Automating Foundational NICE DCV Infrastructure

In this blog, learn how to accelerate a foundational cloud deployment of NICE DCV running on Amazon Elastic Compute Cloud (Amazon EC2) with AWS Cloud Development Kit (AWS CDK). Customers use DCV to visualize remote workloads running on Amazon EC2 on lower powered client machines. The provided AWS CDKs cover deploying the DCV Connection Gateway and DCV Session Manager with two options. Option one uses EC2 Image Builder pipelines to publish Amazon Machine Images (AMIs) for the deployment. Option two deploys the same infrastructure without image pipelines, utilizing bootstrap scripts to configure the EC2 instances.

The full step-by-step walkthrough, including the technical procedure required for the EC2 Builder pipelines and AMI detection, can be found in the dcv-samples Github repository.

Option One: EC2 Image Builder pipelines

The option one diagram illustrates deploying foundational DCV infrastructure using EC2 Image Builder pipelines.

This option of the CDK sample provisions the foundational infrastructure for a DCV Connection Gateway with DCV Session Manager environment. Both DCV Session Manager and DCV Connection Gateway have EC2 Image Builder pipelines to publish a configured AMI.

Option Two: Deploy AMIs with bootstrap scripts

The option two diagram illustrates deploying foundational DCV infrastructure using provided AMIs and user data configuration scripts.

This option of the CDK sample provisions the foundational infrastructure for a DCV Connection Gateway with DCV Session Manager environment. Both DCV Session Manager and DCV Connection Gateway are configured with bootstrap scripts so that you can utilize base AMIs.

Qualifying the options

Each use case can have different requirements, but EC2 Image Builder pipelines gives you the capability to do blue/green testing on the image before deploying.

When to use EC2 Image Builder pipelines for DCV infrastructure:

Automated Image Creation and Updates
Automates image creation and software updates to eliminate the need for manual intervention and ensure consistency across your instances. Using this process can simplify management and reduce configuration drift risks.
AWS Services Integration
EC2 Image Builder pipelines can integrate products and services in Image Builder, which includes compliance products for your image builder images. Compliance products include Center for Internet Security (CIS) Benchmarks and Security Technical Implementation Guides (STIG).

When to use base AMI’s for DCV infrastructure:

Static Software, Existing AMI Management
Using AMI’s may be better suited for deployments where there are not a lot of changes to your image or software.
Specialized or Complex Configurations
If you have specialized or complex configuration requirements and an existing AMI management process.

The decision to use EC2 Image Builder pipelines or AMIs for managing your DCV infrastructure should be based on your specific requirements and existing processes for your deployment.

Preparing for production

Next steps to continue to expand on your DCV environment, you could:

Choose your own authorization with Cognito as an external authorization server. DCV servers may be joined to Active Directory for user authentication.
Persist your DCV Session Manager database to an external database.
Integrate your own certificates.
- For TCP, you can use AWS Certificate Manager and add TLS listeners to your Network Load Balancer. TLS listeners integrated with AWS Certificate Manager offer less administrator overhead for certificate management.
- For UDP/TCP, provide server-side certificates on the DCV Gateway image. Certificates that can be publicly validated will remove the “insecure” message when users connect to their session.
Add your own DNS record for client connections or use Amazon Route 53.

Conclusion

In this blog, you deployed a DCV architecture proof of concept using the AWS CDK. The procedure to deploy the DCV server is documented in the repository README.md. You now have the foundational infrastructure to stream virtual desktop infrastructure on EC2. While the CDK deploys the DCV foundation, end users need a User Interface (UI) to interact with the DCV Session Manager broker. To connect users, DCV Access Console provides the UI for users to connect to their session. The DCV Access Console CDK can be deployed to integrate the foundational infrastructure you deployed in the blog.

Eric Cornwell

Eric Cornwell is a Senior Spatial Solution Architect within the AWS Open Source and Emerging Technologies (OSET) team. Equipped with various engineering degrees, he has contributed through published works and holds a patent relating to augmented reality. Eric is described as a skilled builder who is dedicated to bringing state-of-the-art immersive technology to develop scalable, intelligent 3D solutions. Leveraging his expertise in emerging technologies, he plays a pivotal role in creating innovative spatial computing and 3D applications that deliver value to AWS customers.

Brian M. Slater

Brian M. Slater is a Principal Solutions Architect for Independent Software Vendors (ISV) at Amazon Web Services. Brian has years of experience in government, start-ups, and financial services. He currently spends his time helping customers build IoT and Spatial Computing solutions.

Desktop and Application Streaming