Amazon AppStream
Overview
AWS introduced its AWS service called Amazon Appsream which is a secure, reliable, as well as a scalable solution for accessing applications and non-persistent desktops from any part of the world seamlessly.
It allows organizations to stream desktop applications to any device running a web browser from AWS (without any requirement of rewriting them). You get instant-on access to any application of your choice, along with a responsive user experience flexible enough to work on different devices.
Introduction to Amazon AppStream
Before we jump into understanding how we can unleash the AWS service Amazon Appstream and unleash its benefits for our infrastructure, let us understand the problem statement which leads to its existence.
Before AWS appstream, the organizations were working on their legacy applications which were not flexible to easily move to the cloud, and hence scenarios arose where the applications were triggered from outdated equipment. This prevented any organization personnel from accessing the application from any mobile device or online.
To solve this issue, AWS introduced its AWS service called Amazon Appsream which is a secure, reliable, as well as a scalable solution for accessing applications and non-persistent desktops from any part of the world seamlessly. It allowed the organizations to stream the desktop applications to any device running a web browser from AWS (without any requirement of rewriting them). You get instant access to any application of your choice, along with a responsive user experience flexible enough to work on different devices.
- AWS Appstream empowered the remote workforce to quickly react to changing conditions(digital transformation) by accessing applications and desktops from anywhere.
- This in a way strengthened the security also by helping the organization to store their data on AWS securely instead of importing their data on any random vulnerable endpoint.
- All the costs are also optimized with the on-demand cloud scalability offering a range of computing, memory, and storage options.
- The downtime was reduced with fully managed application delivery as well as reliable AWS infrastructure offering 99.9% uptime.
- It helped enable automatic adjustments to fleet capacity as well as monitoring fleet utilization to meet the user demand at the optimized lowest possible cost.
How Does It Work?
The below diagram shows how the AWS Appstream works to provide secure, reliable, as well as scalable access to the applications along with any non-persistent desktops from any part of the world.
The working of AWS Appstream starts by simply installing the applications or the desktop operating systems on AWS the same way you shall do on any Windows computer. Then you need to connect the existing identity, network as well as storage either on-premises or on AWS. For this, you can also use the AWS AppStream 2.0 built-in user management and persistent storage.
Now you can centrally manage the non-persistent desktops as well as your applications where the users can securely access them on demand or you can also stream them to any of your users. All this is offered with pay-as-you-go pricing. Lastly, users can quickly get started with the application or desktops via the browser or computer security from any part of the world.
Concepts
Below are a few key concepts that shall help to get most of the out of AWS AppStream 2.0, becoming familiar with the following concepts will be an add-on while understanding the concepts around AWS Appstram :
Fleet :
Fleet is the fleet instances (widely known as streaming instances) that are utilized for running the desktops and applications which is already specified. here, only one instance is assigned for one user.
User Pool :
The user pool is often utilized when you need to manage the users along with their assigned stacks.
App Block :
We define an app block as a container where all the application files reside. These files are the ones that we want to stream to our users in addition to this you can also find the mandatory details in the file required for configuration.
Application :
All the mandatory information required to launch an application is contained in an Application. This is the application that we want to stream for our users which are associated with the resource containing the important files required for launching the application, like an app block or image.
Image Builder :
For creating an image, a virtual machine called image builder is required. We can easily launch and quickly connect to an image builder via the AppStream 2.0 console. Once done, we can install, add, or even test the applications, where the image builder is eventually used to create an image. We can launch new image builders via the private images that we own.
Streaming Instance :
Widely popular as a fleet instance, a streaming instance is the EC2 instance that is made available for streaming the application to a single user. Once the session of the user is completed, the streaming instance is terminated via the EC2.
Stack :
Within a stack you shall find user access policies, an associated fleet, in addition to storage configurations. It is easy to set up a stack when we want to start streaming the applications for our users.
Image :
Within an image all the applications that we can stream to the users, and the default system along with application settings that can help the users quickly get started with their applications are contained. AWS provides the base images which can then be utilized to create image builders that are then utilized to create images that can even include your applications. Once the image is created, you can't modify it. While if the need arises to modify other applications(add, update, or change image settings), we must always create a new image. AWS allows you to copy the images to other AWS Regions along with permits to share the images with other AWS accounts of the same Region.
Auto Scaling Rules :
With the Autoscaling rules, AWS allows its users to automatically manage the number of streaming instances made available for the users from where it can be streamed. The Auto Scaling Rules are usage-based as well as schedule-based policies which can be applied to an Always-On or On-Demand fleet.
For more information related to the concepts, please visit link from AWS documentation.
AWS AppStream Functional Architecture
The functional architecture for the AWS appstream is described below along with the diagram to help you understand the concept around it.
- First, the administrator creates the AWS AppStream 2.0 Environment where all the required number of users and the applications required for the End-users are pointed. Once created, the user shall receive an e-mail with their credentials along with the detailed steps that can help them to access the Amazon AppStream 2.0 portal.
- The user authenticated itself, while the AWS establishes a dedicated, reliable, and secure streaming connection between the user and AWS Appstream. This connection happens with an EC2 (which is an AWS Virtual Machine). and requires only a stable internet connection as well as sufficient bandwidth from the user's end. It is recommended to have a minimum of 2 GB RAM and 500 MB to 1 GB of Local Storage for this connection to sustain well.
- Each distinct user connecting to the AWS AppStream portal, is allocated a dedicated EC2 machine as well a secure, reliable connection is established between the two. After this, AWS manages all the scaling for the virtual machine fleet as the number of users accessing the Amazon appstream portal increases.
Features of AWS AppStream
A few key features offered by Amazon AppStream are listed below :
-
Secure access to the desktop or applications via any supported device :
The desktop applications are securely accessed via the HTML5-capable web browser available on Windows as well as Linux PCs, Chromebooks, Macs, iPads, and Android tablets. -
Protect the applications and data :
With AWS Appstream, all the applications streamed are in encrypted pixels where data success is also secured within the network you specified. Every individual user has its AWS AppStream 2.0 instance which shall restrict the sharing of any computing resources and hence the applications, as well as the data, are never stored on the user’s device. All the applications are bound to run only within their virtual private cloud (VPC), where you use the Amazon VPC security features to control the accesses helping you to isolate the applications as well as deliver them securely. -
Integration with the IT :
Integrate with your existing AWS services and your on-premises environments. As the application streams inside the defined VPCs, the users are only allowed to access data and other resources that are inside the AWS. This helps to reduce the movement or transfer of data between AWS and your environment helping to provide a faster user experience. By enabling the extensive APIs, you can quickly integrate the AWS AppStream 2.0 with any custom IT solutions where the users can access their applications using their corporate credentials. The AWS Appstream connects with the existing Microsoft Active Directory environment network, which enables the use of the existing Active Directory governance, user experience, and security policies with your streaming applications. -
Flexibility to choose the fleet type based on your use case :
- Elastic Fleet Instance :
Streaming instances fully managed by AWS AppStream 2.0. While launching the application or desktop to launch, users start the streaming once the application block is downloaded as well as mounted onto a streaming instance. - Always-On Fleet Instance :
The pool of streaming instances that are running all the time, even when no users are streaming the applications and desktops. All the streaming instances ( managed via the auto-scaling rules ) should be provisioned before a user is about to stream. - On-Demand Fleet Instance :
The pool of streaming instances runs only when users are streaming the applications and desktops. Streaming instances not yet assigned to users are in a stopped state. All the streaming instances ( managed via the auto-scaling rules ) should be provisioned before a user is about to stream.
- Elastic Fleet Instance :
-
Scalable and Consistent performance :
As Amazon AppStream 2.0 runs on AWS where it can access the compute capabilities (which are certainly not available on the local devices) helps the applications to run with high and consistent performance. You can offer low latency to the users, by instantly scaling locally as well as globally in addition to quickly deploying the applications in any AWS region closest to the users.
AWS AppStream Use Cases
A few of the popular use cases of Amazon AppStream are described below :
-
Initiate the SaaS(Software as a Service) for the software vendors :
Use cases ideal for trials, training as well as software demonstrations, AWS appstream helps to deliver the SaaS versions of applications without any special hardware, rewriting, or device installation required. -
Encourage student learning environments :
With Amazon Appstream's easy, reliable access to the resources and applications, AWS appstream encourages online learning over slow network conditions also. -
Allows flexible work from anywhere for contact center agents :
AWS Appstream provides flexibility to work remotely from anywhere to its contact center agents having a secure and easy-to-use agent experience. -
Access to 3D design and engineering applications :
With Amazon Appstream, the users get the ability to access the CAM, CAD, and CAE applications from any computer with the same responsive, high-performance streaming sessions.
A few customers that are widely using the AWS Appstream are shown below, where some of the use cases in which they have applied Amazon Appstream are the ones we studied above.
AWS AppStream Pricing
Now let us, deep dive, into the pricing structure of the AWS AppStream. Although for AWS AppStream 2.0, you only get charged for the streaming resources that are provisioned along with a small monthly fee per streaming user which depends on the operating system that has been chosen. Except that, no extra upfront investment or long-term commitment is achieved with AWS AppStream 2.0.
Below are the pricing structure for the Streaming resources :
- Always-On fleet instances,
- On-Demand fleet instances,
- Elastic fleet instances,
- Image builder instances as well as the
- User Fee.
The pricing structure for the above instances isis based on the instance size, type, and operating system selected. Also, the instance charge includes storage, computing, as well as any network traffic utilized by the streaming protocol.
-
Always-On fleet instances :
Charged hourly for Windows Always-on fleet instances whereas charged on one-second increments( a minimum of 15 minutes) for Linux Always-on fleet instances. -
On-Demand fleet instances :
Charged hourly for Windows On-Demand fleet instances whereas charged on one-second increments( a minimum of 15 minutes) for Linux On-Demand fleet instances. Also, for not-in-use instances, you get charged a small hourly stopped instance fee for Windows whereas for Linux you get charged per second for each partially stopped hour.The pricing structure for On-Demand stopped instance fee :
-
Image builder instances :
Charged hourly for Windows Image fleet instances whereas charged on one-second increments( a minimum of 15 minutes) for Linux Image fleet instances.The below image shows the pricing structure for Always-On fleet instances, On-Demand fleet instances, as well as Image builder instances :
-
Elastic fleet instances :
Charged hourly for Windows Elastic fleet instances whereas charged on one-second increments( a minimum of 15 minutes) for Linux Elastic fleet instances. Also, the pricing is per instance-hour.The below image shows the pricing structure for the Elastic fleet streaming session pricing structure :
-
User fees :
Charged per user per month for each AWS Region where the users stream the applications from AppStream 2.0 fleet instances based on Microsoft Windows Server operating systems only. Whereas for Amazon Linux 2 operating system, no user fee is incurred.
Getting Started with AWS AppStream
By far, we have discussed so much about AWS AppStream. Let us explore one of its major benefits - "The easy and quick setup of AWS AppStream".
Yes, you heard it right. With the following basic steps, we will set up AWS AppStream to secure, reliable, and scalable access to the applications as well as non-persistent desktops from any part of the world.
Setting Up a Sample Stack, Selecting an Image, as well as Configuring a Fleet :
-
Via the link - open the AWS AppStream 2.0 console.
-
Either you can select 'Get Started', or select from the Quick Links on the left navigation menu where you shall see the Setup button with sample applications.
-
For the Stack Details, you can either keep the default stack name or create a stack name of your own choice. For more details on this step, you can refer to the link for the AWS documentation. Move ahead by clicking Next.
-
For the Image, you shall find a sample image already selected. These images have pre-installed open-source applications according to their evaluation purposes. Move ahead by clicking Next.
-
For Configuring the Fleet, it is recommended to keep the default values provided. These values can be modified once the fleet has been created. Move ahead by clicking Next.
-
For Configuring the Network, you shall get a default VPC that includes a default public subnet for each Availability Zone as well as an internet gateway attached to the VPC along with a default security group.
-
To enable the default VPC configuration, follow the below steps :
- Keep the check box selected for the Default Internet Access.
- Once the Default Internet Access gets enabled, 100 fleet instances (at max) are supported. You can use NAT gateway configuration if your scenarios require deployment to support more than 100 concurrent users.
- You should also keep the default VPC selected for your AWS Region. The format for your default VPC name :
vpc-vpc-id (No_default_value_Name). - For Subnet 1 and Subnet 2, you could keep the default public subnets selected. The format for your default subnet names :
subnet-subnet-id | (IPv4 CIDR block) | Default availability zone. - Keep the default security group selected for the Security groups. The format for the default security group name :
sg-security-group-id-default.
-
For Enabling the Storage, you have one of the three options.
-
Enable Home Folders :
The setting for Enabling the Home Folders is checked on from starting. -
Enable Google Drive :
It is Optional to ask the users to enable a link to their Google Drive for G Suite account to AWS AppStream 2.0. -
Enable OneDrive :
It is Optional, to ask the users to enable a link between their OneDrive for a Business account to Amazon AppStream 2.0.
-
-
Now you need to select the form various parameters from the User Settings like to print to the local device, file transfer, Clipboard, and authentication of the permissions options, and then you can move ahead to the Review option.
-
Review and recheck all the information filled for the stack. For modification of any configuration in any section, you can simply choose from the Edit option and go ahead with the needed changes. Once the configuration details are selected and reviewed move ahead with the Create option.
-
You shall see the pricing acknowledgment popup, where you need to select the acknowledgment check box and move ahead with the Create option.
-
Once the service sets up the defined resources, the Stacks page shall appear. You can find the status of the new stack as Active once it is ready to use.
Granting Access to Users via AppStream 2.0 user pool, SAML 2.0 [single sign-on (SSO)], or the AppStream 2.0 API.
-
You can make use of the AWS AppStream 2.0 user pool, which helps to create as well as manage users via the permanent login portal URL. For testing the application streaming without setting up the users, we can use the following steps to create a temporary streaming URL.
-
Let us briefly discuss the few steps to start providing access to the users via a temporary URL
-
Select the 'Fleets' options for the navigation pane. Now select the fleet ( from the list of fleets) that is associated with the same stack for which the streaming URL needs to be created.
-
Move ahead to verify the status of the fleet must be in a 'Running' state.
-
Now select 'Stacks' from the navigation pane and select the designated stack. Select the 'Actions' button and go ahead to create the 'Streaming URL' as shown below.
- Fill in the details such as 'User id'. Mark an expiration time for it, which tells for how long the generated URL is valid.
- You can view the user ID as well as the URL by selecting the 'Get URL' option.
-
-
Once access is granted, users can access the AWS AppStream 2.0 streaming sessions.
-
When access is granted to the users, via the AWS AppStream 2.0 user pool, then the users are required to use the web browser for the streaming sessions.
-
When the access is granted to the users, via the AWS AppStream 2.0 API or SAML 2.0 [single sign-on (SSO)] users should have access to the AWS AppStream 2.0 client available.
For more information related to the concepts, please visit link from AWS documentation.
Benefits of AWS AppStream
Below are the benefits that one can avail by integrating the AWS Appstream with its architecture for scalable, secure, and reliable access authorized to applications or even non-persistent desktops from any location.
Centrally manage the applications :
The Amazon AppStream 2.0 can be managed at a central level, thereby reducing the workload that efficiently manages installations in addition to updates on each user’s computer enabling every single user to utilize the same version of the applications.
Streaming made possible on any device :
By integrating the AWS AppStream 2.0 you can stream on any device. Also, any application can be streamed through the AppStream 2.0 client.
Auto Scale without infrastructure :
Amazon AppStream 2.0 charges with its pay-as-you-go pricing. We can allow the application to be streamed to an 'n' number of users all spread across the globe without the hassle of setting up the infrastructure.
Protect the applications and data :
With AWS Appstream, all the applications streamed are in encrypted pixels where data access is also secured within the network you specified. Every individual user has its AWS AppStream 2.0 instance which shall restrict the sharing of any computing resources and hence the applications, as well as the data, are never stored on the user’s device.
Integration with the IT :
Integrate with your existing AWS services and your on-premises environments. As the application stream inside the defined VPCs, the users are only allowed to access data and other resources that are inside the AWS. This helps to reduce the movement or transfer of data between AWS and your environment helping to provide a faster user experience.
By enabling the extensive APIs, you can quickly integrate the AWS AppStream 2.0 with any custom IT solutions where the users can access their applications using their corporate credentials. The AWS Appstream connects with the existing Microsoft Active Directory environment network, which enables the use of the existing Active Directory governance, user experience, and security policies with your streaming applications.
The benefits offered by AWS Appstream :
AWS AppStream vs. AWS WorkSpaces
Well after learning so much about AWS Appstream, you might be wondering if it somewhat resonates with AWS Workspaces.
Well! to clarify your doubt, Yes the two AWS services are quite similar, but it becomes even more crucial to understand and learn that AWS AppStream 2.0 is entirely dedicated to hosting the individual applications on the AWS platform, whereas AWS WorkSpaces we can easily create the virtual desktops which are eventually utilized to create the entire working environments for you or your team.
To sum up, whenever your use case is related to moving the existing legacy applications in the AWS cloud platform, always go for AWS AppStream 2.0 whereas when your use case relates to an easy and quick way of deploying the Windows virtual desktops for the users, then AWS WorkSpaces shall be the ideal option in that case.
Conclusion
-
AWS Appstream provides flexibility to work remotely from anywhere to its contact center agents having a secure and easy-to-use agent experience.
-
By enabling the APIs, you can quickly integrate the AWS AppStream 2.0 with any custom IT solutions where the application is easily accessed by the users with their existing credentials. The AWS Appstream connects with the network, Active Directory, file shares as well as cloud storage.
-
As per the pricing structure for AWS AppStream 2.0, you only get charged for the streaming resources that are provisioned along with a small monthly fee per streaming user which depends on the operating system that has been chosen. Except that, no extra upfront investment or long-term commitment is charged with AWS AppStream 2.0.