Fully managed Virtual Desktop Infrastructure (VDI) solutions have become increasingly popular in recent years. This is due to their ability to provide flexible and efficient access to remote desktop environments from anywhere. Using a managed service reduces the burden of CAPEX risks, maintenance, and costly, lengthy hardware upgrades. AWS offers fully managed End User Computing (EUC) services, such as the Amazon WorkSpaces Family and Amazon AppStream 2.0.
Customers with strict requirements and policies that require complete control over their VDI environment benefit from a more customizable solution.
Customers use NICE DCV, the same underlying remote display protocol used in AWS EUC services, to visualize self-managed workloads. By leveraging Amazon Elastic Compute Cloud (Amazon EC2) and DCV, customers have the ability to fully customize and take ownership of their AWS VDI workloads.
Announcing a complete example based on DCV
Today, we announce the release of an example of a VDI solution based on DCV. This example, available on GitHub aws-samples, provides a highly secure infrastructure to customize and automate the creation of workstation images and instances. The example deploys a web portal for users to access their sessions. This example can be customized to meet your business requirements.
This example provides the following:
- Enhanced security at different levels:
- Improved streaming performance to support your visualization workload. This provides a local-like experience utilizing DCV’s QUIC UDP. This is especially beneficial for demanding 3D graphical applications.
- More flexibility and control:
- The ability to choose any EC2 instance type and integrate with Amazon Machine Images (AMI) you manage.
- Defining IP controls, allowing access to only allow-listed IP ranges.
- Workstation lifecycle management, such as automated creation and termination within business hours.
- Automated processes for deployments and workstation image builds.
- Web portal access for users to launch and access their workstation.
- Managed user stores through the use of Amazon Cognito.
- Note that, by default, passwords are not synced to the workstations. See the README for more information.
Architecture of the example
The preceding architecture diagram illustrates the high-level end-to-end example:
- The web portal frontend is deployed as a single page application on Amazon Simple Storage Service (Amazon S3) and Amazon CloudFront. It allows users to launch and access their workstations.
- The portal backend handles user sessions. It is built with AWS Step Functions, AWS Lambda, Amazon DynamoDB and exposed to the frontend as a REST API with Amazon API Gateway.
- Image Builder is used to create images (AMIs & Launch Templates) for workstations and the DCV Connection Gateway. AWS Systems Manager Automation prepares the EC2 instances used for the workstations; configuring DCV Server and associating users to instances.
- For users to connect to workstations:
- They leverage the DCV client (available for multiple OS; download page).
- The Network load balancer (NLB) load balances the TCP and UDP traffic from the users to a dynamically scalable fleet of DCV Connection Gateways.
- The DCV Connection Gateway fleet is based on EC2 instances and scale up and down with an autoscaling group.
- Workstations are based on EC2 instances and contains the DCV Server software.
- This example leverages several security services. It uses Amazon Cognito for the authentication on the frontend. AWS WAF is used to protect the frontend with an IP allow list. AWS KMS is used to encrypt data at rest. Lastly, AWS Identity and Access Management (IAM) to manage permissions.
For more details about the example and a complete deployment walkthrough, see the GitHub repository. With the help of this example, customers with specific security and customization requirements are able to build their own Virtual Desktop Infrastructure based on DCV.
|Jerome is a Senior Solutions Architect at AWS, where he works for different customers in Switzerland, helping them on their journey to the cloud. As a former developer, he built a strong experience on software craftsmanship and devops practices. He’s also passionate about serverless. In his spare time, and when snow is here, he enjoys skiing with his kids. Reach out to him on twitter: @jeromevdl.|