Please enable JS

AST - The success of virtual desktops

AST - The success of virtual desktops

AST - The success of virtual desktops

02/06/2020 / Agustín San José /Transformacion digital

This pandemic is changing our lives, that is out of question. Also is that. in contrast to previous decades, now we can rely on technologies that allow us to mitigate in part some of the problems derived from a pandemic, as an example the new models of work.

A lot of companies and institutions have been involved in digital transformation, some to the point to perfectly dissociate the “working place” from the “physical place”, although the majority of them only got it over several functions, whether because of impossibility of deallocating the working desktop, whether due to a incapability of doing it in a secure way, or even due to costs matters.

But at this moment there are two issues that get together along: on one side is the maturity of virtual desktops technologies, and on other the need to keep the businesses up and running.

Let’s be clear, virtual desktops are not new, but it is the way they are acquired, deployed, used and consumed, especially those based on public clouds.

The new generation of virtual desktops don’t need a previous capacity analysis, a previous components acquisition, neither to install an OS if you don’t want to. It’s neither necessary to create and deploy the networks, VPN or additional security configurations on the virtual desktop, not at least as we have been used to. Now, deploying a virtual desktop could be as easy as sending a link that the user runs to connect to the virtual desktop, no matter if he use a mobile device, a tablet, or even their own traditional desktop.

But maybe the most impressive thing is that the deployment can be performed over hundreds of users in a few minutes. Come with me a let’s review a real example.

AST, a real example

AST, Aragonesa de Servicios Telemáticos, is Governmental Entity in Aragón, Spain, a good client of IECISA with a long history of collaboration. Like everyone when the confinament was impossed they analyzed how that would impact the daily life of their employees, what services were critical and shouldn’t stop, and the consequences that a “pause” would have, and all of that taking into account that there was no end in the horizon.

AST contacted our team in IECISA to get assessment on what options existed, what the costs would be, how long it would take to deploy, and the necessary support they would need if they deploy 600 virtual desktops for all identified users that shoud remain active during the confinament. Be advised that a virtual desktop is not teleworking, it is only one of the pieces of teleworking, sometimes the only one, but others it is not. But for AST it was the case, and they also needed to be sure of:

  • desktop securization, splitting personal and working worlds, get access to their own corporate LDAP and their corporative applications
  • desktop escalability, no bottlenecks, no capped performance
  • ease of deployment, when creating and when distribuiting to the users
  • availability, always on, with inmediate response
  • low cost, no acquisition needed, no amorization, in a pay per use model
  • an adequate support, with a team of professionals backing them to resolve any issue
  • escalability of the solution, allowing them to adjust the number of desktops up and down in near real-time

IECISA provides several different virtual desktops solutions relying on different providers and tools. In this case we opted for AWS WorkSpaces solution.

WorkSpaces is an elegant solution, fast to implement and flexible enough to satisfy all AST requirements. WorkSpaces uses a lightweight streaming model capable of carrying the screen output to the user device and gather the inputs from him in a way that all the processing is done out the device the user is handling.

WorkSpaces provisions every virtual desktop in its own virtual machine, something that doesn’t happen in other solutions that allocate several desktops under the same virtual machine, and thus they share the same resources. Although it could be an advantage in some scenarios, in some others it’s not recommended as the desktops got limited by the shared resources.

One of the requirements of the customer was to be able to use their own corporate applications, their own directory service and their own shared filesystems the way they were use to. To properly comply with that our team of architects created a VPC in AWS to allocate all virtual machines that will be used by the virtual desktops and a private connection to the corporate environment through a VPN. This way the virtual desktops were able to access all applications data, access all corporate applications and behave exactly as if they were the real desktops.

To minimize latency and guarantee the maximum speed the VPC was allocated in an AZ (Availability Zone) in the Frankfourt region. In that VPC was included a directory service by AWS that sinchronized with the corporate Active Directories through the VPN, and allowed the virtual desktops to authenticate and validate the users and permissions from the VPC itself. But, at first, only approved users for the pilot were included in this directory service to avoid any possible security issue.

For the first phase only 200 desktops were deployed using some templates agreed with the customer, to check for any issue and new necessities that AST would consider as a completely functional desktop, and serving for the real deployment after. Those templates included the deployment of the corporate browser, Firefox, shared folders links, corporate applications clients like SAP and others, and all other items the users were familiar with.

virtual desktops IECISA


WorkSpaces allows to use owned OS and licenses, but also offers desktops with the OS installed and the license included allowing for instantaneous deployment. In this case AST opted for Windows10 included and the deployment was completed in a few hours.

Last but not least, another remarkable task in this deployment was the creation of a management portal using AWS native monitoring service CloudWatch, and some lambdas (AWS serverless functions) along with a RDS DB and the AWS QuickSight service, all of that to allow IECISA support team to properly manage the whole service and continuousy analyze desktops and environment performances.

So far, we have deployed over 1,200 desktops and more to come, and the customer stated this technology is here to stay, even after the pandemic.

We are really proud of our team work, coordinated by Daniel Dominguez and including all the engineers that crafted this well-architected solution in such a short time, and achieving such level of satisfaction from the customer.

(pdf) Not in the cloud yet? Scalability and Teleworking. Keys to migrating to the Cloud today