Inbound TCP traffic to AppStream deployed App?


I have a successfully deployed a 3D scientific visualization app using AppStream 2.0 that now needs to get a TCP data stream from the client. How does one set up the AppStream VPC/Fleet/Image/... to enable and route an external TCP socket connection from the client back to the AppStream app at a specified port/range of ports?

Thanks in advance for any help or ideas!

Regards, Mark

asked a month ago24 views
1 Answer

AppStream 2.0 is not meant to be used that way. You should consume the TCP data stream from within the streaming session.

Why does it have to be outside the session? You could consider deploying the 3d scientific visualization app on EC2, and accessing the TCP data stream from AppStream 2.0.

profile picture
answered a month ago
  • Thanks for your response!

    I might be misunderstanding your response, or I might not have posed the question quite right. The application as it runs on a user's desktop relies upon another small program running on the user's desktop that opens a TCP socket to the application, processes various inputs and forwards data to the application. So to port this to AppStream 2.0, I need to find a way to for that application on the user's desktop to open a socket connection to the AppStream 2.0 app instance running in the cloud. I presume that between gateways, NATs, port forwarding, etc there might be a way to get that connection to work.

    Are you suggesting an EC2 intermediary at a known endpoint accessible by both the user's machine and the AppStream app running in the VPC subnet? Or can it be handled with AppStream and its deployment framework?

    Thanks for any clarification!

    • Mark
  • To port to AppStream 2.0, you should put both programs in the same AppStream 2.0 image.

    Your fleets should be deployed in a private subnet with a NAT GW, which means they won't have inbound ports open. The instances are non persistent, so if they were in a public subnet that does allow that, the addresses would change every session.

    I was suggesting EC2 for the server / client model, but it may not be applicable with your app.

    I think the easiest way to port to AppStream 2.0 is to install everything the user needs on the same image.

  • Jeremy - thanks for your continued follow-up. Unfortunately I can't put everything in the AppStream image - that ancillary program accesses multiple hardware and client-side data on the client's machine that can't live in the cloud (this is medical visualization/analysis so some esoteric hardware and sensitive data). Hence local processing is necessary with a push to the visualization app in the cloud... The different address for each run of the app is okay, as I can forward that information to the client/user via the appstream-deployed app at least via an information dialog that displays the current internet ip address and port.

    Given the above, what do you recommend? The linux image is already configured to allow the inbound ports, and it sounds like a security group with a small # of ports enabled via an inbound traffic rule on the vpc is part of the solution, but other plumbing is needed too. What would the minimal set of other infrastructure be?

    Thanks again for your help and any ideas!

    Regards, Mark

  • Success! This was easier than I expected: for now I have put the app in a public subnet (I can work on deploying to a private subnet and expose some public ports later if necessary), add the necessary Security Group and rules, forward the public ip address and port via the client to the user who then starts up the client-side data-push program with the relevant settings, and voila.

    Thanks Jeremy for the dialog that allowed me to get to this point.


  • Thanks for posting your solution. Glad it is working for you

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions