Desktop and Application Streaming
Enable your organizational domain for the AppStream 2.0 client with a Route 53 DNS TXT record
AppStream 2.0 recently added support for creating a Domain Name Service (DNS) TXT record that enables you to enable the domain of the URL the user enters. Amazon AppStream 2.0 is a fully managed application streaming service that allows you to stream your desktop applications to your users. Your users can use the AppStream 2.0 Windows native client to stream their applications for when they need to use USB devices, keyboard shortcuts that are normally caught by the browser, or seamless access to local drives and folders that are on their PC. The DNS TXT record capability allows you to enable the subdomains and second-level domain of the URLs the user enters into the AppStream 2.0 client without having to create registry keys, apply a group policy, or make any changes to the user’s device. The DNS TXT record capability supports wildcards, which lets you enable all subdomains for streaming. The user can simply install the AppStream 2.0 client, enter in the enabled URL, and start streaming.
You can use any DNS service that supports TXT records at the second-level domain to enable your domain. In this blog, I show you how to create the DNS TXT record to enable your organizational domain using Amazon Route 53. Route 53 does not charge for creating or updating record sets in your hosted zone. There is no additional cost associated with completing the steps in this blog.
Prerequisites
- Route 53 configured as the DNS service for your organizational second-level domain. If your organizational second-level domain is example.com, Route 53 must be configured as the DNS service for example.com. For more information, see Configuring Amazon Route 53 as Your DNS Service in the Amazon Route 53 Developer Guide.
- Access to the Route 53 Management Console or API with permissions to create TXT Records for the organizational domain
- An existing AppStream 2.0 environment available at a URL on the organizational domain such as appstream.example.com
- A Microsoft Windows device with the AppStream 2.0 client installed. The AppStream 2.0 client must have the DNS TXT Record Query feature enabled (which is the default behavior).
At a high level, we will complete the following steps in this blog:
- Create the TXT record in Route 53 for the organizational domain hosted zone
- Use the AppStream 2.0 client to test
- Clean up the created TXT record in Route 53 for the organizational domain hosted zone
For this blog, we will use exampleco.com as the organizational domain with https://prod.exampleco.com/stream as the URL that the user uses to access the AppStream 2.0 environment. You will have to substitute these values with the ones appropriate for your organization.
1. Create the TXT record in Route 53 for the organizational domain hosted zone
Route 53’s Management Console provides a simple graphical user interface-based approach to creating and managing your domain hosted zones, their record sets, and other DNS-related services.
- Navigate to the Route 53 Management Console
- Select the hosted zone associated with the organizational second-level domain, then choose Go to Record Sets
- If your second-level domain has an existing TXT record on the second-level domain, choose Create Record Set. If your second-level domain does have an existing TXT record on the second-level domain, select it, then continue to step 5.
- In the left panel that appeared, leave the name field blank. In the Type dropdown, select TXT – Text.
- In the value field, add a new line, and enter in the following (without the quotation marks), then choose Create or Save Record Set.
“AS2TrustedDomains=prod.exampleco.com”
Note: The above text record enables only prod.exampleco.com, and no other domain (including exampleco.com itself).
2. Test the domain with the AppStream 2.0 client
Now that you have created the DNS TXT record on your second-level domain, which enabled the specific organizational domain, you can test it by launching the AppStream 2.0 client, and specifying the URL.
- From your Microsoft Windows device, launch the AppStream 2.0 client
- Enter in the URL appropriate for your AppStream 2.0 environment. In our example, the URL to enter is https://prod.exampleco.com/stream. A loading icon replaces the information icon while the DNS search is being performed.
- Once the loading icon disappears, the Connect button becomes clickable. Choose Connect to start connecting to the organizational page that redirects you to AppStream 2.0.
That’s it! You have now enabled your organizational domain for use in the AppStream 2.0 Windows native client without creating any registry keys.
3. Clean up
In this blog post, you added or updated a DNS TXT record for the second-level domain associated with your organization. You can clean up the changes made by removing the string that you added in the Route 53 hosted zone or by deleting the record entirely.
Conclusion
With the latest version of the AppStream 2.0 client you can now enable your users to use your organizational or identity provider domains without having to create or manage registry keys or group policies on the user’s device.