AWS Content Creation Render Environment for Windows

This solution deploys an AWS Cloud environment that helps media and entertainment organizations with burst rendering workloads. This CloudFormation template will deploy and setup AWS ThinkBox Deadline Database and Repository, Workstation, License Server, and Render nodes.

The solution can deploy either Teradici PCoIP or NiceDCV Windows workstation. Also, there is an option to place workstation in a Private subnet and connect to it via AWS ClientVpn.

Furthermore, the solution comes with Blender installation scripts, which is a popular open-source software for 3D modeling, animation, rendering and more...

Index

• Architecture

• Getting Started

  • Prerequisites
  • Deployment
  • Login to Workstation and Start Deadline application
    • Connect to Workstation deployed in Private Subnet
    • Connect to Workstation deployed in Public Subnet

• Render Something to Test the Setup

• Local Development

• Running the tests

• Clean up

• Contributing

Architecture

Workstation in Public Subnet

Workstation in Private Subnet

Getting Started

Prerequisites

1. To deploy the application you will require an AWS account. If you don’t already have an AWS account, create one at https://aws.amazon.com by following the on-screen instructions. Your access to the AWS account must have IAM permissions to launch AWS CloudFormation templates that create IAM roles.
2. If deploying an AWS Client VPN endpoint. You must generate a server/client certificate and upload those certificates to AWS Certificate Manager. Click here and follow the instructions in Mutual authentication to create a client and server certificates.
3. Configuration to AWS Client VPN is done via AWS CLI. You need to install and configure AWS CLI if you are planning to use Client VPN.
4. The solution is using instance AMI from AWS Marketplace. To be able to deploy the infrastructure, you need to subscribe and confirm T&C for particular AMI on the marketplace.
   1. To subscribe for Teradici Cloud Access Software for Windows Server 2019 click here
      • In the top right corner click on Continue to Subscribe
      • Log in to your AWS account
      • Accept Terms and wait for subscription to activate
   2. Subscription for Nice DCV are not required and licensing is free of charge if running DCV server on EC2 instance.
      • Link to marketplace

Deployment

The environment is deployed as an AWS CloudFormation template.

Note You are responsible for the cost of the AWS services used while running this sample deployment. There is no additional cost for using this sample. For full details, see the pricing pages for each AWS service you will be using in this sample. Prices are subject to change.

1. Deploy the latest CloudFormation template by following the link below for your preferred AWS region:

   It will take about 1 hour and 10 minutes for the deployment to finish.

   Region	Launch Template
   US East (N. Virginia) us-east-1
   US East (Ohio) us-east-2
   US West (N. California) us-west-1
   US West (Oregon) us-west-2
   Europe (Ireland) eu-west-1
   Europe (London) eu-west-2
   Europe (Paris) eu-west-3
   Europe (Frankfurt) eu-central-1
   Asia Pacific (Mumbai) ap-south-1
   Asia Pacific (Tokyo) ap-northeast-1
   Asia Pacific (Sydney) ap-southeast-2
   Asia Pacific (Singapore) ap-southeast-1
   Asia Pacific (Seoul) ap-northeast-2

2. If prompted, login using your AWS account credentials.

3. You should see a screen titled Create Stack at the Specify template step. The fields specifying the CloudFormation template are pre-populated. Click the Next button at the bottom of the page.

4. On the Specify stack details screen you may customize the following parameters of the CloudFormation stack:

5. Stack name has been pre-populated with aws-dcc-for-windows name. You can change this and provide own stack name.

   Parameter label	Default	Description
   AvailabilityZones	Requires input	The list of Availability Zones to use for the subnets in the VPC. Select two Availability Zones from your list.
   VPCCidr	10.0.0.0/16	The CIDR block for the VPC.
   PublicSubnet1Cidr	10.0.0.0/24	The CIDR block for the Public Subnet located in Availability Zone 1 of the VPC.
   PublicSubnet2Cidr	10.0.1.0/24	The CIDR block for the Public Subnet located in Availability Zone 2 of the VPC.
   PrivateSubnet1Cidr	10.0.2.0/24	The CIDR block for the Private Subnet located in Availability Zone 1 of the VPC.
   PrivateSubnet2Cidr	10.0.3.0/24	The CIDR block for the Private Subnet located in Availability Zone 2 of the VPC.
   CreateVPNEndpoint	false	Should the CloudFormation create a Client VPN Endpoint. Workstation will be placed in Private subnet, if set to 'true'. (Specify 'true' or 'false')
   ClientCidrBlock	10.50.0.0/20	If creating Client VPN endpoint in the solution, specify the IPv4 address range. It should be in CIDR notation from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet.
   ServerCertificateArn	N/A	Required if Create Client VPN endpoint is set to true.
   ClientCertificateArn	N/A	Required if Create Client VPN endpoint is set to true.
   TargetNetworkCidr	10.0.0.0/16	If creating Client VPN endpoint in the solution, specify the IPv4 address range, in CIDR notation, of the network for which access is being authorized. For example the CIDR of the VPC.
   Edition	Standard	The AWS Microsoft AD edition. Valid values include Standard and Enterprise.
   DomainDNSName	mystudio.com	Fully qualified domain name (FQDN) of the forest root domain e.g. mystudio.com
   DomainNetBIOSName	mystudio	NetBIOS name of the domain (upto 15 characters) for users of earlier versions of Windows e.g. mystudio
   DomainAdminPassword	Requires input	Password for the default administrative user named Admin. Must be between 8 and 64 characters, not contain the word "admin", and include letters, numbers and symbols.
   FSxDeploymentType	SINGLE_AZ_2	Specifies the file system deployment type
   FSxStorageCapacity	32	The storage capacity of the file system being created. Valid values are 32 GiB - 65,536 GiB (64 TiB).
   FSxThroughputCapacity	16	The throughput capacity of an Amazon FSx file system, measured in megabytes per second in powers of 2 (8, 16, 32, ... , 1024) based on the system size.
   LicenseServerAmiId	/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-Base	Latest Windows AMI Using Systems Manager Parameter Store.
   LicenseServerInstanceType	m5.2xlarge	The EC2 instance type for the Deadline License server.
   DeadlineLicenseServerVersion	1.1	Version of the Deadline License server software.
   RenderSchedulerAmiId	/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-Base	Latest Windows AMI Using Systems Manager Parameter Store.
   RenderSchedulerInstanceType	m5.2xlarge	The EC2 instance type for the Deadline License server.
   DeadlineAppVersion	10.1.11.5	Version of the Deadline software.
   WorkstationInstanceType	g4dn.4xlarge	Artist workstation instance type.
   WorkstationConnectionManager	teradici	Specify whether you want to run Teradici PCoIP or NiceDcv server to connect to the workstation.
   WorkstationAccessCIDR	0.0.0.0/0	CIDR block of an on-premise IP address. Input your network's IP address if the Workstation is being placed in a public subnet.
   RenderNodeAmiId	/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2	Latest Amazon Linux AMI Using Systems Manager Parameter Store.
   RenderNodeInstanceType	m5.2xlarge	The EC2 instance type for the Deadline Render nodes.
   RenderNodeTargetCapacity	2	The number of instances in the spot fleet.
   Environment	DEV	The type of environment to tag your infrastructure with. You can specify DEV (development), TEST (test), or PROD (production).
   ResourceTags	mystudioproject	Tag resources, which can help you identify and categorize them. For example project or application name e.g. MyAwesomeApp.
   ArtefactBucketName	aws-digital-content-creation-render-environment	S3 bucket name for the application assets.

6. When completed, click Next.

7. Configure stack options if desired, then click Next.

8. On the Review screen, you must check the boxes for:

   • "I acknowledge that AWS CloudFormation might create IAM resources with custom names"
   • "I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND"

   These are required to allow CloudFormation to create a Role to allow access to resources needed by the stack and name the resources in a dynamic way.

9. Click Create Change Set.

10. On the Change Set screen, click Execute to launch your stack.

    You may need to wait for the Execution status of the change set to become AVAILABLE before the Execute button becomes available.

11. Wait for the CloudFormation stack to launch. Completion is indicated when the Stack status is CREATE_COMPLETE.

    You can monitor the stack creation progress in the "Events" tab.

Login to Workstation and Start Deadline application

Connect to Workstation deployed in Public Subnet

To connect to workstation in Public Subnet follow the steps below:

1. Note the WorkstationIP displayed in the Outputs tab of the root stack (it is the one without word NESTED).
2. Based on Connection manager selected:
   1. Teradici log in:
      1. Install the Teradici PCoIP client from Teradici Software and Mobile Clients
      2. In PCoIP client for Host Address or Code, paste the WorkstationPublicIP
      3. UserName: Admin
      4. Password: provide same password as used in DomainAdminPassword parameter.
   2. NiceDcv log in:
      1. On the web browser or in the NICE DCV Client, paste the WorkstationIP address
      2. UserName: mystudio\Admin
      3. Password: provide same password as used in DomainAdminPassword parameter.

Connect to Workstation deployed in Private Subnet

To connect to workstation in Private Subnet you will need to set up VPN client.

Step 1: Download the Client VPN Endpoint Configuration File

The configuration file includes the Client VPN endpoint and certificate information required to establish a VPN connection. You must provide this file to the clients who need to connect to the Client VPN endpoint to establish a VPN connection. The client uploads this file into their VPN client application.

To download and prepare the Client VPN endpoint configuration file (AWS CLI)

1. Note the ClientVpnEndpointID displayed in the Outputs tab of the root stack (it is the one without word NESTED).
2. Navigate to the folder with server and client certificates you have created as part of the Prerequisites in step 2.

   cd ~/custom_folder/
   

3. Download the Client VPN endpoint configuration file.

   AWS_REGION="the region you deployed CloudFromtaion stack into, e.g. us-east-1"
   ENDPOINT_ID="paste the id from step one"
   
   aws ec2 export-client-vpn-client-configuration --client-vpn-endpoint-id ${ENDPOINT_ID} --output text > client-config.ovpn --region ${AWS_REGION}
   

4. Append the client certificate and key to the Client VPN endpoint configuration file.

   cat >> client-config.ovpn
   cert ~/custom_folder/client1.domain.tld.crt
   key ~/custom_folder/client1.domain.tld.key
   
   CTRL+C

5. Verify that you have all the files in ~/custom_folder/ directory.

   ls -l
   
   ca.crt
   client-config.ovpn
   client1.domain.tld.crt
   client1.domain.tld.key
   server.crt
   server.key
   

Step 2: Configure OpenVPN Client

Now that we have VPN configuration file ready, the last step is to install VPN client on your machine. The following procedure shows how to establish a VPN connection using the Tunnelblick client application on a macOS computer.

brew search tunnelblick
brew cask install tunnelblick

Once the client is installed, please follow the AWS Connect to VPN documentation.

Step 3: Connect to Deadline workstation instance

Follow the same steps as in Connect to Workstation deployed in Public Subnet

Render Something to Test the Setup

Now you’ve got most of the pieces together, it’s a good idea to test the setup to make sure you can submit a render from your workstation, have the Render Scheduler pick it up, and run the render on your Worker.

For this part, you will use Blender to render something.

Follow the instructions to:

• set up Worker Nodes
• set up Blender and submit a job

Local Development

See Local Development guide to get a copy of the project up and running on your local machine for development and testing purposes.

Running the tests

The solution has been tested using taskcat the tool that tests AWS CloudFormation templates.

Install taskcat

pip install taskcat

You need to package the templates to S3 before you can run the test below. See Getting Started instructions.

From within project root directory run:

taskat test run

You can modify the taskcat configuration file with your own tests here .taskcat.yml

Clean up

Follow these steps to clean up created resources:

1. In the CloudFormation console, select the main stack you have created. For example aws-dcc-for-windows .
2. The root stack will handle the deletion of all the children stacks for you.
3. In the top right corner, click on Delete.
4. In the pop up window click on Delete stack.
5. You can click the refresh button a few times until you see in the status DELETE_COMPLETE.

Contributing

Contributions are more than welcome. Please read the code of conduct and the contributing guidelines.

Authors

See the list of contributors who participated in this project.

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.