Amazon entered the cloud computing market a few years ago with a set of pay-for-what-you-use offerings called Amazon Web Services, or AWS. Their first service was the Simple Storage Service, or S3, which was basically a giant hard drive in the cloud that websites could use for storage. The idea is that Amazon has a lot of expertise in running huge (and reliable) systems, and they can probably build a web-based storage array that's more available and much cheaper than you can.
Amazon released more web services over the years. One of last year's services was called the Amazon Elastic Compute Cloud, or EC2. This is basically an on-demand virtual machine in the cloud. You create something called an "Amazon Machine Image" (essentially a VM disk image), and then you can "spawn" as many instances of this VM as you want. (And of course you only pay for the actual time that each VM is running.) Pricing starts somewhere around ten cents per hour for the base-level machine which has a CPU share that's roughly equivalent to a 1.2Ghz CPU, 1.7GB RAM, and 160GB of storage. You can also pay more for additional CPU shares, memory, or disk per VM. (For example, for 80 cents per hour, you can get a single VM with 8 CPU shares with 15GB RAM, or of course eight VMs with one CPU share each and 1.7GB RAM each.)
Interestingly, EC2 is powered by the open source Xen hypervisor, and it's reputedly the largest Xen deployment in the world. (But this is the free open source Xen, not Citrix XenServer.)
Okay, so this EC2 thing is a cool cloud-based VM offering, but so what?
Amazon's EC2 is currently limited to running non-Windows environment (OpenSolaris, Linux, Oracle and MySQL databases, etc.) So it's cool for dot-com startups who want to save money, but it's not really that interesting to corporate IT folks who live in a Windows world. But that all changed last week when Amazon announced that they'd soon release a version of EC2 running Windows.
So if there's an EC2 running Windows, I wonder whether it could be used for a "VDI in the cloud" scenario? Would it be possible to give each of your users a Windows EC2 instance, where you'd only pay for the actual time the thing was up and running?
A Windows EC2-based desktop?
Let's think this through. The first question that comes to mind is "will Amazon support terminal services in EC2 for Windows?" Under the current EC2 pricing, you can get an 8-processor unit VM with 15GB RAM for 80 cents per operating hour. And that could run a bunch of TS users--probably 20 or 30. So you're talking about, what, four cents per user per hour? (And remember, when you don't need the server, you shut it down and you're not paying for it.) Again, this is based on the current pricing, not EC2 Windows pricing, but still, it's worth thinking about. (In a terminal services use case, you'd most definitely need TS CALs, and I'm sure that Amazon won't provide these. But you could very easily build a license server and install your own CALs into another EC2 instance.)
Now it's very possible that Amazon won't let you install Terminal Services or that maybe they'll use the Web Edition of Windows Server.
But if this is the case, no problem--just give each user their own entire Windows Server instance and connect your users in a one-to-one way. Think of it as "Windows 2008 Workstation" and you've got a nice VDI platform that's probably more secure than XP and way the hell faster than Vista.
If the Windows-based EC2 is anything like the current EC2 offerings, then Amazon will basically let you do whatever you want and will support whatever ports / protocols you need. This means your users should be able to connect via RDP. (And Amazon offers static / external IP addresses, so you'd be okay there too.)
So all that said, let's think about what it would take to make this a reality. To use Amazon EC2 for Windows for VDI, you'd need the following:
- A connection broker. I'd probably go for one of the platform-agnostic less-expensive brokers, like something from Ericom, Quest / Provision Networks, or Leostream. (Heck, Amazon even offers an API to EC2, so these vendors could extend their brokers to spawn VMs on demand and route incoming connection requests to them.)
- A protocol. Ok sure, VMware claims that there are plenty of people using RDP, but I'd probably want to use Wyse TCX or Provision's EOP or something like that in the Amazon VM to provide a better user experience.
But you know one thing you wouldn't need? VECD! :)
Once you wrap your head around the basic concept, you can start to think about the other problems or challenges you'd need to solve.
The first thing to consider is you have to think about how Amazon EC2 machine images work. The general idea is that you create a single disk image ("AMI," in Amazon's terms) which you upload to S3. Then you can "spawn" one or more VMs based on this image. Having multiple instances of the same disk image running in the cloud is actually a bit confusing for a lot of people, but for us in the VDI / Terminal Server space, this is business as usual. It's really no problem for us to have multiple users connecting to identical clones of the same master image, as we in know how to handle on-demand personalization, user data, and the general SID problems in other ways.
Questions and potential challenges?
In theory, the concept of using Amazon EC2 for VDI is pretty straightforward. In reality, there are several questions that we'd have to figure out, including:
Domain membership? If each VM is a clone of the same master, then we'd need to figure out how to authenticate domain users to the individual VMs. The good news is that just about all of the VDI products out there solve this problem (typically with some variation of the sysprep process). The bigger challenge is how you do the actual domain authentication from your own domain controllers to Amazon? Maybe you could do something with ADFS? Or maybe you setup a domain controller within the EC2 cloud and then have that connect back into your environment with a VPN?
Pricing? EC2 for Windows is going to be more expensive than the current EC2. But how much more? Who knows? Maybe 50%. Maybe 500%. An expensive price could stop this conversation dead in its tracks.
Data transfer? The hourly costs I mentioned earlier (10 to 80 cents) for Amazon VMs are just for the actual computing execution. Data transfer is $0.10 per GB for all inbound data, and then tiered for outbound, beginning at $0.17 per GB. How much data does RDP transfer in a day? Who knows? (Typically we're so focused on bandwidth that we don't pay attention to aggregate data transfer.)
Persistent Storage? As mentioned previously, it's relatively easy to create a generic Windows image that can be shared by multiple users and spawned / cloned on demand. But each user would need to have access to his or her own data (home drives, profiles, etc.). Fortunately there's another Amazon web service called the Amazon Elastic Block Store (EBS), which is essentially a giant hard drive you can mount from any VM running on EC2. (And this is truly a block-level thing. You can format EBS with whatever file system you want. And like the other AWS offerings, you only pay for what you use.) You pay ten cents per gigabyte per month for EBS storage, which shouldn't be too bad since we're only talking about profiles and home drives (and maybe another network drive or something for shared data that you could mount on a Windows file server running in its own EC2 instance.) With EBS, you also pay ten cents per million I/O requests. I'm not 100% sure what that means, but again, since this is just the home drive and stuff, I don't think it'd be too high. (Even the lowest-level EC2 machine comes with 160GB or so of storage, and that's where your Windows volume and DLLs and page file and stuff would be. The only I/O you're paying for is to the storage that persists in-between machine reboots in EBS.)
Who manages the underlying OS? Will Amazon provide a managed instance of Windows that you have access to, or are they simply "allowing" you to run Windows in EC2? I would imagine the answer to that would depend on what virtualization technology Amazon is using on the back-end. If they're going to stick with Xen, then I'm sure it would be no problem for each customer to completely own their own environment. On the other hand, Amazon might go with a virtualization solution like Virtuozzo, which would lead to a higher density on Amazon's behalf, but would also mean that customers would not be able to control the underlying OS and patch levels. My personal feeling is that the Amazon solution will be more like the Virtuozzo route, since that would give them the density advantage and the control they'd need from the Microsoft licensing standpoint.
What edition of Windows Server will Amazon offer? If this is based on the Web Edition, that might really limit the practicality of what can be done or installed on the remote instance.
Will the licensing agreement even allow this use case? Right now Amazon's current customer agreement does not prohibit connecting to an EC2 instance for use as a desktop computer throughout the day, but this may change when they launch EC2 for Windows.
Performance? As any Terminal Server admin knows, what makes a traditionally "good" performance for a normal server might not lead to good (or even "acceptable") performance for desktops (either one-to-one or one-to-many). So Amazon's CPU compute unit... What's that like really? Can a user use that all day and have it feel like a real computer? And what about the block storage service? What's the connection like from that to the VM?
Data, desktops, and apps outside the firewall? This is the age-old question / challenge when outsourcing critical IT services. How comfortable would a company be with their desktops, domain controllers, data, and who knows what else in the cloud? Personally I think I'd trust Amazon a lot more than I'd trust some random never-heard-of-before ASP. But it would be an issue nonetheless.
And then of course, there's the million dollar question:
Do you really want to build this yourself?
If we're talking about desktops on Amazon EC2, we're probably talking about the customer doing a lot of work themselves. (At least at first.) Can you do this cheaper than a more traditional ASP? Can you do it cheaper and more reliable than someone like Desktone? Do you want to try to figure this all out yourself?
The other part of the "do you want to do it yourself" question is for potential ASPs. For any potential entrepreneurs out there, Amazon EC2 for Windows would probably allow you to compete against someone like Desktone with ZERO budget for hardware. (You wouldn't even need venture capitalists.) All it would take would be some engineering and testing work to figure out how to wire everything together. I'll bet you could even get Ericom, Quest, and Leostream to all compete against each other and probably work out some kind of licensing agreement for like $1 per user per month.
Amazon even has this thing called "DevPay," which is a way for companies to bill their customers for use of Amazon Web Services, including EC2. So there's your million-dollar idea. Who's going to go out and build this thing?