reference deployment

VFX Burst Rendering Framework on AWS

Linux architecture for VFX burst rendering, using ISE best practices

This Quick Start deploys an example Linux architecture for visual effects (VFX) burst rendering on the Amazon Web Services (AWS) Cloud. This architecture follows content security recommendations and best practices from Independent Security Evaluators (ISE) and AWS.

VFX studios can use this Quick Start to build an initial framework to elastically burst their render capacity on the AWS Cloud, and to automate the implementation of best practices and recommended content security controls required by major studio content owners. The Quick Start can be used by VFX studios that are new to burst rendering on AWS, or by VFX studios that are already using burst rendering on AWS and need further guidance on securing their environment.

The Quick Start includes a security control mapping document (PDF format) that has been validated by the AWS Security team and by ISE. This document provides VFX studios with the guidance needed to demonstrate, document, and prepare the VFX burst rendering environment for an ISE security audit.

The Quick Start is automated by AWS CloudFormation templates that build the burst rendering framework in about 10 minutes in your AWS account. After you deploy the Quick Start, you can install your custom VFX applications into the provisioned architecture and integrate the architecture with your on-premises environment.

This Quick Start was developed by AWS.

  •  What you'll build
  • Use this Quick Start to automatically set up the following environment on AWS:

    • A highly available architecture that spans two Availability Zones.
    • Two peered virtual private clouds (VPCs):
      • A production VPC that is configured only with private subnets for content-aware burst rendering instances and encrypted asset storage. This VPC is completely isolated from the internet, to provide you with your own virtual network for each project on AWS.
      • A management VPC that is configured with public subnets, private subnets, and internet connectivity, according to AWS best practices. This provides you with your own virtual network for common, core resources used by the production VPC.  
    • Amazon Virtual Private Cloud (Amazon VPC) security groups for limiting access between resources within the private and public subnets of each VPC, between VPCs, and to other resources and services.

    Production VPC components:
    • In the private subnets, a Spot Fleet of Amazon Elastic Compute Cloud (Amazon EC2) burst rendering instances that can be scaled to meet render demand.
    • AWS Key Management Service (AWS KMS), to create and control the encryption keys used for the server-side encryption (SSE) of data at rest. The Quick Start creates three AWS managed keys for your use.
    • Encrypted, shared file storage for render assets used by all EC2 burst rendering instances, using Amazon Elastic File System (Amazon EFS).

    Management VPC components:
    • In the public subnets, managed NAT gateways to allow controlled, outbound internet access.
    • An internet gateway to allow access to the internet via the NAT gateways.
    • In one of the private subnets, a license server instance with a media access control (MAC) address in a Single-AZ Auto Scaling group.
    • In the private subnets, a render scheduler instance in a Multi-AZ Auto Scaling group.

    For detailed information about the architecture and customization options, see the deployment guide.

  •  How to deploy
  • To build the VFX burst rendering framework on AWS, follow the instructions in the deployment guide. The deployment process includes these steps:

    1. If you don't already have an AWS account, sign up at, and sign in to your account.
    2. Launch the Quick Start. The deployment takes about 10 minutes.
    3. Test the deployment by logging into the render farm, license server, and render scheduler instances and running Linux shell commands.

    Please know that we may share who uses AWS Quick Starts with the AWS Partner Network (APN) Partner that collaborated with AWS on the content of the Quick Start.

    After the deployment, you can connect the VFX burst rendering framework to your on-premises environment by using AWS Direct Connect (DX), and customize the environment to meet your VFX studio's specific requirements for instance types, storage, and applications.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

    You are responsible for the cost of the physical private networking connection between your on-premises environment and the AWS Cloud. This network connection can be provided by an AWS Partner. See the AWS Partner Solutions Finder for a list of networking partners.

    You are responsible for the license cost of any VFX rendering application, render scheduler application, and license server application you decide to use on the EC2 instances.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. See the pricing pages for each AWS service you will be using for cost estimates. Prices are subject to change.

    Tip: After you deploy the Quick Start, we recommend that you enable the AWS Cost and Usage Report to track costs associated with the Quick Start. This report delivers billing metrics to an S3 bucket in your account. It provides cost estimates based on usage throughout each month, and finalizes the data at the end of the month. For more information about the report, see the AWS documentation.