AppStream 2.0 – How to Securely Stream your Desktop Applications?
Software application development begins with desktop applications, which can be used on standalone machines only. A Desktop Application is a software program that can be run on a standalone computer to perform a specific task by an end-user.
Challenges of Desktop Applications:
- Hardware Limitation. Desktop apps are designed specifically for the operating system/hardware that they are run on. This means that software maintenance can become reliant on upgrading the hardware, as much as the program.
- Restricted to one machine. Desktop apps are downloaded and installed on the device. In other words, users always need that device with them to access the application. These applications are confined to a physical location and hence have usability constraints.
- Download dependency. With a desktop app, users can’t just log in and go when they turn on the device. They must spend time downloading and installing the program onto their device.
Amazon AppStream 2.0 is a streaming service that helps you securely stream your Desktop Applications to any computer irrespective of their operating system. All you need is to have an HTML5-capable web browser on Windows and Linux PCs, Macs, Chromebooks, iPads, and Android tablets.
However, now all the problems faced by the Desktop applications can be resolved by AppStream. It eliminates hardware compatibility since it can be accessed directly from the browser irrespective of the computer’s configuration. it also resolves the software dependency of the application, since all the required dependencies of the application to run are bundled and streamed.
With AppStream you can easily add your existing desktop applications to AWS and enable your users to instantly stream them. You can easily scale to any number of users across the globe without acquiring, provisioning, and operating hardware or infrastructure.
Applications running on an AppStream 2.0 instance dedicated to each user so that compute resources are not shared. Applications can run inside your own virtual private cloud (VPC), and you can use Amazon VPC security features to control access. Access to your AppStream can be made through User Pools and Microsoft Active Directory.
However, there is a limited number of users i.e, 50 while using User Pools for streaming your applications. So, we have integrated AppsStream with Microsoft Active-Directory where you can seamlessly create more users and stream your applications. Also with UserPool users, all the users will have the same specific permissions to perform tasks and there is no possibility of assigning fine-grained permissions to the users.
But if we manage our users with Microsoft AD rather than UserPools. we can give granular access to our users/teams for our different AppStreams based on your use cases. We could also make use of Group policies in Microsoft AD and assign them to your groups which would apparently inherit to all the users in the group which isn’t possible with User Pool.
Management of Microsoft AD: In order to use Microsoft AD with AppStream, we need to create a Directory configuration for which you need to create a Service Account. It is best practice to create a Service Account for your DIrectory Configuration instead of giving your Admin details while creating. Assign necessary permissions to your Service Account so that it could create computer objects in your organizational unit. Create users/groups in your Microsoft AD and assign minimum permissions to your users/groups so that they can connect to your AppStream using the Delegation control wizard.
It is recommended and it is also best practice to delegate control for the users/groups on the individual computer objects rather than delegating control on the organizational unit. This helps to have better control over your organizational unit.
We use AWS SSO which is a single sign-on service for authentication of Active Directory users with AppStream. We could also integrate your SSO link with your corporate domain so that the users would remember easily to log in. Whereas authentication of user pool users is done directly by following instructions received by the users to their respective E-mail from AWS.
Application Flow of AppStream with User Pool:
Application Flow of AppStream with Microsoft AD:
Users of AppStream can access their applications from an HTML-5 supported browser or they can use Windows client Application. The benefit of using Windows client Applications is the end-users can use dual monitors and USB peripherals. It also supports keyboard shortcuts, such as Alt + Tab, clipboard shortcuts, and function keys.
At Ibexlabs, we build and deliver different custom desktop applications using AWS AppStream Image builder and AWS AppStream 2.0 for directory users by making them accessible through AWS SSO with their existing AD credentials.