Q&A with Education Solutions Architect, Stephen Stetler


When I went to college, pretty much everyone had a Compaq computer tower. It went without saying, Windows was the default OS. The complexity of getting configured for the dorm network almost always required a call to the help desk.  Students were left likely waiting a couple of days for someone to make sure the NIC was installed correctly and configured for the network.


A lot has changed in 20 years, but not everything.

Today, students don’t have one network-powered device; they’ve got several. From smartphones, tablets, laptops, to devices in between, and even gaming systems; everything connected all the time, automatically. And students are savvy enough that they rarely need to call the help desk to get setup.

This is great! We’ve come so far to advance the ease of setup as well as the general knowledge and understanding students have of their devices. But some of the old challenges persist to this day:

  • Software that is only available for specific OS’s.
  • Specific licensing that requires installation bound to the licensee.
  • Massive complexity in setup and configuration.
  • Only so much time availability of the help desk to assist students individually.
  • Even if multiple platforms are supported, feature parity is lacking.
  • No way to guarantee performance because every device is different.



AWS End User Computing (EUC) is Today’s Solution

Amazon WorkSpaces simplifies all these challenges, with secure productivity from the device of student’s choice.

Image Management simplifies what used to be a constant process for each student individually, by installing, configuring, and creating specific environment settings for the user one time. The environment is deployed to all students using AWS managed services to create individual virtual instances for each student.

No additional setup is required to isolate, secure, and protect student data. Because the student’s device of choice is only used to establish a remote window into the virtual instance, data never leaves the cloud. If a student has an issue, help desk clicks ‘Rebuild,’ and a new virtual instance is deployed to the student in minutes with their data preserved. User data is “backed up” to S3 via the familiar snapshotting process for AWS EC2.

I think the best way to describe Amazon WorkSpaces in the education segment is to answer some of the most-often-asked questions.


Q:  Students want to use their favorite device, from any location—both on-campus and off.  How do we provide secure access from any device and any location?   

A:  Streaming protocol traffic is encrypted-in-transit by default using AES encryption. The virtual instance itself can optionally be encrypted-at-rest using the native AWS KMS service. There is no impact on the user experience and performance with both encryption settings enabled.

IAM secures access to who and what can create AWS EUC virtual instances.  AWS EUC designs utilize network interfaces in both AWS Managed, and Customer Managed VPCs. On the Customer Managed VPC side, existing Security Group, Network ACL, and Routing Rules are used to control which virtual instances have access to only the resources that are required.

You know exactly how many virtual instances of your image are deployed, so there’s never any question of how many licenses are consumed. Tagging is supported with AWS EUC, extending useful cost allocation report workflows. Consolidated billing for AWS Organizations must be considered to combine usage to share volume pricing discounts.


Q:  How do we scale up or down to meet student needs?

A:  As with other AWS services, virtual instances can be scaled up or down to meet the needs of the student for the task at hand. The help desk only needs to click a button and select the performance desired. Self-service options extend this functionality to the student if you want to enable it. Specifically for Amazon AppStream 2.0, auto-scaling ensures there is always an instance available for students.


Q:  What do the students need for their device of choice?

  • Amazon WorkSpaces provides client applications for all types of devices from
  • Amazon AppStream 2.0 is accessible from any HTML5 web browser with additional controls for touch-based input.


Q:  What’s the best way to manage AWS EUC, and how can we quickly onboard students?

A:  SynchroNet CLICKTM simplifies the management of AWS EUC by creating lifecycle rules. This limits the interaction for AWS EUC administrators to the initial configurations necessary to establish which groups get which AWS EUC entitlements to virtual instances. Once that is complete, it’s as simple as adding and removing user objects in Microsoft Active Directory to an AD Security Group. Students can perform basic support operations through a web browser using CLICK’s Self Service web portal. This Self Service web portal is easily advertised through a SAML provider, simplifying access.



Today’s Student

Today’s student wants a blended education.  They want to interact with instructors and peers in the classroom, but they also want to use technology tools such as virtual desktops.  They arrive on campus with more than a beginner’s knowledge of current technology, and they bring their favorite devices.  The education environment is ever-changing.  SynchroNet has the solution, and we are ready to answer your questions.

If you have a question or would like to discuss End User Computing in Education, Stephen can be reached at