IGEL Blog
Getting even more out of Amazon WorkSpaces with IGEL and Tehama
In 2019, IGEL — a world leader in software-defined endpoint optimization and control for the secure enterprise — announced an alliance with Tehama to provide Amazon WorkSpaces via Teradici PCoIP® Software Client for Linux. IGEL Technology Evangelist Jeff Kalberg,recently sat down with Jaymes Davis, Tehama’s Head of Customer Success, to talk about the collaboration.
Jeff: Can you start by telling a little about Tehama and what you do?
Jaymes: Sure thing. We provide a Software as a Service (SaaS) solution that gives organizations controlled and monitored virtual workspaces for geographically dispersed teams that need secure access to corporate assets. Our platform has a pretty rich toolkit to support this secure access, including controls, policies, and secure vaults.
Jeff: What inspired Tehama to develop its solution?
Jaymes: The idea came out of our experience in IT contracting. You see a lot of outsourcing in IT — workers literally all over the world accessing corporate assets, often in not very secure ways. With workforce trends going even more in that direction, beyond IT, we realized this is something enterprises urgently need to access the right skills and talent without putting their corporate data and systems at risk.
Jeff: Do you have an Amazon WorkSpaces strategy as part of your approach?
Jaymes: We do. Amazon WorkSpaces provides a secure desktop but requires additional infrastructure management to enable end-to-end datacenter and cloud connectivity. We close the gap by providing the infrastructure that organizations require to provision their desktops. With Tehama, you can get customers connected in less than an hour, and you can implement multiple strategies for Amazon WorkSpaces with tools to improve productivity and collaboration. Thanks to our partnership with IGEL, we can give near-instant access to ‘ready-to-work’ Tehama Secure Rooms for simple, secure collaboration between remote employees while ensuring regulatory compliance.
Jeff: Let’s talk about that for a moment — why did you want to partner with IGEL?
Jaymes: Why wouldn’t we! Seriously, we’re thrilled to be teaming with IGEL, because the combination of our workspace delivery solutions with IGEL’s software-defined endpoints makes ready-to-work secure rooms possible. The IGEL UD Pocket is absolutely key: an end user can walk up to any 64-bit x86 device, plug the UD Pocket into an available USB port, boot from USB using Secure Boot, and get near-instant access to a Tehama Secure Room.
Jeff: How does the Room concept work?
Jaymes: Amazon WorkSpaces provides secure virtual desktops. Our additional AWS infrastructure services and endpoint software let you create a secure perimeter around those desktops. Rooms live insidethat secure perimeter. They encompass a set of cloud-based tools to help customers speed up and simplify the design, deployment and management of secure workspaces in any on-premises or cloud environment. Rooms leverage automation and deliver proactive cost control through on-demand scaling and support a whole range of functions including file encryption, forensic analysis, auditing and collaboration. Because Tehama is SOC 2 Type II certified, our Rooms ensure data is encrypted at rest and in transit. This kind of security would be really tough for organizations to build on their own because it requires multiple disciplines and both human and technology resources. Tehama provides a readymade solution.
Jeff: Do you use Amazon WorkSpaces for existing IT resources or BYOD?
Jaymes: The key thing always is that you want to make sure sensitive data can’t be left on an endpoint. That means anyendpoint: corporate or BYOD. So we cover both. Amazon WorkSpaces allows for additional services to track and enforce the auditing of endpoint devices to ensure only assigned vendors are using them. Again, IGEL is a crucial partner for creating a trusted endpoint on BYOD solutions with the IGEL UD Pocket.
Jeff: How do you handle scalability in Amazon WorkSpaces?
Jaymes: This is one of the ways we make life even easier for enterprises. With Amazon WorkSpaces, you have your virtual desktops, but provisioning is still manual. The desktops themselves must be either pre-allocated or else you pay up front to grow “on-demand”. Tehama allows for true on-demand configuration and automates the allocation of IT resources, so you’re growing or contracting dynamically in line with what the organization needs. This improves business scalability and eliminates wasteful spending.
Jeff: What about controlling Amazon WorkSpaces sprawl?
Jaymes: When properly aligned with business outcomes, virtual desktops on Amazon WorkSpaces can see huge adoption curves. You can get into situations where the cost of desktops starts to exceed budget because demand is so high. WorkSpaces sprawl occurs when you end up with on-demand infrastructure resources that have been left on when they are not being used. Unless you can identify these systems, a process that can take hours, you’re stuck with unexpected expenses. We’ve designed our solution to reduce or even eliminate these costs. By controlling sprawl, and the related costs, we help eliminate the delays associated with designing and preparing proofs of concept, staging, and upgrades. This “velocity improvement” lets the enterprise serve internal and external line-of-business customers more quickly.
Jeff: How do you facilitate compliance for Amazon WorkSpaces deployments?
Jaymes: Tehama facilitates compliance and data sovereignty by letting customers locate workspaces and sensitive data in the Room or Rooms of their choice while managing multiple locations through a single pane of glass. That helps minimize total cost while meeting local, distributed security and compliance needs. Organizations can deploy our Tehama Gateway in required areas and control the corresponding data, applications and desktop images according to local or regional regulations, compliance specifications and data sovereignty rules. Our Rooms reduce the amount of regionally located management infrastructure, duplicate labor and overall complexity. So you get global assurance with local specificity.
Jeff: What’s your process for working with customers?
Jaymes: We start by asking about their business requirements. Why do they want to move desktops to the cloud? Are they looking to retire their existing virtual desktop infrastructure, or are they expanding for a burst? It’s all about what the business needs. I find some customers “guesstimate” when determining user consolidation ratios on servers or compute resources for AWS. Partners like Liquidware have analytics tools to gain insights into end users and existing desktops, and using tools like these before determining the hardware profile of an in-house solution or compute resources for a cloud solution like Amazon WorkSpaces is imperative.
Jeff: How do you prepare users to access their Amazon WorkSpaces?
Jaymes: The great thing about Amazon WorkSpaces is it provides access to the desktop from many different devices, and the client is deployable to multiple platforms. Configuring and connecting are pretty simple, but when you have various desktops, different authentication methods, and planning requirements, confusion can arise. Vendor and remote worker onboarding can take longer, which increases your time to value. With IGEL including the new Teradici client in their flagship operating system, IGEL OS, you have a terrific alternative for connecting to Amazon WorkSpaces. When combined with Tehama, you get a closed end-to-end system that supports a strong security posture that protects against misconfiguration, tampering via key loggers, and browser infection. And because Tehama has seamlessly integrated its WebUI with the Amazon WorkSpaces implementations of SAML and SCIM from vendors like OKTA, Ping, and Azure AD, we deliver a user experience that ensures effortless access through a secure perimeter from any device using two-factor authentication and one-time passwords.
Jeff: You mentioned time to value. How do you accelerate that?
Jaymes:Tehama with Amazon WorkSpaces improves time to value by about 10 times via easy B2B connectivity tools that ensure fast onboarding of remote workers or new workers, partners, and vendors using our WebUI. And then, as I mentioned, we centralize and optimize workflows across the IT lifecycle to simplify desktop and application delivery to Amazon WorkSpaces.
Jeff: That’s a great overview.Thanks for sitting down with me and talking all this through. I can tell you, everyone at IGEL is looking forward to collaborating on more Amazon WorkSpaces projects.
Jaymes: Thanks to you! We’re very excited about what we can accomplish together.
To learn more, check out our IGEL Community webinaror visit en-staging.igel.com.
To learn more about Tehama, download our white paper.