client Mobile Client Internet

15. Advanced Setup VPCActive Directory WorkSpacesVPC WorkSpace

16. WorkSpaces Cloud Directory Active Directory AWS WorkSpaces WorkSpaces Connect Active Directory

17. WorkSpaces Cloud Directory Organization Name Directory DNS NetBIOS Name Administrator Password VPC VPC Availability Zone Subnet

18. Cloud Directory Multi-AZ Subnet EC2 Active Directory Redircmp.exe Active Directory Domain Controller Domain Controller Availability Zone Availability Zone Virtual Private Cloud

19. Active Directory WorkSpaces Cloud Directory %SystemRoot%system32dsa.msc

20. Security Group Domain Controller WorkSpaces Security Group _controllers _workspacesMembers EC2 Console Workspaces

21. Security Group TCP 53 DNS TCP 88 Kerberos TCP 135 Endpoint Mapper TCP 389 LDAP TCP 445 SMB TCP 464 KPassWD TCP 636 LDAPS TCP 1024-65535 RPC UDP 53 DNS UDP 88 Kerberos UDP 123 NTP UDP 138 Endpoint Mapper UDP 389 LDAP UDP 445 SMB UDP 464 KPassWD RPC Windows Windows http://support.microsoft.com/kb/832017/ja Windows Vista Windows Server 2008 TCP/IP http://support.microsoft.com/kb/929851/ja

22. Organizational UnitOU Computer OU OU Security Group WorkSpaces Security Group Security Group

23. WorkSpaces Connect Active Directory Amazon VPC Internet Gateway Active Directory VPN Direct Connect DNS / 2 IP

24. Subnet 1 AZ A Subnet 2 AZ B Workspaces API End-point Customer Network VPN Connection Public IP OAuth Gateway Secure Auth (443) Public IP WorkSpaces Connect WS User1 Public IP WS User2 On-premises Domain Controllers Directory Join Directory Join WorkSpaces Connect On-premises Resources

25. WorkSpaces Connect Active Directory Organization Name Directory DNS NetBIOS Name Account username Administrator Password VPC VPC Availability Zone Subnet

26. WorkSpaces Connect VPC WorkSpaces Connect WorkSpaces Connect Availability Zone Availability Zone Virtual Private Cloud VPN Gateway Customer Gateway Domain Controller Corporate Data center

27. Multi-Factor Authentication RADIUS MFA Symantec Validation and ID Protection Service (VIP) Microsoft RADIUS Server PAP/CHAP/MS-CHAP1/MS-CHAP2

28. () Google Authenticator Google Authenticator FreeRADIUS Google AuthenticatorPAMPluggable Authentication Module GUI

29. - 1

30. - 2 Active Directory

31. - 3

32. WorkSpace ENI VPC WorkSpace TCP/UDP 4172 TCP 8200 UDP 55000

33. WorkSpaces NATEIP Cloud Directory NAT Instance Connected Directory NAT Instance On-Premise Firewall Elastic IP Address

34. 1:Cloud Directory NAT Instance NAT Router Availability Zone Availability ZoneVirtual Private Cloud AWS Cloud NAT Internet Gateway Internet

35. 2:Connected Directory NAT Instance Router Availability Zone Availability ZoneVirtual Private Cloud AWS Cloud NAT Internet Gateway Internet Virtual Private Gateway VPN Connection Customer Gateway Corporate Data center

36. 3:On-Premise Firewall Virtual Private Cloud AWS Cloud Availability Zone Availability Zone Router Virtual Private Gateway VPN Connection Customer Gateway Internet Corporate Data center

37. 4:EIPElastic IP Address WorkSpacesENIEIP Availability ZoneVirtual Private Cloud AWS Cloud Availability Zone Router Internet Gateway Internet

38. Amazon WorkSpacesIAM IAMAmazon WorkSpaces { "Version": "2012-10-17", "Statement": [ { "Action": [ "workspaces:*", "iam:PassRole", "iam:GetRole", "iam:CreateRole", "iam:PutRolePolicy", "ec2:CreateVpc", "ec2:CreateSubnet", "ec2:CreateNetworkInterface", "ec2:CreateInternetGateway", "ec2:CreateRouteTable", "ec2:CreateRoute", "ec2:CreateTags", "ec2:CreateSecurityGroup", "ec2:DescribeInternetGateways", "ec2:DescribeRouteTables", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones", "ec2:AttachInternetGateway", "ec2:AssociateRouteTable", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "zocalo:RegisterDirectory", "zocalo:DeregisterDirectory", "zocalo:AddUserToGroup", "zocalo:RemoveUserFromGroup" ], "Effect": "Allow", "Resource": "*" } ] }

39. WorkSpaces WorkSpaces Active Directory VPC EC2 Domain Controller VPC Subnet WSUS WorkSpace Server Availability Zone Virtual Private Cloud Customer Gateway Corporate Data center VPN Gateway

40. Tips WorkSpace - - Windows - - - - Windows - C -

41. Tips WSUSWindows .msi / .zip http://docs.aws.amazon.com/workspaces/latest/adminguide/ gpo_app_install.html

42. WorkSpaces Windows 7 Mac OS X 10.8.1 iOS 7.0 Android 4.2 Kindle Fire HDXHD 7 TCP/UDP 4172 TCP 443 (HTTPS) TCP 22 (SSH) RTT 100ms

43. Registration Code Registration Code Registration Code ID

44. WorkSpaces English WorkSpaces WindowsMac OS X

45. WorkSpacePC Mac OS X Cortado ThinPrintGoogle Cloud Print

46. Amazon Zocalo SyncWorkSpaces Sync WorkSpace 50GB Amazon WorkSpaces https://amazonzocalo.com/clients AmazonZocaloSetup.exe Client Internet Amazon Zocalo WorkSpaces Sync

47. Amazon Zocalo AD 1200GB5 1GB0.03 WorkSpaces50GBZocalo 2200GB

48. Amazon WorkSpaces US-East-1 (N.Virginia) US-West-2 (Oregon) EU (Ireland) Asia Pacific (Sydney) 8/27 Asia Pacific (Tokyo)

49. Amazon WorkSpaces WorkSpaces Connect Amazon Zocalo Zocalo Sync

50. Amazon WorkSpaces Administration Guide http://docs.aws.amazon.com/workspaces/latest/adminguide/ what_is.html Amazon WorkSpaces http://aws.amazon.com/jp/workspaces/faqs/ http://aws.amazon.com/jp/glacier/pricing/