Amazon gets into the DaaS space with AWS "WorkSpaces." Here's what you need to know.

By now you've probably heard that last week Amazon announced they're going to start selling Windows Desktops-as-a-Service (DaaS) directly to consumers and businesses from the AWS cloud (using EC2) via a service called "Amazon WorkSpaces." Pricing starts at $35 per user, per month.

By now you've probably heard that last week Amazon announced they're going to start selling Windows Desktops-as-a-Service (DaaS) directly to consumers and businesses from the AWS cloud (using EC2) via a service called "Amazon WorkSpaces." Pricing starts at $35 per user, per month.

While there's not too much information out there on the offering yet, I've dug through everything I can find and assembled it here.

Details of the Amazon WorkSpaces DaaS Offering

First, these "desktops" are actually Windows Server 2008 R2 instanced that are skinned to look and feel like Windows 7. There are two levels—"standard" and "performance"—the standard for $35 per month with 1 vCPU with 4GB RAM (well, 3.75GiB technically) and 2 vCPUs & 8GB RAM in the performance offering for $60. There's no lock-in or long term commitment. It's simply billed per month, per user.

Both offerings come with persistent storage. (Read that again because it's huge!) Both offerings come with persistent storage! 50 GB for standard and 100 GB for performance.

Customers have full administrative rights over the VMs. These are single-user instances of Windows Server, not Remote Desktop Session Host (RDSH) shared-session VMs. (Amazon can't host Windows 7 as a service due to Microsoft's bullshit licensing policies around the Windows client platform which don't apply to Server. So DaaS providers are forced to host single-user servers and call them desktops. Fun.) You can add them to your own on-premises Active Directory (via Amazon's Virtual Private Cloud or Amazon Direct Connect service), and you can install whatever applications or management agents you want.

For an additional 15 bucks a month you can add on Microsoft Office 2010 Professional and Trend Antivirus (or, again, if you have those already you can install them yourself).

Remote access to WorkSpaces is provided by Teradici's PC-over-IP protocol. Amazon has released their own software clients for Windows, Mac OS X, iOS, Android, and the Kindle Fire. (The Kindle and Android clients even support attaching a keyboard and pointing device or touch pad.) You'll also be able to use PC-over-IP zero clients with an upcoming firmware update from Teradici. (I still don't so how "firmware" and "zero client" go together, but whatever...)

What this means

This announcement is a big deal. We've written that 2014 will be the "Year of DaaS," and so far it looks like this is coming true. The fact that Amazon is doing this puts the idea of DaaS into the heads of everyone. (Just like VMware buying Desktone put the idea of DaaS into the heads of virtualization geeks).

Recall that last month I wrote that I believe all organizations under 500 seats (an arbitrary number, but you get my point) should just buy DaaS instead of building it themselves. Given Amazon's investments in technology, datacenter efficiency, and all the processes around it, I just can't imagine that anyone can build their own VDI for less than this? And for $35 a month, who'd want to? Sure, you have to make sure you have the bandwidth to support all these connections from your office, and yeah, you have to think about where your files and enterprise apps will live, but in terms of "how to get to VDI," I feel like we're moving towards DaaS being the way and you have to make a good use case as to why you wouldn't use DaaS if you want to build your own VDI.

Having zero up-front CapEx expenses is incredibly interesting. While you know what I think about cost models and how I would respond to Amazon's blog post about the ROI of their DaaS solution versus traditional desktops, there's really something compelling about literally paying for only what you need, as you need it, with no upfront costs. And again, with a fully persistent image that's run by someone else... I like it a lot!

Questions Remain

That said, we still have a lot of questions. In terms of the technology, remember that all I care about is that your VDI supports persistent disk images. So knowing how they can do persistent storage is not one of my questions because I don't care. But I do care that desktop VMs have GPUs in them. And while Amazon recently announced EC2 instances with GPUs, they didn't mention this in their WorkSpaces announcement, so I assume that won't be an option out of the gate.

We also don't know the details of how Amazon has implemented PC-over-IP. I spoke with Teradici's CEO Dan Cordingley on Friday about this deal, and he said that Teradici has made their entire stack of technologies available to Amazon, but that we'd have to talk to them for the details. (So they could be using Teradici software encoders, the Teradici hardware chips, the PC-over-IP gateway, the network QoS stuff integrated with Cisco, Riverbed, and F5, etc.)

Another question is what exactly Amazon means when they say the WorkSpaces images are "fully managed." In one of the technical descriptions of the product, Amazon mentioned that they handle patching and maintenance. But how does that work if you join the instance to your own domain? Can you opt out of that?

Then there's the question of the service-level agreement. I couldn't find a specific SLA for WorkSpaces, but the standard EC2 SLA allows for almost 4 hours of downtime per month before they give you any credit (and even then it's only 10%). S3 allows for up to 8 hours a month before service credits kick in.

Amazon's marketing materials also indicate that they automatically (and "frequently") back up each desktop's My Documents folder to S3. Unfortunately we don't know what that means or how it works. Does it allow users to access their files from an S3 client directly? Do administrators have the option to do specific point-and-time and file-level restores? Do users? Can we add more folders to that? Can we turn that off and use Dropbox instead?

Overall there were several references to the WorkSpaces "Documentation," but I sure couldn't find and/or don't have access to that. There's certainly nothing about WorkSpaces listed on the AWS Documentation page.


We're working on a book for release in 2014 about DaaS, and as part of that we're interviewing dozens of DaaS providers, customers, and partners. So our list of potential caveats around DaaS is pretty huge. (Actually it's so huge we could write a book on it!)

I don't want to get into everything here, but suffice it to say, one of the biggest things to keep in mind with Amazon WorkSpaces (or any DaaS environment) is that you'll most likely have to upgrade your workplace's Internet connection if you want to switch an office full of traditional desktops to cloud-based DaaS. That would be my Number One concern.

People make a big deal out of the SLAs, but I'm not too worried about that. I mean they're Amazon. If they're down then they're in the news, and when they're down they have about 300 engineers working on it. When your current physical desktops go down, who even knows? Yeah sure, your desktops don't all go down at once, but what's the different? I guarantee Amazon can keep a VDI running more reliably than you can.

The Bottom Line

Amazon is offering a fully persistent desktop with PC-over-IP, 4GB RAM, a 50 GB hard drive, and no bandwidth charged (well, no bandwidth charges from them) for 4.7 cents an hour.

Think about that. This is not a bad deal.

WorkSpaces is currently available as a "limited preview," and I haven't actually been able to put my hands on it yet. Hopefully that will change soon. I'll be speaking to Amazon about WorkSpaces this week. I'll ask the questions I've listed here, but please share any other questions you'd like me to ask and I'll update this post next week. I'm really excited about this offering and hope that they and the other DaaS providers have huge success in the next twelve months!

EDIT November 26: I sent Amazon 50 (!) questions about this product, and they answered them all. Check out their answers in this post.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

This is fascinating stuff and will certainly be a big push for DaaS.

It will be interesting to see what the actual implementation of all the nitty-gritty details looks like.


Isn't persistent storage simply a mapped D drive on S3?

I think the C drive could still be non persistent.

I would like to see a per hour costing, so you can turn them off at night and reduce cost further.


Good ! now your desktop is in the cloud, you will have to get back in your enterprise for your ERP's and other back end infrastructure that still exist ;-)


It was just a matter of time for Amazon entering the DaaS market and therefore putting it into the limelight.

Today there are only few DaaS providers offering "real" cloud technology that was custom made for cloud providers. There are Desktone, tucloud, dincloud in the US, nivio in India and tocario in Germany and Europe.

Most DaaS providers are MSPs offering managed Citirx or VMware. With Amazon entering the market the whole Desktop-as-a-Service market will probably gain some speed and we will see alternatives to the managed Citrix Xendesktop or VMware View providers rising in the market.

So for us at tocario - being a niche competitor to the the AWS offering - we are looking forward to the market, that will develop! Amazon workspaces will be a game changer, as the awareness for outsourcing VDI will rise.

Carsten - CEO


I wonder if AWS WS will be able to be accessed with traditional thin clients (x86 based, WES or Linux).

I don't think "Zero Clients" can handle Unified Communication well (at least for now), because they lack the presence of local agents to process the media streams peer-to-peer, when x86 based thin clients (especially the high-end ones) can do it quite well.


@rahvintzu, to answer your question, "Isn't persistent storage simply a mapped D drive on S3?"

The answer is no. These are fully persistent images. (Remember you can add them to your domain, install your own software, etc.) They're just using S3 for backup. (How exactly they're using it I don't know.. I assume it's used in case a user deletes an important file or something?)

Regarding your comment about per hour pricing, that would certainly be interesting. Since the images are persistent, they'd have to charge some baseline amount for the storage, like 10 bucks per month then 6 cents an hour or something. It would also be interesting if they could automatically suspend / hibernate desktops that weren't in use and then resume them on demand.

And, finally, it would be cool to see future offerings for non-persistent images (though in that case maybe you wouldn't need "WorkSpaces," maybe the normal EC2 hosts would be fine if they would add PCoIP to them.

Also I'd love to see seamless Windows and the ability to connect to single apps. Maybe even an option for Framehawk?


How is licensing handled on this? Is it like others where you still have to bring you own Microsoft licensing to the table?

Much like other items in this space, there will be a proper way to use Amazon WS.... the problems are most severe when you try to do DAAS (or VDI for that matter) for the wrong reasons.

Finding the best solution for each situation isn't an easy task, and waaaaayyyyyyy too many deals are closed to make commissions instead of provide the correct solution.


@Travis, since this is single-user Windows server, they can resell access via Microsoft's SPLA program. Really this is no different than the per-hour Windows-based offerings in EC2.

Same goes for Office. When you pay $15 more per month, that's for renting the Office and Trend AV licenses. Or if you want to install your own copy of Office and go with the cheaper option, that's fine too.


I was thinking (without investigating) that they must be adding on the SPLA licensing costs to the per desktop costs. Upon actually reading their site, it appears that isn't the case. If you can get away with the performance on the "standard" offering, it could indeed be quite a viable offering for some who are looking to deploy "VDI" to their workforce. Adding in the filesync utility they mention to keep "my docs" in sync with a corporate server instance, and this could get interesting.


Why would you want to use the filesync utility to keep your cloud desktops in sync with your on premises file servers? Hopefully if a customer is going to the cloud for their desktops, then they've also gone to the cloud (SkyDrive, Box, DropBox, etc.) for modern file syncing that works across all platforms. :)

Who would trust the cloud for desktops but then wouldn't trust it for files?


How could they pay for the license cost of Windows Server 2008 R2? Or do the customers pay? Does the server license cost $500 retail?



Microsoft has this program called the "Service Provider Licensing Agreement" (abbreviated "SPLA") where they offer various products to service providers (cloud hosters, MSPs, etc.) who charge for their products on a per-use basis. (More information on SPLA is here:

Of course I have no idea what Amazon's deal is with Microsoft, but if you use EC2 and pay 7 cents to run a Windows Server in the cloud for an hour, Microsoft is getting a small portion of that. Amazon keeps track of how much usage there is each month and pays Microsoft monthly.

So that's how various Amazon products like EC2 and WorkSpaces are licensed. The cost of the Microsoft OS is built in to the cost that Amazon is charging. (This is also why it costs $15 per month more for Office. There's also a SPLA program for Office, so Amazon is passing some of that $15 back to Microsoft if you buy Office from them.) I'm sure Amazon made a similar deal for Trend AV.

This is also why this Amazon WorkSpaces offering uses single-user copies of Windows Server instead of "real" Windows 7. Microsoft does not have a SPLA license for Windows client OSes, and the industry would revolt if Microsoft made one special for Amazon. This is also why OnLive got shut down. They were offering Windows 7 DaaS in a non-compliant way.


This is definitely a wake-up call for those looking to get into the DaaS market.


The correct licensing vehicle being used by Amazon is really the key here. Unlike OnLive's attempt to work around the Windows client license, this case of using the Server admin mode latches the loophole.

The combination of hosted files at Amazon and the applications to open them will make even more sense. As users get access to files they need from other devices, the reverse wiring would allow the file association to open the file in the app. Just add secure management of the file access controls and you have an enterprise friendly option, too.


@ Brian, thanks Brian, that makes sense; So DaaS really has a case here.

Any idea how the Amazon AppStream SPX works? I speculate that Amazon uses a GPU pool to render and encode to H264. The adaptive to network condition part comes from transcoding of the H264 stream.


Who is the target customer? Not enterprise IMO, as they will require many more bells and whistles that I see  almost zero reason for Amazon to invest in. This feels like low hanging fruit that was easy to enable and represents low risk for some folks.

I'm more interested to see how this compares to the Microsoft equivalent. I suspect this is more about a 'Me Too' offering than any serious attempt to do anything material.

Ultimately for an Enterprise DaaS option, I'd want the choice of desktop and server OS based upon my user base. All that, plus all the controls that Amazon is not going to provide...



Personally, see this as a good thing.  

Hopefully they'll go back to all those customers that are using their own licensed copy of Office and start charging them for this.  Likewise those customers using their own RDSH CALs and hosting it on AWS (against the PUR). So Brian, the cheaper option you mention above where customers provide their own copy of Office isn't technically allowed though technically it does work.

The amount of times we've lost deals to AWS simply because AWS and MS with their blind eye attitude to Amazon simply allowing customers to use their own licenses on multi-tenanted tin not owned or dedicated to them and against the PUR of their software and only available under the service provider use rights (SPUR).

Perhaps this will start to make it's way into the other MS product suites for those people offering DRaaS on AWS

The MS PUR doesn't allow you to use your own license for Office, RDSH CALs on hardware that's not dedicated to you.  Hardware not virtual instances.  As a service provider we either have to offer dedicated hardware or charge the customer under SPLA for software they have already bought.  Why MS simply ignore Amazon (we've raised it and it goes nowhere) blatantly allowing this is anyones guess.

Hopefully this will bring this to the attention.

/rant over/


I also presume that user personalisation/profiling (AppSense/CPM) is down to the solution provider/service broker to figure out.

Also agree on the controls point made previously, will there be a management layer? And how high will it go (first line helpdesk or 3rd line ops)?

That said, given Amazon's price point, I can see this will give Citrix/VMWare something to think about when setting their pricing in 2014.


Interesting as they are also offering a product called AppStream!


Wow! That AppSteam thing is interesting. So it's Windows apps with their video streamed from the cloud, but it uses an H.264 UDP protocol they're calling STX. I wonder why they didn't go with PCoIP?

Also the servers for it are g2.xlarge at 83 cents an hour, so I guess they're using RDSH with that too? I mean no one would pay 83 cents per user per hour.

Very interesting...



AppStream isn't about enabling remote access to existing ("legacy") Windows apps. It's a platform for developing new, Cloud-based apps. Basically a means for developing apps that require more processing/graphics power than local devices are able to provide. In order to use AppStream for your apps you must integrate with the AppStream SDK, and create custom client apps.

It's kind of doing for apps what Amazon did with Silk for web pages.



It'll be interesting to see how many service providers just start using this as a foundation for their own comprehensive managed service offering, rather than bothering trying to grapple with putting together the infrastructure themselves.


I'd be curious to understand how well Amazon's STX protocol performs over 3G/4G networks vs. Framehawk's LFP protocol, independently of the target application workload.


I'm surprised that no one has asked the question 'what is amazon using on the back end to enable this service?'  This sounds very much like Desktone's solution so I wonder if Amazon is actually utilizing Desktone behind the scenes.  I work with some other DaaS providers who do use Desktone and their customer facing pricing is very similar to Amazon's.  


i can't imagine that Amazon would pay for the overhead of Desktone. I'm sure they're using their own back end, the same that they've developed which provision the hundreds of other AWS offerings.