AWS WorkSpaces – Building a Customized Image Bundle

A standard procedure in any VDI deployment is to create a customized “gold image”.  A gold image is simply a template machine on which the computing environment (OS, updates, applications, etc.) is customized to meet the needs of an organization, and this image then serves as the foundation from which copies/virtual desktops are built.  There are many specific benefits in regards to using gold images but to boil them down for minimal word count, is that organizations use gold image to ensure a consistent (and hopefully fast) user experience.

A standard procedure in any VDI deployment is to create a customized “gold image”.

This concept of a gold image is certainly valid when using AWS WorkSpaces though the semantics are a little different….aren’t they always.  Taken directly from the AWS WorkSpaces Administration Guide, “a Workspace bundle is a combination of an operating system, and storage, compute, and software resources.”  Hopefully it’ll be clear by the end of this post, but in AWS WorkSpaces you build an image, then you add that image to a bundle which defines the vCPU/RAM, and Root and User Volume sizes of the WorkSpace(s) deployed from the bundle.

Documented Requirements to Create a Windows-Based WorkSpace Bundle

In this post, I’m going to detail the steps that I took to create a “Windows 10” bundle…I say it that way because the Windows 10 WorkSpace is actually Windows Server 2016 with Desktop Experience.  Before you try to create a WorkSpace gold image, keep the following requirements (once again taken from the AWS WorkSpaces Admin Guide) in mind:

  • All apps included in the image must be installed on the C:\ drive or the user profile in D:\Users\username, and MUST be compatible with Microsoft Sysprep.
  • The user profile must exist and its total size (files and data) must be less than 10GB
  • The C:\ drive must have enough available space for the contents of the user profile, plus an additional 2GB
  • All application services running on the WorkSpace must use a local system account instead of domain user credentials
  • The following components are required in an image; otherwise the WorkSpaces you launch from the image will not function correctly:
    • PowerShell
    • Remote Desktop Services
    • AWS PV drivers
    • EC2Config or EC2Launch (Windows Server 2016)
    • EC2Launch 1.2.0 or greater Windows Remote Management (WinRM)
    • Teradici PCoIP agents and drivers
    • STXHD agents and drivers
    • AWS and WorkSpaces certificates
    • Skylight agent

Undocumented Requirements to Create a Windows-Based WorkSpace Bundle

Now let me share with you a couple additional requirements that may no-brainers but I didn’t see them listed anywhere:

  • The WorkSpace you wish to use as your gold image must be powered-on/AVAILABLE but not logged into.  If a WorkSpace is powered off/STOPPED, the Create Image action is grayed out.

1-CreateImage-GrayedOut

  • The WorkSpace you wish to use as your gold image must not have encrypted volumes as creating an image from a WorkSpace with an encrypted volume is not currently supported.

2-NoEncryptedVolumes

Creating a Custom Bundle

When I deployed my first WorkSpace, I ran the “Quick Setup” option, thus AWS automatically created a Simple AD directory in order to authenticate requests to WorkSpaces.  To create my WorkSpace gold image, I deployed a Standard with Windows 10 WorkSpace, with unencrypted volumes, into the Simple AD directory and used it to create my gold image.

  1. Login to the gold image WorkSpace and install the latest OS updates.
  2. Install and update any desired applications onto the gold image WorkSpace.  I installed some basic applications like VMware PowerCLI, AWS CLI, WinSCP, Cisco AnyConnect, and Google Chrome.  Though I did deploy these applications into the gold image, my desire is to use FlexApp to deploy the majority of the applications.
  3. As a best practice, delete any cached data, such as browser history, cookies, and cached files from the WorkSpace.  Also, delete any configuration settings/data, such as email profiles, that should not be included within the WorkSpace bundle.  Again, because I’ll be using FlexApp to deploy applications, the amount of cached and configuration data was minimal.
  4. With updates and applications deployed and cached and configuration data removed, disconnect from the WorkSpace serving as the gold image template.  DO NOT shut the WorkSpace down.
  5. Within the AWS console, click WorkSpaces under the Desktop & App Streaming heading.
  6. On the WorkSpaces page, click WorkSpaces.  Select the gold image WorkSpace and click Actions | Create Image.3-CreateImage
  7. A message is displayed prompting you to restart the WorkSpace before continuing in order to update the WorkSpaces software to the latest version required.  Restart the WorkSpace by clicking Actions | Reboot WorkSpaces.  Wait at least a minute or two before clicking Next on the Create WorkSpace Image box.4-RebootGold
  8. On the Create WorkSpace Image box, enter an Image Name and Description then click Create Image.5-CreateImage
  9. While the image is being created, the WorkSpace will be unavailable and its Status will read Suspended.  On the WorkSpaces page, click Images.  The imaging process is complete when the image Status reads Available.6-ImageCreated
  10. With the image created and available, a bundle must be created before WorkSpaces can be successfully deployed from the gold image.  While still on the Images page, select the image and then click Actions | Create Bundle.7-CreateBundle
  11. On the Create WorkSpace Bundle screen, perform the following and click Create Bundle:• Specify a Bundle Name and Description
    • For the Bundle Type, choose the desired hardware configuration
    • For the Root Volume Size, increase or decrease the value as necessary
    • For the User Volume Size, increase or decrease the value as necessary8-CreateBundle

The WorkSpace bundle should be created pretty quickly and be available when deploying additional WorkSpaces as shown below:

9-BundleCreated

10-BundleAvailable

Conclusion

A standard procedure in any VDI deployment is to create a customized “gold image” to ensure a consistent user experience and when using AWS WorkSpaces, an organization can use WorkSpace bundles as a tool to assist in achieving this goal.

3 thoughts on “AWS WorkSpaces – Building a Customized Image Bundle

  1. I have deployed AMAZON WS with office bundle, is there any possibility to change that bundle to without office?

    1. Hey Sandeep, I think there is a “Yes” and “No” facet to this question. I think from a purely AWS standpoint, they would say “Yes” you can change the bundle in that you can select a given WorkSpace in the WorkSpaces dashboard, select Actions | Modify WorkSpace and change the compute type. You can modify the WorkSpace to be Standard, Value, Performance, Power, PowerPro, etc. However, from the other side of the coin, I’m going to say the most correct answer to your question is “No” in that though I can change the compute type, I don’t have an option to select say Value with/without Office. I’ll see if I can find out if what I’m saying is true or not and update you here.

  2. Hey David. Thanks for this wonderful articles. However, I have few questions on Application deployment using SCCM. What should be my approach to ensure my Custom Windows Image is Integrating with my On-Prem SCCM infrastructure?>

    I have gone through below article and it ask to use Simple AD for creating Custom Images but Simple AD will create an cloud based user so how are we going to install SCCM agent and other basic software on this Image?

    https://docs.aws.amazon.com/workspaces/latest/adminguide/create-custom-bundle.html#custom_image_best_practices

Leave a Reply

Your email address will not be published. Required fields are marked *