Operating systems such as AlmaLinux, Debian, Kali Linux, and those that have reached end of life are not supported by NICE DCV and may not work. Usage indicates acceptance of NICE DCV EULA and license agreements of all software that is installed in the EC2 instance. Refer to NICE DCV documentation site for list of supported operating systems.
EC2 instances must be provisioned in a subnet with IPv4 internet connectivity.
When using a MarketPlace AMI such as Rocky Linux, AlmaLinux, CentOS or Kali Linux, subscribe before using.
Verify availablity of the instance type that you specify. (Refer to Why am I receiving the error "Your requested instance type is not supported in your requested Availability Zone" when launching an EC2 instance?) Marketplace AMIs may only support specific instance types, visit the corresponding Marketplace page to view available options.
For templates that offers both x86_64 and arm64 options, ensure that the instance type you specify matches your selected processor architecture.
Download <OS>-NICE-DCV.yaml
CloudFormation file where <OS>
is the desired operating system, and login to AWS CloudFormation console. Start the Create Stack wizard by choosing Create Stack. Select stack template by selecting Upload a template file, Choose File, select your .yaml
file and click Next. Enter a Stack name and specify parameters values.
In most cases, the default values are sufficient. You will need to specify values for vpcID
, subnetID
and ec2KeyPair
(Linux only).
Version
osVersion
(where applicable): operating system version and processor architecture (Intel/AMD x86_64 or Graviton arm64). Default is latest version and arm64imageId
(where applicable): System Manager Parameter path to AMI ID
EC2
ec2Name
: name of EC2 instanceec2KeyPair
(Linux): EC2 key pair for SSH access. Create a key pair if you do not have oneinstanceType
: appropriate instance type. Default ist4g.medium
andt3.medium
for arm64 and x86_64 architecture respectively
NICE DCV
-
driverType
(Windows): graphics driver to install- NICE-DCV-IDD: Indirect Display Driver (IDD) that optimizes the graphics pipeline for higher frame rates and significantly reduces overall CPU usage (default)
- NICE-DCV (Windows Server 2016)
- NVIDIA-GRID (G4dn, G5, G6, Gr6 instance): for professional visualization applications
- NVIDIA-Gaming (G4dn, G5 instance): contain optimizations for gaming
- NVIDIA-Tesla (NVIDIA GPU instance): for compute workloads. Use
teslaDriverVersion
to specify the driver version to install. As driver operates in TCC mode, IDD driver will be installed in addition to Tesla driver. - AMD (G4ad instance)
none
: do not install any driver
-
sessionType
(Linux):virtual
(default) orconsole
session type. GPU driver installation option may be available for some Linux OSs (AlmaLinux, Amazon Linux 2, RHEL, Rocky Linux, SLES, Ubuntu) as follows-
console-with-NVIDIA_GRID_Driver
(G4dn, G5, G6, Gr6 instance)#: install NVIDIA GRID drivers (NVIDIA RTX Virtual Workstation (vWS) mode) -
console-with-NVIDIA_Gaming_Driver
(G4dn, G5 instance)#: install NVIDIA Gaming drivers -
console-with-Ubuntu_repo_Driver
(Ubuntu only): install NVIDIA Enterprise Ready Drivers (ERD) from Ubuntu repository. -
*-with-NVIDIA_repo_Driver
(NVIDIA GPU instances such as G5g instance): uses the operating system package manager to install latest NVIDIA Tesla (also known as NVIDIA Data Center GPU) drivers from NVIDIA repository, and provides access to CUDA and cuDNN packages -
*-with-NVIDIA_runfile_Driver
: install NVIDIA Tesla driver using runfile installer from driver downloads. UseteslaDriverVersion
to specify the driver version to install -
*-with-AMD_ROCm_repo_Driver
(G4ad instance) : uses the operating system package manager to install AMD GPU drivers from AMD repository, and provides access to ROCm packages
Note that due to different combinations of drivers, OSs and instance types, GPU driver installation via CloudFormation template may not work. You can select
console
option and install driver manually. Refer to Prerequisites for Linux NICE DCV servers for details about NICE DCV GPU driver installation and configuration. -
-
teslaDriverVersion
(where applicable): Tesla driver version to install whenNVIDIA-Tesla
or*-NVIDIA_runfile_Driver
option is selected fordriverType
orsessionType
respectively.- To obtain a suitable version, go to NVIDIA Driver Downloads. Select the Product Type, Product Series, and Product values for your
instanceType
as per To download a public NVIDIA driver table, and select the correct Operating System. Click Search and copy Version value
- To obtain a suitable version, go to NVIDIA Driver Downloads. Select the Product Type, Product Series, and Product values for your
-
listenPort
: NICE DCV server TCP and UDP listen ports. Number must be higher than 1024 and default is8443
Networking
vpcID
: VPC with internet connectivity. Select default VPC if unsuresubnetID
: subnet with internet connectivity. Select subnet in default VPC if unsure. If you specify a differentinstanceType
, ensure that it is available in AZ subnet you selectdisplayPublicIP
: set this toNo
for EC2 instance in a subnet that will not receive public IP address. EC2 private IP will be displayed in CloudFormation Outputs section instead. Default isYes
assignStaticIP
: associates a static public IPv4 address using Elastic IP address to prevent assigned IPv4 address from changing every time EC2 instance is stopped and started. There is a hourly charge when instance is stopped as listed at Elastic IP Addresses on Amazon EC2 Pricing, On-Demand Pricing page. Default isYes
Allowed IP prefix and ports
ingressIPv4
: allowed IPv4 source prefix to NICE DCV, SSH(Linux) and RDP(Windows) ports, e.g.1.2.3.4/32
. Get source IP from https://checkip.amazonaws.com. Default is0.0.0.0/0
ingressIPv6
: allowed IPv6 source prefix to NICE DCV, SSH(Linux) and RDP(Windows) ports. Use::1/128
to block all incoming IPv6 access. Default is::/0
allowRDPport
(Windows): allow inbound RDP. Option is not related to Fleet Manager Remote Desktop access. Default isNo
allowSSHport
(Linux): allow inbound SSH. Option is not related to EC2 Instance Connect access. Default isYes
allowWebServerPorts
: allow inbound HTTP and/or HTTPS. Use this option if you intend to setup web server. Default isNo
EBS Volume
volumeSize
: EBS root volume size in GiBvolumeType
:gp2
orgp3
general purpose EBS type. Default isgp3
Continue Next with Configure stack options, Review Stack, and click Submit to launch your stack.
It may take more than 30 minutes to provision the EC2 instance. After your stack has been successfully created, its status changes to CREATE_COMPLETE.
The following URLs are available in Outputs section
SSMsessionManager
: SSM Session Manager URL link. Use this to change login user password. Password change command is in Description field.DCVwebConsole
: NICE DCV web browser console URL link. Login as user specified in Description field.EC2console
: EC2 console URL link to manage EC2 instance or to get the latest IPv4 (or IPv6 if enabled) address.EC2instanceConnect
(if available, Linux): in-browser SSH URL link. Functionality is only available under certain conditions.RDPconnect
(Windows): in-browser Fleet Manager Remote Desktop URL link. Use this to update NICE DCV server.
The following values are available as CloudFormation Exports
<Stack Name>-IAMRole
: IAM role name<Stack Name>-InstanceID
: EC2 instance ID<Stack Name>-SecurityGroup
: Security group ID
Refer to NICE DCV User Guide
Besides web browser client, NICE DCV offers Windows, Linux, and macOS native clients with additional features such as QUIC UDP, multi-channel audio and printer redirection support. Native clients can be download from https://download.nice-dcv.com/.
On Linux instances, the web browser client can be disabled by removing nice-dcv-web-viewer
package. On Windows instances, download nice-dcv-server-x64-Release.msi and run the command msiexec /i nice-dcv-server-x64-Release.msi REMOVE=webClient from administrator command prompt.
NICE DCV supports USB remotization, allowing use of specialized USB devices, such as 3D pointing devices and two-factor authentication USB dongles, on Windows and Linux OSs. To use feature on a supported Linux OS, run the command sudo dcvusbdriverinstaller
and restart EC2 instance. Note that USB remotization is supported on installable Windows clients only.
Default Windows AMI is now Windows Server 2022 English-Full-Base. You can retrieve SSM paths to other AMIs from Parameter Store console, AWS CloudShell or AWS CLI. Refer to Query for the Latest Windows AMI Using Systems Manager Parameter Store blog for more information.
To update NICE DCV Server, connect via Fleet Manager Remote Desktop console using RDPconnect
link and run C:\Users\Administrator\update-DCV.cmd
The blog Building a high-performance Windows workstation on AWS for graphics intensive applications walks through use of Windows Server template to provision and manage a GPU Windows instance.
Note that the NVIDIA GRID, NVIDIA Gaming and AMD drivers are for AWS customers only and you are bound by conditions and terms as per Install NVIDIA drivers on Windows instances and Install AMD drivers on Windows instances.
For NVIDIA GPU instances, CUDA® Toolkit and cuDNN can be downloaded and installed from https://developer.nvidia.com/cuda-downloads and https://developer.nvidia.com/cudnn-downloads respectively.
The login user name depends on Linux distributions as follows:
- AlmaLinux, Amazon Linux 2, CentOS Stream 9, RHEL, SLES : ec2-user
- CentOS 7, CentOS Stream 8 : centos
- Debian : admin
- Kali Linux : kali
- Rocky Linux : rocky
- Ubuntu, Ubuntu Pro : ubuntu
You can use update scripts (update-dcv
, update-awscli
) in /home/{user name} folder via SSM Session Manager or EC2 Instance Connect to update NICE DCV and AWS CLI.
NICE DCV offers two types of sessions: console sessions and virtual sessions. With console sessions, NICE DCV directly captures the content of the desktop screen. With virtual sessions, NICE DCV starts an X server instance, Xdcv, and runs a desktop environment inside the X server. Multiple user sessions on a single server are allowed for virtual sessions. Refer to Introduction to NICE DCV sessions for more details.
The CloudFormation template configure multi-user.target and graphical.target as default run level for virtual
and console
session type options respectively.
On GPU EC2 instances with GPU drivers installed and configured, NICE DCV console sessions have direct access to the GPU, providing features such as GPU accelerated OpenGL and hardware accelerated video streaming encoding (screen shot below). For best results, connect to your EC2 instance using native client.
#NVIDIA GRID and NVIDIA gaming drivers are for AWS customers only. You are bound by conditions and terms as per Install NVIDIA drivers on Linux instances.
CUDA® Toolkit, cuDNN (CUDA® Deep Neural Network library) and NVIDIA Container Toolkit can subsequently be installed in EC2 instance based on selected sessionType
option:
-
*-Ubuntu_repo_Driver
- CUDA:
sudo apt install -y nvidia-cuda-toolkit
- cuDNN:
sudo apt install -y nvidia-cudnn
- Container Toolkit: refer to https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html
- CUDA:
-
*-NVIDIA_repo_Driver
<packmgr_cli>
below is the OS package manager command-line tool, e.g.apt
,zypper
oryum
/dnf
for Ubuntu, SLES and other Linux OSs respectively.-
CUDA:
sudo <packmgr_cli> install -y cuda-toolkit
Refer to CUDA documentation site for installation options
-
cuDNN:
sudo <packmgr_cli> install -y cudnn
Refer to cuDNN documentation site for installation options
-
Container Toolkit:
sudo <packmgr_cli> install -y nvidia-container-toolkit
Refer to NVIDIA Container Toolkit documentation site for installation details
-
-
*-NVIDIA_runfile_Driver
,*-NVIDIA_GRID_Driver
or*-NVIDIA_Gaming_Driver
- CUDA: refer to https://developer.nvidia.com/cuda-downloads
- cuDNN: refer to https://developer.nvidia.com/cudnn-downloads
- Container Toolkit: refer to https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html
Refer to CUDA, cuDNN and NVIDIA Container Toolkit documentation sites for more details.
The CloudFormation templates are designed to provision EC2 instances in public subnet. To use them for EC2 instances in private subnets with internet connectivity, set displayPublicIP
and assignStaticIP
parameter values to No
.
To use templates in AWS Local Zones, verify available services features and adjust CloudFormation parameters accordingly. You may have to change osVersion
, instanceType
and volumeType
, and set assignStaticIP
to No
.
To futher secure your EC2 instance, you may want to
- Remove web browser client and use native client
- Restrict NICE DCV and SSH access to your IP address only (
ingressIPv4
andingressIPv6
). - Disable SSH (
allowSSHport
) access from public internet. Use EC2 Instance Connect or SSM Session Manager for in-browser terminal access. If you have AWS CLI and Session Manager plugin for the AWS CLI installed, you can start a session using AWS CLI or SSH. - Backup data in your EC2 instances with EBS snapshots. You can setup automatic snapshots using Amazon Data Lifecycle Manager or AWS Backup (with AWS Backup Vault Lock for enhanced security posture).
- Enable Amazon GuardDuty security monitoring service with Malware Protection to detect the potential presence of malware in EBS volumes.
- If you are hosting a website, use Amazon CloudFront with AWS WAF to protect your instance from DDoS and common web attacks. The Accelerate and protect your websites using Amazon CloudFront and AWS WAF blog post and CloudFront dynamic websites CloudFormation template may help with CloudFront distribution setup. When using CloudFront, you can restrict your EC2 instance HTTP and HTTPS port access to CloudFront IPs only. The CloudFormation template creates additional inbound HTTP and HTTPS security groups with AWS-managed prefix list for Amazon CloudFront as source where possible.
Amazon CloudWatch agent is installed in the EC2 instance, and enables collection of EC2 system-level metrics and AWS X-Ray traces.
Before running, create agent configuration file. You can use agent configuration file wizard:
- Linux:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
- Windows PowerShell:
cd "C:\Program Files\Amazon\AmazonCloudWatchAgent"
.\amazon-cloudwatch-agent-config-wizard.exe
After config.json
file is created, start CloudWatch agent:
- Linux:
sudo systemctl enable amazon-cloudwatch-agent
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json
- Windows PowerShell:
sc.exe config AmazonCloudWatchAgent start=auto
cd "C:\Program Files\Amazon\AmazonCloudWatchAgent"
.\amazon-cloudwatch-agent-ctl.ps1 -a fetch-config -m ec2 -c file:config.json
net.exe start AmazonCloudWatchAgent
Refer to How do I install and configure the unified CloudWatch agent to push metrics and logs from my EC2 instance to CloudWatch? for more details.
The created resources can be removed by deleting the CloudFormation stack. Go to CloudFormation console, choose the stack you created and choose Delete