View
0
Download
0
Category
Preview:
Citation preview
[DOCUMENT TITLE] [Document subtitle]
WWW.DROPLETCOMPUTING.COM
Droplet Computing
Application Delivery, Redefined
Droplet Computing & Amazon AppStream 2.0 Integration Guide
Michelle Laverick October 2019
2
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
In This Document:
Design Goals ........................................................................................................................... 4
Amazon AppStream Architecture ....................................................................................... 5
Amazon Region ...................................................................................................................... 6
AppStream Image Builder .................................................................................................... 6
AppStream Fleets ................................................................................................................... 7
AppStream Stacks .................................................................................................................. 8
AppStream Workflow ............................................................................................................. 8
Step 1: Preparing to install the Droplet Container App (Administrator User) ................ 15
Step 2: Installing and Licensing the Droplet Container App........................................... 18
Step 3: Launch the Image Assistant. .................................................................................. 18
3
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
About This Document
Software Versioning:
Droplet Container App V1.1
This guide outlines the design and practical considerations of deploying Droplet Computing
container technologies in the context of Amazon AppStream 2.0. In the examples shown in this
guide we will use the web-based console provided for managing and administering the AWS
environment. For large environments where organizations are using Amazon AppStream at
scale, APIs exist for all the popular scripting and automation tools currently in use.
This guide outlines the benefits Amazon AppStream and its architecture for those unfamiliar with
the solution and builds acts solution in the context of Droplet Computing containers that will
lead to a successful deployment and guarantees the quality of the end user experience.
Adopters of Amazon AppStream and Droplet Computing are advised to engage with their
preferred partners and work closely with industry experts in each domain. This guide is not
intended as an exhaustive and complete guide to deploying Amazon AppStream, and
extensive online documentation is available from Amazon including:
Amazon AppStream 2.0 Administration Guide: https://docs.aws.amazon.com/appstream2/latest/developerguide/appstream2-dg.pdf
You can find the most up-to-date information on the Droplet Computing Web site at
http://www.dropletcomputing.com
The Droplet Computing web site also provides the latest product updates. If you have
comments about this document, submit your feedback to info@dropletcomputing.com.
Executive Summary
In the cloud-enabled world in which we live today, organizations are looking at ways to take
advantage of these always-on connected environments to deliver end user services. Whether
that’s to reduce costs by essentially using somebody else’s hardware, to deliver scalability and
increase availability, or simply to enhance the end user experience making end users more
productive.
But there is a catch. Given cloud-based environments typically run on newer hardware
platforms with the latest operating systems, organizations that have any apps classed as legacy,
even though in reality they are business critical and still very much used, these new cloud
environments cannot run these apps. Therefore, this stops any migration plans dead in their
tracks.
This is where Droplet Computing, working in partnership with Amazon WorkSpaces and Amazon
AppStream technology can unblock any migrations plans.
4
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
Droplet Computing delivers a unique container technology that isolates apps by locking them
inside a secure container. The container is made up of not only the apps, but also the OS
runtimes required for them to execute. Effectively the apps are now full portable.
Amazon AppStream 2.0 is a fully managed application streaming service. You centrally
manage your desktop applications on AppStream 2.0 and securely deliver them to any
computer or, in this case, an Amazon WorkSpace cloud-based desktop.
As the Droplet Computing container solution is an app, it can easily be delivered using
AppStream, allowing organizations to migrate to Amazon WorkSpaces and AppStream, taking
full advantage of cloud-based desktop services yet still delivering their apps. The key thing to
point out here is that with AppStream delivered apps there is no OS management required, it is
all about the apps.
In this guide, we are going to describe the process for integrating the two technologies.
Design Considerations
There are several things to consider when planning an AppStream implementation.
Design Goals
The goal of any good design should be to maintain and balance pillars of the AWS Well-
Architected Framework. Based on five pillars - operational excellence, security, reliability,
performance efficiency, and cost optimization - the Framework provides a consistent approach
for customers and partners to evaluate architectures and implement designs that will scale over
time.
Operational Excellence: The ability to run and monitor systems to deliver business value
and to continually improve supporting processes and procedures
Security: The ability to protect information, systems, and assets while delivering business
value through risk assessments and mitigation strategies
Reliability: The ability of a system to recover from infrastructure or service disruptions,
dynamically acquire computing resources to meet demand, and mitigate disruptions
such as misconfigurations or transient network issues
Performance Efficiency: The ability to use computing resources efficiently to meet system
requirements, and to maintain that efficiency as demand changes and technologies
evolve
Cost Optimization: The ability to run systems to deliver business value at the lowest price
point
5
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
The AWS Well-Architected Framework has been developed to help cloud architects build
secure, high performing, resilient, and efficient infrastructure for their applications.
Amazon AppStream Architecture
End users connect to the Amazon AppStream using a web browser that supports SSL
connectivity using the standard TCP 443 port. This ensures the WorkSpace is accessible from any
Internet access point with the appropriate client install the user device.
After authentication, the client connects to the Amazon Streaming Gateway that brokers a
connection to the Amazon Fleet. Amazon AppStream Fleets are instances that connect
securely to the AWS infrastructure.
The end users home directory is established by connecting through to Amazon S3.
For scalability, AppStream scales by adding additional Fleet members that can be added and
removed as and when required. They can also connect to other services such as Amazon
Relation Database Services (RDS).
This is shown in the following screenshot:
Amazon AppStream is unlike Amazon WorkSpaces as there is no requirement for a Directory
Service, although one may be configured if needed.
6
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
Amazon Region
The first design consideration to undertaken is selecting the correct Amazon region for the
implementation. Amazon AppStream provides seamless applications to the endpoint using an
industry-recognized standard for remote display. AppStream benefits from the low latency
provided by a global network of regions created by Amazon. Organizations are recommended
to select a region that is in close geographical proximity to the target end users to minimize
latency between the endpoint and AppStream. Additionally, organizations need to consider
the compliance and jurisdiction issues to ensure the data created and modified by end users
conforms to their preferred data protection standards.
At the time of writing, Amazon AppStream is supported in 8 commercial regions around the
world. However, the service may not be supported in every Availability Zone (AZ) within those
regions. When creating the subnets for your Amazon AppStream implementation, you must
ensure that they are created in AZs that support the Amazon WorkSpaces service.
AppStream Image Builder
Amazon AppStream 2.0 uses EC2 instances to stream applications. You launch instances from
base images, called image builders, which AppStream 2.0 provides. To create your own custom
image, you connect to an image builder instance, install and configure your applications for
streaming, and then create your image by creating a snapshot of the image builder instance.
When you launch an image builder, you choose:
An instance type: AppStream 2.0 provides different instance types with various compute,
memory, and graphics configurations. The instance type must align with the instance
family you need
For more information, see AppStream 2.0 Instance Families by following the link
https://docs.aws.amazon.com/appstream2/latest/developerguide/instance-types.html
An operating system: AppStream 2.0 provides the following Microsoft Windows operating
systems:
o Windows Server 2012 R2
o Windows Server 2016 Base
o Windows Server 2019 Base
The subnet and security groups to use: Make sure that the subnet and security groups
provide access to the network resources that your applications require. Typical network
resources required by applications may include licensing servers, database servers, file
servers, and application servers
Droplet Computing recommends building Amazon AppStream based Windows 2016 Base.
AppStream Images building should be focused on functional user groups. For example, you
may build an Amazon AppStream Image for the Sales Groups and Accounts Payable Group.
7
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
Held within the Amazon AppStream Image would be the respective Droplet Computing
Application (DCA) together with the appropriate Droplet Computing Image (DCI) that holds all
the legacy applications that the group requires. This approach is simple and scales well by
maintaining a one-to-one relationship between the Amazon AppStream Image and the Droplet
Computing Image stored within it. Once the Droplet Computing software has been correctly
installed and configured the AppStream Image be deployed the appropriate AppStream Fleet.
A single AppStream of Droplet Computing can be used to deploy many legacy applications
within the context of a single container, or alternatively a more granular approach can allow a
one-to-one relationship between the AppStream application and the legacy application
contained within it. Expressed simply, Droplet Computing supports a one-to-one and a one-to-
many relationship between the construct of the AppStream application and the Droplet
Computing container.
AppStream Fleets
With Amazon AppStream 2.0, you create Fleet instances and stacks as part of the process of
streaming applications. A Fleet consists of streaming instances that run the image that you
specify. The Fleet type determines when your instances run and how you pay for them. You can
specify a Fleet type when you create a Fleet. You cannot change the Fleet type after you
create the Fleet.
The following are the possible Fleet types:
Always-On: Instances run all the time, even when no users are streaming applications
On-Demand: Instances run only when users are streaming applications. Idle instances
that are available for streaming are in a stopped state
Organizations can use an Always-On Fleet to provide users with instant access to their
applications. Alternatively, an organization can use an On-Demand Fleet to optimize streaming
charges and provide users with access to their applications after a 1-2-minute wait. Droplet
Computing has tested both Always-on and On-Demand Fleet types successfully. The decision
on which type an organization should use is dependent on balancing the competition goals
represented by the AWS Well-Architected Framework.
Those familiar with AWS EC2 will be aware that an instance represents a highly scalable
approach to assign compute resources based on the demands of the given application.
Amazon provides a wide range of different Fleets in AppStream to allow organizations to
correctly size their computational needs. Droplet Computing recommends for physical installs of
our application a minimum of 2 CPUs and 8GB RAM. In our internal tests, we have successfully
deployed our software in AppStream Fleets that are smaller than this minimum. Selecting the
correct size of the Fleet depends on many different factors such as ensuring enough memory
resources are assigned to accommodate the Droplet Computing container's memory needs.
Failure to size these allocations correctly can lead to scenarios where the Droplet Computing
container effectively "starves" the Fleet of much needed memory. Successful sizing begins with
8
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
measuring your memory needs and then testing the applications deployed within the
WorkSpace. Ideally, this would be done by incorporating industry standard approaches such as
initially deploying the WorkSpace to a subset of users to gather valuable performance data,
before rolling out the solution to the wider organization. In our testing, we achieved acceptable
performance with General Purpose "stream.standard.large” instance types, which provide 2
vCPUs and 8GB of memory.
For a full outline of all available build and Fleet instance types consult the AppStream 2.0 pricing
documentation:
https://aws.amazon.com/appstream2/pricing/
AppStream Stacks
AppStream Stacks consists of an associated Fleet, user access policies, and storage
configurations. AppStream Stack provides streaming resources and policies for controlling
access to these resources. The streaming resources are made up of instances that are part of
an AppStream 2.0 Fleet.
AppStream Workflow
The Administrator can begin the process by first creating an AppStream Image using the Image
Builder. This effectively captures the installation of the apps you want to deliver with AppStream,
in this case that’s the Droplet Container App (DCA). The Imaging process successfully separates
the installation process from the user settings making the application portable and accessible to
any user while establishing the administrator preferred default settings. Once the image has
been successfully built, it can be deployed to the Fleet and associated with a stack.
AppStream Workflow for creating and delivering an app
Finally, the stack can be assigned to users that gain access to the AppStream through the web-
based user portal.
9
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
Create an AppStream Image Builder Instance
Amazon AppStream 2.0 uses EC2 instances to stream applications. You launch instances from
base images, called image builders, which AppStream 2.0 provides. To create your own custom
image, you connect to an image builder instance, install and configure your applications for
streaming, and then create your image by creating a snapshot of the image builder instance.
In this guide we have already pre-built, configured, and tested a container image file that
contains the Microsoft Office 2003 Suite. This has been created offline on a host machine and
with the container image file then being uploaded to the Amazon S3 cloud-based storage
repository.
This image will be used in the examples described throughout this guide.
For more information and instructions on how to build a container image file, please refer to the
online admin guide that can be downloaded by clicking here.
To create the AppStream image, follow the steps as described in the following:
1. In the AppStream 2.0 AWS Console, click Images, select the Image Builder tab, and click
the Launch Image Builder button as shown in the following screenshot:
2. You will see the Step 1: Choose Image screen as shown in the following screenshot:
10
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
3. From the drop-down menus under Choose Image, and the first drop-down box, click
and select the option for All images. Then, in the next drop-down box, click and select
the option for Windows Server 2016 Base, and in the final drop-down, for testing
purposes, select the option for General Purpose instance type
4. You will see the following image options displayed as shown in the following screenshot:
5. Click the radio button for AppStream-WinServer2016-09-18-2019 which, at the time of
writing this guide, is the latest version
6. Then click the Next button
____________________________________________________________________________________
Note: An AppStream 2.0 Base Image Version History can be viewed from this location:
https://docs.aws.amazon.com/appstream2/latest/developerguide/base-image-version-history.html?icmpid=docs_appstream2_console
______________________________________________________________________
11
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
7. Next, we are going to complete the Configure Image Builder screen. At this step the
AWS Administrator can assign a unique image name, display name, and select the
instance type used by the image builder
In this guide, we found that selecting General Purpose with stream.standard.large was
enough for the needs of the container application.
To configure the image builder, complete the following steps:
a. In the Name box, type in a name for the Image Builder. In this example we have
called this DropletComputing-DCI-X_32-1.1-OFFICE2003v1
b. In the Display Name, type in the name for the image builder that will be displayed to
the end users. In the example we have called this Droplet Computing
c. Finally, click the radio button for General Purpose with stream.standard.large. This
configues 2 vCPU’s and 8GB of memory
This configuration is shown in the following screenshot:
12
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
8. Then click the Next button to continue
Organizations wishing to create a one-to-one relationship between the AppStream
launch icon and a single application in the Droplet Container Image, i.e. delivering an
individual app, should enter the same in the Display Name field as that of the app tile
name displayed on the container workspace view.
For example, DropletComputing-DCI-X_32-1.1-OFFICE2003v1-EXCEL to reflect Microsoft
Excel 2003 running in the container image, and just having the Excel tile on the container
workspace.
In this example the single image DropletComputing-DCI-X_32-1.1-OFFICE2003v1 will be
used to reflect that the entire Microsoft Office 2003 suite including Word, Excel, and
PowerPoint is running inside the container image.
Next, we are going to configure network access.
9. On the Network Access configuration screen, we can associate the image builder with
a specific Virtual Private Cloud (VPC) that will be used to deliver the application.
Critically, we require Default Internet Access to allow easy access to the Amazon S3
bucket used to hold the files that make up the Droplet Computing environment.
To configure network access, complete the following steps:
a. Check the box for Default Internet Access
b. In the VPC box, from the dropdown menu, select the VPC you want to use
c. In the Subnet box select the subnet you want to use
d. Finally, in the Security group(s) box, select the security group you want to use. These
options are shown in the following screenshot:
13
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
10. Finally, you will see the Review screen as shown in the following screenshot:
14
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
At this stage, the Administrator can review the configuration settings before launching the
image.
Create an AppStream Image with the Image Assistant
Once the AppStream Image Builder is available, the Administrator can connect to it and begin
the process of capturing their application installation.
In this case the app in question is the Droplet Container App (DCA) and the associated Droplet
Container Image (DCI).
To do this, follow the steps as described:
1. Select the AppStream Image from the list of those displayed. In this instance it’s the
DropletComputing-DCI-X_32-1.1-OFFICE2003v1 image as shown in the following:
2. Click the Connect button
3. You will see the following screenshot as you are connected the desktop of the machine
on which to build your image:
4. Once connected you will see the following user options to select from:
15
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
5. Click the Administrator box to log in as an administrator
6. The AppStream Image guides the AWS Administrator through the application capture
process that comes in three phases represented by three different user accounts –
Administrator, Template User, and Test User.
The Administrator is used purely to install the software whereas the Template user is used
to capture the per-user specific settings. Finally, the Test Account is used to launch the
application and verify that the application settings have been captured correctly.
7. You will now be connected as an administrator as shown in the following:
The steps in the following sections describe the process in more detail:
Step 1: Preparing to install the Droplet Container App (Administrator User)
In this guide we are using Amazon S3 as the cloud-based storage repository. By using the Mozilla
Firefox web-browser provided inside the Amazon WorkSpace, we are able to access the
Amazon S3 bucket and download the required files. DCI files can be compressed using a zip-
style compression utility, but care must be taken to choose a zip format that is compatible with
the chosen AppStream Image Builder instance type.
16
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
Currently, Droplet Computing supports the DCI-X image type for an Amazon AppStream
environment. It is a lightly loaded container with excellent compatibility for legacy applications,
and smaller CPU and memory demands.
Droplet Computing recommends that the administrator builds a custom container image offline
and tests it on a local workstation before transferring to the cloud-storage vendor. This process
ensures reliability and consistency and means organizations do not have to install software into
the container within the context of the Amazon WorkSpace environment. Organizations may
use either the .EXE or Microsoft Software Installer (MSI) package.
To prepare the installation of the Droplet Container App, follow the steps as described, starting
with copying the files required for the installation.
Connect to your preferred online cloud storage provider in our case Amazon S3, and download
the DCA installer, license file, and custom DCI-X image file. This is shown in the following
example screenshot:
By default, these files will be downloaded to the administrator’s Downloads folder. They need to
be relocated in a folder that will be accessible to both the Template and Test user for the Image
Assistant to work correctly.
It is recommended to copy the custom DCI to the C:\ drive, and ideally to a directory off the
root of the C:\ drive such as C:\DropletImages for example, as shown in the following
screenshot:
17
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
____________________________________________________________________________________
Note: The Application icons folder, droplet.lic and droplet_windows_1.1.exe files are only
needed temporarily during the build process and can be deleted once the assistant has
successfully tested the installation.
____________________________________________________________________________________
The administrator should review the permissions to the folders and files to ensure that the
appropriate users have both read and write access. As every user will be assigned their own
unique personal Workspace, and their own copy of the Droplet Container Image, this maintains
the one-to-one relationship between the image and the end user.
In short, each user is given their own unique Amazon AppStream with their own personal Droplet
Computing Image file.
Droplet Containers are fully stateful from an application perspective which allows end users to
customize the applications running inside their container. Droplet Computing does not
recommend storing any files and data within the container itself. It should be regarded as
merely a delivery mechanism for the organization's applications.
In this example, permissions are assigned to the built-in Users group. Organizations can configure
additional security controls by using Active Directory to limit access to the Droplet Computing
Image based on group membership as shown in the following:
18
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
You can now install the container app and add the license key.
Step 2: Installing and Licensing the Droplet Container App
The Droplet Container App software can be installed and licensed in Amazon WorkSpaces in
the same way as an administrator would install it in a standard physical Windows or Linux PC.
For more details on the installation process and how to license the DCA, follow the link to the
online documentation
____________________________________________________________________________________
IMPORTANT: Do not open or run the Droplet Container App at this stage. Simply run the installer
and complete a standard installation.
____________________________________________________________________________________
Step 3: Launch the Image Assistant.
The next step is to launch the AppStream 2.0 Image Assistant. To do this, follow the steps as
described:
1. From the desktop of the Image Assistant machine, double click on the Image Assistant
icon. You will now see the AppStream 2.0 Image Assistant screen as shown in the
following diagram:
19
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
1. Click the + Add App button
2. An AppStream Open screen will now appear
3. Navigate to the location of the Droplet.exe file. This is the folder into which the Droplet
Container App was installed to, so in this example, using the default configuration, would
be C:\Program Files\Droplet\Droplet.exe as shown in the following screenshot:
Once selected the Image Assistant will present an Application Launch Settings dialog
box. This allows the AWS Administrator to provide other parameters such as a name,
display name, icon path, launch parameters, and working directory.
In our example, our full company name Droplet Computing was used for the Name and
Display Name boxes, and the Working Directory was entered as C:\DropletImages, as
shown in the following screenshot:
20
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
In the Icon Path box, you can click on the Browse button and navigate to the location of
where your app icons are stored
4. Click the Save button once you have completed the configuration
5. You will return to the AppStream 2.0 Image Assistant main screen where you will see that
the icon for Droplet Computing is now listed as an available app. This is shown in the
following screenshot:
6. Click Next to continue
7. You will see the CONFIGURE APPS screen as shown in the following screenshot:
21
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
8. With this next step, the Image Assistant will request that the Administrator switches to the
Template User account. Click the Switch user button, and click on the Template User as
shown in the following screenshot:
9. You will see the following screenshot as you are connected as the template user:
22
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
10. You will now be connected to the Image Assistant desktop as the template user. Just as
a reminder, the template user is used to capture application specific settings, so in this
instance we are going to configure the Droplet Container app with the relevant CPU
and memory resources, and more importantly, the container image that we want to
use. The container image contains the applications
11. Launch the Droplet Computing application from the Configure Apps screen as shown in
the following screenshot:
12. The Droplet Container App will launch
13. As this is the first time you have launched the Droplet Container App, you will see a
warning message pop-up saying No valid license found as shown in the following
screenshot:
14. Click the Yes button and in the Windows Explorer window that opens, navigate to your
license file
The license file in this example is stored in the shared temporary location created earlier;
in our case this was C:\DropletImages as shown in the following screenshot:
23
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
15. Select your license file and click the Open button to select it and install it
16. You will now see the Droplet Computing End User License Agreement (EULA) displayed
as shown in the following screenshot:
17. Please read the EULA before proceeding and either click Accept if you agree to it or
Cancel if you do not agree to it. If you click cancel, then the app will close
18. Once you have selected a valid license file and accepted the EULA then the Droplet
Container App will launch with the option to start the container app as shown in the
following screenshot:
24
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
Before you start the container, you need to add the appropriate container image file.
To add a Droplet Container Image file (DCI-X) to the Droplet Container App, follow the steps
described below:
1. Launch the Droplet Container App
2. From the Settings menu (click the cog icon in the top right-hand corner of the screen)
scroll down and click on the Image File option as shown in the following screenshot:
3. You will now see the Select Image File window appear as shown in the following:
25
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
4. Navigate to the image file that you want use for this session and then click the Open
button. In this example we are using the pre-built example image that contains the
Microsoft Office 2003 Suite applications
5. You will now see that the image has now been added as shown in the following
screenshot:
With the container image now added, you can configure the resources you want to allocate to
it, starting with the keyboard layout.
1. Next, configure the container and the amount of resources you want to allocate to the
container from the host machine it is running on, starting with the Keyboard Layout as
shown in the following screenshot:
Click on Keyboard Layout and then from the pop-up dialog box, click the radio button
to select the keyboard you want to configure. Currently the container supports either a
US or a UK keyboard
26
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
2. Next, configure the amount of memory that is available to the container as shown in the
following screenshot:
To configure the memory, move the slider to highlight the amount of memory you want
to configure. There are several factors to consider when configuring the memory:
Only allocate the amount of memory required. Do not over allocate
If your host device only has 4GB of memory, then do not allocate all the
available memory to the container as it may have a performance impact on
your host device OS
Memory can only be configured when the container is powered off
3. The next resource to configure is the number of CPU Cores available to the container as
shown in the following screenshot:
To configure the CPU cores, move the slider to highlight the number of cores you want to
configure. There are several factors to consider when configuring the memory:
Only allocate the number of cores required. Do not over allocate
The max CPU cores supported with the DCI-X container image is dual-core
CPU cores can only be configured when the container is powered off
4. Finally, you have the option to enable Hardware Acceleration by clicking the on and off
toggle switch as shown in the following screenshot:
Hardware acceleration is only available on physical Windows and Mac host devices,
and only when running with the DCI-M container image. It is not supported with the DCI-
X container image or running on hardware that does not have Intel-VT support.
You have now successfully configured the container and it is ready to launch for the first time.
27
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
To start the container, click the Start Container button to continue with the configuration.
As the container starts up you will see it progress through seven different phases as shown in the
following screenshot:
28
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
Once the container has fully loaded, you will be presented with the workspace screen from
where you can click on an app to launch it inside the container, as shown in the following:
It is recommended to run each application to confirm each one launches successfully. Ideally
more rigorous testing of the application should be undertaken offline prior to deployment in
Amazon WorkSpaces as part of the container image build process. Once you are satisfied with
the configuration, it is recommended you reset the Droplet Computing Administrator password
under the Settings icon.
To do this, follow the steps as described:
1. Click on the padlock icon in the top right-hand corner of the container screen as shown
in the following screenshot:
2. You will now see the Enter Password box as shown in the following screenshot:
29
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
3. Type in the default container password of droplet$189, and then click the OK button
4. The password will now be validated as shown in the following screenshot:
5. Once the password has successfully been validated then the container will be unlocked
to allow you change the password
6. To change the password, click on the cog icon in the top left-hand corner of the screen,
and then from the Settings menu, scroll to the bottom to the Administration section and
then click on the Password option as shown in the following screenshot:
7. You will now see the CHANGE PASSWORD box as shown in the following screenshot:
30
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
8. In the Existing Password box, type in the current admin password. If you haven’t
already changed it then this will be the default password of droplet$189. Then type in
a new password in the New Password box and then type it in again in the Confirm
Password box.
The password must conform to the following:
Must be at least 8 characters long
Must contain at least 1 letter
Must contain at least 1 number
9. Now click the OK button to change the admin password. You will see the following
screenshot as the password is changed:
You have now successfully changed the container admin password.
_____________________________________________________________________________________________
Important note: In this version of the Droplet Container App the admin password cannot be
recovered so ensure that you make a note of the password and keep it safe.
_____________________________________________________________________________________________
Now that you have configured the Droplet Container App and all its settings, the next step is to
ensure that those settings are saved. To do this follow the steps described:
31
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
1. From the Configure Apps screen, click on the Switch User button as shown in the
following screenshot:
2. You will now see the dialog box from where you can select the local user from as shown
in the following screenshot:
3. Click the Administrator button to return to the main admin screen which is shown in the
following screenshot:
32
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
4. Click the Save settings button as highlighted above. You will then see the default app
and Windows settings saved as shown in the following screenshot:
The next step is to test the application.
Once the Image Builder has saved the default app and Windows settings you will see that the
Image Assistant is now displaying the TEST tab in on the user interface. This is so that you can test
the newly installed and configured app to ensure that it will launch and run for the end users.
This is shown in the following screenshot:
33
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
1. To switch user, click the Switch user button as highlighted
2. You will now see the Local User screen where you can select the Test User as shown in
the following screenshot:
3. Click the Test User button. You will now be connected as a test user as shown in the
following screenshot:
34
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
4. Once logged in as the Test User you will see the Test Apps following screenshot:
5. Click on the entry for Droplet Computing that will launch the container app. Start the
container and then fully test the applications inside the container image. In the context
of Droplet Computing, we recommend you load the core applications and launch
each of the applications presented on the Droplet Workspace view. Once you are
satisfied the container is functioning as expected, shut down the container
The next step is to optimize the app. To do this follow the steps described:
1. From the Image Assistant screen as shown in the above screenshot, switch back to the
administrator, by clicking on the Switch user button and then clicking the Administrator
button from the Local User screen
2. You will return to the TEST tab as shown in the following screenshot:
35
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
3. Click the Next button to continue
4. You will no see the OPTIMIZE screen as shown in the following screenshot:
5. Click the Launch button
6. The Droplet Container App will launch. You will also see a message pop-up saying that
you need to wait for the app to finish loading before continuing as shown in the
following screenshot:
36
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
7. If you switch to the desktop of the Image Builder machine, you will also see the Process
Monitor running as shown in the following screenshot:
8. There is no need to configure the container app, or start the container as this has
already been completed in a previous step, so once the container app has completed
loading, click the Continue button as shown in the following screenshot:
9. You will see the app optimization process run as shown in the following screenshot:
10. Once the optimization process has completed, it is safe to delete the contents of
C:\DropletImages directory which container the installation files. Ensure you do not
delete the all-important custom DCI-X image
11. You will return to the Image Assistant screen and the CONFIGURE IMAGE tab as shown in
the following screenshot:
37
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
12. In the Name box, type in a name for this image using characters a-Z, -, 0-9, and _
13. In the Display name box type in the display name for this image
14. Finally, in the Description box, type in a description of this image
15. Next you have the Tags option. With this option you can add a tag to the resources to
help identify and organize images. A tag is made up of a case-sensitive key value pair.
For example, a tag could be something like key = Name and value = Sales Apps
16. Click the Next button to continue
17. You will see the final screen, REVIEW, as shown in the following screenshot:
38
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
18. Finally, you can review your configuration. When you are happy with the configuration
click the Disconnect and Create Image button. This will close the session with the Image
Builder and initiates the build of the image
19. The Image will appear in the Image Registry tab showing a "Pending" status as shown in
the following screenshot:
You have now completed the image building process and have built an AppStream 2.0 image
for the Droplet Container app.
Create and Assign an AppStream Fleet
With Amazon AppStream 2.0, you create Fleet instances and stacks as part of the process of
streaming applications. An AppStream fleet consists of streaming instances that run the image
that you specify. The Fleet type determines when your instances run and how you pay for them.
You can specify an AppStream fleet type when you create a Fleet. You cannot change the
Fleet type after you create the Fleet.
To create an AppStream Fleet, follow the steps described:
1. In the AppStream 2.0 Console, from the options on the left-hand side, click Fleets
2. From the Fleets screen, click the Create Fleet button
3. You will now see the Fleet details screen as shown in the following screenshot:
39
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
1. In the Name box, type in a name for this Fleet using characters a-Z, -, 0-9, and _
2. In the Display name box type in the display name for this Fleet
3. Finally, in the Description box, type in a description for this Fleet
4. Next you have the Tags option. With this option you can add a tag to the resources to
help identify and organize Fleets. A tag is made up of a case-sensitive key value pair. For
example, a tag could be something like key = Name and value = Sales Apps
5. Click the Next button to continue
6. You will see the Choose image screen as shown in the following screenshot:
40
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
7. Click the radio button for the Droplet Computing image and then click the Next button
8. You will see the Configure Fleet screen as shown in the following screenshot:
9. Click the radio button for General Purpose stream.standard.large
Droplet Computing recommends matching the instance type to the same used by the Image
Assistant, in this guide that is General Purpose stream.standard.large instance that presents 2
vCPUs and 8GB of memory.
Droplet Computing has no specific preference for whether organizations configure the
AppStream Fleet to be Always-On or On-Demand.
With an on-demand Fleet, users will experience a start time of about one to two minutes for their
session. However, organizations will only be charged the streaming instance fees when users are
connected, and a small hourly fee for each instance in the AppStream Fleet that is not
streaming apps.
Once the session has been established end users will need to start the container. With the
Always-On Fleet type, users are provided with instant-on access to their applications.
Organizations will be charged for all running instances in your AppStream Fleet even if no users
are streaming apps. Once the session has been established end users will need to start the
container. The Droplet Container App will function in the same manner. Other settings such as
41
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
session details and AppStream Fleet capacity should be configured in a way that meets
concurrency requirements of the organizations and meets the objectives of the AWS Well-
Architected Framework.
Once you have configured the Fleet, accepting the defaults for the remaining settings, click the
Next button to continue. You will now see the Configure network screen as shown in the
following screenshot:
We are going to configure the network settings as follows:
1. If the Droplet Computing container needs internet access, for example, to access
cloud-based storage, then you will need to enable Default Internet Access by checking
the box, unless an advanced control mechanism is to be used
2. Next, in the VPC box, from the dropdown menu select which Virtual Private Cloud (VPC)
is going to be used to host the AppStream Fleet
3. Once the VPC has been selected, you can select two subnets to control which
Availability Zone (AZ) the AppStream Fleet will run. In the Subnet 1 box from the
dropdown menu select which subnet you want to use. In the Subnet 2 box you can also
choose a second subnet to use
42
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
4. Finally, in the Security group(s) box select the security group you want to use
5. When you have completed the configuration, click the Next button to continue
6. You will now see the Review screen as shown in the following screenshot:
7. Check the configuration details and, once you are happy with the details, click the
Create button to create the Fleet
Depending on whether you chose On-Demand or Always-On, you will see the following boxes
notifying you of the different fees.
For On-Demand you will see the following message displayed:
43
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
For Always-On you will see the following message displayed:
To agree to, and acknowledge the pricing models, check the box and then click the Create
button. The Fleet will now be created as shown in the following screenshot:
You have now successfully created an AppStream fleet. The next task is to create and assign
the AppStream stack.
Create and Assign an AppStream Stack
Once the AppStream Fleet has successfully started, we can associate it with AppStream Stack.
A stack consists of streaming resources and policies for controlling access to these resources.
The streaming resources are made up of instances that are part of an AppStream Fleet.
To create an AppStream Stack complete the following tasks as described:
1. In the AppStream 2.0 Console, from the options on the left-hand side, click Stacks
2. From the Stacks screen, click the Create Stack button
3. You will now see the Stack details screen as shown in the following screenshot:
44
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
1. In the Name box, type in a name for this Stack using characters a-Z, -, 0-9, and _
2. In the Display name box type in the display name for this Stack
3. In the Description box, type in a description for this Stack
4. Finally, in the Fleet box, from the dropdown menu, select the Fleet that you created for
Droplet Computing in the previous section. In this example this is called
Droplet_Computing_V2
5. Optionally you can also add a tag
6. Click the Next button to continue
7. You will see the Enable Storage screen as shown in the following screenshot:
45
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
8. On the Enable Storage page, you can configure the preferred storage location for users'
files. Amazon AppStream supports home folders for its own S3 Buckets, as well as Google
Drive and Microsoft OneDrive. Click the Next button to continue
9. You will see the User Settings screen as shown in the following screenshot:
46
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
10. On the User Settings page the administrator can control the AppStream environment.
These settings are not automatically passed through the Droplet Computing container
and are subject to developments over time. The settings configurable on this page are
as follows:
Clipboard: For security reasons, there is no clipboard to or from the Droplet
Container. This functionality is under internal review at Droplet Computing, and we
are reassessing the optimal method which balances functionality against security
File Transfer: Droplet Computing contains an optional container/device share that is
by default disabled. In on-prem environments, organizations use mapped network
drives to gain access to their NAS based storage. In cloud-environments, this is not
usually possible unless VPN services are provided to together with technologies such
as Amazon Direct Connect. A modern application such as Microsoft Office 365 often
comes enabled for cloud-based storage. Cloud-storage vendors often provide their
own software to extend the core functionality of operating systems such as Microsoft
Windows, Apple Mac, and Linux. The DCI-M image supports these applications,
however, in virtual and public cloud environments where only the DCI-X image and
compatibility with legacy applications is key, these cloud-storage vendor extensions
are not currently supported.
Print to local Device: Droplet Computing does support printing from the applications
installed within the container. All that is a required is the appropriate driver and a
mapping to a shared printer on the network
Application settings persistence: The Droplet Computing container stores its own
settings inside the DCI-X image. Changes made to a session are committed to the
.droplet image file on shutdown of the container. Droplet Container App settings are
stored as text files with the .json extension as part of the user profile. Droplet
Computing has no special recommendation around this setting, but we don't expect
end users will customize the Droplet Computing Application, and admins may wish to
impose file permissions on these settings files as part of a more general review of our
Security Hardening Policy document or as part of wider hardening process of these
types of application delivery models
Settings group: This is a group under which settings can be grouped together and
deployed across different stacks to ensure consistency
11. Once you have completed the configuration of the user settings, click the Review
button to continue
12. You will now see the Review screen as shown in the following screenshot:
47
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
13. Once you have reviewed the Stack configuration, click the Create button. The Stack is
now created, and you will return to the Stacks page on the AppStream console as
shown in the following screenshot:
You have now successfully created an AppStream Stack. The next task is to assign an
AppStream Stack to an end user.
48
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
Assign an AppStream Stack to an End User
The AppStream User Pool allows you to create, assign, and manage user access to your stacks.
The AppStream user pool provides a simplified way to manage access to applications for your
users through a persistent portal for each AWS Region. This feature is a built-in alternative to user
management through Active Directory and SAML federation. To use external identity providers
for user management, see the following links:
Single Sign-on Access to AppStream Using SAML 2.0:
https://docs.aws.amazon.com/appstream2/latest/developerguide/external-identity-providers.html
To join your Active Directory domain to AppStream 2.0, see Using Active Directory with
AppStream 2.0:
https://docs.aws.amazon.com/appstream2/latest/developerguide/active-directory.html
_____________________________________________________________________________________________
Note: Stacks can't be assigned to users in the user pool if the stacks are associated with a Fleet
that is joined to an Active Directory domain.
_____________________________________________________________________________________________
The AppStream User Pool provides the following key features:
Users can access application stacks through a persistent URL and login credentials by using
their email address and a password that they choose
Users' email addresses are case-sensitive. During login, if they specify an email address that
doesn't use the same capitalization as the email address specified when their user pool
account was created, a "user does not exist" error message displays
You can assign multiple stacks to users. Doing so enables AppStream 2.0 to display multiple
application catalogs to users when they log in
When you create new users, a welcome email is automatically sent to them. The email
includes instructions, a login portal link, and a temporary password for connecting to the
login portal.
After you create users, they are enabled unless you specifically disable them
You can control which users have access to which application stacks, or disable access
completely
To create an end user, follow the steps as described:
1. In the AppStream 2.0 Console, from the options on the left-hand side, click User Pool
2. From the User Pool screen, click the Create User button
3. You will now see the Create User dialog box as shown in the following screenshot:
49
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
4. In the Email box, type in the email address of the end user. They will be emailed and
invite with their login details and how to connect to AppStream
5. In the First name box type in their first name and in the Last name box type in the
surname of the end user
6. Click the Create User button to create the new user
7. You will return to the User Pool screen which will now show the newly created end user
as shown in the following screenshot:
50
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
8. Check the box next to the end user that you want to assign a Stack to, and from the
Actions drop-down menu, select the option for Assign Stack as shown in the following
screenshot:
9. You will see the Assign stack screen as shown in the following screenshot:
10. From the Stack drop-down menu, click and select the Stack you want to assign to this
end user
11. Check the box for Send email notification to user box which will send them the detail of
how to connect and launch the AppStream app
12. Click the Assign stack button
13. You will the Success message as shown in the following screenshot:
51
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
You have now successfully added an AppStream Stack to an end user. The next step is to test
that the end user can access the Droplet Container App from AppStream.
Testing the AppStream Droplet Container App
When the end user was added and assigned an AppStream Stack, AppStream sent an email
containing their log in details as per the example email in the screenshot below:
Although this email transmits a password in clear text, at first logon the end user must change
their password. Once changed, a second email is sent telling the end user that they have been
assigned AppStream applications.
52
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
To login the end user can click the link in the email. They will then see their login screen as shown
in the following screenshot:
Once logged in, the user will see the Droplet Container App delivered by AppStream as shown:
53
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
Click the Droplet Computing logo to launch the container app. You will then see the following:
Click the Start Container button to start the container. Once started the end user will see the
workspace view with the tile icons for their containerized apps as shown in the following:
Once the user has finished working, they simply exit the container and logout of AppStream.
54
Droplet Computing and
Amazon AppStream
WWW.DROPLETCOMPUTING.COM
Conclusion and Summary
This guide has outlined the design and practical considerations of deploying Droplet Computing
container technologies in the context of Amazon AppStream, showing you how to integrate the
two technologies to enable organizations to migrate to cloud-based desktop services whilst still
embracing legacy applications.
We then went into the detail of how to build an AppStream image that allowed us to deliver the
Droplet Container App that then can be streamed to your end points, including Amazon
WorkSpaces.
This approach enables organizations to embrace cloud-based desktop services and realize all
the benefits those environments deliver and still be able to bring those older, business critical
apps with them to enhance productivity and the end user experience. But, more importantly,
deliver a secure environment.
Adopters of Amazon AppStream and Droplet Computing are advised to engage with their
preferred partners and work closely with industry experts to design and deliver a solution.
86-90 Paul Street,
London,
England,
EC2A 4NE
Droplet Computing Limited
Registered in England and Wales, Company Number 10536920
WWW.DROPLETCOMPUTING.COM
Recommended