Desktop and Application Streaming
Visualizing AppStream 2.0 session latency metrics using AWS Lambda, Amazon Kinesis Data Stream and Amazon OpenSearch Service
Authors: Peter Fergus (Senior Specialist Solutions Architect, ProdApps) & Mohamed Gamil (Cloud Support Engineer, Serverless)
Customers require confirmation that end users meet network RTT requirements to ensure the best user experience when connecting to AppStream 2.0 sessions. Latency metrics are a useful means of confirming that the intermediate network is within the recommended latency thresholds .
In this post, we show how you can visualize AppStream 2.0 real-time session latency metrics to confirm end-to-end round-trip time (RTT) for AppStream 2.0 sessions.
Time to read | 10 minutes |
Time to complete | 1 hour |
Cost to complete | Costs will vary based on size of AppStream 2.0 and the number of concurrent sessions running at any point in time. Please refer to the pricing pages below for costings on the services used as part of this solution. |
Learning level | Advanced (300) |
Services |
Overview of solution
In the blog, you create a custom AppStream 2.0 image that includes the Kinesis Agent for Windows. The Kinesis Agent is used to push logs generated by the AppStream host streaming agent (NICE DCV) during an active AppStream 2.0 session. The logs are sent to a Kinesis Data Stream where they are parsed by a Lambda function. The Lambda function formats the metrics before sending to an OpenSearch domain. Once the OpenSearch Service index has been populated with records, you can visualize the data with an OpenSearch dashboard. The dashboard shows the network latency metrics for an AppStream 2.0 session in near real-time.
Walkthrough
This walkthrough shows you how to create an AppStream 2.0 session latency dashboard.
The steps are as follows:
- Create an OpenSearch Service domain
- Deploy AWS SAM template
- Create a custom AppStream 2.0 image
- Map Kinesis AWS Identity and Access Management (IAM) role to OpenSearch Service backend role
- Create an OpenSearch Dashboard
- Deploy AppStream 2.0 fleet with IAM role
Prerequisites
For this walkthrough, you must have the following prerequisites:
- An AWS account
- Docker CLI
- AWS Command Line Interface (CLI)
- AWS Serverless Application Model (AWS SAM) CLI
- AWS Identity and Access Management (IAM) role with appropriate access.
Step 1: Create an OpenSearch Service domain
Create an OpenSearch domain as described in Step 1 of the Getting started with Amazon OpenSearch Service guide. For further information about OpenSearch see the Developer guide for Amazon OpenSearch Service. The OpenSearch domain will be used as your data repository to host the streaming agent metric records sent from Lambda.
Step 2: Deploy AWS SAM template
Deployment of the Kinesis Data Stream, AWS Lambda Function, and associated IAM roles has been automated by providing an AWS Serverless Application Model (AWS SAM) template. The full source of the AppStream 2.0 latency dashboard deployment is found in the AWS public GitHub repository. The AWS SAM template deploys the following:
- A Kinesis Data Stream that receives Kinesis Agent logs from AppStream 2.0 fleet instances.
- An AWS Lambda function that transforms incoming AppStream 2.0 NICE DCV metrics before sending to an OpenSearch Service index.
Three IAM roles to grant permissions to the following services:
- Lambda function
- Kinesis Data Stream
- AppStream 2.0 fleet
To deploy the AWS SAM template:
- Clone the solution repository using git:
git clone https://github.com/aws-samples/appstream-session-latency-dashboard - Build the AWS SAM project:
sam build –use-container - Deploy the project using AWS SAM:
sam deploy –guided
* For full details on the SAM Template parameters presented in the CLI as part of deployment, refer to the associated README on GitHub.
Step 3: Create a custom AppStream 2.0 image
Create a custom AppStream 2.0 image by using the AppStream 2.0 console . After installing your applications, refer to the following steps to install and configure the Kinesis agent for Windows. When installing the Kinesis agent, we must change the default Kinesis agent configuration file to push the target logs to the Kinesis data stream we created in Step 2.
- Connect to your AppStream 2.0 Image Builder as the administrator.
- Using the browser of your choice on the image builder, download the Kinesis agent for Microsoft Windows version 1.1.216.4 or higher. Alternatively, transfer a previously downloaded file to the image builder using My Files.
- Navigate to the file location on the image builder and run the installer. Accept all the defaults.
- Open a text editor. Open the Kinesis Agent for Microsoft Windows configuration file stored in C:\Program Files\Amazon\AWSKinesisTap\appsettings.json.
- Replace the contents of the file with the example configuration below. Replace <REGION> with the Region hosting the Kinesis data stream created in Step 2.
- Save the file.
- Complete your image following the remaining steps in the create a custom AppStream 2.0 image by using the AppStream 2.0 console tutorial.
"Sources": [
{
"Id": "DCVLogs",
"SourceType": "DirectorySource",
"Directory": "C:\\ProgramData\\NICE\\dcv\\log\\",
"FileNameFilter": "server-metrics.json",
"RecordParser": "SingleLine"
}
],
"Sinks": [
{
"Id": "KinesisSink",
"SinkType": "KinesisStream",
"ProfileName": "appstream_machine_role",
"StreamName": "DCVMetricstoLambda",
"Region": "<REGION>",[JS3] [MG4]
"Format": "json"
}
],
"Pipes": [
{
"Id": "DCVKinesisPipe",
"SourceRef": "DCVLogs",
"SinkRef": "KinesisSink"
}
]
}
Step 4: Map Kinesis IAM role to OpenSearch Service backend role
The Lambda function inserts records into an OpenSearch Service index. To allow this, map the function’s IAM execution role to the OpenSearch Admin Backend role.
- Open the Lambda console, and select the Lambda function deployed in step 2.
- Select the Configuration tab.
- In the navigation pane, select Permissions.
- Select the name of the IAM execution role to open the role on the IAM console. Copy the ARN of the role.
- From the OpenSearch Console, log in to the OpenSearch Domain Dashboard. If it is the first log in, select a tenant. Select Global Tenant so that the configuration will be applied to the whole domain.
- In the navigation pane menu, choose Security then Roles. Select the link for the role named all_access. Select the Mapped Users tab.
- Select Manage mapping.
- For the Backend role, enter the ARN of the Lambda IAM role.
- Choose Map.
Step 5: Create an OpenSearch Dashboard
Deployment of the OpenSearch Service index pattern, visualizations and dashboard has been rolled up into a configuration file for automated deployment. Follow these steps to deploy these components into your OpenSearch Service domain.
- Download the OpenSearch Dashboard configuration file from the GitHub Repository.
- From the OpenSearch dashboard, select Stack Management, then select Saved Objects.
- Select Import, and choose the configuration file downloaded.
- Choose Check for existing objects and automatically overwrite conflicts.
- Choose Import.
Step 6: Deploy AppStream 2.0 fleet with IAM role
With the AppStream 2.0 image created in Step 3, create an AppStream 2.0 fleet and associate an IAM Role. The sam-app-AppStreamToKinesisRole IAM Role is created as part of the SAM template deployment in Step 2. To create a fleet and stack, review How to create an AppStream 2.0 fleet and stack in the Amazon AppStream 2.0 Administration Guide. Assign the IAM role to your AppStream 2.0 fleet. For more information, visit Using an IAM Role to Grant Permissions to Applications and Scripts Running on AppStream 2.0 Streaming Instances.
The IAM role grants permissions to your AppStream 2.0 fleet instances to make API calls within your account. This enables the Kinesis agent on the instance to send records into the Kinesis Data stream. Now you are ready to populate the OpenSearch Index and report on the metrics captured.
- Start the AppStream 2.0 fleet and notify your end users to connect.
- Confirm the round trip metrics are being saved on a per session basis. You can confirm the AppStream 2.0 user session ID’s by using the AppStream 2.0 DescribeSessions API call.
- To view the latency dashboard created in step 5, log in to your OpenSearch Service domain and navigate to Dashboard. The AppStream Latency Dashboard now presents the latency data in a number of different formats.
- Toggle the time range in the top right corner to meet your requirements.
Cleaning up
In this blog, you created several components that generate costs. Please ensure you clean up the services when no longer required. Follow these steps below to remove the components that make up this solution.
- Delete the metrics delivery stream resources created by the template following the steps described in README.md on GitHub Repository under the ‘cleanup’ section.
- Delete OpenSearch Service domain using the following steps:
- Navigate to the Amazon OpenSearch Service console.
- Under Domains, select the OpenSearch Service domain created to ingest the metrics.
- Choose Delete and confirm the deletion.
- Remove the Kinesis Agent from your AppStream 2.0 fleet by updating the image and then updating your fleet with the newly updated image. Refer to the AppStream 2.0 documentation Update an AppStream 2.0 Fleet for further details.
Conclusion
In this blog you created an AppStream 2.0 latency dashboard using Kinesis Agent for Windows, Kinesis Data Streams, AWS Lambda and Amazon OpenSearch Service. Implementing the steps outlined in this blog enables you to analyze and monitor the latency between end user clients and the backend AppStream 2.0 session host.
To learn more about best practices for AppStream 2.0 deployment, please review the Best Practices for Deploying Amazon AppStream 2.0 whitepaper. For more information on using Kinesis Agent with AppStream 2.0 review the AWS blog, Using Kinesis Agent for Microsoft Windows to store AppStream 2.0 Windows Event logs.
About the Authors
Peter Fergus is a Senior Specialist Solutions Architect based in Dublin. He has been working with the AWS Cloud for more than three years and enterprise infrastructure for over fifteen. Pete is passionate about collaborating with customers to help build optimal solutions in the AWS Cloud. He is a subject matter expert on Amazon AppStream 2.0 and Amazon Workspaces.
Mohamed Gamil is a Lambda subject matter expert in Dublin. He supports AWS customers to maintain and improve their serverless applications. He has 5+ years of experience on enterprise storage and Cloud technologies and tools, in addition to building DevOps pipelines. Gamil is passionate about promoting AWS Serverless services, and architecting cloud solutions that utilize the economics of AWS serverless services.