Optimize the remote desktop experience - AWS Prescriptive Guidance

Optimize the remote desktop experience

Designers typically use terminal-based SSH sessions or graphical remote desktops to submit and visualize workflows. A remote desktop offers GUI-driven interactive tools (such as layout, place, and route) for tool engineers and chip designers to submit jobs. AWS offers Amazon DCV, which is a high-performance remote display protocol that provides a robust user interface for engineering and physical design teams. Amazon DCV performs well over varying network conditions.

Amazon DCV streams pixels and not geometries in order to help protect data privacy. In addition, Amazon DCV uses TLS to secure pixels and end-user inputs.

Using a connection file, users can instantly connect to a Amazon DCV session. However, note that the connection file parameters use the password and proxypassword fields without encryption. For more information, see Using a connection file. Amazon DCV establishes a TLS connection between the server and client. A validation policy in the connection file determines how the client responds when a certificate can't be verified as trustworthy. For more information, see Set certificate validation policy.

Other on-premises commercial solutions that provide remote desktop functionality include NoMachine or OpenText Exceed TurboX.

With any remote desktop solution, the underlying infrastructure is powered by Amazon Elastic Compute Cloud (Amazon EC2). According to the shared responsibility model, your responsibility includes the following areas to help secure remote desktop instances:

  • Controlling network access to your instances, such as by configuring your VPC and security groups. For more information, see Controlling network traffic.

  • Managing the credentials used to connect to your instances.

  • Managing the guest operating system and software deployed to the guest operating system, including updates and security patches. For more information, see Update management in Amazon EC2.

  • Configuring the IAM roles that are attached to the instance and the permissions associated with those roles. For more information, see IAM roles for Amazon EC2.