In this blog post, I am going to walk you through limitations Amazon WorkSpaces and Amazon AppStream 2.0 have compared to Citrix Virtual Apps and Desktops. Maybe these limitations will not be a problem for your use case, but it worth having a look at them.

We are watching two different philosophies; on one side we have a comprehensive Cloud provider, delivering its vision of virtual applications and desktops delivery, while on the other side; a software vendor delivering its fully developed solution that rely on third party Cloud providers or your on-premises infrastructure to run.

Now that the scene is set, make sure you have a cup of coffee next to you.

For the sake of legibility let's call them :

Amazon WorkSpaces ➡️ AWS WS
Amazon AppStream 2.0 ➡️ AWS AS
Amazon WorkSpaces protocol ➡️ WSP

Those little things of Amazon's solutions compared to Citrix you might want to know:

  • AWS WS/AS : Different clients for Amazon WorkSpaces/AppStream
  • AWS WS/AS : No native monitoring console to track issues (failed user connection, time to start connection, session duration, logon duration, latency between the connected user and its running instance, etc.). No native Director-like monitoring tool, AWS CloudWatch is not specialized enough for DaaS needs. No native tool to shadow a session for remote support
  • AWS WS/AS : No autonomy for troubleshooting. Any issue must be raised to AWS support
  • AWS WS/AS : No native tool to enforce granular policies (clipboard redirection, drive mapping, printing, user profile managment, etc.)
  • AWS WS/AS : Cannot deploy/use any version of Microsoft Office outside of the one coming in the AMI and purchased with AWS (Microsoft Office 2016). To be confirmed by your Microsoft TAM, but there might be a possibility to install/use Microsoft Office 2019 under certain conditions and depending when you bought your licenses, further information here. This is not a technical limitation from AWS but from Microsoft Licensing
  • AWS WS : Coming with Windows server 2016 AMI with Desktop Experience. AWS does not provide a Windows 10 AMI. However, you have the possibility to Bring Your Own License (BYOL) and upload your Windows 10 image (single-session only). For BYOL, the minimum is 200 WorkSpaces per Region (requirement to run the AWS WS on dedicated hardware). Again, this is due to Microsoft Licensing, and you will find further information here. Better call your lawyer Microsoft TAM
  • AWS WS : Non consistent experience on VM boot/availability time (in my experience sometimes taking up several minutes to be available) ➡️ Tip: Set the instance as Always-On.
  • AWS WS : Cannot easily assign more than one Desktop to a single user account. You can create different user accounts for your user or have WorkSpaces in different directories, therefore they will have different registration codes.
  • AWS WS : Two different streaming protocols for Amazon WorkSpaces, PCoIP and WSP protocols
  • AWS AS : Another protocol for AppStream, Nice DCV. That is an important point as these protocols have their own limitations. Let's discuss this point later in this post
  • AWS WS : Microsoft Intune doesn't manage AWS WS VMs (on Server OS). Amazon WAM (WorkSpaces Application Manager) standard can deploy apps for an additional cost of 5$ per user per month
  • AWS WS/AS : Specific ports to be opened. Amazon WorkSpaces: PCoIP (TCP/UDP 4172) ; WSP protocol (TCP/UDP 4195). Amazon AppStream: Nice DCV (TCP 8300)
  • AWS WS : Amazon WorkSpaces default scheduled maintenance on Sundays 00:00-04:00. ➡️ Tip: Can be modified
  • AWS WS : Amazon WorkSpaces is not multi-user, even if using Windows server 2016
  • AWS AS : Amazon AppStream is not multi-user either. So be sure about your budget as running this solution for 1000+ users can skyrocket your costs. 1000 concurrent users will run 1000 instances!

Protocols limitations for Amazon WorkSpaces :

  • PCoIP protocol is available on the client of all end-users platforms (Windows, Mac OS, Linux, iPad, Android, Fire Tablet, HTML5)
  • WSP is only available on the Windows and Mac OS client.
  • To switch streaming protocol on an Amazon WorkSpace, the WorkSpaces migrate tool requires to rebuild it as long as the WorkSpaces bundle supports WSP.
  • Currently no GPU-enabled bundle offers for WSP
  • No Microsoft Teams audio/video optimization
  • Limited peripherals support (USB Flash and external drive mapping not supported)
  • Could not find any figures for the WSP bandwidth consumption, but here's what AWS says : "The client device must have a broadband internet connection". Therefore WSP might not be designed for clients with bandwidth constraints
Amazon WorkSpaces protocols comparison with HDX

Protocol limitations for Amazon AppStream (Nice DCV) :

  • Windows client only
  • HTML5 for the capable browsers (therefore no printing)
  • Relies on H.264 encoding. Text quality is not great

Amazon WorkSpaces and AppStream are decent products but they lack the aptitudes of unified management tools like the Citrix Studio administration console and its powerfull yet simple orchestration for image provisioning that are MCS/PVS; and the simplicity of managing granular settings in policies in the same place. Without mentioning the lack of a monitoring and support tool that is the Citrix Director, specialized in remote user sessions.

Regarding the AppStream single-user architecture, I can only think about one advantage there: avoiding the "Noisy-Neighbor" problem but at what cost?

Also, obviously Amazon WorkSpaces and AppStream are cloud-AWS-only solutions. No on-prem workload, no Remote-PC possible. But if you're already on AWS, is it really a problem?