Which solution will meet these requirements?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company is creating a solution that can move 400 employees into a remote working environment in the event of an unexpected disaster.The user desktops have a mix of Windows and Linux operating systems.Multiple types of software, such as web browsers and mail clients, are installed on each desktop.A solutions architect needs to implement a solution that can be integrated with the company’s on-premises Active Directory to allow employees to use their existing identity credentials.The solution must provide multifactor authentication (MFA) and must replicate the user experience from the existing desktops.

Which solution will meet these requirements?

Use Amazon WorkSpaces for the cloud desktop service. Set up a VPN connection to the on-premises network. Create an AD Connector, and connect to the on-premises Active Directory. Activate MFA for Amazon WorkSpaces by using the AWS Management Console.

Use Amazon AppStream 2.0 as an application streaming service. Configure Desktop View for the employees. Set up a VPN connection to the on-premises network. Set up Active Directory Federation Services (AD FS) on premises. Connect the VPC network to AD FS through the VPN connection.

Use Amazon WorkSpaces for the cloud desktop service. Set up a VPN connection to the on-premises network. Create an AD Connector, and connect to the on-premises Active Directory. Configure a RADIUS server for MFA.

Use Amazon AppStream 2.0 as an application streaming service. Set up Active Directory Federation Services on premises. Configure MFA to grant users access on AppStream 2.0.

Explanations:

Amazon WorkSpaces with an AD Connector and MFA setup through the AWS Management Console does not support advanced MFA requirements, such as integrating with on-premises Active Directory for MFA. This option does not fully address the need for robust, enterprise-grade MFA and secure integration with on-prem AD.

Amazon AppStream 2.0 with AD FS and VPN could allow application streaming and integration with AD, but it would not provide the full desktop experience that users require. Also, AppStream does not natively replicate a complete desktop environment as required by the company.

Amazon WorkSpaces provides a full desktop experience, supports mixed OS environments, and can integrate directly with on-premises Active Directory through an AD Connector. By configuring a RADIUS server for MFA, this option meets all requirements: secure AD integration, MFA, and a similar user experience.

Amazon AppStream 2.0 with AD FS and MFA can provide access to applications, but it does not deliver the complete desktop experience required for the solution. AppStream is intended for application streaming, so it does not meet the requirement for a full desktop environment similar to what employees currently use.

2025-10-11

1 Comment

  1. Stephanie
    Author

    If I’m not mistaken, the answer is:
    Use Amazon WorkSpaces for the cloud desktop service. Set up a VPN connection to the on-premises network. Create an AD Connector, and connect to the on-premises Active Directory. Configure a RADIUS server for MFA.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + ten =