Note: The page that I retrieved this diagram from shows users connecting to WorkSpaces over a DirectConnect link when one is present. They are coming into their desktop from an untrusted connection, even if the endpoint they are connecting from is on a trusted network. The following image illustrates the connection path between the users and the desktop when a VPN connection is in place between the on-premises environment and AWS:Īs you can see from the diagram, on-premises users don’t connect to the WorkSpaces over the VPN tunnel – they do it over the Internet. This happens even if I have a VPN tunnel or use DirectConnect. WorkSpaces differs from traditional on-premises VDI in that all user connections to the desktop go through a public-facing service.
#Amazon workspaces login issue how to
Understanding How Users Connect to WorkSpacesīefore we can talk about how to integrate any multi-factor authentication solution into WorkSpaces, let’s go through the connection path and how that impacts how MFA is used. This feature is not enabled by default.Īnyway, that’s a very high-level overview of WorkSpaces. Amazon also has a web-based client that allows users to access their desktop from a web browser. WorkSpaces uses an implementation of the PCoIP protocol for accessing desktops from the client application, and the client application is available on Windows, Linux, MacOS, iOS, and Android. Amazon also provides multiple methods to integrate with the customer’s Active Directory environment, so users can continue to use their existing credentials to access the deployed desktops. The benefit of this over on-premises VDI solutions is that Amazon manages the management infrastructure. It utilizes AWS’s underlying infrastructure to deploy desktop workloads, either using licensing provided by Amazon or the customer.
If you couldn’t tell by the name, Amazon WorkSpaces is a cloud-hosted Desktop-as-a-Service offering that runs on Amazon Web Services (AWS). The integration work ran into a few challenges, and I wanted to blog about those challenges to help others in the future.
I recently did some work integrating Duo MFA with Amazon WorkSpaces.