Launch a WorkSpace using Amazon Managed Microsoft AD
WorkSpaces enables you to provision virtual, cloud-based Windows and Linux desktops for your users, known as WorkSpaces.
WorkSpaces uses directories to store and manage information for your WorkSpaces and users. For your directory, you can choose from Simple AD, AD Connector, or Amazon Directory Service for Microsoft Active Directory, also known as Amazon Managed Microsoft AD. In addition, you can establish a trust relationship between your Amazon Managed Microsoft AD directory and your on-premises domain.
In this tutorial, we launch a WorkSpace that uses Amazon Managed Microsoft AD. For tutorials that use the other options, see Launch a virtual desktop using WorkSpaces.
Tasks
Before you begin
-
WorkSpaces is not available in every Region. Verify the supported Regions and select a Region for your WorkSpaces. For more information about the supported Regions, see WorkSpaces Pricing by Amazon Region
. -
When you launch a WorkSpace, you must select a WorkSpace bundle. A bundle is a combination of an operating system, and storage, compute, and software resources. For more information, see Amazon WorkSpaces Bundles
. -
When you create a directory using Amazon Directory Service or launch a WorkSpace, you must create or select a virtual private cloud configured with a public subnet and two private subnets. For more information, see Configure a VPC for WorkSpaces.
Step 1: Create an Amazon Managed Microsoft AD Directory
First, create an Amazon Managed Microsoft AD directory. Amazon Directory Service creates two directory servers, one in each of the private subnets of your VPC. Note that there are no users in the directory initially. You will add a user in the next step when you launch the WorkSpace.
Note
-
Shared directories are not currently supported for use with Amazon WorkSpaces.
-
If your Amazon Managed Microsoft AD directory has been configured for multi-Region replication, only the directory in the primary Region can be registered for use with Amazon WorkSpaces. Attempts to register the directory in a replicated Region for use with Amazon WorkSpaces will fail. Multi-Region replication with Amazon Managed Microsoft AD isn't supported for use with Amazon WorkSpaces within replicated Regions.
To create an Amazon Managed Microsoft AD directory
-
Open the WorkSpaces console at https://console.amazonaws.cn/workspaces/
. -
In the navigation pane, choose Directories.
-
Choose Set up Directory, Create Microsoft AD.
-
Configure the directory as follows:
-
For Organization name, enter a unique organization name for your directory (for example, my-demo-directory). This name must be at least four characters in length, consist of only alphanumeric characters and hyphens (-), and begin or end with a character other than a hyphen.
-
For Directory DNS, enter the fully-qualified name for the directory (for example, workspaces.demo.com).
Important
If you need to update your DNS server after launching your WorkSpaces, follow the procedure in Update DNS servers for Amazon WorkSpaces to ensure that your WorkSpaces get properly updated.
-
For NetBIOS name, enter a short name for the directory (for example, workspaces).
-
For Admin password and Confirm password, enter a password for the directory administrator account. For more information about the password requirements, see Create Your Amazon Managed Microsoft AD Directory in the Amazon Directory Service Administration Guide.
-
(Optional) For Description, enter a description for the directory.
-
For VPC, select the VPC that you created.
-
For Subnets, select the two private subnets (with the CIDR blocks
10.0.1.0/24
and10.0.2.0/24
). -
Choose Next Step.
-
-
Choose Create Microsoft AD.
-
Choose Done. The initial status of the directory is
Creating
. When directory creation is complete, the status isActive
.
Step 2: Create a WorkSpace
Now that you have created an Amazon Managed Microsoft AD directory, you are ready to create a WorkSpace.
To create a WorkSpace
-
Open the WorkSpaces console at https://console.amazonaws.cn/workspaces/
. -
In the navigation pane, choose WorkSpaces.
-
Choose Launch WorkSpaces.
-
On the Select a Directory page, choose the directory that you created, and then choose Next Step. WorkSpaces registers your directory.
-
On the Identify Users page, add a new user to your directory as follows:
-
Complete Username, First Name, Last Name, and Email. Use an email address that you have access to.
-
Choose Create Users.
-
Choose Next Step.
-
-
On the Select Bundle page, select a bundle and then choose Next Step.
Note
Review the recommended uses and specifications of each bundle to help ensure you select the bundle that works best for your users. For more information about each use case, see Amazon WorkSpaces Bundles
. For more information about bundle specifications, recommended uses, and pricing, see Amazon WorkSpaces pricing . -
On the WorkSpaces Configuration page, choose a running mode and then choose Next Step.
-
On the Review & Launch WorkSpaces page, choose Launch WorkSpaces. The initial status of the WorkSpace is
PENDING
. When the launch is complete, the status isAVAILABLE
and an invitation is sent to the email address that you specified for the user.Note
Invitation emails aren't sent if the user already exists in Active Directory. Instead, make sure you manually send the user an invitation email. For more information, see Send an invitation email.
-
(Optional) If Amazon WorkDocs is supported in the Region, you can enable Amazon WorkDocs for all users in the directory. For more information, see Enable Amazon WorkDocs for Amazon Managed Microsoft AD. For more information about Amazon WorkDocs, see Amazon WorkDocs Drive in the Amazon WorkDocs Administration Guide.
Step 3: Connect to the WorkSpace
After you receive the invitation email, you can connect to your WorkSpace using the client of your choice. After you sign in, the client displays the WorkSpace desktop.
To connect to the WorkSpace
-
Open the link in the invitation email. When prompted, specify a password and activate the user. Remember this password as you will need it to sign in to your WorkSpace.
Note
Passwords are case-sensitive and must be between 8 and 64 characters in length, inclusive. Passwords must contain at least one character from each of the following categories: lowercase letters (a-z), uppercase letters (A-Z), numbers (0-9), and ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/.
-
Review WorkSpaces Clients in the Amazon WorkSpaces User Guide for more information about the requirements for each client, and then do one of the following:
-
When prompted, download one of the client applications or launch Web Access.
-
If you aren't prompted and you haven't installed a client application already, open https://clients.amazonworkspaces.awsapps.cn/
and download one of the client applications or launch Web Access.
Note
You cannot use a web browser (Web Access) to connect to Amazon Linux WorkSpaces.
-
-
Start the client, enter the registration code from the invitation email, and choose Register.
-
When prompted to sign in, enter the user's sign-in credentials, and then choose Sign In.
-
(Optional) When prompted to save your credentials, choose Yes.
Next steps
You can continue to customize the WorkSpace that you just created. For example, you can install software and then create a custom bundle from your WorkSpace. You can also perform various administrative tasks for your WorkSpaces and your WorkSpaces directory. If you are finished with your WorkSpace, you can delete it. For more information, see the following documentation.
For more information about using the WorkSpaces client applications, such as setting up multiple monitors or using peripheral devices, see WorkSpaces Clients and Peripheral Device Support in the Amazon WorkSpaces User Guide.