Security updates have been issued by Arch Linux (lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS (firefox), Debian (imagemagick), Fedora (exiv2, LibRaw, and love), Gentoo (chromium), Mageia (kernel, librelp, and miniupnpc), openSUSE (curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat (Red Hat OpenStack Platform director), and Ubuntu (firefox).
Security updates have been issued by Debian (django-anymail, libtasn1-6, and postgresql-9.1), Fedora (w3m), Mageia (389-ds-base, gcc, libtasn1, and p7zip), openSUSE (flatpak, ImageMagick, libjpeg-turbo, libsndfile, mariadb, plasma5-workspace, pound, and spice-vdagent), Oracle (kernel), Red Hat (flash-plugin), SUSE (docker, docker-runc, containerd, golang-github-docker-libnetwork and kernel), and Ubuntu (libvirt, miniupnpc, and QEMU).
Security updates have been issued by Arch Linux (linux-hardened, linux-lts, linux-zen, and mongodb), Debian (gdk-pixbuf, gifsicle, graphicsmagick, kernel, and poppler), Fedora (dracut, electron-cash, and firefox), Gentoo (backintime, binutils, chromium, emacs, libXcursor, miniupnpc, openssh, optipng, and webkit-gtk), Mageia (kernel, kernel-linus, kernel-tmb, openafs, and python-mistune), openSUSE (clamav-database, ImageMagick, kernel-firmware, nodejs4, and qemu), Red Hat (linux-firmware, ovirt-guest-agent-docker, qemu-kvm-rhev, redhat-virtualization-host, rhev-hypervisor7, rhvm-appliance, thunderbird, and vdsm), Scientific Linux (thunderbird), SUSE (kernel and qemu), and Ubuntu (firefox and poppler).
Do you need to provide a workstation class experience for users who run graphics apps? With Amazon AppStream 2.0, you can stream graphics apps from AWS to a web browser running on any supported device. AppStream 2.0 offers a choice of GPU instance types. The range includes the newly launched Graphics Design instance, which allows you to offer a fast, fluid user experience at a fraction of the cost of using a graphics workstation, without upfront investments or long-term commitments.
In this post, I discuss the Graphics Design instance type in detail, and how you can use it to deliver a graphics application such as Siemens NX―a popular CAD/CAM application that we have been testing on AppStream 2.0 with engineers from Siemens PLM.
Graphics Instance Types on AppStream 2.0
First, a quick recap on the GPU instance types available with AppStream 2.0. In July, 2017, we launched graphics support for AppStream 2.0 with two new instance types that Jeff Barr discussed on the AWS Blog:
Graphics Desktop
Graphics Pro
Many customers in industries such as engineering, media, entertainment, and oil and gas are using these instances to deliver high-performance graphics applications to their users. These instance types are based on dedicated NVIDIA GPUs and can run the most demanding graphics applications, including those that rely on CUDA graphics API libraries.
Last week, we added a new lower-cost instance type: Graphics Design. This instance type is a great fit for engineers, 3D modelers, and designers who use graphics applications that rely on the hardware acceleration of DirectX, OpenGL, or OpenCL APIs, such as Siemens NX, Autodesk AutoCAD, or Adobe Photoshop. The Graphics Design instance is based on AMD’s FirePro S7150x2 Server GPUs and equipped with AMD Multiuser GPU technology. The instance type uses virtualized GPUs to achieve lower costs, and is available in four instance sizes to scale and match the requirements of your applications.
Instance
vCPUs
Instance RAM (GiB)
GPU Memory (GiB)
stream.graphics-design.large
2
7.5 GiB
1
stream.graphics-design.xlarge
4
15.3 GiB
2
stream.graphics-design.2xlarge
8
30.5 GiB
4
stream.graphics-design.4xlarge
16
61 GiB
8
The following table compares all three graphics instance types on AppStream 2.0, along with example applications you could use with each.
In the section, I walk through setting up Siemens NX with Graphics Design instances on AppStream 2.0. After set up is complete, users can able to access NX from within their browser and also access their design files from a file share. You can also use these steps to set up and test your own graphics applications on AppStream 2.0. Here’s the workflow:
Create a file share to load and save design files.
Create an AppStream 2.0 image with Siemens NX installed.
Create an AppStream 2.0 fleet and stack.
Invite users to access Siemens NX through a browser.
Step 1: Create a file share to load and save design files
To launch and configure the file server
Open the EC2 console and choose Launch Instance.
Scroll to the Microsoft Windows Server 2016 Base Image and choose Select.
Choose an instance type and size for your file server (I chose the general purpose m4.large instance). Choose Next: Configure Instance Details.
Select a VPC and subnet. You launch AppStream 2.0 resources in the same VPC. Choose Next: Add Storage.
If necessary, adjust the size of your EBS volume. Choose Review and Launch, Launch.
On the Instances page, give your file server a name, such as My File Server.
Ensure that the security group associated with the file server instance allows for incoming traffic from the security group that you select for your AppStream 2.0 fleets or image builders. You can use the default security group and select the same group while creating the image builder and fleet in later steps.
Log in to the file server using a remote access client such as Microsoft Remote Desktop. For more information about connecting to an EC2 Windows instance, see Connect to Your Windows Instance.
To enable file sharing
Create a new folder (such as C:\My Graphics Files) and upload the shared files to make available to your users.
From the Windows control panel, enable network discovery.
Choose Server Manager, File and Storage Services, Volumes.
Scroll to Shares and choose Start theAdd Roles and Features Wizard. Go through the wizard to install the File Server and Share role.
From the left navigation menu, choose Shares.
Choose Start the New Share Wizard to set up your folder as a file share.
Open the context (right-click) menu on the share and choose Properties, Permissions, Customize Permissions.
Choose Permissions, Add. Add Read and Execute permissions for everyone on the network.
Step 2: Create an AppStream 2.0 image with Siemens NX installed
To connect to the image builder and install applications
Create a graphics design image builder in the same VPC as your file server.
From the Image builder tab, select your image builder and choose Connect. This opens a new browser tab and display a desktop to log in to.
Log in to your image builder as ImageBuilderAdmin.
Launch the Image Assistant.
Download and install Siemens NX and other applications on the image builder. I added Blender and Firefox, but you could replace these with your own applications.
To verify the user experience, you can test the application performance on the instance.
Before you finish creating the image, you must mount the file share by enabling a few Microsoft Windows services.
To mount the file share
Open services.msc and check the following services:
DNS Client
Function Discovery Resource Publication
SSDP Discovery
UPnP Device H
If any of the preceding services have Startup Type set to Manual, open the context (right-click) menu on the service and choose Start. Otherwise, open the context (right-click) menu on the service and choose Properties. For Startup Type, choose Manual, Apply. To start the service, choose Start.
From the Windows control panel, enable network discovery.
Create a batch script that mounts a file share from the storage server set up earlier. The file share is mounted automatically when a user connects to the AppStream 2.0 environment.
Logon Script Location: C:\Users\Public\logon.bat
Script Contents:
:loop
net use H: \\path\to\network\share
PING localhost -n 30 >NUL
IF NOT EXIST H:\ GOTO loop
Open gpedit.msc and choose User Configuration, Windows Settings, Scripts. Set logon.bat as the user logon script.
Next, create a batch script that makes the mounted drive visible to the user.
Choose General, provide a task name, and then choose Change User or Group.
For Enter the object name to select, enter SYSTEM and choose Check Names, OK.
Choose Triggers, New. For Begin the task, choose At startup. Under Advanced Settings, change Delay task for to 5 minutes. Choose OK.
Choose Actions, New. Under Settings, for Program/script, enter C:\Users\Public\startup.bat. Choose OK.
Choose Conditions. Under Power, clear the Start the task only if the computer is on AC power Choose OK.
To view your scheduled task, choose Task Scheduler Library. Close Task Scheduler when you are done.
Step 3: Create an AppStream 2.0 fleet and stack
To create a fleet and stack
In the AppStream 2.0 management console, choose Fleets, Create Fleet.
Give the fleet a name, such as Graphics-Demo-Fleet, that uses the newly created image and the same VPC as your file server.
Choose Stacks, Create Stack. Give the stack a name, such as Graphics-Demo-Stack.
After the stack is created, select it and choose Actions, Associate Fleet. Associate the stack with the fleet you created in step 1.
Step 4: Invite users to access Siemens NX through a browser
To invite users
Choose User Pools, Create User to create users.
Enter a name and email address for each user.
Select the users just created, and choose Actions, Assign Stack to provide access to the stack created in step 2. You can also provide access using SAML 2.0 and connect to your Active Directory if necessary. For more information, see the Enabling Identity Federation with AD FS 3.0 and Amazon AppStream 2.0 post.
Your user receives an email invitation to set up an account and use a web portal to access the applications that you have included in your stack.
Step 5: Validate the setup
Time for a test drive with Siemens NX on AppStream 2.0!
Open the link for the AppStream 2.0 web portal shared through the email invitation. The web portal opens in your default browser. You must sign in with the temporary password and set a new password. After that, you get taken to your app catalog.
Launch Siemens NX and interact with it using the demo files available in the shared storage folder – My Graphics Files.
Security updates have been issued by Arch Linux (gajim and libusbmuxd), Debian (perl), Fedora (chromium, chromium-native_client, dropbear, squirrelmail, sudo, and wget), Mageia (git, menu-cache, and pcmanfm), and openSUSE (libupnp).
Security updates have been issued by Arch Linux (postgresql, postgresql-libs, samba, and sudo), Debian (gajim, libpodofo, openldap, pngquant, qemu-kvm, sudo, and tiff), Fedora (lxterminal, menu-cache, and pcmanfm), Gentoo (sudo), openSUSE (libraw, miniupnpc, and sudo), Oracle (kernel, nss, and sudo), Red Hat (kernel and sudo), Scientific Linux (kernel and sudo), Slackware (sudo), SUSE (java-1_6_0-ibm, java-1_8_0-openjdk, openstack-components, and sudo), and Ubuntu (sudo).
Security updates have been issued by CentOS (libtirpc and rpcbind), Debian (libtasn1-3, libtasn1-6, and samba), Fedora (FlightGear, openvpn, and python-fedora), openSUSE (libtirpc and libxslt), Oracle (libtirpc and rpcbind), Red Hat (samba, samba3x, and samba4), Scientific Linux (samba and samba4), SUSE (java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm, samba, and tomcat), and Ubuntu (jbig2dec, miniupnpc, rtmpdump, and samba).
Security updates have been issued by Arch Linux (lynis), CentOS (kdelibs, libtirpc, rpcbind, and samba), Debian (miniupnpc), Fedora (chromium, chromium-native_client, and kernel), Oracle (kdelibs and samba), Red Hat (libtirpc and rpcbind), and Scientific Linux (kdelibs, libtirpc, rpcbind, and samba).
Security updates have been issued by Arch Linux (linux-grsec and linux-lts), Debian (icoutils, imagemagick, and roundcube), Fedora (freetype, libupnp, libwmf, thunderbird, tor, and w3m), Red Hat (chromium-browser and thunderbird), Scientific Linux (thunderbird), and Ubuntu (icoutils, icu, libevent, pidgin, pillow, and python-imaging).
CentOS has updated java-1.8.0-openjdk (C7; C6: multiple vulnerabilities).
Debian has updated libphp-swiftmailer (code execution), mariadb-10.0 (multiple mostly unspecified vulnerabilities), and openjpeg2 (multiple vulnerabilities).
Debian-LTS has updated groovy (code execution) and opus (code execution).
Fedora has updated docker-latest (F24: privilege escalation), ed (F25: denial of service), groovy (F25: code execution), libnl3 (F25; F24: privilege escalation), opus (F25; F24: code execution), qemu (F25: multiple vulnerabilities), squid (F25: two vulnerabilities), and webkitgtk4 (F25; F24: multiple vulnerabilities).
Gentoo has updated DBD-mysql (multiple vulnerabilities), dcraw (denial of service from 2015), DirectFB (two vulnerabilities from 2014), libupnp (two vulnerabilities), lua (code execution from 2014), ppp (denial of service from 2015), qemu (multiple vulnerabilities), quagga (two vulnerabilities), and zlib (multiple vulnerabilities).
Oracle has updated bind (OL7; OL6; OL5: denial of service), bind97 (OL5: denial of service), and docker-engine docker-engine-selinux (OL7; OL6: two vulnerabilities).
Red Hat has updated kernel (RHEL6.5: code execution).
Scientific Linux has updated bind (SL7; SL5,6: denial of service) and bind97 (SL5: denial of service).
openSUSE has updated dnsmasq (42.2, 42.1: denial of service), samba (42.2; 42.1: three vulnerabilities), and wget (42.2, 42.1: race condition).
Red Hat has updated ghostscript (RHEL7; RHEL6: multiple vulnerabilities), kernel (RHEL7.1: denial of service), and systemd (RHEL7.1: denial of service).
Scientific Linux has updated ghostscript (SL7; SL6: multiple vulnerabilities) and ipa (SL7: two vulnerabilities).
Arch Linux has updated qt5-webengine (multiple vulnerabilities).
CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).
Debian has updated php5 (unknown), samba (multiple vulnerabilities), tomcat7 (multiple vulnerabilities), and tomcat8 (multiple vulnerabilities).
Debian-LTS has updated game-music-emu (multiple vulnerabilities), icedove (multiple vulnerabilities), libupnp (code execution), libupnp4 (code execution), most (command execution), nagios3 (two vulnerabilities), php5 (multiple vulnerabilities), tomcat6 (privilege escalation), tomcat6 (regression in previous update), and tomcat7 (privilege escalation).
Fedora has updated firefox (F23: denial of service), gd (F24: three vulnerabilities), golang (F23: denial of service), kernel (F25; F24: out of bounds stack read), perl-DBD-MySQL (F23: two vulnerabilities), unzip (F25; F24: buffer overflows), and xen (F23: multiple vulnerabilities).
openSUSE has updated firefox (42.2, 42.1, 13.2: multiple vulnerabilities), gc (13.2: code execution), and lxc (42.2, 42.1, 13.2: directory traversal).
SUSE has updated kernel (SLE12-SP1: two vulnerabilities) and xen (SLE11-SP4: multiple vulnerabilities).
Ubuntu has updated apt (16.10: regression in previous update).
Arch Linux has updated glibc (two denial of service vulnerabilities), lib32-glibc (two denial of service vulnerabilities), and libupnp (unauthenticated access).
Debian has updated kde4libs (command execution) and lighttpd (man-in-the-middle attacks).
Debian-LTS has updated mongodb (two vulnerabilities), mupdf (denial of service), and openjdk-7 (multiple vulnerabilities).
Fedora has updated curl (F24: three vulnerabilities), firefox (F23: multiple vulnerabilities), libgcrypt (F23: key leak), and xen (F24: multiple vulnerabilities).
As a followup to Oh Nine Fifteen here’s a little overview of the changes coming with PulseAudio 0.9.16 which will be part of Fedora 12 (already in Rawhide; I think Ubuntu Karmic (?) will have it too).
A New Mixer Logic
We now try to control more than just a single ALSA mixer element for volume control. This increases the hardware volume range and granularity exposed and should also help minimizing problems by incomplete or incorrect default mixer initialization on the lower levels.
This also adds support for allowing selection of input/output ports for sound cards. This is used to expose changing between Mic vs. Line-In for input source selection and Headphones vs. Speaker for output selection (of course the list of available port is strictly dependant on what you hardware supports). The list of available ports is deliberately kept minimal.
The mixer rework also allows us to handle semi-pro/pro sound cards a bit more flexibly. For example, which profiles/ports are exposed in PulseAudio or how specific mixer elements are handled can now be controlled by editing .ini file like configuration files in /usr/share/pulseaudio/alsa-mixer/. Read this mail for more information about this.
UPnP MediaServer Support
PulseAudio now integrates with Zeeshan’s fabulous Rygel UPnP/DLNA MediaServer. If enabled Rygel will automatically expose all local audio devices which are managed by PulseAudio as UPnP/DLNA MediaServer items which your UPnP/DLNA MediaRenderers can now tune into. (Meaning: you can now stream audio from your PC directly to your UPnP DMP (Digital Media Player) device, such as the PS3.) Communication between Rygel and PulseAudio follows our little Media Server Spec on the GNOME Wiki. This nicely complements the RAOP (Apple Airport) support we introduced in PulseAudio 0.9.15. In one of the next versions of PulseAudio/Rygel we hope to add support for PulseAudio becoming a MediaRenderer as well. This will then not only allow you to stream from your PC to your DMP device, but also allows PulseAudio to act as “networked speaker”, which can be used by any UPnP/AV/DLNA control point, such as Windows’ Media Player.
Hotplug Support Improved
If you select a particular device as the default for a specific application or class of streams, then when unplugging the device PulseAudio moves the stream automatically to another audio device if one exists. New in PulseAudio 0.9.16 is that if you replug the audio device the stream will instantly be moved back, requiring no further user intervention.
Also, PulseAudio now includes some implicit rules for doing the ‘right thing’ when finding an audio device for an application. For example, unless configured otherwise it will now route telephony applications automatically to Bluetooth headsets if one is connected, in favour of the internal sound card of the computer.
Surround Sound Support for Event Sounds
This is more a new feature of libcanberra than of PulseAudio, but nonetheless: we now support surround for events sounds. This allows us to play full 5.1 login sounds for example, in best THX cinema fashion. We’d love to ship a 5.1 sound for login by default in sound-theme-freedesktop. We’d be very thankful if you would be willing to contribute a sound here, or two! A sound a bit less bombastic than the famous cinema THX effect would probably be a good idea though.
And then there’s of course the usual batch of fixes and small improvements. A substantial number of non-user visible changes have been made as well. For example, as HAL is now obsolete PulseAudio now moved to udev for its device discovery needs. We replaced our gdbm support by support for tdb. Also, we stripped all security senstive code from PulseAudio, and ported it to use RealtimeKit instead. For the upcoming distributions that means that PulseAudio will run as real-time process by default, improving drop-out safety.
And for some extra PA eye-candy, have a look on Impulse!
The collective thoughts of the interwebz
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.