AWS Certified Advanced Networking - Specialty Exam: Answer to Question on AWS Workspaces

AWS Workspace Access Issue for On-Premises Users

Prev Question Next Question

Question

Your AWS Admin team has created an AWS workspace.

Users on the on-premises environment don't seem to have the ability to use the AWS created workspaces.

What could be the primary underlying issue?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B.

The AWS Documentation mentions the following.

To connect to your WorkSpaces, the network that your Amazon WorkSpaces clients are connected to must have certain ports open to the IP address ranges for the various AWS services (grouped in subsets)

These address ranges vary by AWS region.

These same ports must also be open on any firewall running on the client.

Options A, C and D are all invalid since the primary concern will be the ports on the company firewall.

For more information on the AWS workspaces port requirements, please refer to the below URL:

https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html

The most likely underlying issue in this scenario is that the ports on the company firewall are not open.

AWS Workspaces is a fully-managed, secure Desktop-as-a-Service (DaaS) solution that allows users to access Windows or Linux desktops from anywhere, using any supported device. In order for on-premises users to access AWS Workspaces, network connectivity needs to be established between the on-premises environment and the AWS environment.

When users attempt to access AWS Workspaces from the on-premises environment, their requests need to traverse the company firewall. If the necessary ports are not open on the firewall, the requests will be blocked and the users will not be able to access the workspaces.

In order to resolve this issue, the network administrator needs to ensure that the required ports are open on the firewall. The specific ports that need to be open depend on the configuration of the AWS Workspaces, but typically include TCP port 443 (HTTPS) and TCP port 4172 (PCoIP).

Option A is unlikely to be the underlying issue as it is unlikely that all the workspaces have been created incorrectly. Option C is also unlikely to be the issue as NACLs are not typically configured to block incoming traffic by default. Option D is also unlikely to be the issue as security groups on AWS Workspaces typically allow all outbound traffic by default.