AppStream - Beyond the obvious

Copyright ©2015Cloudreach limitedNot if. When

AppStream - Beyond the obviousAWS User Group - London - May 2015Presented by Adam Ocsvari | [email protected] | @ocsi01

Cloud System Engineer @ Cloudreach

Wednesday 27th May 2015

mailto:[email protected]

Cloudreach: AppStream - Beyond the obvious

Copyright ©2015 Cloudreach limited

● Application streaming service

○ HD video

○ low latency

● For resource-intensive apps

● G2 Instances

● Partially managed by AWS

● Pricing of AppStream

○ Fix price per hour (per Region)

○ + Enablement Infrastructure

Introduction to AppStream

AWS AppStreamsince the end of 2013

http://www.cloudreach.com/gb-en/cloudreach/



● Full HD video from AppStream● Locally rendered controls (overlay)

○ Hybrid games● Experience on any device● Reduce piracy

An early test from AWS:

● 2625 identically rendered soldiers● 17 FPS frame rate at client side


AppStream for Games




● Training experience on a remote location

● No high end workstation needed● Works even on tablets

● No specialized hardware● All patches and updates are

automatically delivered to the user


AppStream for Training




● 3D CAD● 3D modeling● Animations● Visual Effects (for movies)

● No high end workstations● Easier collaboration● Less geolocational issues● Read only access


AppStream for Engineering




● Instant start

○ No waiting time, no lost customers

● Low end devices

○ No investment needed

● “Platform independency”

○ Develop for only one platform

● Automatic patching

● Bill based on usage

Why is this good for us?New opportunities to reach customers





● Restricted access

○ Comment only access

○ Read access

● No way of copying

○ Only the video stream

● No way of reverse engineering

● No reason for cracking the client

● Everything is inside a VPC

Behind the obviousIndustrial espionage



Copyright ©2015 Cloudreach limitedNot if. When

Let’s jump into tech!




● Client side application

● Enablement Service

● AWS Entitlement service

● AppStream G2 Instances

Overall Structure

The Architecture of AppStream




● Windows based application

○ Only the application

● Running on the G2 Instance

● Installed and configured by your administrator

● Snapshot

● Warmed up

● Session customisation

The Application





● Lightweight

● Simple

● Initiate Login

● Handle the video Stream

● Sends input stream

○ Custom input stream

● May overlay content

The Client


● Current clients:

○ Windows

○ OS X

○ Android

○ IOS

○ Chrome App

■ Multi platform




● Calls AppStream Entitlement Service

○ Rest API or SDK (Java)

● Manage/authenticates users

● Passing custom data to session (Opaque Data)

● Communicates with the Client

● It’s a website with an API

Enablement servicefor authentication and authorisation





● EC2 Instances - In a VPC

● S3 buckets

● SES

● RDS

● Cross Account

○ Security challenges

Connect to other AWS servicesReaching your AWS account




SecurityCross-Account wonders





● One or more temporary token

○ The expiration is a limit for the length of the session

○ Rotate the keys via Enablement service

● Identical keys

● Passed via the OpaqueData

○ via HTTPS

Temporary credentialsAccess to our AWS resources from the AppStream

AppStream Security




VPC PeeringAppStream Security




● VPC peering

○ Multiple VPC-s

● Multi screen video

● Long(er) term IAM credentials

● Update Finalized Application

● More Regions

● More SDKs

Wish list





The Beer Challenge - TBC





● Read some docs

● Deploy a basic application

● Use the sample Clients

● Use the “Standalone” mode

● Deploy the sample Enablement service

● Reach out the experts:

How to start?




Questions, Comments?



AppStream - Beyond the obvious

Software

Transcript of AppStream - Beyond the obvious