A Review by
Seth Morrell, SynchroNet VP of Innovation & Strategy
Stephen Stetler, Enterprise Architect

SynchroNet LLC is an Amazon Web Services Advanced+ Consulting Partner maintaining a 100% focus on AWS End User Compute (WorkSpaces, AppStream 2.0, Citrix on AWS and Citrix and VMware Horizon on VMC). We align people, organizations and partners with AWS-powered technology to successfully achieve their business goals.


As an AWS WorkSpaces integrator, SynchroNet solves the End User Computing (EUC) puzzle and provides a positive impact on all business teams. Amazon WorkSpaces is a fully managed, secure desktop computing service that runs on the AWS Cloud.


Active Directory implemented in the AWS environment is one piece of the puzzle that helps deliver a more positive experience for Amazon WorkSpaces users.  It enhances EUC needs and keeps a company on pace and competitive by ensuring a stellar experience.


We spoke to our clients about their business and team goals.  Clients paint the picture of a workday that requires their company to stay competitive in today’s employment market by delivering high-quality IT services.


Here is a summary of direct customer feedback.  As you read their feedback, you will note that delivering a stellar experience is one key factor in providing a positive work environment.  From our clients:

  • In today’s work environment, shared office space and technology must keep pace with flexible schedules.  Employees want to telecommute, even time-zone hop. They want to collaborate across teams, and they want to shepherd an idea through the project process.  
  • And today’s employee does not want the challenge of technology aerobics every time they logon to the company’s network.  Productivity depends on a positive, seamless experience. 
  • Behind the scenes, the HR Department wants a brag-able work environment.  The IT team strives to provide a secure environment that is scalable as both the business and the staff roster grows.  Above all, the financial team wants all of this but without surprise cost.



Active Directory in AWS Perspective

One of the most common requirements clients have when moving to Amazon WorkSpaces is that it performs as well or better than their current solution.   To meet this requirement, clients must often place an Active Directory Domain Controller within their AWS environment.

Let’s review several of the benefits of placing a Domain Controller within the AWS environment.


Four Performance Benefits of Active Directory in AWS

Benefit One:  AWS architected designs include at least one Domain Controller per physical location.

  • All the subnets of a physical location that Windows endpoints reside on are included in the Site to ensure the most efficient path to the Domain Controller. This helps reduce login and processing time for WorkSpaces.


Benefit Two:  Placing a Domain Controller within AWS ensures optimized traffic across the Direct Connect or a site-to-site VPN.:

  • Data transfer is only required for AD Replication, which optimizes cost.
  • Authentication is performed in the Cloud, accelerating the logon process.
  • Group Policy Objects (GPOs) are processed in the Cloud, accelerating the logon process.
  • DFS-Namespaces are resolved in the Cloud, accelerating several Windows File Share activities.


Benefit Three:  Direct Connects or site-to-site VPNs are fixed quantities:

  • Direct Connects are typically reserved for traffic to on-premises resources that cannot be migrated to the Cloud (e.g., backend SQL infrastructure that is mostly used by on-premises clients).
  • Optimizing traffic provides a greater return on investment than increasing the bandwidth of Direct Connect.
    • The scenario is particularly true where Direct Connect is used for workloads combined with Amazon WorkSpaces.
  • Winlogon service is designed for LAN based connectivity to Domain Controllers, and performance is impacted by overall round trip time.
  • Windows Logons grow in scope as GPOs scale-out and increase in complexity, and avoiding this WAN communication helps support improved logon and GPO processing experiences.

Benefit Four:  Placing an Active Directory Domain Controller within the AWS solution is scalable, addressing the continuing changing and growing needs of the business.   From an initial deployment or growth to thousands of Workspaces, configurations can be built to fit both today’s and tomorrow’s needs.




In addition to the four benefits, security and network access within Amazon WorkSpaces is always a consideration.   From a security perspective, securing and managing a Domain Controller in AWS utilizes the same approaches, skills, and tools as an on-premises Domain Controller.




You read the business snapshots and goals from our clients.  Sound familiar?  We all know that Active Directory problems can inhibit performance and lead to a less-than-stellar desktop experience.  Placing an Active Directory domain controller within AWS will provide an immediate performance benefit for Amazon WorkSpaces and any future AD-dependent services located within the AWS environment.  Active Directory Domain Controllers in AWS are part of the toolbox to provide positive work experience.