corporate

Ubuntu Linux Desktop for EC2

Connect to a full-featured Ubuntu 18.04 LTS Desktop environment through your browser or natively using a Remote Desktop client. Jupyter notebooks, RStudio Server or a Terminal session can be accessed securely from your browser. This image ships with the latest versions of Google Chrome, Anaconda, Jupyter, RStudio Server, Visual Studio Code and Docker.

This image provides the perfect starting point for any kind of software development, HCP workloads, data science work or use as a bastion host for your VPC.

Login Desktop Terminal

Description

The workspace is ideal for users who require the power of EC2 instances while using a familiar graphical user interface or their preferred IDE. it provides the perfect starting point for any kind of software development, HCP workloads, data science work or use as a bastion host for your VPC.

No client software needs to be installed to access the remote desktop. All that is required is a modern browser (including Internet Explorer 11) to access the desktop. Additionally, Jupyter, RStudio Server and a Terminal session can be opened through the browser.

The browser interface as well as the remote desktop protocol support copy and paste between the virtual desktop environment and the client. Files can be uploaded using drag and drop. The environment is multi-user capable and supports a large number of concurrent users on appropriately sized instances. Please follow the instructions on how to add additional users to the system.

Setup Instructions

Launch the image on any of the available instance types. Consider attaching an additional EBS volume or setting a larger size for the root volume. Make sure that the attached security group allows traffic on port 80 and 443 if you plan to access the server via the browser interface, and port 3389 if you plan to use the Remote Desktop Protocol. Allow a couple of minutes for the instance to boot.

The web interface can be accessed through your browser on the public IP (or private IP for enterprise VPCs) of the EC2 instance (e.g. https://18.245.21.43 where 18.245.21.43 is the public IP address of the instance).

Most browsers will display a certificate warning. This warning can safely be ignored by clicking on "Continue to this webpage" (Internet Explorer) or "Advanced" and then "Proceed to website" (Chrome).

The default user is ubuntu and the default password is the instance ID.

Alternatively, you can reach your desktop environment through a Remote Desktop Client (such as the Microsoft Remote Desktop Application, preinstalled on Windows and available on the Apple App Store for MacOS). The hostname is simply the public IP (or private IP for enterprise VPCs). Make sure you enter the username and password before you connect, otherwise the connection will not be established (on Windows, click Show Options and fill in the username and password).

Upload a File

Once authenticated, you can simply drag and drop files or directories into the browser window. An upload window will appear. Uploaded files will be stored in your home directory (e.g. /home/ubuntu). Uploads will never overwrite existing files in the home directory. Instead the upload will fail. Alternatively, you can also use the Jupyter Notebook interface to upload and download files.

Working with Conda

Jupyter has been configured with a Python 3 kernel. If you want to add additional kernels, execute the following commands to register the kernel with Jupyter. The kernel will show up immediately in Jupyter, no reboot required.

# become root
sudo su -

# create new environment named "new_env" with Python 3
conda create --yes --name new_env python=3

# register new environment with Jupyter
/opt/conda/envs/py3/bin/python -m ipykernel install --name new_env --display-name "New Environment"

Let's Encrypt

The AMI ships with the Let's Encrypt certbot client preinstalled. To obtain certificates from Let's Encrypt, execute the following steps:

  1. Log in as ec2-user and change to the directory /etc/xworkspace.
  2. Run docker-compose run certbot certonly --webroot --webroot-path /var/www/letsencrypt and follow the instructions on the screen.
  3. Update the SSL certificates to point at the Let's Encrypt repository (replace {DOMAINNAME} with your domain name).
    sudo rm -f /etc/xworkspace/var/server.*
    sudo ln -s /etc/letsencrypt/live/{DOMAINNAME}/fullchain.pem /etc/xworkspace/var/server.crt
    sudo ln -s /etc/letsencrypt/live/{DOMAINNAME}/privkey.pem /etc/xworkspace/var/server.key
    sudo chown 1000.1000 -R /etc/letsencrypt/
  4. Restart the web server with docker-compose restart server
  5. The renewal command is executed automatically on a daily basis (see /etc/cron.daily/certbot.sh). If you want to manually renew the certificates simply execute docker-compose run certbot renew

Add a User

You can add additional users to the environment which can log in through the web interface and work concurrently on a single instance. To add a new user newuser, open a terminal session and execute the following command.

sudo useradd -m -s /bin/bash newuser

You can control whether the user will have access to the docker daemon or super-user privileges by adding them to the corresponding groups.

# allow access to docker daemon
sudo usermod -G docker newuser

# super-user privileges
sudo usermod -G sudo newuser

Lastly, set the password for newuser to newpassword.

echo newuser:newpassword | sudo chpasswd

Patch System

To keep the system up to date, run the following command from a terminal. This will also update packages from custom repositories such as NodeJS, Visual Studio Code and Google Chrome.

sudo aptitude update && sudo aptitude full-upgrade

Prewarm EBS Volume

When launching from the image for the first time, the EBS volume will be "cold" which means that not all blocks have been transferred from the image to the EBS volume yet which impacts performance negatively when a file is first accessed. To prewarm the EBS execute the following command.

sudo fastdd

FAQ

How do I transfer large files to the workspace?

Once authenticated, you can simply drag and drop files into the browser window. An upload window will appear. Uploaded files will be stored in your home directory (e.g. /home/ubuntu). Alternatively, launch Jupyter Labs or RStudio Server which both provide excellent file management interfaces.

We recommend to use S3 to transfer larger files (GBs of data). Upload files from your local machine using the AWS Console or the AWS CLI. The files can then be downloaded from the workspace using the built-in aws command or goofys which allows you to mount an S3 bucket as folder on your workspace.

If you are using the Microsoft Remote Desktop Client you can also choose to mount a local folder as drive on the workspace. Please follow the instructions of your Remote Desktop Client on how to configure device forwarding.

How can I make my Terminal session persist?

You can launch a terminal multiplexer such as tmux to persist Terminal sessions. Simply type tmux to launch a new session. If you want to restore the session (even from the Desktop environment) simply type tmux attach. More details can be found at tmuxcheatsheet.com.

Can I run this product on smaller instance types?

Instance types with less than 2GB of memory are not recommended.

Can I use hibernation with the workspace?

Yes, you can. Make sure you fulfill the Hibernating Prerequisites page. Most importantly, the EBS volume must be sized to fit the full RAM onto disk.

Commercial Support

Please get in touch at sales@netcubed.de if you are interested in a branded or white-label edition.

Keywords

anaconda, anaconda3, xubuntu, guacamole

Release Notes

1.5.0

1.4.0

Important changes

The default Conda environment is no longer activated by default when starting a terminal session. Primary reason is that Conda ships with a number of binaries that potentially conflict with the system-provided binaries such as NodeJS. To activate the Conda environment for the current terminal session run conda activate.

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.2

1.2.1

1.1.0

1.0.2

This release provides improved session management. The user's session will persist as long as the browser window is not closed. Performance of the in-browser remote desktop experience has been improved and a bug was fixed that resulted in some keys not being recognized by the in-browser terminal.