Given Amazon workplaces is built on top of ec2, amazon workplaces is less flexible and more expensive vs ec2. How do they compare in terms of internet security? If Amazon workplaces is more secured, is there a way to DIY enhance ec2 instance so that the security level will get close to amazon workplaces? many thanks.
They both run Windows server, so the OS security is the same.
In WorkSpaces, there are two network connections -- one for the user to connect via the WorkSpaces client, and one connected to a VPC. Therefore, both EC2 and WorkSpaces can use Security Groups, NACLs and VPCs to manage security.
So, no real difference in terms of security unless you require connections to only come from a particular network/VPN connection.
Related
I want to move the windows workspace to AWS. So I create multiple EC2 (Windows) and Remote to it for use. Because number of user is flexible to use EC2 so I used auto-scale behind NLB (Network Load Balance) to control it.
But I want to set up Auto scaling automation and add new EC2 if the current EC2 is full. How can I do that?
It appears that your purpose for running the Amazon EC2 instances is to allow users to connect via Remote Desktop, which uses the RDP protocol.
If so, it is not appropriate to use a Load Balancer. A Load Balancer can only route web traffic. It cannot route RDP traffic. Plus, you do not want to 'load balance' RDP traffic because you will want a particular user to always go back to the same instance, rather than being 'load balanced' between multiple instances.
Amazon EC2 Auto Scaling is not appropriate for your use-case. For example, if multiple instances were in use but there was only one user per instance, Auto Scaling would scale-in by terminating instances. This would kill the session that is currently being used on those instances. This is not a good user experience.
A more appropriate service would be Amazon WorkSpaces:
Amazon WorkSpaces enables you to provision virtual, cloud-based Microsoft Windows, Amazon Linux, or Ubuntu Linux desktops for your users, known as WorkSpaces. WorkSpaces eliminates the need to procure and deploy hardware or install complex software. You can quickly add or remove users as your needs change. Users can access their virtual desktops from multiple devices or web browsers.
Amazon WorkSpaces Pricing offers monthly subscriptions (good for people who require a WorkSpace throughout the month), or hourly pricing (good for occasional users).
I created four EC2 free-tier instances of Windows Server 2019 to be used for a Windows Server lab. Two of those instances will be used as workstations. The other two instances will be a Domain Controller and a second server, possibly used as a File Server.
Since I am new to AWS, but not new to the cloud in general, how do I configure things so all four instances talk to each other? I do not see a need to connect them to my home network, but want to be able to connect remotely and run my lab scenarios that way.
Thanks!
Chris
First, please note that there is no such thing as an "EC2 free-tier instance". The AWS Free Tier is a pricing discount that gives 750 hours per month of free usage of certain Amazon EC2 instances. So, if you are running 4 instances for the entire month, only one quarter of the charges will be covered by the Free Tier. (But you can stop the instances when they aren't being used to reduce your costs.)
Amazon EC2 instances within the same VPC can communicate with each other. However, you will need to configure the Security Groups associated with each instance to permit this communication. The simplest way might be to assign the same Security Group to all instances, and then add an Inbound rule to the Security Group that permits connections from the Security Group itself. This is required because the rules of the Security Group apply to each instance individually, so there needs to a rule that allows inbound communications from the same security group when it is associated with another instance.
You mention that you want to be able to "connect remotely and run my lab scenarios". This will also require you to configure the Security Group to permit the necessary connections from your home IP address, such as ports for RDP and maybe HTTP/S.
Any one knows if two stations created with the same amazon aws workspaces account share the same network ? Are they linked in any way ? Should I use vpn on each one if I want that they stay independent ?
Thanks
If you have created a workspace in the same AWS VPC, they will be deployed in the same virtual network.
https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-vpc.html
If you require that they are to be running on completely segregated networks, creating multiple VPCs would be your best option. Though with the security groups, you should be able to not allow the 2 workspaces to communicate with each other by ensuring that the inbound rules don't allow any connections to said workspace.
A lot of examples for AWS and I'm confident others, use the AWS concept of a VPC in part to give some degree of security. The idea being that it can be set up to only allow traffic from certain ports and even certain IP addresses. What it does however give, is a zone of defined traffic.
What did people do for on premise installations before the cloud? Somewhere someone is probably even doing something still on their own computer network.
An Amazon VPC is a virtualized network.
Traditional physical networks consist of routers, switches and firewalls.
Even physical networks use virtualized networks, providing "VLANS" such as Production, Testing and Development virtual networks all across the same physical network.
An Amazon VPC maps very closely to "real-world" networks, except that they are easier to configure and don't require any cabling. VPC maintains the concepts of public and private subnets, route tables and inter-network connections.
Once capability of an Amazon VPC that does not exist in physical networks is the concept of a Security Group, which is a firewall for each individual resources. Traditional networks use firewall devices to restrict traffic travelling between subnets (similar to VPC NACLs), but Security Groups add firewall function at the resource-level, such as on an Amazon EC2 instance or Amazon RDS database. This adds considerably more security capabilities that available in normal network.
Amazon VPCs can also be deployed via API calls or AWS CloudFormation templates, allowing a whole network to be deployed from a script. This is similar to what can be accomplished with VMware virtual networks.
I am pretty new to AWS.
I have an EC2 instance running a Java web app on Tomcat, and I need to connect it to an Oracle RDS instance. The intances are in the same region.
what are the performance associated with the communication between two instances? Are they the same that I would see if both istances would run in my home LAN?
what about security of RDS instance? If I open port 1521 in the security group (for allowing access to EC2 instance), then the db instance will be exposed to public network?
Do you think that for such situation would be better a VPC?
Thank you
I have not made any specific measurements, but the connection speed between RDS and EC2 should be very good. Just make sure that the machines are set up in the same availability zone.
Regarding security, you can also specify that access to your RDS machine should be open for specific EC2 groups, so normally the port won't be open publically.
P1) Make sure EC2 and RDS are in same AZ
P2) Make sure you use bigger instance types for NW bandwidth between them
P3) Add PIOPS to RDS if your app demands performance