- 最新
- 最多得票
- 最多評論
AppStream 2.0 is a fully managed non-persistent application streaming service, so there's no instances to manage, no VPN or internet-facing endpoint for the customer to manage, and no bridging of networks. AppStream 2.0 supports SAML federation simplifying the entitlements and discovery process of the bastion host. AppStream 2.0 is primarily HTML5, so the end user doesn't need to install any clients, and can use the device of their choice. The customer can build an image with whatever software they want, and quickly spin up as many bastion host instances as they need - and each user gets their own instance, so no noisy or nosy neighbor problems exist. A customer uses AppStream 2.0 as their bastion host provider for their development environments. AppStream 2.0 also enables customers to configure admin control policies that prevent users from downloading data, or copying data out of the environment. However, like the other managed services, this may be overkill for smaller scenarios.
A bastion host instance requires the customer to manage its lifecycle, and bridges two networks, adding an element the customer has to manage closely. They are simple, quick to spin up, but can be difficult to scale, depending on the number of users that need to use it.
SSM Session Manager seems to be mostly CLI-based access to instances (though I'm not an expert) - if a GUI is required, Session Manager Port Forward seems to be a good option, but you lose the ability to control the endpoint beyond what RDP supports. With a bastion host or an AppStream 2.0 instance, you're able to control the "gateway" middle boundary.
Overall, there's no one size fits all, and it really depends on what the user experience and security requirements are. Depending on the requirements, the recommendation can change wildly (even to a fully persistent environment such as WorkSpaces)
相關內容
- 已提問 8 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 3 年前