The Challenge
A client was rapidly acquiring other businesses and required a solution to easily scale the end user computing part of the business including file servers.
The Architecture and why we chose Amazon
This solution involved moving all workstations to AWS Workspaces. This allows extremely fast deployment of workstations and bringing new staff into the secure environment. Previously they were waiting up to 3 weeks to have a PC build, SOE installed and having it shipped to the correct site. Now we can deploy a new PC and have the user connected in under 30 minutes.
The file server solution relied on AWS EFS back end, with SAMBA file servers in an EC2 Auto Scaling group that were in each AZ where the workspaces were. This allowed auto repair and re-deployment of the file servers if any failed. The file servers would auto register with the company AD servers and update Route 53 as required to have minimal downtime incase of a failure.
The EFS backend allowed spot instances to be used to perform backups. These were replicas to S3 in a versioned bucket on another AWS account. The source account had a “Write Only” policy so that any archives and backups couldn’t be read by any service without access to the archive account. With some simple scripting, we could then also restore folders and files to almost any point in time if a user accidently removed some required data.
The Benefits and the Future
By Moving to workspaces and a shared file server on EFS, we totally removed the problem of “The files server is full” or other issues that plague most businesses. With the EFS IA migration of EFS, we could also reduce cost drastically as most files are “old” and not frequently accessed.
The migration also allowed teams such as the marketing team, to merge at a more rapid pace into the business to share assets and work allowing the new acquisitions to be far more efficient more quickly.
Compliance and security are also simpler as with Workspaces, all data saved to workspaces stays inside the AWS VPC so that if a staff member loses a device, or a device in a branch is stolen, no data is compromised.