The scale of the AWS cloud is awesome. However, for most workloads, you are focused on deploying in 2-3 regions of the AWS cloud. But think of the VDI workload like you think of PCs. They need to be deployed where your users are in order to take advantage of low latency connectivity. This means for a typical VDI deployment on AWS you should plan on deploying to many regions, and if you are a large distributed organization, even tens of regions. Most VDI solutions do not handle this well.
But with Workspot DaaS on Amazon WorkSpaces Core, this is simple. And it’s all about architecture! Here is a table that summarizes the outcomes, benefits, and the underlying architecture that enables them. For this blog, we will focus on Control-Data Plane Separation.
Control-Data Plane Separation
What is control-data plane separation? This article describes control and data planes in the context of AWS.
Data Plane: In the context of VDI, the data plane originates from the device that the end is user is connecting from to the network that the traffic flows over, through the gateways that the traffic enters the corporate network, and the virtual desktop or app to which the user connects. There can be millions of data planes – each user connecting to their virtual desktop and application is an independent data plane.
Control Plane: In the context of VDI, the control plane is where you specify users, entitlements, security policies, etc. The control plane is responsible for provisioning, de-provisioning, pausing, resuming, starting, stopping resources.
In legacy VDI solutions that are deployed on-premises, there is no separation of data and control planes. But just using the same architecture in the cloud creates challenges, because you will have to replicate that architecture across regions, clouds, etc.
However, if the data plane is kept independent of the control plane, it creates a lot of flexibility. The data plane can span on-premises, multiple regions, multiple clouds. The data plane can inherit the security and networking characteristics of the company, including management tools, IDP, security, etc.
The control and data planes for Workspot DaaS on Amazon WorkSpaces Core are separate. This enables no-compromises simplicity as a customer can deploy across multiple regions of AWS, and potentially on-premises or other clouds from a single console.
