1) AVEVA wanted to move its desktop applications to the cloud to provide instant access from any device but had concerns about securing access to customer project data and costs with Amazon AppStream.
2) AVEVA worked with Amazon to address these concerns in Amazon AppStream 2.0, which allows launching applications in a customer's VPC and passing parameters at session launch like credentials and customization packages.
3) AVEVA now uses Amazon AppStream 2.0 to securely deliver its applications to users through a managed streaming service without needing to install client software.
4. Fully managed application streaming service that provides
users instant access to their desktop applications
5. Desktop Application Streaming
Stream desktop applications securely
to any web browser
Pay-as-you-go Scale globally
Secure apps & dataRun Desktop Apps
in a Web Browser
6. Move desktop applications
to the cloud
Provide instant access
to apps from anywhere
Offer tools to simplify
application streaming
Why Did We Build Amazon AppStream 2.0?
7. Business & Public Sector
Move desktop apps
to cloud with no re-write
ISVs Design & Engineering
12. One streaming instance per end user – no shared instances
Benefits: Consistent Scalable Performance
13. Build your own streaming SaaS - Example
• Online learning system
• 1000s of students
• Complement classroom education
• Students access desktop apps from web portal
14. Build your own streaming SaaS – Elements
Admin UsersStreaming
Technology
15. • Use multiple apps at the same time
• Clipboard, file upload/download, printing
• Audio and bandwidth controls
• Multiple storage options
• HTML5 browsers with no plug-ins
Simple User Experience
18. NICE DCV streaming protocol
• High fidelity visualization delivered to browsers
• HTTPS access via streaming gateways
• Adaptive and responsive streaming
• AES-256 encrypted
• Supports both 3D and non-graphics applications
21. Admin setup – import applications
• Use Image Builder via AWS Management
Console
• Install apps, test apps, and publish image
• Optimize app launch time and configure
app launch parameters
22. Admin setup – create image
• Microsoft Windows Server 2012 R2
• Image contains your apps
• Image is built using an Image Builder
• Use AWS Management Console
$> aws appstream describe-images
24. Admin setup – create stack
You can set up an Amazon AppStream
2.0 Stack to start streaming apps to
your users browsers.
Stack consists of a fleet of streaming
instances and user access policies and
configurations.
$> aws appstream create-stack <fleet>
25. Network config
On-premises
Public Internet
VPN
or
Direct Connect
Pixels - HTTPS
Identity/SAML
Pixels - HTTPS
Streaming Gateway
Fleet
Utility/License/Database servers
Amazon AppStream 2.0 Network – 198.19.x
Customer/ISV VPC
172.X or 192.x or 10.x
Photon Built in
Storage
Private Network Access
HPC Cluster
Stack
28. • Pay per hour for running instances in your fleet
• Scaling policies and instance type choice optimize
cost
• Pay per unique user that connects in a month
• User fee waived for BYOL RDS CALs
AppStream 2.0 Pricing
31. Our Purpose
Our purpose is to power
Digital Assets that help
shape our world
Oil & Gas
Power & Utilities
Chemicals & Petrochemicals
Pulp & Paper
AEC & Infrastructure
Mining & Minerals
Fabrication
Marine
32. 100% of
are AVEVA customers
Source: IHS Energy 50
The top 10 global
energy companies
33. 90%of
The top 10 global shipyards
are AVEVA customers
Source: Clarkson’s World Fleet Register
36. AVEVA’s Journey with Amazon AppStream
Started in 2014 with a PoC
AWS Blog
Amazon AppStream Now Available to All Developers
by Jeff Barr | on 12 MAR 2014
And so we …
• Built an Enablement Service
• Using Elastic Beanstalk
• Built a Windows client using the
provided SDK
• Created an Amazon AppStream ID
• Silent install of AVEVA E3D™
• Silent install of static Project Data
The Streaming Experience was
Great
37. PoC with 3 major Corporate Customers
With Support for Customer’s own shared project data
The Streaming Experience looks Great but…
If you cannot connect to your streaming application, make sure that your firewall
allows traffic through TCP port 80 and 8080 and UDP ports 9070 through 9097
Unencrypted traffic
Port 80 – non standard web traffic
Significant range of UDP ports
No proxy support
No known gateway to lock down traffic to
Requirement to install client software
38. AVEVA’ Major Concerns
AVEVA Enablement Service
AWS VPCAVEVA Customer Project Data
IP range
All of us-east-1
SG open to
all of us-east-1
• Not possible to secure
access to project data
• The cost
39. AVEVA Experience – Using Amazon AppStream
Self-training site
Launched in July 2015
42. Client side
• No IT overhead
HTTPS to known gateway(s)
No client install
• High quality streaming
Dynamic
Cursor feedback
Clipboard local/remote
Restorable state
AVEVA’s Requirements on Amazon AppStream 2.0
Server & management side
• Secure access to project data
Launch in selected VPC
Launch in private subnet
• Programmatic access to
App – Fleet mgmnt
App lifecycle ctrl – hooks
Session launch
Session launch data
Automated AMI build
43. Users & Groups
Privileges
AVEVA Connect
Services
Customer Account
Solutions
Environment
Other
Services
AVEVA Connect is a platform built
on Serverless Architecture for
publishing services and solutions.
The AVEVA Portal
46. Requirement: Session startup parameters
Must be possible to pass parameters at session launch
• Credentials to access the shared data sources
• Specification of the solution to launch
Project/asset
Configuration
Customisation package
Application
47. Public subnet Private subnet
Availability Zone
Customer VPC
Customer On-
Premises Data
Centre
On-premises to
AVEVA Connect
DB-link
Appstream 2.0 in the
private subnet with
access to the Digital
Asset Database
Designer accessing
the Solution
Environment through
a web browser
50. Amazon AppStream 2.0 and your applications
• Enable license mobility
• Certify your applications
• Start trials, training, and SaaS environments
51. Amazon AppStream 2.0 Upcoming Features
• SAML integration for authentication
• Lifecycle hooks for streaming instances
• Built-in storage for users
• Stopped instance capacity
• Domain joined streaming instances
52. Thank you!
BAP204: Delivering desktop applications to any device anywhere with Amazon
AppStream 2.0
CMP320: Delivering powerful graphics-intensive applications from the AWS Cloud