BrassTacks Policy Paper: Missing Persons of Baluchistan – looking beyond the Obvious
AppStream - Beyond the obvious
-
Upload
adam-ocsvari -
Category
Software
-
view
103 -
download
1
Transcript of AppStream - Beyond the obvious
Copyright ©2015Cloudreach limitedNot if. When
AppStream - Beyond the obviousAWS User Group - London - May 2015Presented by Adam Ocsvari | [email protected] | @ocsi01
Cloud System Engineer @ Cloudreach
Wednesday 27th May 2015
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● Application streaming service
○ HD video
○ low latency
● For resource-intensive apps
● G2 Instances
● Partially managed by AWS
● Pricing of AppStream
○ Fix price per hour (per Region)
○ + Enablement Infrastructure
Introduction to AppStream
AWS AppStreamsince the end of 2013
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● Full HD video from AppStream● Locally rendered controls (overlay)
○ Hybrid games● Experience on any device● Reduce piracy
An early test from AWS:
● 2625 identically rendered soldiers● 17 FPS frame rate at client side
Introduction to AppStream
AppStream for Games
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● Training experience on a remote location
● No high end workstation needed● Works even on tablets
● No specialized hardware● All patches and updates are
automatically delivered to the user
Introduction to AppStream
AppStream for Training
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● 3D CAD● 3D modeling● Animations● Visual Effects (for movies)
● No high end workstations● Easier collaboration● Less geolocational issues● Read only access
Introduction to AppStream
AppStream for Engineering
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● Instant start
○ No waiting time, no lost customers
● Low end devices
○ No investment needed
● “Platform independency”
○ Develop for only one platform
● Automatic patching
● Bill based on usage
Why is this good for us?New opportunities to reach customers
Introduction to AppStream
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● Restricted access
○ Comment only access
○ Read access
● No way of copying
○ Only the video stream
● No way of reverse engineering
● No reason for cracking the client
● Everything is inside a VPC
Behind the obviousIndustrial espionage
Introduction to AppStream
Copyright ©2015 Cloudreach limitedNot if. When
Let’s jump into tech!
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● Client side application
● Enablement Service
● AWS Entitlement service
● AppStream G2 Instances
Overall Structure
The Architecture of AppStream
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● Windows based application
○ Only the application
● Running on the G2 Instance
● Installed and configured by your administrator
● Snapshot
● Warmed up
● Session customisation
The Application
The Architecture of AppStream
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● Lightweight
● Simple
● Initiate Login
● Handle the video Stream
● Sends input stream
○ Custom input stream
● May overlay content
The Client
The Architecture of AppStream
● Current clients:
○ Windows
○ OS X
○ Android
○ IOS
○ Chrome App
■ Multi platform
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● Calls AppStream Entitlement Service
○ Rest API or SDK (Java)
● Manage/authenticates users
● Passing custom data to session (Opaque Data)
● Communicates with the Client
● It’s a website with an API
Enablement servicefor authentication and authorisation
The Architecture of AppStream
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● EC2 Instances - In a VPC
● S3 buckets
● SES
● RDS
● Cross Account
○ Security challenges
Connect to other AWS servicesReaching your AWS account
The Architecture of AppStream
Copyright ©2015 Cloudreach limited
SecurityCross-Account wonders
Cloudreach: AppStream - Beyond the obvious
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● One or more temporary token
○ The expiration is a limit for the length of the session
○ Rotate the keys via Enablement service
● Identical keys
● Passed via the OpaqueData
○ via HTTPS
Temporary credentialsAccess to our AWS resources from the AppStream
AppStream Security
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
VPC PeeringAppStream Security
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● VPC peering
○ Multiple VPC-s
● Multi screen video
● Long(er) term IAM credentials
● Update Finalized Application
● More Regions
● More SDKs
Wish list
The Architecture of AppStream
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
The Beer Challenge - TBC
The Architecture of AppStream
Cloudreach: AppStream - Beyond the obvious
Copyright ©2015 Cloudreach limited
● Read some docs
● Deploy a basic application
● Use the sample Clients
● Use the “Standalone” mode
● Deploy the sample Enablement service
● Reach out the experts:
How to start?
The Architecture of AppStream
Copyright ©2015 Cloudreach limited
Questions, Comments?
Cloudreach: AppStream - Beyond the obvious