AWS Partner Network (APN) Blog
Amazon EC2 Mac Enhanced Remote Access with HP Anyware
Update April 2023: HP Anyware is now available on M1 EC2 Mac instances (mac2.metal) in addition to EC2 Mac on x86_64. Go to AWS Marketplace to get started today.
By Sebastien Stormacq, Principal Developer Advocate – AWS
By Chad Smith, Technical Alliance Manager – HP Teradici
Amazon Elastic Compute Cloud (Amazon EC2) Mac instances allow developers to take full advantage of the security, scalability, and automation of the cloud to develop iOS, ipadOS, watchOS, tvOS, or macOS applications.
Developers can connect to their cloud-based EC2 Mac instances using HP Anyware (formerly Teradici CAS) from any existing PCoIP client and get reduced latency and pixel-perfect color rendering for the most demanding digital designs.
When we talk with developers building applications for Apple platforms (let’s call them “Apple developers” for the remainder of this article), they all highlight the complexity and time it takes to manage a fleet of build, test, and distribution on-premises Mac machines. On the other side, developers are used to the flexibility, security, and scalability of cloud-based nearly continuous integration and continuous deployments environments.
Apple developers told us they would like the same level of flexibility and automation for the macOS machines they are using to develop applications for Apple devices. This is why Amazon Web Services (AWS) introduced EC2 Mac instances.
EC2 Mac instances are Mac Mini machines that are deployed in AWS data centers. You can use the same AWS Management Console, Command Line Interface (CLI), or API you’ve become accustomed to for the past 16+ years to reserve a host for you, and then start your favorite macOS system on it. AWS currently provides the latest versions of Monterey, Big Sur, and Catalina.
Now, it’s possible to have one or multiple development machines running in the cloud, running different macOS or Xcode versions. This gives you flexibility to build and test iOS, macOS, watchOS, tvOS, ipadOS applications without having to manage a local fleet of machines. The AWS APIs give you the ability to image, snapshot, start, and stop machines in an automated way, bringing the same level of security, flexibility and automation you have today with Linux-based or Windows-based development pipelines.
Out of the box, you may choose to connect to your cloud-based EC2 Mac instances either over a command line or full graphical console, just like regular desktop machines. The command line access requires either Secure Shell (SSH) or AWS Systems Manager Session Manager (SSM in short). For graphical console access, you may use macOS built-in Apple Remote Desktop server and connect to your remote instance using any virtual network client (VNC) application or the client built into macOS.
HP Anyware Software
HP Teradici’s HP Anyware software includes macOS support, providing a new option to remotely access your EC2 Mac instances. The VNC protocol was designed to work over local area networks more than 20 years ago when networking, security, and compute requirements were very different from today. There are a couple of reasons why you’d like an alternative.
HP Anyware is the first high-performance remote desktop solution for EC2 Mac instances, providing a graphics-intensive computing experience with high color fidelity, crisp text, and up to 4K UHD resolution. HP Anyware enables you to remotely access your EC2 Mac instances as if they were on a local machine, with the resolution and color fidelity you need for the best desktop experience. You can work in remote and hybrid office settings and get seamless, secure remote access to your EC2 Mac instance.
With Anyware (and the PCoIP Graphics Agent for macOS), you can now access your high-performance workflows from anywhere you have network connectivity. The PCoIP remote display protocol transfers only pixels, keeping your corporate assets securely located in your cloud-based, industry-compliant networks.
To use HP Anyware with EC2 Mac instances, you need just two components. On the EC2 Mac instance, you will install the Anyware PCoIP Graphics Agent for macOS. Then, you’ll remotely connect to the cloud machine from a PCoIP client. Multiple clients exist: either physical workstations, such as the PCoIP Zero Clients or a Thin Client, or you may install a client application for Windows, Linux, and macOS on the device of your choice. It means you can use your existing Thin Client workstations with the large screens you attached to them, to seamlessly connect either to on-premises macOS machines or cloud-based ones.
The PCoIP agent for macOS is available existing HP Anyware (Teradici CAS) customers to download. You can download it and install it by yourself, but there’s also an easier way to procure and deploy it. AWS Marketplace is where you can subscribe to third-party software services and uses the same familiar pay-as-you go model as other AWS services. Marketplace allows you to purchase software licenses by the hour, and once purchased the vendor deploys the solution on your AWS account using AWS CloudFormation.
Deploy an EC2 Mac Instance
This demo shows how to procure an HP Anyware licenses from AWS Marketplace, using an hourly billing. Marketplace also launches a pre-installed OS image on a Mac Mini you allocated to your account. If you have HP Anyware annual subscriptions already and want to leverage these instead, refer to these installation instructions.
To get started, we will first reserve a Mac Mini for our usage, also known as a Dedicated Host. We open the AWS console and type “EC2” in the search bar to navigate to the EC2 section of the console. Select Dedicated Hosts on the left side menu, and to allocate a new Dedicated Host select Allocate Dedicated Host.
Figure 1 – Allocate dedicated host.
Next, enter a Name tag and select mac1 as instance family and mac1.metal as instance type. Select the AWS Availability Zone you want this host to be allocated, and scroll to the bottom of page and verify the Quantity (not on the screenshot). Finally, click the Allocate button.
Remember that billing of the Dedicated Hosts starts at this point, and there is a 24 hours minimum duration for the allocation. It means you will not be able to release the host during the first 24 hours. After that initial period of time, you may release the host when you want.
Figure 2 – Dedicated host settings.
The host is allocated immediately and appears as Available in the console.
Now that we have an EC2 Mac Dedicated Host, open the AWS console and type “marketplace” in the search bar to navigate to AWS Marketplace. Search for the “HP Anyware” solution and select Continue to Subscribe.
Figure 3 – Product overview.
Accept the terms and conditions and read the software license agreement. Once accepted, the macOS AMI with PCoIP agent pre-installed is attached to your AWS account. The process might take a minute to complete, but when complete the Continue to Configuration button appears.
We chose the AWS Region where we want to start the EC2 Mac instance. It must be the same Region where you allocated the Dedicated Host (mac1.metal ). Once the Region is selected, click Continue to Launch.
Figure 4 – Configure software.
For this demo, select Launch through EC2. In a scenario where you manage a fleet of EC2 Mac instances, you may want to copy the configuration to AWS Service Catalog instead. Then, select Launch.
Figure 5 – Launch software.
The console preselects compatible EC2 instance types for the HP Anyware AMI. In this case, the mac1.metal is the only choice and the default. Select the name of the SSH key pair.
Note that if you do not have a SSH key pair in this AWS Region yet, you may select Create new key pair. A SSH key pair is required to initially connect over SSH to the EC2 Mac instance and to complete the HP Anyware agent configuration.
Figure 6 – Instance type and key pair.
Next, pay special attention to the Network and Subnet options. Make sure to select a subnet that’s in the same Availability Zone as the Dedicated Host. Regarding the network, in this example, we are deploying the EC2 Mac instance into a public subnet.
Public subnets have a routing table to direct traffic to and from the internet, and hosts receive a public IP address by default. Select the default security group proposed by the console. This security group is pre-configured to allow inbound network traffic from your PCoIP client and for SSH. If you chose to use your own Security Group, be sure to add the following rules to authorize inbound PCoIP and SSH traffic:
- TCP and UDP ports 4172
- TCP Port 60443
- TCP Port 22 (for SSH, you may remove this rule after initial configuration)
Figure 7 – Network and security groups.
The 100Gb Amazon Elastic Block Store (Amazon EBS) volume proposed is too small for any practical use case on macOS; we therefore select a larger EBS volume (500Gb). We also select gp3 instead of the default gp2 for better performance. Doing so impacts the EBS pricing. This specific volume will be charged $40/month (billed by hour of usage) + the cost of IOPS.
Refer to the Amazon EBS pricing page to understand the different options and how they affect pricing.
Figure 8 – Amazon EBS size selection.
The last detail to pay attention to is the Dedicated Host. Under the Advanced section, select Dedicated Hosts as Tenancy. We chose to target the host by entering the Host ID (the alternative is to use resource groups). On the Tenancy host ID drop-down menu, select the ID of the host you just allocated.
Figure 9 – Dedicated host selection.
Finally, look at the summary and select Launch instance. Note the AMI name and version will differ from the screenshot below.
After a few minutes, the instance status will turn to green with 2/2 checks passed.
Now that the instance is running, let’s connect to it over the command line to assign a password to our default user ec2-user. From the console, copy the public IP address assigned to your EC2 Mac instance.
Figure 10 – Public IP address.
To finish the setup, open the Terminal application and type a command similar to this one:
ssh -i /path/to/your/ssh/keypair.pem ec2-user@3.0.0.0
Replace the path to the PEM file and public IP address of the EC2 Mac instance. Once connected, change the ec2-user password by typing the command sudo passwd ec2-user
Figure 11 – Change password.
Connect from a PCoIP Client
Now that the instance is started and we have assigned a password to ec2-user, let’s connect it remotely from a PCoIP client. You can use either a physical Thin Client or Zero Client workstation or the PCoIP client application for Windows, Linux or macOS.
-
Download the client installer based on your client OS. You don’t need login credentials to download client software and can have as many copies of various client OS as you need.
-
Install the HP Anyware PCoIP client software per the OSs Administration Guides installation instructions.
-
Locate the IP address or FQDN of the EC2 Mac instance via the Amazon EC2 console. It’s the same address as the one you used to connect over SSH.
- From the client system, start your Anyware PCoIP client per OS. Typically, the Anyware PCoIP Client will have an icon like this one:
.
. - When the Anyware PCoIP Client starts, it asks for a Host Address or Code. Enter in your IP address or FQDN previously identified. You may also enter a name to Connection Name field then SAVE, if you want to save connection.
.
Figure 12 – Client configuration.
- Next, receive the message Cannot verify your connection to IP. This is expected, as a third-party trusted certificate has not been installed on the EC2 Mac instance. You can select the Connect Insecurely option.
- Finally, enter in the macOS credentials: ec2-user and the password you chose in your SSH session.
.
Figure 13 – Host authentication.
Once connected, you may see the macOS screensaver authentication screen. If it happens, type the password again. Finally, you have access to the macOS desktop.
Figure 14 – Accessing macOS through Teradici client.
One of our favorite capabilities is that when you resize the client application window, it automatically adjusts the resolution on the EC2 Mac host.
Congrats! You have successfully connected to your remote EC2 Mac instance from a PCoIP client application!
Pricing and Availability
HP Anyware is available for the x86 version of macOS (mac1.metal). Amazon EC2 x86 Mac instances are available (at the time of this writing) in the following AWS Regions: US East (N. Virginia, Ohio), US West (Oregon), Europe (Ireland, Frankfurt, London, Stockholm), and Asia Pacific (Singapore, Seoul, Tokyo, Mumbai, and Sydney). HP Anyware is available on AWS Marketplace in the same regions.
When starting your EC2 Mac instance from AWS Marketplace, you are charged for the Anyware license and for the usage of the EC2 Mac Dedicated Host.
Regarding Dedicated Hosts, remember the pricing of these is slightly different that for traditional EC2 instances. Here, you reserve a full physical host, a Mac Mini, for your exclusive usage. The pricing is therefore attached to the time the Dedicated Hosts is allocated to your AWS account.
Starting or stopping EC2 Mac instances on the Dedicated Host does not affect billing. Billing starts when you allocate a Dedicated Hosts and stops when you release it. As per the Apple macOS licensing agreement (section 3.A.ii), you have to reserve a host for a minimum period of 24 hours. After that initial period, billing is per second of allocation, as usual.
Check the Dedicated Host EC2 pricing page for details. If you know you’re going to spend a minimum amount per month on EC2 Mac instances, Saving Plans allows to save up to 44% off the On-Demand Instance price.
Now, go and build your iOS, ipadOS, tvOS, watchOS, or macOS applications in the cloud, using EC2 Mac instances and HP Anyware PCoIP clients.
.
HP Anyware – AWS Partner Spotlight
HP Anyware (formerly known as Teradici CAS) delivers world-class remoting performance and easily manages connections to remote desktops and workstations on Amazon G4 and G5 EC2 instances using the PCoIP protocol. Enable people and teams to work together in real-time by accessing the same remote desktop or application from virtually anywhere and avoiding large file downloads.