Virtual Desktops for Hedge Funds using AWS Workspaces

Virtual desktops are not a new proposition, and Virtual Desktop Infrastructure (VDI) has been touted for many years as a solution to many different problems. There are already a number of commercial offerings from the likes of Citrix, VMware and Microsoft, which have become increasingly sophisticated and functional over the years. Similarly, the thin client hardware for virtual desktops has improved and dropped in cost.

The appeal of VDI, particularly in the hedge fund technology market, has grown significantly in recent years. Lately, we have also seen an increasing uptake in the cloud hosted model.

The three key factors driving the adoption are security, flexibility and cost, which I’ll go through in more detail.


Probably the most compelling selling point of VDI is the ability to adopt a more centralised approach to managing access controls and safeguarding information security. For hedge funds, protecting the firm’s intellectual property is an absolutely critical function. That doesn’t just mean having the right information security systems and processes to protect from external cyber threats. It is just as important to protect the firm from the possibility that its own staff could walk away with key assets – from client lists to proprietary analytics or investment models. Locking down that information and ensuring no one can save it to local drives, or remote media like USB sticks, or even walk off with the physical kit, can help to simplify cyber security processes significantly.


Mobile working is almost the norm these days. Users are expecting flexible access to their work desktop from home, on the road and from a variety of devices. IT department often struggle to provide this flexibility and at the same time all the security, functionality and corporate integration. Likewise, rolling upgrades of desktops through a collection of physical hardware, or replacing failed PCs can be a logistical nightmare. Virtual desktops simplify this considerably, and make disaster recovery and business continuity a lot easier.


Finally, costs have to be part of the discussion. However, these are rarely a straightforward comparison. Total Cost of Ownership (TCO) calculations need to analyse the costs for various infrastructure components, software licensing, storage, networking, staff resources and effort, etc.

Hentsū Managed Virtual Desktops on AWS

Our core services involve orchestrating, configuring, securing and providing first line support for hedge fund virtual desktops based on Amazon Workspaces. The underlying Amazon infrastructure is compelling on a number of fronts. Hentsū builds on this, adding additional services, functionality and security specific to hedge funds:

  • Low AWS cost, configurations include Microsoft OS licensing and range from $35/mo to $75/mo, (depending on region)
  • No vendor lock-in, rolling monthly contracts, easy to scale up and down as required
  • Out of the box backups and resiliency
  • Integrated cyber security approach, with antivirus, Active Directory, two-factor authentication, USB lockdown and IPS/IDS
  • Wide range of thin client hardware, which can also be provided on a monthly rental option for a true opex model
  • Private managed software repository (using WAM) for users to on-demand install pre-packaged and certified applications
  • Monitoring and performance tracking
  • Tight integration with additional AWS services and resources
  • Secure, performant remote access from home PCs, laptops, iOS and Android tablets, Chromebooks

So far Amazon Workspaces have proven themselves well in hedge fund environments. We’ve seen them deployed across both front office as well as regular business functions. As always, this is not the only solution out there and in our toolbox. There are careful considerations to be made for the type of applications that can be run, the overall working environment and the underlying performance constraints. There are limits on virtual cores and memory, but as is often the case of moving to the public cloud, if other AWS services are leveraged properly then this is often more than enough.

In a later post, we’ll also take a look at how we deploy with RemoteApp.