How to Manage Updates at Scale in Amazon WorkSpaces

BY:

There are automatic maintenance windows for AlwaysOn and AutoStop users, as well as a hands-on method

Key Takeaways:

  • WorkSpaces offers secure, reliable, and scalable access to persistent desktops, and requires maintenance to both avoid and address any security and performance issues
  • Automatic maintenance windows exist for both AlwaysOn and AutoStop users
  • For those who want more control over when maintenance and updates are installed, they can be done manually
  • AlwaysOn maintenance happens on Sundays between 00h00 and 04h00 in the time zone of the AWS Region for the WorkSpace
  • AutoStop maintenance is the third Monday of each month from 00h00 to 05h00 in the time zone of the AWS Region for the WorkSpace
  • Time zone redirection can be enabled or disabled: if you connect from another region and you have enabled time zone redirection, the time zone of the WorkSpace is then updated to the time zone of the region you connected from

Remote workforces globally are empowered with application and desktop access through Amazon WorkSpaces. While WorkSpaces offer secure, reliable, and scalable access to persistent desktops, they also require maintenance and updates to both avoid and address any security and performance issues. 

There are different running modes for WorkSpaces: AlwaysOn, for users who use their WorkSpace full-time as a primary desktop, and AutoStop, which means your WorkSpaces stop after they have been disconnected for a pre-specified period of time. 

WorkSpaces should be maintained on a regular basis, and default maintenance windows are scheduled so this can easily happen at scale. Updates from Amazon WorkSpaces are installed as well as operating system updates if available on the OS update server the WorkSpace is configured to use. It’s important to keep in mind that rebooting may take place after updates and that during maintenance, your WorkSpaces might not be available. You also can manually maintain your WorkSpaces if that is what you prefer. This blog will cover maintenance windows for AlwaysOn Workspaces and AutoStop WorkSpaces, as well as how to do manual maintenance.

AlwaysOn WorkSpaces maintenance windows

The maintenance window for AlwaysOn WorkSpaces is determined by the operating system settings. 

  • The default is every Sunday morning from 00h00 to 04h00.
  • The time zone of an AlwaysOn Workspace is by default the time zone of the AWS Region for the  WorkSpace. Please note that if you connect from another region and you have enabled time zone redirection, the time zone of the WorkSpace is then updated to the time zone of the region you connected from. 
  • Time zone redirection can be disabled for Windows WorkSpaces using Group Policy and for Linux Workspaces by using the PCoIP Agent conf file.
  • You can configure the maintenance window for Windows WorkSpaces by configuring your Group Policy Settings for Automatic Updates. (You are unable to configure the maintenance window for Linux WorkSpaces.) 

AutoStop WorkSpaces maintenance windows

Once a month, AutoStop WorkSpaces are started automatically so that important updates can be installed. Beginning on the third Monday of the month for up to two weeks, the maintenance window is open from about 00h00 to 05h00 in the time zone of the AWS Region for the WorkSpace. Maintenance can be done on any one day in the window. The WorkSpace is set to MAINTENANCE when it is undergoing the process.

You cannot modify the time zone used for AutoStop WorkSpaces maintenance, but you can disable the maintenance window. By disabling maintenance mode, your WorkSpaces are not rebooted and do not enter the MAINTENANCE state. Follow the instructions below to disable maintenance mode. 

1. Open your WorkSpaces console: https://console.aws.amazon.com/workspaces/.
2. Select Directories in the navigation pane.
3. Choose your directory and then select Actions, Update Details.
4. Select Maintenance Mode and expand.
5. Enable automatic updates by choosing Enabled. If manual updates are your preference, choose Disabled.
6. Choose Update and Exit

Performing manual WorkSpaces maintenance

It is recommended that you perform maintenance tasks that you change the state of the WorkSpace to ADMIN_MAINTENANCE. When maintenance is complete, you’ll then change the state of the workspace to AVAILABLE.

ADMIN_MAINTENANCE mode enables the following behaviors:

  • The WorkSpace will not respond to requests to reboot, stop, start, or rebuild.
  • Users are unable to log into the WorkSpace.
  • An AutoStop Workspace is not hibernated.

You can change the state of the WorkSpace by using the console or the AWS Command Line Interface (CLI).

Change the state of the WorkSpace by using the console

Please note: Changing the state of a WorkSpace requires that it has a status of AVAILABLE. Also note that the Modify Status setting is unavailable when a WorkSpace has a status of STOPPED

1. Open the WorkSpaces console at https://console.aws.amazon.com/workspaces/
2. Choose WorkSpaces in the navigation pane.
3. Select your WorkSpace, then choose Actions, Modify WorkSpace.
4. Choose Modify State. For Intended State, select ADMIN_MAINTENANCE or AVAILABLE.
5. Select Modify.

Change the state of the WorkSpace using the AWS CLI

Use the modify-workspace-state command.

Amazon WorkSpaces makes all the details of administrating a fleet of desktops easier to deal with, and maintaining WorkSpaces is easy, too, with automatic scheduling windows for both AlwaysOn and AutoStop users. Those who want more control over when it occurs have options, too, by turning off and on time zone redirection or performing manual maintenance.            

Have Questions About WorkSpaces Maintenance? We Have Answers

We’re a cloud solutions consulting and managed service provider with expertise in all things Amazon Web Services. CloudHesive can even help you build, implement, and manage your end-user computing strategy with our robust Amazon Managed Services. We have eight AWS Competencies, more than 50 AWS Certifications, membership in nine Partner Programs, and the experience and knowledge to help your business realize all of the benefits of AWS cloud.

We’ve helped more than 100 companies reduce their operating costs and increase productivity with our focus on security, reliability, availability, and scalability. With over 30 years of experience, we leverage cloud-based technology to its full potential. Contact the CloudHesive team today.

Related Blogs

  • From CapEx to OpEx: The Financial Benefits of Using Cloud-Managed Services

    Manage costs using cloud managed services Cloud-managed services or operating a business using a cloud system offer technical and financial benefits. SaaS companies utilizing the cloud often choose...

    Learn More
  • Ensuring HIPAA compliance with Amazon Connect: A Guide for Healthcare SaaS Providers

    Healthcare IT – HIPAA Compliance Best Practices in Amazon Connect Healthcare application providers are responsible for ensuring systems protect patient data to comply with HIPAA regulations. HIPAA...

    Learn More
  • Ensuring Robust Security in Amazon Cloud Environments

    Amazon has the tools and CloudHesive has the expertise to keep your SaaS data safe.   Rock-solid security is crucial in all cloud environments, especially for SaaS platforms, which handle...

    Learn More
Back To Blogs