Streaming Encrypted Pixels Near You

Table of Contents

Challenge

How do you deliver applications in a secure way, to a geographically dispersed audience, at scale, irrespective of OS platform, ensuring consistent performance?

Solution (arguably not the only one) - AppStream 2.0

It gets you:

  • BYOD - ability to run apps on Windows, Linux Mac and Chrome OS. 
  • Low latency - since data could be stored in S3 buckets (you also have the ability to enable OneDrive and Google drive) and your apps are also streamed from AWS infra - the data and apps are in close proximity and you only get pixels (encrypted at that) streamed to you. 
  • Security - data is encrypted in transit and could be encrypted at rest (enable app setting persistence and home folders)...plus it's not stored on the device itself.
  • Flexibility - you can consume the apps via any HTML5 capable browser or via a client app you download. 
  • Dual monitor support (even if you use just the browser)
  • For healthcare clients -AppStream 2.0 HIPAA Eligibility. 
  • Scalability (scale out and in) based on utilization, session concurrency, number of users and instance type. To get an idea of how many coins you may need to toss to your Witcher, AWS has provided a helpful AppStream 2.0 Pricing Tool.
  • Videoconferencing (using supported browsers) as well as through the client. 
  • AD integration - your own, or the AWS Directory Service for MS Active Directory. 
  • SSO - you can use AWS's SSO as well as Azure as an Idp.
  • Using some undoubtedly forbidden dark sorcery, the streaming adapts to the available bandwidth on the fly. Unless you are using dialup, I think you'll be fine. Here are the bandwidth requirements. I googled it for you so you won't have to. You are welcome. 
  • Lower admin overhead - you centrally manage applications. 
  • No large capital outlay for infra (and licensing) to meet demand. 
  • You could SaaS-ify an ordinary app without rewriting it to be cloud native. 

My POC experience

You can shortcut things and do a trial without much yak shaving using "Try sample application at no cost", use AWS Workshop, or you could bite the bullet, roll your sleeves, brew some dark roast and prep the environment yourself using the admin guide.

Overall the experience wasn't jarring at all but you will need some familiarity with VPCs and related AWS concepts. 

Since this is not a free service, for the purposes of the POC, I'd recommend you consider setting the Maximum session duration to less than the default 960 minutes, define the fleet type as "on-demand", rather than "always on", carefully consider the instance type, maximum capacity, and go over the scale out policy as well. Here's what these looked like for my POC:

Once you are done with configuring your image with all the apps you need, provisioned the fleet and defined the stack, you are ready to test the end user experience. 

Here are the things I tested, all of which were successful:

  • Establish a session through Edge, log into MS Teams and launch a meeting inside the browser. 
  • Save a file to home folder (S3 bucket) and check if it persists between sessions. 
  • Do the same via the dedicated AppStream Client. 
  • Connect to a session on an iPad.
  • Print to local printer. 

Here are some visuals from the test:

Happy app streaming.