I sent Amazon 50 questions about their new WorkSpaces DaaS product. Here are their answers!

Last week I wrote about Amazon Web Services' new DaaS offering called "WorkSpaces." Since this offering was just announced and not yet widely available, there were (expectedly) many questions.

Last week I wrote about Amazon Web Services’ new DaaS offering called “WorkSpaces.” Since this offering was just announced and not yet widely available, there were (expectedly) many questions. I collected all the questions I could find (including from the original article, comments to that article, and from the chat during our podcast) and assembled into a single list of about 30 questions which I submitted to Amazon Web Services (AWS).

Last Friday I spoke to Paul Duffy, a principal product manager at AWS. Paul worked with WinFrame in the nineties and spent ten years at Microsoft. He’s been at AWS the past few years and literally stepped question-by-question through my entire list. I figure the easiest way to present his answers here into  just to list my questions along with Paul’s response. (Note that I've paraphrased his answers as I was madly typing, so these are not direct quotes.)

Now onto the questions and answers:

What exactly does Amazon mean when they say the WorkSpaces instances are "fully managed?" What does Amazon do and what does Amazon expect that customers will do? What of that is optional and what is mandatory?

AWS WorkSpaces does all the infrastructure heavy lifting. It handles the brokering, provisioning new desktops, emailing the user to download a client, etc.

If customers have full admin rights over the VMs, how is patching handled? Can customers patch their own VMs? Does Amazon patch them? If Amazon does it, can customers opt out from that? How does that work?

From a software point of view inside the Windows desktop, that’s up to the customer. Windows Software Update Services (WSUS) is turned on by default. Customers can turn that off if they like.

Customers have full control to patch how they like.

Can customers provide a baseline disk image or template to be used when provisioning new WorkSpaces desktops?

Yes. There’s a concept of one or more “golden” AMIs (Amazon Machine Images). They’ll share more as they get closer to release.

Will Amazon support and/or allow customers to install their own copies of Microsoft Office if they don't buy it from Amazon (or if they want a version newer than Office 2010)?

Yes. If a customer is properly licensed for that scenario then they are more than welcome to with no restrictions. If a customer would rather buy Office monthly from Amazon, that’s fine. If a customer wants to bring their own, that’s fine too.

Can customers install their own antivirus solutions if they don't want to use Trend or don't buy that option?

Yes. They are more than welcome to install their own antivirus solution or to pay AWS for Trend.

Does Amazon expect that the WorkSpaces instances can be used for "everything?" i.e. can customers watch YouTube videos through WorkSpaces, or is it expected that they'd watch YouTube videos via the YouTube client or browser on directly on the client device they're using to connect to WorkSpaces?

The expectation is that customers can use WorkSpaces for everything. Watching YouTube videos via the browser in the WorkSpaces desktop and remoting it via PCoIP is fine.

Will Amazon offer a WorkSpaces instance with a GPU? (Similar to what's offered in the EC2 g2.xlarge instances?)

They do not offer this currently. If customers demand it then they’ll work to offer it.

Is there any limit to the amount of IOPS that a desktop can use?

AWS does not set any type of limits that the customers would see. They focus on doing the right things under the covers so customers can get the performance they expect. There are no specific limits around IOPS.

Can customers buy additional storage if they want to go above the 50GB/100GB?

No. The AWS team iterates quickly, so if they hear demand for this then certainly they’ll address it.

How does the backup with S3 work? How often is it backed up, and how does that work? (The AWS information publishes says, "frequently." What does that mean?)

This is subject to change, but today it's backed up multiple times per day, but not exposed to customers.

Can customers back up the entire WorkSpaces disk image (rather than just the folders backed up into S3)? Do customers have the option to add additional folders to the automatic S3 backup?

This automatic backup is done at the volume level, and it backs up the contents of the user data volume. Customers and/or users can put whatever they want on that volume and it will be backed up.

Do administrators (or the users directly) have the option to restore individual files? Or to do point-in-time restores?

The purpose of the backup is to protect against a hardware failure on AWS’s part. It’s not something that customers or users can access on their own, but rather it’s there so that customers feel confident knowing that the data in their WorkSpaces desktops is safe in case of a failure.

How large is the user volume versus the system volume for each of the bundles?

The bundle size refers to the size of the user volume. The root volume is separate.

Follow up: Just to clarify, if the 50GB (or 100GB) limit only counts against the user volume, what's the limit of the size in the root volume? If it's unlimited, what's to prevent a customer from filling up the root volume with stuff they don't want to back up? (i.e. Why wouldn't I just install Dropbox and have it replicate my entire 100GB Dropbox into the root volume where it's not counted against my quota?)

The user volume for a WorkSpace is sized per the details of the relevant WorkSpaces Bundle (e.g. 50GB or 100GB). Amazon haven't yet specified the size of the root volume as the service is still in limited preview, but that volume will be sized to support the technical needs of the WorkSpace and is not intended for users to store their data. There will be a size limit, so users won't be able to fill the root volume with data. Customers should store any data they choose to store in their WorkSpace on the user volume (which is backed up to S3).

Will AWS offer a shared (non-persistent) image model?

Today WorkSpaces is a persistent desktop model. They view that as the harder option and the one that is most needed today by customers. They’ll be listening to customer feedback.

Does WorkSpaces run on any existing DaaS platform like Desktone?

No. This is something they’ve built themselves, but they don’t talk about exact implementation details.

Does this technology make use of Teradici's hardware chips, or is it their software implementation?

No. Paul said that they typically don’t provide the details of how they implement various things on the back end, but in this case, he’ll say that they’re not using the Teradici hardware chips.

(We also had a conversation about the fact that customers shouldn’t care. All customers should know is “Hey, I get PCoIP!” and if it performs as expected, who cares how AWS is doing it?)

CLARIFICATION: As pointed out by Randy Groves in the comments, the context of this question is whether Amazon uses Teradici's hardware chips in the datacenter. As I wrote in my original article last week, Amazon WorkSpaces fully supports Teradici chips in hardware-based zero clients for users.

Does Amazon provide guidance for what types of bandwidth customers should plan for? Does Amazon expect that this will work over 3G/4G connections?

No specific guidance from Amazon. Refer to Teradici’s recommendations for PCoIP bandwidth. For 3G/4G, certainly the experience depends on the network, and they’ll take feedback from customers as to whether they’re offering appropriate services and guidance.

Does the iOS client only support iPads? Or can iPhones / iPods also connect? If it's iPad-only, is it expected that iPhone will be an option at some point? (Not an ideal user experience of course, but a nice option for emergencies.)

iPad is the focus right now. Again they’ll look to customer feedback to see if they should expand that to the phone. Meanwhile they’ve focused on how the Windows desktop experience is optimized for touch. (Mouse control, rotating slide outs, etc.)

Is there a limit to the number of displays (and resolutions) that customers can connect? i.e. The max displays are two 1900x1200 or something?

The maximum is four displays per desktop with a maximum resolution of 2560 x 1600 each.

Networking vendors like Cisco, F5, and Riverbed have announced quality-of-service integration with PCoIP. Does Amazon support this if customers have these at their end? Does Amazon have this devices (or virtual versions of them) in the Amazon datacenters to help customers manage their users' experience over various connections? Is this an option that customers can buy? (i.e. can customers build an EC2 instance to do network management and route their WorkSpaces' PCoIP connections through those VMs?

No. Right now they're focused on using network optimized protocols. Again, they’ll look to customer feedback. They’re not using any kind of special integration.

Does Amazon put any restrictions on how many users can use a desktop? e.g. Is a customer allowed to buy a single desktop that would be used by multiple shift workers around the clock?

WorkSpaces is sold on a named user basis.

Will these WorkSpaces VMs be able to directly access other AWS services (like SQL instances, etc.)?

Yes. In addition to them accessing any AWS or internet service, customers can also use Amazon VPC to allow them to get back to their on premises applications.

Can customers choose where their desktops are located?

Customers have a choice of region (US West, US East, etc.), but not availability zone. (See more on regions versus availability zones here.)

What's the SLA for WorkSpaces?

They don’t discuss SLA-type details prior to availability. It’s all driven by customer feedback.

When will the documentation be available? (There are several references on the AWS site to more information being available in the documentation, but so far I can't actually find said documentation.)

The documentation is not yet available, but will be made available when WorkSpaces itself is made more widely available.

When will WorkSpaces be generally available?

In the coming months., but they can’t be more precise than that now. They’ll base it on customer feedback too.

How can customers sign up or get a preview?

Fill out of this form to get added to the list.


Wow! Thanks to Paul and AWS for answering all these questions. I've requested an evaluation account, so I'm looking forward to putting some time in with the product. Overall I'm very excited about it (as I wrote about last week and mentioned on the podcast.) I believe that Amazon selling the baseline workspace bundle for $35 per month is cheaper than anyone can build VDI on their own (for the same features). I'm looking forward to running some performance tests and seeing how it works without a GPU. (And of course, I'll be pestering them to add GPU support which we'll hopefully get soon.

So what do you think about this offering? Is it something you'd use? Why or why not? And how's it stack up against other DaaS providers in the space?

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Excellent- thanks for this


How is GPU support like Nvidia K1/K2 work with windows 2008 which is what Amazon is using. We have xenapp and publish full desktops and were interested in GPU. However we have seen little in the way of marketing or support for 2008. It sees as all the GPU focus has been on been on VDI windows 7. Not much about 2008 desktops like this.


Just a clarification about the question around "Teradici hardware chips". Teradici supplies hardware solutions for both the server and client. As Paul indicated, whether AWS uses the Teradici Hardware Accelerator within the AWS WorkSpaces infrastructure will be transparent to the customer. However, customers are requesting the simplicity, security, and superior performance of Teradici Zero Clients for AWS WorkSpaces and they will be supported.



I do not want to diminish the capabilities of the native PCoIP experience, but for a true workstation replacement AWS will have to improve the end-user experience. There are major end-user experience differences between running pure PCoIP and PCoIP with the Horizon View or Desktone stack.

Therefore your quote " All customers should know is “Hey, I get PCoIP!” and if it performs as expected, who cares how AWS is doing it?)" is not correct.

I wrote a blog post entitled "Amazon vs VMware, how VMware empowers the UX!" where I explain the experience and usability improvements provided by Horizon View and Desktone stacks that are not available on AWS.

Here is the link: myvirtualcloud.net


Disclosure: I work for VMware.


Well, I guess this is all speculative until someone actually tests WorkSpaces.

It's funny how VMware was beating the drum about how awesome PCoIP is for the past 5 years, and now that a competitor has it, they're like, "Meh, PCoIP isn't that great."

Yay for competition though! #win for customers.


very interested in an explanation on how they can let a customer bring their own Office licenses and not be held accountable by MS


Why would Amazon by held accountable to Microsoft if a customer of theirs used Microsoft software in an illegal way? Wouldn't that be between the customer and Microsoft, not Amazon and Microsoft?

In this case isn't Amazon just a service provider, so it's like the same thing as if someone posts something illegal to a forum, that's the poster's problem not the forum owners. (Well, other than that the forum owner can be asked to take it down.)


I agree, it's terrible, as a service provider they shouldn't need to care what MS software someone runs on their system it's between the end-user and MS.

However, MS make the rules here and we know that not everything is logical to our sensibilities where MS licensing is concerned.

The rule is, Amazon own the hardware and don't offer dedicated hardware to customers, they offer virtual instances on multi-tenanted shared tin.

As such, ALL MS Software that runs on that tin needs to either be paid for under SPLA (including an option of something MS call SPLA on SPLA, where a service provider can pay MS the SPLA fees to run it on another providers multi-tenanted hardware) or license mobility, a software assurance right whereby you can transfer certain server systems (i.e. Exchange, SQL, Sharepoint NOT Office or RDS CALs)

point 5 on aws.amazon.com/.../mslicensemobility states that it doesn't include client OS or Office

The thing that annoys me, Amazon don't clarify the fact, Citrix promote it as an option on Amazon without clarifying this fact & MS never seem to charge Amazon for it even though customers are doing it (for more than just RDS, same for DRaaS and other server systems they own but don't have license mobility.

MS simply tell me they have this page but that page isn't good enough for me, we have to follow through and ensure customers aren't doing it or we pay.

Maybe you have more clout to find out the real answers or get your Amazon contact to state that if a customer wants to provide their own Office CALs then they can't unless the customer is a service provider paying for it under SPLA.  

Frustrates me as a service provider playing by the rules but getting stung by this blind eye (in case that wasn't obvious.

Sorry for the rant, it really winds me up

Customers can however run their own licensed copy on compute hardware dedicated to them (ala Rackspace, Colo or other IaaS models)


Does anybody have any idea whether there will be a reseller program Workspaces or will Amazon sell Workspaces to the end customer on its own?


What I really like about those responses is the context of the consumer.  What Amazon have done is built a service which is consumer focused (as you would expect) which is why there is no shared/pooled anything in there.  Only IT want to do that ***.  If you are going do deliver a desktop, they deliver one, not a half baked 'layered' cake type of service.

Their first stab at this, thanks to consumer focus only, is a personal persistent hosted desktop experience, without the need for SA or VDA,  Brilliant, it has only taken VMware and Citrix about 5 years to introduce it as a mainstream product.

Would like to know more about the automation layer though.