Frequently Asked Questions

Deployment & Implementation

What are the best practices for deploying Amazon WorkSpaces?

Best practices for deploying Amazon WorkSpaces include considering the use of PCoIP Zero Clients as endpoints, which are minimal-power devices without an OS, and deciding between maintaining existing desktops or investing in zero clients based on your organization's needs. Security should be prioritized by encrypting data in transit (using HTTPS and PCoIP protocols with AES 128/256 ciphers and Kerberos authentication) and at rest (using AWS KMS with customer master keys). It's important to specify which drives to encrypt at deployment, as this cannot be changed later. For networking, use Amazon VPC and ensure each Directory Service construct has at least two subnets across different availability zones. Plan VPC and subnet design for future growth and segment user groups for access control. Note: Directory Service subnet configuration cannot be modified after creation.
Source: Amazon WorkSpaces Best Practices

How long does it take to implement N2W and what support is available?

Implementations with N2W can be completed in as little as two weeks. Customers benefit from dedicated Customer Success Managers, onboarding calls, and detailed documentation. Deployment options include Amazon Machine Image (AMI) from AWS Marketplace or CloudFormation templates. Resources such as video tutorials, user guides, and a knowledge base are available. A 30-day free trial is offered without requiring a credit card. Note: Implementation time may vary based on environment complexity.
Source: N2WS Support

Security & Compliance

How does N2W address security and compliance requirements?

N2W is independently certified for ISO/IEC 27001:2022 and is SOC compliant by inheritance, leveraging AWS and Azure compliance features. It supports regulatory frameworks such as HIPAA, GDPR, FedRAMP, ITAR, and CJIS. Security features include immutable, air-gapped backups, end-to-end TLS/HTTPS encryption, multi-factor authentication, and air-gapped protection for disaster recovery accounts. Automated compliance and audit-ready reporting are provided to simplify regulatory adherence. Note: Customers should request a copy of the ISO certificate by contacting customer.success@n2ws.com.
Source: N2WS Trust Center

What encryption options are available for Amazon WorkSpaces and N2W backups?

Amazon WorkSpaces encrypts data in transit using HTTPS and PCoIP protocols with AES 128 or 256 ciphers and Kerberos authentication. At rest, you can encrypt one or all logical drives using a customer master key (CMK) from AWS KMS. N2W provides end-to-end encryption for all connections and backup transfers, and supports immutable backups for ransomware protection. Note: In Amazon WorkSpaces, encryption must be specified at deployment and cannot be changed later.
Source: Amazon WorkSpaces Best Practices, N2WS Trust Center

Features & Capabilities

What are the key features of N2W for backup and disaster recovery?

N2W offers automated backup and recovery for AWS, Azure, and hybrid environments, near-instant recovery, immutable backups, cost optimization (up to 92% savings on long-term backup costs), compliance and security tools, multi-cloud management, granular restore (file, folder, volume, or environment), and advanced reporting. It also supports petabyte-scale data management and industry-specific compliance needs. Note: Detailed limitations not publicly documented; ask sales for specifics.
Source: N2WS Product Page

Does N2W offer integrations and API access for automation?

Yes, N2W provides a RESTful API for automating tasks such as user onboarding and backup management. CLI access is available for advanced workflow automation. N2W integrates with third-party monitoring tools like Datadog, Splunk, and Bocada, and supports various data management and reporting tools. API documentation is available for download. Note: Some integrations may require additional configuration.
Source: N2WS Integrations

Use Cases & Benefits

Who can benefit from using N2W?

N2W is designed for cloud directors, IT managers, and managed service providers (MSPs) managing complex, multi-cloud environments. It is suitable for enterprises with petabyte-scale data, public sector entities requiring compliance (e.g., FedRAMP), healthcare and finance organizations with strict regulatory needs, and industries such as retail, education, and nonprofits seeking cost-effective, scalable backup solutions. Note: Organizations with requirements outside AWS/Azure/Wasabi may need alternative solutions.
Source: N2WS Product Page

What business impact can customers expect from using N2W?

Customers can expect up to 92% savings on long-term backup costs and up to 50% on compute costs. N2W provides ransomware protection with immutable backups, near-instant recovery to minimize downtime, automated compliance reporting, and unified management for multi-cloud environments. These benefits support business continuity, operational efficiency, and regulatory adherence. Note: Actual savings and impact depend on environment and usage.
Source: N2WS Product Page

What pain points does N2W address for its customers?

N2W addresses high disaster recovery costs, downtime and data loss, ransomware threats, manual backup processes, compliance challenges, complexity in multi-cloud environments, scalability for large data volumes, and long-term backup costs. Features like custom DR retention policies, incremental archiving, and intelligent storage tiering help reduce costs and operational burden. Note: Some pain points may require additional configuration or integration.
Source: N2WS Disaster Recovery Solutions

Competition & Comparison

How does N2W compare to AWS Backup?

N2W provides immutable, air-gapped backups, cross-cloud recovery (AWS and Azure), granular restore (file/folder-level), custom DR retention policies, and multi-tenancy support—features not available in AWS Backup. N2W also offers near-instant recovery, cost optimization (up to 92% savings), and a RESTful API for automation, whereas AWS Backup requires Lambda scripting. AWS Backup is limited to AWS environments and lacks customizable compliance reporting. Note: AWS Backup may be preferable for organizations seeking basic AWS-only backup with preconfigured templates.
Source: N2WS vs AWS Backup

Customer Proof & Case Studies

What feedback have customers given about N2W's ease of use?

Customers have praised N2W for its simplicity and user-friendly features. Shane H, a verified customer, noted, "It's very simple to use and we are an MSP for multiple companies. Support is great and quick to respond." Julian Ware (City of Oakland) said, "You’re just clicking and going. And, to me, that’s what the modern world of backup is." Jordi P, another verified customer, highlighted the quick setup and cost savings. Note: User experiences may vary based on environment and requirements.
Source: N2WS Customer Feedback

Can you share specific case studies or success stories of N2W customers?

Yes. For example, Skechers standardized backup and recovery across a multi-cloud IT estate, improving data protection and reducing costs. St. John's University eliminated legacy tape storage and achieved rapid recovery from accidental deletions. DB Systel (Deutsche Bahn) automated backup for over 1,500 volumes and 700 servers. The City of Oakland automated backup for critical mapping data. Gett saved 50% on cloud costs using N2W's Resource Control. Note: Results are specific to each organization’s environment.
Source: N2WS Case Studies

Technical Documentation & Resources

What technical documentation is available for N2W?

N2W provides comprehensive user guides, release notes, RESTful API documentation, upgrade guides, and IAM permission files. These resources cover deployment, configuration, management, and integration best practices. Documentation is available online and as downloadable PDFs. Note: Some advanced topics may require direct support from N2W.
Source: N2WS User Guide

Best Practices for Amazon WorkSpaces Deployment

Share post:

In the first article of this two-part series, we explained the architecture and benefits of Amazon WorkSpaces. In this post, we’ll review the best practices for deploying WorkSpaces and to get you started with this managed Desktop-as-a-Service offering.

Consider Zero Clients

AWS WorkSpaces provides the flexibility of using PCoIP Zero Clients as endpoints. Zero clients are dumb devices without any OS and can be an alternative to the traditional desktop. They’re equipped with a monitor, mouse, keyboard, and other peripherals. On the client end, there’s a PCoIP chipset that is used to decompress and decode transmitted data. Also, the power consumption of these zero clients is minimal compared to a physical desktop. A common dilemma organizations face is the decision of whether to continue using the existing endpoints (i.e. local desktop) or to replace them with a zero client. Usually, the price of the thin clients is nearly the same as a desktop’s. This means the decision comes down to your preference: you ’ll pay for the maintenance of the existing desktops running the AWS WorkSpaces clients, or you’d rather invest in a new set of zero clients. It’s a difficult tradeoff that should be based on your unique needs.

Amazon Workspaces Security

AWS WorkSpaces can be secured by encrypting data and using security groups.

Encryption

In Amazon WorkSpaces, data is encrypted in transit at different communication stages, or at rest in the form of encrypted workspaces using cryptography. All the communication in various transit stages happens over the HTTPS and PCoIP protocols using AES 128 or 256 ciphers, along with the use of Kerberos protocol for authentication. Similarly, you can encrypt one or all the logical drives of Amazon WorkSpaces. Pay attention, you must specify whether a particular drive needs to be encrypted or not at the time of deployment —it can’t be changed later on! Volume encryption occurs through a customer master key (CMK). You have the option to choose the default CMK or the custom CMK that’s in your AWS Key Management Service (KMS). You should always encrypt AWS WorkSpaces while they’re being deployed.

WorkSpaces Security Groups

A security group is created by default with the establishment of an AWS Directory Service and is then attached to all workspaces that use the same directory. You can attach the security groups to the primary elastic network interface (ENI), but you can’t control the management ENI through security groups. For Management ENI, you can set up a host-based firewall and keep specific health and accessibility-related ports open. However, you shouldn’t apply restrictions on the management interface.

Selecting the Right Bundle for Your Workload

As per the workload, AWS WorkSpaces gives you the flexibility to choose from multiple bundles. If you’re a power user, you can choose a virtual desktop with 16GB RAM. If you’re a user whose workload isn’t as significant, even 2GB RAM is enough. It’s also important to select a suitable billing cycle for users. If you’re using AWS WorkSpaces as your primary desktop, a monthly plan is ideal. If your WorkSpaces usage is limited to a few days per month, you can opt for an hourly billing plan. With an hourly billing plan, there’s a small, monthly infrastructure cost in addition to the hourly costs.

Networking Considerations

Amazon Virtual Private Cloud (VPC) is a virtual network that is associated with each AWS WorkSpace. For user management, each AWS WorkSpace requires an Amazon Directory Service construct: either an AD connector, a simple AD, or a Microsoft AD. A minimum of two subnets spread across different availability zones are required by each Directory Service construct, which can’t be modified once created. Make sure you define user groups and authentication properly as part of the deployment planning. Doing so will help you segment and restrict user access.

VPC Design

It’s recommended to have a separate VPC for the AWS WorkSpaces deployment, so you can set the guidelines for security and governance by separating traffic. Since WorkSpaces deployments and the Directory Service construct are present in the same VPC subnets, subnets should be carefully designed to accommodate future growth.

Active Directory Design Considerations

There are three scenarios in which directory services can be deployed for Amazon WorkSpaces:

  1. Microsoft AD: directory service for Microsoft Active Directory running on AWS.
  2. Simple AD: AWS-managed directory service that is Microsoft AD-compatible and is running with Samba4.
  3. AD connector: acts as a proxy for authentication requests to your existing Microsoft AD in your data center.

In the first two scenarios, the directory services are in the AWS Cloud and they’re fully managed by AWS. In the third scenario, the directory services are in the customer’s data center, and all requests coming from AWS WorkSpaces are routed to it through the AD connector. Here, the AD connector acts as a proxy and doesn’t store any user credentials.

Summary

With AWS WorkSpaces, organizations gain the benefits of cloud computing for end-user computing. By following the guidelines and best practices for network design, active directory design and security, you can scale your business in a hassle-free and efficient manner.

You might also like