Desktop and Application Streaming

Screening Eagle: Optimize CI/CD and end user experience in Amazon AppStream 2.0

Providing end users with a consistent user experience is important when working with compute intensive applications. Amazon AppStream 2.0 allows you to stream applications from AWS directly to any device. This provides a fluid and responsive experience to each user regardless of their end device’s capabilities. This eliminates the need of purchasing, managing, securing, monitoring, and upgrading workstations. It allows you to centrally manage applications’ software updates and distribution. As a result, operational costs are reduced, and software distribution is controlled and secured.

About Screening Eagle

Screening Eagle Technologies provides a technology platform for intelligent inspection of the built environment. The platform combines software and powerful sensors to deliver reliable data for construction and asset maintenance decisions.

The challenge

Screening Eagle developed Workspace, a cloud-based platform that contains and unifies access to all the company’s applications through a web-based portal. Screening Eagle’s goal is to deliver a consistent experience across all applications in Workspace, across all end user platforms. Workspace users use a range of different environments including Windows, MacOS, Linux, iOS and Android tablets, and web browsers.

Insights, a Windows-based application, is Screening Eagle’s heaviest computational application, it requires GPU and a large memory base to run. To integrate Insights to the Workspace suite without disrupting the user experience, Screening Eagle streams this application using Amazon AppStream 2.0.

Screening Eagle had two challenges:

  1. To fully automate the continuous integration and delivery of new application updates to Amazon AppStream 2.0 instance fleets.
  2. To embed Insights AppStream 2.0 session into the Workspace web-based framework, integrating both environments in terms of storage, security, and interaction with the user.

How to create a fully automated CI/CD pipeline for application updates

Screening Eagle has two different processes for delivering Insights. On one side, application updates, and on the other, application dependencies, Windows settings, and other OS updates to the Amazon AppStream 2.0 images.

Insights has a CI/CD process for building, testing, and distributing binaries. This process allows application updates’ distribution to take place at Amazon AppStream 2.0 instances’ bootstrap phase without affecting users’ login experience. This is done by specifying which version of the application is downloaded and run in the context field of the AppStream 2.0 Session Script.

AppStream 2.0 access pattern and bootstrap process with session script.

By doing this, the number of times that AppStream 2.0 images are rebuilt and redeployed into existing fleets is reduced.

For environmental updates, Screening Eagle built a fully automated CI/CD pipeline to deliver updates to production. The pipeline requires commands to run programmatically on Amazon AppStream 2.0 image builders. This is done by using a Windows EC2 instance as a proxy to send AWS SSM commands to the AppStream 2.0 image builder. Review the AWS blogpost how to use SSM Run to perform programmatic actions on AppStream 2.0 image builders for more information. Screening Eagle developed a script to run the following process to automate updates for the AppStream 2.0 fleets.

Architecture diagram of AppStream 2.0 environment with SSM commands

  1. Create an image builder from the Amazon AppStream 2.0 base image.
  2. Launch an Amazon EC2 Windows proxy instance on the same subnet as the image builder.
  3. Invoke SSM Run to send a PowerShell script for the EC2 Windows proxy instance to run. The proxy instance sends the commands to run remotely on the image builder. This script sets up the authentication between proxy and image builder, install libraries and dependencies. It uses AppStream 2.0 image assistant to add and remove applications from the image builder, and creates an AppStream 2.0 image.
  4. Terminate both proxy and image builder instances.
  5. Update Amazon AppStream 2.0 fleets with the new image to the testing environment to run corresponding integration tests. Finally, deploy images to the production environment.

This ensures a repeatable and predictable process. Every iteration starts with newly-created proxy and image builder instances.

Seamlessly embed Insights application into Workspace browser environment 

Amazon AppStream 2.0 allows you to access applications from HTML5-capable browsers. Screening Eagle’s goal was to provide unified and seamless web access to Insights users.

To achieve this, Screening Eagle integrates the applications together in terms of authentication, service authorization, and storage. In addition, the applications interact with each other to perform actions such as uploading and downloading files.

Let’s say the user wants to upload a local file to Insights, the application that runs in the AppStream 2.0 session. Insights is a video stream. Opening a file browser from the application would display the local file system of the Amazon AppStream 2.0 instance. In contrast, opening it from Workspace would display the local files on the end-user’s terminal. To solve this, Screening Eagle developed a messaging mechanism between the Insights Amazon AppStream 2.0 session and the Workspace web application.

Screening Eagle implement a WebSocket-based communication system to solve this. This is a serverless architecture, based on a WebSockets API running on Amazon API Gateway, and a communication logic running on AWS Lambda. For more details on the technical implementation, review WebSocket APIs in Amazon API Gateway. The communication flow is shown in the following diagram.

Communication flow of WebSocket architecture

  1. The user requests to open a file browser from Insights to upload a new file to the application.
  2. Insights creates a new WebSocket connection to Workspace through the Amazon API Gateway and sends a message to have Workspace opening a local file browser.
  3. The Workspace app opens a file browser local to the user’s machine on the same browser window.
  4. The user uploads the file.
  5. Workspace uploads the file to Amazon S3.
  6. Workspace opens a new WebSocket connection and sends a confirmation message to Insights with the URL of the Amazon S3 object.
  7. Insights downloads the file from Amazon S3 to the AppStream 2.0 instance.
  8. Insights opens and displays the uploaded file to the user.

This communication mechanism is used in other actions as well. For example, displaying notifications to the user or exchanging authentication credentials.

To maintain and redirect user authentication from the Workspace platform to the AppStream 2.0 session in Insights, Screening Eagle use the AppStream 2.0 session context. By including the user’s session data and authentication token in the session context, Insights receives the information it needs to authenticate the user and initialize the application. If the initial token expires, Insights opens a WebSocket connection to Workspace to request authentication renewal.

Conclusion

Screening Eagle use Amazon AppStream 2.0 to stream their highest demanding engineering application to users. AppStream 2.0 provides a responsive and fluid user experience, regardless of workstation capabilities. The fully automated CI/CD pipeline delivers updates to AppStream 2.0 production fleets without manual intervention. Application embedding provides seamless integration with the existing platform, allowing users to interact with the same user interface they are used to working with.

About the authors 

Author photo Jesús Hormigo is a computer scientist, technologist and inventor committed to the development of information communication technology (ICT) hardware and software that deliver meaningful and sustainable impact in all facets of daily life, ranging from healthcare to sports entertainment. He is currently Chief of Cloud and AI at Screening Eagle Technologies where he leads a team of talented engineers in creating unique AI and computer vision-based solutions in the cloud for the inspection industry.
Author photo Julián Martínez is a Site Reliability Engineer based in Málaga, working on high traffic Linux environments for more than 15 years. He is currently focused in helping teams to improve the performance of their workloads and services and implementing best practices. Julián has been deeply involved with AWS based services for the last few years and he contributes to popular projects around the Kubernetes world and Artificial Intelligence.
Author photo Carmen Pino is an AWS Solutions Architect based in Madrid. She works with Spanish small and medium businesses helping them define, deploy, and optimize their workloads in the AWS Cloud. Although her professional career has been linked mainly to the world of traditional networking, today she has a special interest in data and information analytics technologies. Her passion is the use of technology as an engine of positive impact in today’s society.