AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppStream (CMP321)
-
Upload
amazon-web-services -
Category
Technology
-
view
379 -
download
2
Transcript of AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppStream (CMP321)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
December 1, 2016
Building SaaS Offerings for Desktop
Apps with Amazon AppStreamSupreeth Sheshadri, AWS
Mats Westenius, AVEVA AB
CMP321
What to Expect from the Session
• Build your streaming SaaS
• Customer talk - AVEVA AB
• Working together
Our learnings from AppStream
• AppStream – SDK-based streaming engine
• Several gaps – app lifecycle, VPC access,
price/performance, DIY clients
• Customers wanted fully managed streaming platform
Fully managed application streaming service that provides
users instant access to their desktop applications
Desktop Application Streaming
Stream desktop applications securely
to any web browserPay-as-you-go Scale globally
Secure apps & dataRun Desktop Apps
in a Web Browser
Move desktop applications
to the cloud
Provide instant access
to apps from anywhereOffer tools to simplify
application streaming
Why Did We Build Amazon AppStream 2.0?
Benefits: Instant-on Access to Desktop Apps
Instant start for desktop apps – like watching a video online
Benefits: Import Your Apps Without Re-writes
Import existing apps with no changes or re-write and start streaming
Benefits: Fully-Managed Service
No hardware or software to install, submit your apps and start streaming
Build your own streaming SaaS - Example
• Online learning system
• 1000s of students
• Complement classroom education
• Students access desktop apps from web portal
• Use multiple apps at the same time
• Clipboard, file upload/download, printing
• Audio and bandwidth controls
• Multiple storage options
• HTML5 browsers with no plug-ins
Simple User Experience
NICE DCV streaming protocol
• High fidelity visualization delivered to browsers
• HTTPS access via streaming gateways
• Adaptive and responsive streaming
• AES-256 encrypted
• Supports both 3D and non-graphics applications
Admin setup – import applications
• Use Image Builder via AWS Management
Console
• Install apps, test apps, and publish image
• Optimize app launch time and configure
app launch parameters
Admin setup – create image
• Microsoft Windows Server 2012 R2
• Image contains your apps
• Image is built using an Image Builder
• Use AWS Management Console
$> aws appstream describe-images
Admin setup – create fleet
• Auto-scaled instances – fixed/dynamic scaling
• Configurable instance type
• Non-persistent instances
• Running instances deliver instant-on connection
• Amazon VPC access
$> aws appstream create-fleet <instance type> <subnets> <image>
Admin setup – create stack
You can set up an Amazon AppStream
2.0 Stack to start streaming apps to
your users browsers.
Stack consists of a fleet of streaming
instances and user access policies and
configurations.
$> aws appstream create-stack <fleet>
Network config
On-premises
Public Internet
VPN
or
Direct Connect
Pixels - HTTPS
Identity/SAMLPixels - HTTPS
Streaming GatewayFleet
Utility/License/Database servers
Amazon AppStream 2.0 Network – 198.19.x
Customer/ISV VPC
172.X or 192.x or 10.x
Photon Built in
Storage
Private Network Access
HPC Cluster
Stack
• Multiple instance types
• Graphics and non-graphics instance families
• Standard, Compute, Memory, and Graphics
• Non-graphics starting from 10 cents/hr
• Supports Elastic GPU
Features: Multiple Instance Types
• Pay per hour for running instances in your fleet
• Scaling policies and instance type choice optimize
cost
• Pay per unique user that connects in a month
• User fee waived for BYOL RDS CALs
AppStream 2.0 Pricing
Our Purpose
Our purpose is to power
Digital Assets that help
shape our world
Oil & Gas
Power & Utilities
Chemicals & Petrochemicals
Pulp & Paper
AEC & Infrastructure
Mining & Minerals
Fabrication
Marine
AVEVA’s Journey with Amazon AppStream
Started in 2014 with a PoC
AWS Blog
Amazon AppStream Now Available to All Developers
by Jeff Barr | on 12 MAR 2014
And so we …
• Built an Enablement Service
• Using Elastic Beanstalk
• Built a Windows client using the
provided SDK
• Created an Amazon AppStream ID
• Silent install of AVEVA E3D™
• Silent install of static Project Data
The Streaming Experience was
Great
PoC with 3 major Corporate Customers
With Support for Customer’s own shared project data
The Streaming Experience looks Great but…
If you cannot connect to your streaming application, make sure that your firewall allows traffic through TCP port 80 and 8080 and UDP ports 9070 through 9097
Unencrypted traffic
Port 80 – non standard web traffic
Significant range of UDP ports
No proxy support
No known gateway to lock down traffic to
Requirement to install client software
AVEVA’ Major Concerns
AVEVA Enablement Service
AWS VPCAVEVA Customer Project Data
IP range
All of us-east-1
SG open to
all of us-east-1
• Not possible to secure
access to project data
• The cost
Subcontractor scenario
ACMESUBC
AVEVA Global
HUB
Streamed
AVEVA E3D™
Sessions
Account: ACME
First SUBC user access
within hours
AVEVA Global
Satellite
Client side
• No IT overhead
HTTPS to known gateway(s)
No client install
• High quality streaming
Dynamic
Cursor feedback
Clipboard local/remote
Restorable state
AVEVA’s Requirements on Amazon AppStream 2.0
Server & management side
• Secure access to project data
Launch in selected VPC
Launch in private subnet
• Programmatic access to
App – Fleet mgmnt
App lifecycle ctrl – hooks
Session launch
Session launch data
Automated AMI build
Users & GroupsPrivileges
AVEVA Connect
Services
Customer Account
Solutions
Environment
Other
Services
AVEVA Connect is a platform built
on Serverless Architecture for
publishing services and solutions.
The AVEVA Portal
Solutions
Environment
Digital Asset
Datasource
Configurations
Customizations
Multi-Discipline Digital Asset
Environment
Application
Solutions
Environment
Digital Asset
Datasource
Configurations
Customizations
Multi-Discipline Digital Asset
Environment
Application
Application
Streaming
User Access
Access to Solution
Environment ruled
by User Priviliges
Fleet selection and
parameters to pass
defined by Solution
Environment
Requirement: Session startup parameters
Must be possible to pass parameters at session launch
• Credentials to access the shared data sources
• Specification of the solution to launch
Project/asset
Configuration
Customisation package
Application
Public subnet Private subnet
Availability Zone
Customer VPC
Customer On-
Premises Data
Centre
On-premises to
AVEVA Connect
DB-link
Appstream 2.0 in the
private subnet with
access to the Digital
Asset Database
Designer accessing
the Solution
Environment through
a web browser
Amazon AppStream 2.0 and your applications
• Enable license mobility
• Certify your applications
• Start trials, training, and SaaS environments
Amazon AppStream 2.0 Upcoming Features
• SAML integration for authentication
• Lifecycle hooks for streaming instances
• Built-in storage for users
• Stopped instance capacity
• Domain joined streaming instances
Thank you!
BAP204: Delivering desktop applications to any device anywhere with Amazon AppStream 2.0
CMP320: Delivering powerful graphics-intensive applications from the AWS Cloud