Windows Workers Feature

Windows Workers is an optional feature that processes certain files on Windows OS machines instead of a Linux-based ECS Cluster.

For technical reasons, certain types of input files (such as those generated by Masslynx spectrometers) cannot be processed in the ECS cluster. These input files must be processed separately on Windows OS machines. The Tetra Data Platform (TDP) can create an AWS EC2 autoscaling group (ASG) which contains worker instances that run the latest AWS published version of Windows Server 2019. You can use the Windows Workers feature for these instances.

To toggle this optional feature on or off, use the stack parameter EnableWinTaskScriptService. For more details on the parameters, click here.

Windows Workers incorporates these security measures:

  • No Access to Users: Windows Workers instances are created without creating any user credentials so it is impossible for anyone to log in using them.
  • Patch Auto-Updates: The stack contains a lambda function that checks weekly for a newer version of the AWS published image. If a newer version is found, the ASG is refreshed and all instances are replaced with new ones created from this image.
  • Network Isolation: You can deploy Windows Workers in a separate, isolated network segment without any communication with the corporate network, the rest of the platform, or the Internet. You can even deploy it in a separate VPC. The workers need connectivity only to a few AWS services, and can gain access using VPC Endpoints. Network isolation, if implemented, makes it virtually impossible for malware to spread from the Internet to these devices, or from these devices to the corporate network.

These AWS services are required for the Windows Workers feature:

  • S3
  • SQS
  • CloudFormation
  • Monitoring
  • Logs

Windows instances send basic metrics to CloudWatch, and also to these logs:

  • Tetra Data Platform (TDP) specific logs
  • CloudWatch logs: C:\ProgramData\Amazon\AmazonCloudWatchAgent\Logs*.log
  • Windows events: System (CRITICAL, ERROR), Application(WARNING, CRITICAL, ERROR)