A contract employee (User), needs to access a centrally managed desktop application through AWS services and must be streaming. All the features like auto-scaling, load balancing etc. must be self-managed by AWS.
Active Directory (AD) Users must seamlessly and securely access the application through the URL with the Domain Joined credentials, not with the users created through the AppStream User Pool.
The application, must be of SaaS with no rewrite.
Admin must be enable the user to access specified applications, as per the Organizational policy.
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Creating AppStream apps and configuring users with Domain Join.
1. Creating AppStream apps and configuring
users with Domain Join.
Mr. Subramanyam Tirumani Vemala
subramanyam.vemala@gmail.com
2. Use Case Details:
• A contract employee (User), needs to access a centrally managed
desktop application through AWS services and must be streaming. All
the features like auto-scaling, load balancing etc. must be self-
managed by AWS.
• Active Directory (AD) Users must seamlessly and securely access the
application through the URL with the Domain Joined credentials, not
with the users created through the AppStream User Pool.
• The application, must be of SaaS with no rewrite.
• Admin must be enable the user to access specified applications, as
per the Organizational policy.
3. AWS services that can be used (Advanced):
1. AWS AppStream.
2. AWS AppStream – Directory Configs (Users domain join).
3. AWS EC2.
4. AWS Directory Service.
5. Microsoft Active Directory.
4. Expected Features in the developed
application:
1. Must be able to access the application from any computer.
2. Applications and data must be secured.
3. Applications must be centrally manageable.
4. Scale without infrastructure.
5. Provide a fluid and responsive user experience.
6. Able to integrate with your IT services like On-Premises AD.
7. Applications must be, full software-as-a-service (SaaS) solution
without rewriting the application.
5. Steps:
Step 1: Create Directory Config Object, by providing the Directory
details that we need to domain join with the Fleet.
Step 2: Create Fleet with Domain Join using the Domain Config Object,
that we created in the Step1.
Step 3: Create Stak with the created Domain Joined Fleet.
Step 4: Configure SAML 2.0 for single sign-on access
27. Step 4: Configure SAML 2.0 for single sign-on
access
Users must use your SAML 2.0-based identity federation environment
to launch streaming sessions from your domain-joined fleet.
Please refer to my other PPT’s for the SSO Implementation using the
SAML.
28. Appendix:
Setting Up Active Directory
https://docs.aws.amazon.com/appstream2/latest/developerguide/active-directory-
directory-setup.html
Setting Up SAML
https://docs.aws.amazon.com/appstream2/latest/developerguide/external-
identity-providers-setting-up-saml.html
Setting Up Active Directory
https://docs.aws.amazon.com/appstream2/latest/developerguide/active-directory-
directory-setup.html#active-directory-setup-fleet
AppStream 2.0 Active Directory Administration
https://docs.aws.amazon.com/appstream2/latest/developerguide/active-directory-
admin.html#active-directory-oudn
29. Appendix:
Troubleshooting
https://docs.aws.amazon.com/appstream2/latest/developerguide/troublesh
ooting.html
Amazon AppStream 2.0 FAQs
https://aws.amazon.com/appstream2/faqs/
AppStream 2.0 Integration with SAML 2.0
https://docs.aws.amazon.com/appstream2/latest/developerguide/external-
identity-providers-further-info.html
Enable federation with AWS Single Sign-On and Amazon AppStream 2.0
https://aws.amazon.com/blogs/desktop-and-application-streaming/enable-
federation-with-aws-single-sign-on-and-amazon-appstream-2-0/