A fairly common ask in relation to the AWS End-User Computing portfolio had been a non-persistent virtual desktop. That ask was answered in August 2020 when AWS introduced a new feature called Desktop View, which provides a desktop experience through Amazon AppStream.
In this multi-part series, I’ll go through the process to create and stream a virtual desktop using AppStream. We’ll also integrate AppStream with Okta to access our virtual desktop through an Okta logon page. The best part is you can walk through this yourself as the requirements are minimal should you delete any created resources after you complete the steps and your own testing. You’ll need:
- An AWS Account
- A VPC with at least (1) subnet. In this case, I deployed 2 subnets, 1 public and 1 private with an AWS NAT Gateway.
- Appropriate routing tables to ensure network connectivity
- To test and use Okta, you can sign up for an Okta Developer account. An Okta developer account does limit you to 5 applications and to my knowledge, does not allow you to integrate with Active Directory so later in the series, I’ll be using “Okta” users to stream the virtual desktops.
What is Amazon AppStream?
Amazon AppStream is an AWS-managed streaming service that provides end users with the ability to stream applications or desktops to virtually any device that is capable of running the AppStream client or, more likely, an HTML5-capable web browser. It’s like Amazon Prime Video for applications and non-persistent virtual desktops! AppStream is designed to provide a “fluid user experience”, meaning that an end-user should not notice any performance differences between a streamed application and one that is installed on and executed from the local device.
As with other AWS-managed services, AppStream is globally available, there is no infrastructure to manage as the resources required to support your streaming needs are provisioned and managed by AWS based on how you configure the scaling policy of your fleet, and you only pay for what you use.
AppStream Key Concepts
Before we did into the particulars of building and streaming a non-persistent desktop with Amazon AppStream, let’s define some key concepts:
- The Image Builder – The image builder is simply a Windows-based virtual machine used to create an image. Within the AppStream dashboard, you launch, connect to, and then install any applications that you 1) wish to stream individually or 2) wish to include as part of the streamed non-persistent virtual desktop.
- An Image – The image contains the applications that can be streamed to your users. In the case of this post, because I’m focusing on streaming a desktop over applications, the image is a representation of the desktop that will be streamed to end users. Images can be copied to other AWS regions or shared with AWS accounts in the same region.
- Fleet – A fleet consists of a number of “streaming instances” that service the streaming demand. Remember, you don’t have to know exactly how many streaming instances you’ll need but when a fleet is created, you set a desired capacity which represents the minimal number of instances that will be available. In addition to the desired capacity, you will create scaling policy which scales your fleet, up or down, based on demand.
- Stacks – A stack is the means by which streamed desktops and applications are made available to users. A stack is connected to a fleet and then assigned to a user. In addition to user assignment, stacks allow you to setup certain experience settings such as application settings persistence, and to enable/disable items such as the clipboard, file transfer, and printing to a local device.
To stream desktops and applications with AppStream, you start the process by launching the image builder to create an image, you deploy a fleet of instances based on an image, and then you assign users access to streaming instance fleets via stacks.
Creating an AppStream Image
As stated earlier, an AppStream Image is simply an image that contains applications that can be streamed by your end users. In this case, the desktop will function as the application we wish to stream and the first step in the process, just like any other VDI solution really, is to create an image of the desktop you wish to deliver.
- Sign into the AWS account in which virtual desktops will be hosted and open the AppStream 2.0 dashboard.
- On the AppStream dashboard, click Images (you may have to click Skip the “Getting Started” wizard). It should open to the Image Registry tab where you will see any public images you have been given access to, any images shared with your account, or any images you have created.
3. Click the Image Builder tab, and then Launch Image Builder to start creating your own custom desktop image.
4. On the Choose Image page, you will once again see a list of the images that you can use. You can also use filters such as Image type, OS version, Instance Family, and keywords to narrow the list of available options. In the example below, I filtered the list using Server 2019 as my OS version and “General Purpose” as the Instance Family. Select your preferred base image and click Next.
5. On the Configure Image Builder page, enter a Name, a Display Name, an select an Instance Type. In this case, I will not use VPC Endpoints or assign an IAM role to the virtual desktop I am building. Click Next to continue. Click Next to continue.
6. On the Configure Network page, select the VPC and Subnet(s) to which the virtual desktops will reside and then select the Security Group to assign to them. Note, you can also integrate your virtual desktops with Active Directory on this page. Integrating with AD is easy to setup in that you would simply create a new directory configuration object in AWS and then select the OU in which your AppStream desktops will reside. Click Review to continue.
7. On the Review page, verify that the configured settings are correct and click Launch.
8. You should be returned to the Image Builder tab of the Image pages and see that your image Status reads Pending. It will take a few minutes (I’ve seen up to 12), for the image to be available for customizations so be patient here.
9. When the Image Status reads Running, click the Connect button.
10. When prompted to connect as a user, you’ll have several options. Typically the user connections go like this:
- Connect as Admin user to install applications
- After apps are installed, connect as Template user to set application preferences
- Once application preferences have been saved, login as the Test user to verify applications function as expected
Also notice their are (2) user tabs, Local and Other and it’s more or less how it sounds however, if your AppStream image is joined to a domain, you would click Other User to login with domain credentials, following the same basic template as above. Connect as a domain user with administrative access to the desktop to install apps, and then login as separate, regular domain users to configure and test application settings. In this example, I’m going to connect as Local User | Administrator
11. While logged in as an Admin user, install any applications you want available in your image just as you would any other virtual desktop image or workstation.
12. After all applications have been installed, click the Image Assistant icon on the desktop.
13. On the Add Apps screen, click + Add App and then choose the applications you want users to stream. **Now let me share a way I believe AppStream can improve going forward. In this use case we are working through, I don’t want to stream apps, I want to stream the desktop so I don’t want to Add App but I have to. I cannot proceed through the Image Assistant wizard until I add an app….the Next button will remained greyed out until an application is added. Going forward, I’d love to see a checkbox selection saying something to the effect of “This image will be used to stream desktops”….but that is not the case today so we much add at least one application.
14. When Windows Explorer opens, find the executable for the application you wish to stream and click Open.
15. On the App Launch Settings screen, verify the application information is correct and click Save.
16. When returned to the Add Apps screen of the Image Assistant, click Next.
17. On the Configure Apps screen, simply follow the detailed directions. Click Switch User and login to the desktop as the Template User.
18. Logged in as the Template User, click the Image Assistant icon on the desktop. The Configure Apps screen should display all applications that were added on step #15. Click the application to launch it as the template user. Make any desired or necessary applications settings changes and when finished, click Switch user to log back into the desktop as an Admin user.
19. Logged in as the Admin user, click Save Settings on the Configure Apps screen to save the application modifications done as the Template user and then click Next to continue.
20. On the Test screen, click Switch user and login as the Test User.
21. Logged in as the Test user, click the Image Assistant icon on the desktop. Launch each application and verify that any modifications have been saved. Once completed, click Switch User and connect back as the Admin user and click Next on the Test screen to continue the image creation process.
22. On the Optimize screen, click Launch to begin the optimization process. In performing this step, the Image Assistant is identifying application launch dependencies to ensure they operate as quickly and efficiently as possible. After an application has been started, you will be prompted to close it once it has been fully loaded. Once the optimization process completes, click Next.
23. On the Configure Image screen, enter a Name, Display Name, Description, and relevant Tags for your image and click Next to continue.
24. On the Review screen, verify the image information is correct and click Disconnect and Create Image.
25. The image will close and on the Image Builder page, the Status will read Snapshotting as the image is being created. As with connecting to the image at the beginning of this process, this step could also take some time…the image for the post took 40 minutes to complete. Once the snapshotting process completed, the image Status will read Stopped.
26. With snapshotting completed, the image should now be displayed within the Image Registry.
Assuming this is the case, this image can now be used to build an AppStream fleet and this is where we’ll start on the next post. Until then….