Implementing Desktop as a Service (Secure Browser and Amazon WorkSpaces)
Introduction
In today's increasingly remote and digital-first world, secure and efficient access to desktops is critical for business continuity and productivity. At Halodoc, a leading healthcare platform in Indonesia, managing desktop setups across multiple branch offices required a solution to enhance security and optimize productivity. By implementing Desktop as a Service (DaaS) using AWS tools, including Secure Browser and Amazon WorkSpaces, we have centralized desktop management, strengthened security, and enabled our team to securely access their work from anywhere, ensuring seamless operations. In this blog, we will explore how DaaS with Secure Browser and Amazon WorkSpaces has streamlined our processes and boosted security.
What is Secure Browser and Amazon WorkSpaces?
Secure Browser
A Secure Browser is a specialized browser designed to prevent sensitive data from being stored on local devices. It isolates web browsing activities from the device’s operating system, ensuring no sensitive information is left behind if the device is lost or compromised. This solution is particularly useful when accessing web-based applications, offering peace of mind that no data remains on the local device.
Amazon WorkSpaces
Amazon WorkSpaces is a managed Desktop as a Service (DaaS) solution that provides secure, cloud-based virtual desktops. These virtual desktops allow users to access their work from virtually any device be it a laptop, tablet, or mobile phone while keeping all data and applications in the secure AWS cloud environment. By using Amazon WorkSpaces, we can centralize desktop management, making it easier to deploy, scale, and secure virtual desktops across the organization.
How does Secure Browser and Amazon WorkSpaces work?
A Secure Browser uses virtualization to isolate browsing from the device’s main system, ensuring no local storage of sensitive information. Amazon WorkSpaces extends this protection by providing secure, cloud-based virtual desktops, allowing users to work safely from anywhere with centralized data management. Here’s a closer look at its technical workings :
- Data Redirection and Isolation: All browsing data, cookies, and cache are stored in a secure container on the server side, ensuring no local footprint on the device.
- Remote Rendering: Secure Browsers often use remote rendering, where web content is processed on a remote server and the visual output is streamed to the user’s device, reducing exposure to threats.
- Desktop Virtualization: Amazon WorkSpaces leverages AWS’s cloud infrastructure to create and manage virtual desktops that users can access from various devices.
- Active Directory: Organizations can configure Amazon WorkSpaces Personal with existing Active Directory, enabling centralized user management and simplifying user authentication and access controls.
Advantages and Challenges of Secure Browser and Amazon WorkSpaces
Implementation of Desktop as a Service (DaaS) with Secure Browser and Amazon WorkSpaces brings several its own set of advantages and challenges:
Advantages:
- Enhanced Security: Secure Browsers isolate sensitive browsing activities, ensuring that data is not stored locally, which significantly reduces the risk of data breaches.
- Flexible Access: Amazon WorkSpaces provides users with secure, persistent virtual desktops that can be accessed from any device, promoting remote work and collaboration.
- Centralized Management: Both solutions offer centralized control, making it easier for organizations to manage user access and security policies efficiently.
- Cost Efficiency: Since AWS tools runs applications on remote instances, users only need a system with minimal requirements to run a browser, reducing costs on the systems we provide. Additionally, because Secure Browser operates within a browser and restricts download and upload functionality, there is no need for any security agents on the user's physical computer, resulting in additional cost savings on security agents.
Challenges:
- Dependency on Internet Connectivity: Both Secure Browsers and Amazon WorkSpaces rely heavily on stable internet connections for optimal performance, while sufficient bandwidth is also important, especially for maintaining screen resolution and overall accessibility in areas with limited or unreliable connectivity.
- Implementation Complexity: Integrating these solutions with existing IT infrastructure may require significant planning and resources, posing challenges for organizations with limited IT capabilities.
- User Training: Employees may need training to adapt to new workflows and security protocols, which can initially slow down productivity during the transition period.
Implementation Steps: Setting Up Secure Browser and Amazon WorkSpaces
The steps undertaken the Secure Browser and Amazon WorkSpaces implementation includes:
- Setting Up Amazon WorkSpaces Secure Browser
Amazon Workspace Secure Browser is a managed solution that allows users to access the web securely. Brief overview of the steps involved in setting it up:
1) Sign in to AWS Management Console: Begin by logging into our account and navigating to the Amazon WorkSpaces service.
2) Enable Amazon WorkSpaces Secure Browser: From the WorkSpaces dashboard, select the “Secure Browser” option and click “Enable.” This step ensures that the feature is available for our WorkSpaces users.
3) Create new portal: Create a new portal by specifying networking connections, such as VPC and subnets. Configure portal settings, including the instance type, maximum portal capacity, allowed URLs, and blocked URLs. Next, select user settings, such as clipboard permissions, file transfer permissions, print permissions (allow or deny), and user disconnect timeout (in minutes). Finally, configure the identity provider, such as SSO or IAM Identity Center.
4) Once the portal status is activated: We can use the secure browser by logging in with the specified SSO.
- Setting Up Amazon WorkSpaces Secure Browser
1) Create a Directory: Before setting up WorkSpaces, we need to create a directory where our users will be managed.
- Choose Directories in the left-hand navigation pane.
- Click on Create Directory.
- Select Simple AD (for personal use, we may not need a complex Active Directory setup).
- Follow the prompts to configure the directory (name, password, etc.)
2) Create a WorkSpaces
- Once the directory is set up, navigate to the WorkSpaces dashboard.
- Click on Launch WorkSpaces.
- Choose the directory we just created.
- Select Personal Use as the WorkSpaces type.
3) Configure the WorkSpaces
- Select the Bundle: Choose the hardware configuration (e.g., Standard, Performance, Power) based on our needs.
- Choose Users: Select an existing user or create a new one. For Personal WorkSpaces, we can create a single user.
- Set a Username and Password: Make sure to provide the necessary credentials.
4) Customize WorkSpace Options
- Storage Size: Adjust the storage allocation for your WorkSpaces if needed.
- Running Mode: Choose whether the WorkSpaces should be always running or on-demand.
- Encryption: Decide whether you want to enable encryption for our data.
5) Review and Launch: Review the configuration and click Launch to create the WorkSpaces.
- Configuring Secure Browser and Amazon WorkSpaces in Endpoint
This post explains how to set up Secure Browser and Amazon WorkSpaces on devices for secure remote access.
1) Secure Browser
- Users can access it by opening Google Chrome and navigating to the provided link for the Secure Browser (Example: https://abc12-def34-ghi56.workspaces-web.com). Once the link is opened, users will be prompted to log in with their Secure Browser account. The browser’s interface will then display within a secure, isolated container, ensuring that all interactions with websites are processed remotely.
- After login with credentials, the display will appear as shown below:
2) Amazon WorkSpaces
- Install Amazon WorkSpaces Client: The WorkSpaces client must be installed on the user’s endpoint device. Once the application is opened, the user will be prompted to input the registration code.
- Access the Amazon WorkSpaces: Users can log into Amazon WorkSpaces by launching the WorkSpaces client and entering their credentials. This gives them access to their secure virtual desktop, which is fully managed and stored on AWS’s cloud infrastructure.
- After login with credentials, the display will appear as shown below:
Error Handling
Error handling in Secure Browser and Amazon WorkSpaces focuses on detecting, addressing, and troubleshooting issues related to connectivity, configuration, and session stability. Here are some key areas:
- Error Detection and Logging: Both Secure Browser and Amazon WorkSpaces provide logs for connectivity issues, user authentication errors, and system configurations. Configuring detailed logging for these services allows administrators to quickly identify the source of errors, such as connectivity drops or access denials.
- Session and Connection Resilience: Implement automatic reconnection for Secure Browser sessions to mitigate disconnection errors. For Amazon WorkSpaces, configure session timeouts and automatic reconnection policies to handle temporary network outages.
- User Notification and Support: Set up real-time notifications for users if there is a service outage or connectivity issue. These notifications help users know when to retry login or when IT support is working on a resolution.
- Remote Troubleshooting: Enable remote diagnostics for IT administrators to troubleshoot errors directly on user endpoints or cloud-based sessions. Using Amazon WorkSpaces Management Console, administrators can directly monitor and reset sessions to resolve issues efficiently.
By implementing these error handling strategies and best practices, we can enhance the stability and security of Secure Browser and Amazon WorkSpaces environments, ensuring smoother operation and effective resolution of issues.
Conclusion
With Secure Browser and Amazon WorkSpaces, organizations can ensure data stays secure even if devices are lost or damaged. By keeping sensitive information off local devices, these tools protect against data loss while improving productivity and access flexibility.
Beyond security, these solutions simplify IT management with centralized control for applications and policies. They also offer scalability, allowing organizations to adapt quickly to growth or changing demands.
While effective, Secure Browser and Amazon WorkSpaces are just one part of a comprehensive data protection strategy. Combining these tools with other approaches ensures stronger security, operational efficiency, and long-term flexibility.
About Halodoc
Halodoc is the number 1 Healthcare application in Indonesia. Our mission is to simplify and bring quality healthcare across Indonesia, from Sabang to Merauke. We connect 20,000+ doctors with patients in need through our Tele-consultation service. We partner with 3500+ pharmacies in 100+ cities to bring medicine to your doorstep. We've also partnered with Indonesia's largest lab provider to provide lab home services, and to top it off we have recently launched a premium appointment service that partners with 500+ hospitals that allow patients to book a doctor appointment inside our application. We are extremely fortunate to be trusted by our investors, such as the Bill & Melinda Gates Foundation, Singtel, UOB Ventures, Allianz, GoJek, Astra, Temasek, and many more. We recently closed our Series D round and in total have raised around USD$100+ million for our mission. Our team works tirelessly to make sure that we create the best healthcare solution personalized for all of our patient's needs, and are continuously on a path to simplify healthcare for Indonesia.