Enable unique user entitlement with Omnissa App Volumes and Amazon AppStream 2.0
The article introduced how Omnissa App Volumes enhances application delivery with Amazon AppStream2.0
Thomas Sagaspe
Amazon Employee
Published Nov 20, 2024
Last Modified Nov 21, 2024
Introduction
Customers are constantly looking to enable entitlement for their end-users to specific applications without managing the underlying Amazon AppStream2.0 image. If you are an Amazon AppStream2.0 administrator in charge of a high number of AppStream2.0 images and fleets, you will discover how to enhance your day to day activities. Enterprises using Omnissa App Volumes have the flexibility to deliver real-time application dynamically to different virtual desktop infrastructure with efficiency. In this scenario, Amazon AppStream 2.0 is considered as the non-persistent virtual desktop infrastructure underlying the Omnissa App Volumes setup. While these technologies offer impressive capabilities individually, their integration promises to unlock greater potential for application delivery and management.
Omnissa App Volumes supports now Amazon AppStream 2.0. From the release of Omnissa App Volumes 4 version 2309, customers with a current Omnissa AppVolumes infrastructure have capabilities to integrate with Amazon AppStream 2.0 service. Monolithic image can be combined with Just in Time Delivery. In this situation Omnissa App Volumes is an ideal combination with Amazon AppStream2.0.
This article will cover Amazon AppStream 2.0 concept for Omnissa App Volumes customers to apprehend the technology and the AWS Cloud. Amazon AppStream2.0 and Omnissa App Volumes are complementary for applications lifecycle, updates and permissions. The overview will give high level steps into AWS services:
Overview of the solution
Amazon AppStream 2.0 is a fully managed application streaming and delivery of non-persistent virtual desktop infrastructure. Amazon AppStream 2.0 is offering the underlying monolithic image and fleet instances workload to support your end user sessions. To read more about AppStream 2.0, check out What is AppStream2.0.
Omnissa App Volumes is a Just in Time application delivery method. By integrating Omnissa App Volumes in conjunction with Amazon AppStream2.0 you reduce the number of images and fleets to manage within your deployment. With Omnissa App Volumes, application packages are not attached to a specific image but assigned to specific Active Directory user or group instead.
End User flow
- User authenticates to the SAML 2.0 Identity Provider
- With correct SAML assertion, user is authorized to access the AppStream2.0 stack
- The AppStream2.0 instance selected for the user communicates with App Volume Manager through the App Volume Agent.
- App Volume Manager in combination with Microsoft SQL and Active Directory defines permissions to Applications and packages
- App Volume Agent loads and assigns the relevant App Volume package to the user session.
- User is streaming assigned applications and can switch in the AppStream 2.0 Application Catalog to launch App Volumes apps.
App Volumes Agent from the instance will provide the list of applications to push to the catalog of applications with AppStream2.0 Catalog by integrating the Amazon AppStream 2.0 dynamic application framework.
AppStream2.0 prerequisites
- Your AppStream 2.0 fleet must be domain joined, see Using Active Directory with AppStream 2.0.
- SAML 2.0 Identity Provider (IdP) configured for the AppStream 2.0 stack.
- FSx for Windows and AppStream2.0 fleet joined into a same domain, forest, trust relationship in place
There a few items to highlight while using both technologies together
- Enable application entitlement to multiple Active Directory User or Group for a number of applications without SAML assertion
- Non-persistent AppStream2.0 instances are terminated on logoff of the user.
- Reduce to a minimum the number of fleets and images, which will simplify your AppStream2.0 scaling policies and reduce cost automatically
The combination of AppStream 2.0 Dynamic Application Provider and SAML configuration in the Identity Provider will allow users to view the list of applications in the catalog. The SAML assertion NameID is being passed to the Dynamic App Provider. Find more details on the SAML assertion in the Step 5: Create Assertions for the SAML Authentication Response.
As you embark on your digital transformation journey, consider the benefits of adopting Omnissa App Volumes and AppStream 2.0. The addition of the two optimizes your application deployment and management processes, ultimately driving innovation and business success.
To get started with AppStream2.0 and Omnissa App Volumes integration, read the App Volumes for Amazon AppStream 2.0 documentation in Omnissa website.
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.