Rethink Your Workstation Strategy with Amazon AppStream 2.0 Marty Sullivan DevOps / Cloud Engineer Cornell University
About Marty DevOps / Cloud Engineer IT@Cornell Cloud Systems Engineer in Digital Agriculture Cornell EAS Information Science Master s Student Cornell CIS
About Cornell University
AppStream 2.0 Basics Windows Applications in a web browser One VM / EC2 Instance per-user (Compute, Graphics, Memory) Single Sign On via SAML 2.0 MS Active Directory Integration Non-Persistent OS Environment Cloud Storage Integrations for Persistent Storage Google Drive MS OneDrive Amazon S3 Custom Branding
Computer Labs
AppStream 2.0 Strategy Classroom Teaching Bring Your Own Device (BYOD) Continuous Integration / Continuous Deployment (CI / CD) Automate Application Installations & Image Builds Self-Service for Academic Departments So far: 500+ Students over three semesters
AppStream 2.0 Components Stack Authentication Endpoint User Settings Fleet Fully Managed VMs Autoscaling Group Image OS and Applications Image Builder Creates a Custom Image
DEMO
Rajesh Bhaskaran Sr. Lecturer and Swanson Director of Engineering Simulation Bhaskaran@cornell.edu https://www.youtube.com/watch?v=cmrcegrt814
AppStream 2.0 Challenges Software Licensing is vendor-by-vendor Cost-effective autoscaling for unpredictable usage patterns Persistent Storage Shared Storage Application Configuration and Packaging
My Personal Perception SCALABILITY
Monitoring / Data Analysis Goals Valuable insights into student usage patterns When do students work on assignments? Are any particular students struggling? Are many students over- or under-challenged by a particular assignment? Can we automate scaling patterns with predictions?
Amazon WorkSpaces Persistent VDI Environment Full Windows 7/10 Desktop Desktop Client or Web Browser Very easy to manage Active Directory Integration
Next Up AWS VPC Networking Automated Image Builds Deployment Strategy Web Interface
Virtual Private Cloud (VPC) Plan network size for scale Two Public Subnets Two Private Subnets NAT Gateways in Public Subnets Place AppStream Instances (Fleets) in Private Subnets Use VPC Security Groups to control network access for instances Enable Route to Active Directory (recommended) Direct Connect / VPN to on-premise (optional)
Building Block: App Packaging Centralized Package Management (GitHub) Packaging Framework (Choco) Time & Skill Required Enables Self-Service and Collaboration
Building Block: Automation Source Control (GitHub) Application Installation Configurations (YAML and Choco) Infrastructure Configuration Infrastructure as Code CloudFormation Atomic Creation / Destruction of AppStream Deployments Continuous Integration / Continuous Deployment (CI / CD) AWS CodeBuild
Component: Network Config AWS Region Time Zone VPC ID Subnet IDs Security Group IDs Active Directory Domain Active Directory OU
Billing Unit Typically an academic department or college Ties automated charges to a Cornell billing account Administrative contact information (emails) One Billing Unit can own one to many Deployments
Deployment Tied to a single Billing Unit Typically for a single course / set of related users Application Technical Contact information (emails) Alert Contacts (emails) Global Stack / Fleet config (e.g. Network, Timeouts, Storage) Start Date / End Date One Deployment can have one to many Deployment Environments AWS Resource Tags
Deployment Environment Tied to a single Deployment Atomic Stack & Fleet Image Configuration Instance Type One Environment can have one to many Deployment Schedules
Deployment Schedule Tied to a single Deployment Environment Start / End Date Days of Week Time of Day + Duration Min / Max Capacity Scaling Policies Priority
Deployment Schedule Examples 50 sessions provisioned during class/lab meeting times Mon, Wed 2:00pm-3:00pm Fri 1:00pm-4:00pm Priority 1000 5 sessions minimum provisioned during work hours Mon, Tue, Wed, Thu, Fri 9:00am-11:59pm Add 15 sessions if available sessions < 5 Priority 100 2 sessions provisioned during restricted hours Mon, Tue, Wed, Thu, Fri, Sat, Sun 12:00am-11:59pm Add 2 sessions if available sessions < 1 Priority 1