WorkSpaces Web has been in limited release for some time, but now it’s becoming available for everyone. Here’s what it allows and who might benefit the most from it.
- Not every employee or contractor needs access to your private company data
- With Amazon WorkSpaces Web, you can enable secure access to internal websites and SaaS apps via web browser, so you stay in control
- Because sensitive company data never even enters remote devices, you mitigate the risk of data theft and protect your internal servers
- Use cases include contractors and occasional employees, software developers, and call center agents
- Administrators retain complete control over which URLs may be visited by users by setting URL allowlist and denylist policies.
Not every worker needs access to your private company data. Once only accessible in limited release, Amazon WorkSpaces Web is now generally available. It enables managed WorkSpaces with secure access to internal websites and software-as-a-service (SaaS) apps via a web browser. It eliminates the need for appliances or specialized client software, and you can protect access to internal content using your enterprise controls.
Amazon WorkSpaces Web supports workers who only need access to internal and SaaS applications. Because it pixel streams web content from Amazon Web Services, sensitive company data never sits on remote devices. This both reduces the risk of data theft and serves as a wall between local devices and internal servers, so malware from devices can’t infiltrate internal servers.
Now that WorkSpaces Web is widely available, is it right for your business? Let’s take a look at what it offers, how it can be most effectively used, and how to get started.
Amazon WorkSpaces Web enhances security
Cyberattacks are becoming ever more common, and cybercriminals are increasingly sophisticated. Using WorkSpaces Web means data never sits on remote devices. Instead, websites are rendered in AWS in an isolated container and then pixel streamed to the authorized user. This is done through an isolated Chrome browser session.
Each session launches a fresh, non-persistent web browser that includes your enterprise browser policy. This fresh browser serves as a barrier against attacks embedded in web content while preventing possibly compromised end-user devices from connecting to internal servers. The browser instance is terminated when a session is complete, which means sensitive corporate web content is completely in your control.
Browser sessions are provisioned on-demand, and AWS manages capacity and scaling. This means you don’t have to specify the instances, size the fleet, predict usage, or create and manage the complex logic of scaling. And WorkSpaces Web eliminates the need to update and manage browser images because Workspaces Web automatically updates to the latest, most up-to-date browser version.
WorkSpaces Web also supports enterprise controls that let you set up your own browser policies regarding extensions, white and blacklist specific URLs, and others. You can also implement end-user settings to allow or disallow things like file transfers and local printing.
Amazon WorkSpaces Web use cases
Amazon WorkSpaces Web is ideal for your users who simply need access to certain websites during their workday, your company intranet, or SaaS web applications. You also can avoid device management by providing browser-based access. WorkSpaces Web is automatically managed, with scaling, capacity, and images all updated and provisioned on-demand by AWS.
One use case is offering a persistent WorkSpaces desktop to software developers who need access to desktop resources. Contact center agents are another good candidate for WorkSpaces Web. These workers only need access to internal knowledge bases, other product and service information, plus some external SaaS websites. Occasional and contract workers are also good candidates.
Getting started with Amazon WorkSpaces Web
To get started with Amazon WorkSpaces Web, you must, of course, have an AWS account. Then:
1. The AWS administrator will create a WorkSpaces Web Portal using the WorkSpaces Web console.
2. The administrator distributes the endpoint URL to users, so they can access their streaming browsers. This can be done either by emailing the URL to users or by adding to an existing SAML 2.0 application gateway.
3. Users then access the endpoint from the browser, log in with SAML credentials, and begin their session with the startup URL they were sent.
Administrators retain complete control over which URLs may be visited by users by setting URL allowlist and denylist policies. This can be done with Chrome Policy or browser traffic can be filtered through your Amazon Virtual Private Cloud (VPC). WorkSpaces Web honors existing enforcement policies and works with SAML 2.0 identity providers.
When you’re creating your portal, you’ll select a VPC in your account then choose at least two private subnets in two different Availability Zones. These subnets must meet these requirements:
- All subnets must be private. Each end-user browser session will be assigned a private IP address that is not internet accessible. Your end-users can still have internet access if you set up internet access in your subnets.
- Private subnets must have a stable connection to Amazon S3, Amazon KMS, and CloudWatch Logs service. You can connect over the internet and/or through a VPC endpoint. If it fits your purposes, you can configure internet access from your private subnet. Your end-users can then browse internet content while your WorkSpaces Web portal has private connectivity to S3, KMS, and CloudWatch. Please note that WorkSpaces Web will not function as intended without these service connections.
- Private subnets must also have a stable connection to any internal content that users will access with WorkSpaces Web, whether located in AWS or on-premises.
Further information on setting up your portal, security, and monitoring can be found in the detailed Administration Guide for accessing Amazon WorkSpaces Web.
WorkSpaces Web offers businesses a simple, secure solution to support workers who only need access to internal and SaaS web applications. Pricing is pay-as-you-go, and you only pay for employees who are actually using the service. There are no licenses, up-front costs, or long-term commitments, making it an ideal solution for businesses who want to streamline administrative tasks and still give employees the information they need while preserving security.
Explore if WorkSpaces is right for you
At CloudHesive, we’ll help you make the most of Amazon WorkSpaces Web. We’re a cloud solutions consulting and managed service provider with years of expertise in all things Amazon Web Services. We have eight AWS Competencies, more than 50 AWS Certifications, membership in nine Partner Programs, and the experience and knowledge to help your business realize all the benefits of AWS cloud.
We’ve helped more than 100 companies reduce their operating costs and increase productivity with our focus on security, reliability, availability, and scalability. With over 30 years of experience, we leverage cloud-based technology to its full potential. Contact the CloudHesive team today.