Managing Windows on Amazon WorkSpaces Core — Made Simple with Omnissa
Managing Windows on Amazon WorkSpaces Core — Made Simple with Omnissa
A recent article Speed, scale, and cost reduction: What’s new in Horizon 8 with Amazon WorkSpaces Core highlights some exciting innovations. Horizon now provides the flexibility of supporting both persistent and non-persistent desktop models on Amazon WorkSpaces Core.
Whichever model you choose, Omnissa provides the best option to reduce administrative costs, ensure security and compliance, all while delivering excellent user experience. In this article we’ll show you how to leverage the breadth and power of Omnissa products with the reliability and availability of Amazon WorkSpaces Core infrastructure to build a cutting edge VDI solution.
Challenges with Managing Windows Desktops
The job of a desktop admin is challenging. You are asked to manage an endless array of devices for end users working from home, the office, and on the road. Your business requires devices to be secure, compliant, and quickly recoverable in the case of loss or corruption. Your end users demand a seamless, highly performant experience from every device and location they happen to use.
The monolithic nature of Windows OS presents a variety of challenges. Legacy PCLM tools are often entrenched in your processes making it difficult to maintain OS and application lifecycle as your workloads expand to more devices, to the cloud, and across the globe.
Figure 1: Components of a Windows Desktop
Simplifying Windows Management with Omnissa
For nearly two decades Omnissa has been pushing the boundaries of Windows management for both physical PCs and VDI. We provide best-of-breed products that enable you to decouple the components of a PC and manage them independently. This decoupling provides considerable benefits to you the admin, as well as to your end users. Speed of deployment, reduction of management costs, security, portability, recoverability, freedom of device choice and seamless experience for end users moving between physical and virtual platforms; the list goes on.
Managing Windows in the Cloud with Omnissa and Amazon
In the following sections you’ll see how Omnissa technologies complement Amazon WorkSpaces Core to provide value every step of the way.
Creating your Image and Bundles
When creating an automated pool with Horizon 8 on Amazon WorkSpaces Core, create and upload a BYOL image. You are responsible for creating the image, including OS, patches, applications, configurations, and anything else required by your organization. We often see customers struggle to build and maintain these images using manual processes, scripts, or legacy PCLM tools.
Workspace ONE UEM provides an automated approach to populating your generic Windows VM with the necessary applications, patches, and configurations needed. This process ensures image compliance, eliminates human error, produces an audit trail, and feeds Workspace One Intelligence for later reporting.
Figure 2: Workspace ONE UEM automates provisioning of BYOL image.
Creating Automated Pools
Once the image (a Bundle in AWS terminology) is ready, you can use it to create an automated pool of Amazon WorkSpaces Core instances directly from the Horizon 8 console.
Figure 3: Horizon 8 creates a pool of Amazon WorkSpaces Core instances
Each of the WorkSpaces Core Instances requires ongoing, day two management. In the following sections you’ll see how Omnissa technologies work together to improve lifecycle management.
Windows Operating System
The moment an instance is created from your image it is unique and needs to be managed.
Workspace ONE UEM provides comprehensive management for the lifecycle of the OS. Management includes robust Windows patch management, application lifecycle, security baselines, policy configurations, per-app and per-device VPNs, custom sensors, and so much more. Smart Groups, tagging, custom workflows, and detailed reports ensure your virtual fleet is up to date, and that you can prove it.
Figure 4: Workspace ONE UEM provides comprehensive OS management
Applications
Managing the application lifecycle is one of the more challenging and time-consuming tasks admins are responsible for.
Workspace ONE UEM can automate lifecycle management for any applications that require a traditional installation (MSI, EXE, etc.) such as Antivirus software. Automatic or self-service application distribution is available.
Figure 5: Workspace ONE UEM provides lifecycle for traditionally installed apps
App Volumes recently started supporting persistent VMs, lending significant value to WorkSpaces Core instances. App Volumes provides real-time, on-demand application distribution, simplified upgrade and rollback, and dramatically improves the success rate of application deployments compared to traditional installations. In addition, packages built with App Volumes aren’t actually installed and uninstalled, effectively reducing WinRot.
App Volumes packages run seamlessly alongside UEM-delivered applications, allowing you to choose the best tool for the task at hand.
Figure 6: App Volumes decouples apps and provides real-time distribution
Because App Volumes decouples applications from the OS, these packages can be used in both persistent and non-persistent desktop models without the need to make any changes.
User-Installed Applications
User-installed apps present a unique challenge in that many apps require local administrative privileges to install. Some apps even require administrative privileges to open and run.
Dynamic Environment Manager (DEM) privilege elevation provides a comprehensive set of capabilities for elevating user privilege, supporting a variety of use cases.
DEM supports your privilege management strategy by reducing the need to provide administrative privileges to users, while strategically elevating privileges as needed.
User Persona
Privilege elevation is just one of many capabilities DEM brings to both virtual and physical Windows PCs. You can easily create pre-defined application and Windows settings for your end users, strategically block applications, manage Horizon settings, and much more.
DEM decouples key components of the user profile such as profile settings, application configurations, and Microsoft Office activation info to provide a seamless end user experience across virtual and physical Windows devices.
Figure 7: DEM works in concert with Folder Redirection to abstract and persist the user experience, while adding several admin tools such as privilege elevation
Measuring Success with Digital Employee Experience (DEX) for Horizon
Up to this point we’ve talked a lot about the ways you can improve management while providing excellent user experience. But how will you measure, demonstrate, and report on the user experience?
Workspace ONE Intelligence for Horizon provides out-of-the-box and custom dashboards and reports to help you better understand server performance, resource usage, and consumption.
Workspace ONE Experience Management for Horizon (formerly known as DEEM for Horizon) further extends the Workspace ONE Intelligence platform by measuring and analyzing Horizon performance telemetry, from the Horizon clients to UAG’s, Connection Servers and VM’s, to deliver the Horizon Experience Score, detection of anomalous events and pro-active alerts/notifications to users and administrators.
Conclusion
The Omnissa portfolio provides the industry-leading set of tools to build and maintain your virtual and physical device fleets, using a common set of tools and practices. Through our strong partnership with Amazon, these capabilities are available at massive scale with Amazon WorkSpaces Core.
Your support and feedback have enabled us to continue innovating and building the best virtual desktop and application solutions on the market.
To learn more about Omnissa and Amazon offerings, contact your Omnissa rep today.