1) AVEVA wanted to move its desktop applications to the cloud to provide instant access from any device but had concerns about securing access to customer project data and costs with Amazon AppStream. 2) AVEVA worked with Amazon to address these concerns in Amazon AppStream 2.0, which allows launching applications in a customer's VPC and passing parameters at session launch like credentials and customization packages. 3) AVEVA now uses Amazon AppStream 2.0 to securely deliver its applications to users through a managed streaming service without needing to install client software.

1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
December 1, 2016
Building SaaS Offerings for Desktop
Apps with Amazon AppStream
Supreeth Sheshadri, AWS
Mats Westenius, AVEVA AB
CMP321

2. What to Expect from the Session
• Build your streaming SaaS
• Customer talk - AVEVA AB
• Working together

3. Our learnings from AppStream
• AppStream – SDK-based streaming engine
• Several gaps – app lifecycle, VPC access,
price/performance, DIY clients
• Customers wanted fully managed streaming platform

4. Fully managed application streaming service that provides
users instant access to their desktop applications

5. Desktop Application Streaming
Stream desktop applications securely
to any web browser
Pay-as-you-go Scale globally
Secure apps & dataRun Desktop Apps
in a Web Browser

6. Move desktop applications
to the cloud
Provide instant access
to apps from anywhere
Offer tools to simplify
application streaming
Why Did We Build Amazon AppStream 2.0?

7. Business & Public Sector
Move desktop apps
to cloud with no re-write
ISVs Design & Engineering

8. Benefits: Instant-on Access to Desktop Apps
Instant start for desktop apps – like watching a video online

9. Benefits: Import Your Apps Without Re-writes
Import existing apps with no changes or re-write and start streaming

10. Benefits: Works With Your IT
Integrates with existing apps, identity, entitlements, and back-end

11. Benefits: Fully-Managed Service
No hardware or software to install, submit your apps and start streaming

12. One streaming instance per end user – no shared instances
Benefits: Consistent Scalable Performance

13. Build your own streaming SaaS - Example
• Online learning system
• 1000s of students
• Complement classroom education
• Students access desktop apps from web portal

14. Build your own streaming SaaS – Elements
Admin UsersStreaming
Technology

15. • Use multiple apps at the same time
• Clipboard, file upload/download, printing
• Audio and bandwidth controls
• Multiple storage options
• HTML5 browsers with no plug-ins
Simple User Experience

16. Simple user experience

17. Simple user experience

18. NICE DCV streaming protocol
• High fidelity visualization delivered to browsers
• HTTPS access via streaming gateways
• Adaptive and responsive streaming
• AES-256 encrypted
• Supports both 3D and non-graphics applications

19. Admin Experience
AWS Management Console Programmatic access – AWS SDK

20. Admin setup
1 2 3 4

21. Admin setup – import applications
• Use Image Builder via AWS Management
Console
• Install apps, test apps, and publish image
• Optimize app launch time and configure
app launch parameters

22. Admin setup – create image
• Microsoft Windows Server 2012 R2
• Image contains your apps
• Image is built using an Image Builder
• Use AWS Management Console
$> aws appstream describe-images

23. Admin setup – create fleet
• Auto-scaled instances – fixed/dynamic scaling
• Configurable instance type
• Non-persistent instances
• Running instances deliver instant-on connection
• Amazon VPC access
$> aws appstream create-fleet <instance type> <subnets> <image>

24. Admin setup – create stack
You can set up an Amazon AppStream
2.0 Stack to start streaming apps to
your users browsers.
Stack consists of a fleet of streaming
instances and user access policies and
configurations.
$> aws appstream create-stack <fleet>

25. Network config
On-premises
Public Internet
VPN
or
Direct Connect
Pixels - HTTPS
Identity/SAML
Pixels - HTTPS
Streaming Gateway
Fleet
Utility/License/Database servers
Amazon AppStream 2.0 Network – 198.19.x
Customer/ISV VPC
172.X or 192.x or 10.x
Photon Built in
Storage
Private Network Access
HPC Cluster
Stack

26. Launch streaming application(s)
$> aws appstream create-streaming-url <stack> [app]

27. • Multiple instance types
• Graphics and non-graphics instance families
• Standard, Compute, Memory, and Graphics
• Non-graphics starting from 10 cents/hr
• Supports Elastic GPU
Features: Multiple Instance Types

28. • Pay per hour for running instances in your fleet
• Scaling policies and instance type choice optimize
cost
• Pay per unique user that connects in a month
• User fee waived for BYOL RDS CALs
AppStream 2.0 Pricing

30. AVEVA
The leading supplier of
engineering design and
information management
software solutions

31. Our Purpose
Our purpose is to power
Digital Assets that help
shape our world
Oil & Gas
Power & Utilities
Chemicals & Petrochemicals
Pulp & Paper
AEC & Infrastructure
Mining & Minerals
Fabrication
Marine

32. 100% of
are AVEVA customers
Source: IHS Energy 50
The top 10 global
energy companies

33. 90%of
The top 10 global shipyards
are AVEVA customers
Source: Clarkson’s World Fleet Register

34. The Digital Asset – our Centre of Attention

35. AVEVA Everything 3D™ - an AVEVA Flagship

36. AVEVA’s Journey with Amazon AppStream
Started in 2014 with a PoC
AWS Blog
Amazon AppStream Now Available to All Developers
by Jeff Barr | on 12 MAR 2014
And so we …
• Built an Enablement Service
• Using Elastic Beanstalk
• Built a Windows client using the
provided SDK
• Created an Amazon AppStream ID
• Silent install of AVEVA E3D™
• Silent install of static Project Data
The Streaming Experience was
Great

37. PoC with 3 major Corporate Customers
With Support for Customer’s own shared project data
The Streaming Experience looks Great but…
If you cannot connect to your streaming application, make sure that your firewall
allows traffic through TCP port 80 and 8080 and UDP ports 9070 through 9097
Unencrypted traffic
Port 80 – non standard web traffic
Significant range of UDP ports
No proxy support
No known gateway to lock down traffic to
Requirement to install client software

38. AVEVA’ Major Concerns
AVEVA Enablement Service
AWS VPCAVEVA Customer Project Data
IP range
All of us-east-1
SG open to
all of us-east-1
• Not possible to secure
access to project data
• The cost

39. AVEVA Experience – Using Amazon AppStream
Self-training site
Launched in July 2015

40. The Production Business Case
First

41. Subcontractor scenario
ACME
SUBC
AVEVA Global
HUB
Streamed
AVEVA E3D™
Sessions
Account: ACME
First SUBC user access
within hours
ace@subc.com
bob@subc.com
cal@subc.com
dan@subc.com
C S
SC
AVEVA Global
Satellite

42. Client side
• No IT overhead
HTTPS to known gateway(s)
No client install
• High quality streaming
Dynamic
Cursor feedback
Clipboard local/remote
Restorable state
AVEVA’s Requirements on Amazon AppStream 2.0
Server & management side
• Secure access to project data
Launch in selected VPC
Launch in private subnet
• Programmatic access to
App – Fleet mgmnt
App lifecycle ctrl – hooks
Session launch
Session launch data
Automated AMI build

43. Users & Groups
Privileges
AVEVA Connect
Services
Customer Account
Solutions
Environment
Other
Services
AVEVA Connect is a platform built
on Serverless Architecture for
publishing services and solutions.
The AVEVA Portal

44. Solutions
Environment
Digital Asset
Datasource
Configurations
Customizations
Multi-Discipline Digital Asset
Environment
Application

45. Solutions
Environment
Digital Asset
Datasource
Configurations
Customizations
Multi-Discipline Digital Asset
Environment
Application
Application
Streaming
User Access
Access to Solution
Environment ruled
by User Priviliges
Fleet selection and
parameters to pass
defined by Solution
Environment

46. Requirement: Session startup parameters
Must be possible to pass parameters at session launch
• Credentials to access the shared data sources
• Specification of the solution to launch
Project/asset
Configuration
Customisation package
Application

47. Public subnet Private subnet
Availability Zone
Customer VPC
Customer On-
Premises Data
Centre
On-premises to
AVEVA Connect
DB-link
Appstream 2.0 in the
private subnet with
access to the Digital
Asset Database
Designer accessing
the Solution
Environment through
a web browser

48. Demo

49. Try it now with no setup

50. Amazon AppStream 2.0 and your applications
• Enable license mobility
• Certify your applications
• Start trials, training, and SaaS environments

51. Amazon AppStream 2.0 Upcoming Features
• SAML integration for authentication
• Lifecycle hooks for streaming instances
• Built-in storage for users
• Stopped instance capacity
• Domain joined streaming instances

52. Thank you!
BAP204: Delivering desktop applications to any device anywhere with Amazon
AppStream 2.0
CMP320: Delivering powerful graphics-intensive applications from the AWS Cloud

53. Remember to complete
your evaluations!