Amazon Ups the Enterprise Ante with Corporate Email Service

Continuing its focus on enterprise, AWS announced a new managed email and calendaring service called Amazon WorkMail. It replaces traditional on-premises corporate email servers powered by Microsoft Exchange and IBM Notes.

Amazon WorkMail is a managed email and calendaring service that is integrated with Amazon Zocalo, a file share and sync platform. It supports native Microsoft Exchange protocols making it possible to use any standard client including Microsoft Outlook or any mobile device. Its web interface closely resembles Microsoft Outlook Web Access (OWA). WorkMail encrypts data using customer managed keys through its integration with AWS Key Management Service (KMS). Customers can choose to locate their mailboxes in any of the supported AWS regions. The service integrates with existing corporate directory service, including Microsoft Active Directory. Customers can get started by creating a new organization or point WorkMail to an existing org in a corporate directory service. It’s also possible to migrate existing domains to WorkMail. The service scans email and attachments to protect users from malware, spam, and viruses. Administrators can use the WorkMail console to remotely manage mobile devices. They can enforce policies and perform a remote wipe of devices. Finally, Amazon WorkMail comes with a migration tool to move mailboxes from Microsoft Exchange. It will cost $4/user/month to host a 50GB mailbox. The Zocalo bundled mailbox comes at $6/user/month.

Email, calendaring, presence information, and instant messaging are the backbone of enterprise collaboration. Traditionally, the enterprise hardware and software spend on messaging platforms ran upwards of a few million dollars. Microsoft Exchange and IBM Notes dominated the market until Google started pushing Google for Work as an alternative. To counter Google, both Microsoft and IBM started offering SaaS versions of Exchange and Notes in the form of Exchange Online and IBM Connections. With Google, Microsoft, and IBM fighting it out, it’s been a three horse race of cloud-based messaging servers. Amazon WorkMail marks the official entry of AWS in this segment.

This is not an unexpected move from AWS. It has been steadily offering mainstream enterprise workloads as managed, cloud-based services. In 2014, AWS added a new layer of SaaS targeted at enterprises. Amazon WorkSpaces is a serious contender to virtual desktops while Amazon Zocalo is an alternative to document management and file sharing platforms. Amazon’s Business Applications page highlights the thread that connects WorkSpaces, Zocalo, Directory Service, and WorkMail. Amazon WorkMail can be accessed through Microsoft Outlook, through a web browser or on a mobile device such as a tablet or a smartphone. Amazon WorkMail is tightly integrated with Amazon Zocalo for storing attachments. Amazon WorkSpaces users already get access to Amazon Zocalo for no additional charge. With AWS Directory Services providing LDAP based authentication, customers will get single-sign-on (SSO) across their desktops, document management tool, and email. Any medium sized organisation can pretty much run their core back office on the cloud by signing up for these four services without ever investing in servers or software licenses. This is a big blow to Microsoft which sells multi-million dollar annuity licenses of Exchange server to enterprise customers. Microsoft Exchange and Exchange Online are significant contributors to the server revenue at Microsoft. An interesting tidbit is that both Microsoft and AWS charge the same for a 50 GB mailbox- $4GB/user/month.

In the AWS re:Invent 2014 analysis, we highlighted the fact that AWS is building a parallel universe to traditional IT offerings. Amazon RDS for Aurora was the first such service and now comes Amazon WorkMail. It’s clear that AWS wants to build a cloud-native version of popular enterprise workloads that are optimised for performance and scale. What is smart in this strategy is the facade that AWS chooses to expose its blackbox services. For Amazon RDS for Aurora, it chose MySQL as the interface. Given the popularity of the open source database and a vibrant community, it works within the existing ecosystem. Developers using JDBC, ODBC, and PDO can seamlessly switch from MySQL to Aurora without changing a single line of code. For Amazon WorkMail, AWS chose a standard sync protocol, Microsoft Exchange ActiveSync. With this, the huge install base of Microsoft Office and hundreds of email clients can instantly talk to WorkMail with no special configuration or setup. To simplify further, AWS is shipping a migration tool. When asked if WorkMail supports Google Apps migration, AWS alluded to future support. Observing the track record, AWS may already be building a Google Apps migration tool to launch within a few months.

Amazon WorkMail will have an immediate impact on AWS partner ecosystem. After development and test, email is the most common workload to move to the cloud. With Exchange migration opportunity, APN partners make decent revenue. Typical high availability deployment of Exchange runs into a dozen servers or more depending on the complexity and the size of mailboxes. Sensing this opportunity, AWS has a dedicated section on its website for migrating and deploying Microsoft Exchange on EC2. Mike Pfeiffer, an Exchange MVP and a former Microsoft employee currently working as a solution architect at AWS published comprehensive reference architecture for running Exchange 2013 on AWS. Once deployed on AWS, APN partners with Managed Service Providers (MSP) competency help customers manage their deployments on AWS. For email related workloads, they typically charge based on the number of servers and mailboxes they monitor and manage. With WorkMail, the opportunity window for migration and managed services diminishes significantly.

Another important feature is the ability to manage mobile devices. Initial release supports policy management and remote wipe but going forward AWS will bring core mobile device management (MDM) capabilities such as over-the-air distribution of applications, data, and configuration settings. This brings AWS into the MDM segment dominated by players like VMware (AirWatch), MobileIron, and Citrix. Once AWS tightly integrates WorkSpaces with WorkMail’s MDM capabilities, it will become a key contender in the DaaS market.

What’s next for AWS? It will continue to target mainstream enterprise server workloads that have significant revenue potential. After desktops, file sharing, directory services, and email, it may offer real time collaboration, customer relationship management, supply chain management, and security services. Dr. Werner Vogels may soon realize his grand vision of making AWS the datacenter of the world.