Is this page helpful?

Setting Up and Configuring for Omniverse on DGX Cloud#

Deploying the Point Cloud Extensions requires several tasks beyond the standard Kit App development workflow. See Developing for Omniverse on DGX Cloud for the standard workflow. The sections below describe the high-level steps.

Configuring Streaming Extensions for Point Cloud Services#

The Point Cloud Extensions bundle requires the DGX Cloud streaming layers as defined in the Kit App Template ovc_stream.kit configuration. These layers include the core livestream extensions for NVIDIA Cloud Functions (NVCF) deployment:

  • omni.services.livestream.nvcf — cloud streaming functionality

  • omni.kit.streamsdk.plugins — WebRTC communication

Apply the streaming extensions to your Kit base application so client-server communication routes through the Omniverse on DGX Cloud infrastructure. If you start from the Kit App Template (KAT), these extensions are available as standard streaming layers. See the reference streaming configuration.

Containerizing the Kit App and Uploading to NGC#

Build the Point Cloud Extensions container using the standard Kit App Template workflow. See the Omniverse Containerization Guide for details.

On Linux, run the packaging command that the repo tooling provides:

Package the container#
./repo.sh package --container

When prompted, select the Kit application that contains the streaming layers so the DGX Cloud-specific configuration is included. The containerization process produces a fat package with all Point Cloud extensions and dependencies, then builds a Docker image ready for deployment.

After building the image, follow the NGC workflow to authenticate with your personal API key, tag the container with your NGC organization details, and push it to the NGC Private Registry. See the deployment guide for full instructions on obtaining NGC credentials and verifying the registry upload.

Creating a Streaming Function on NVCF#

Create a streaming function on NVCF using the instructions in the NVIDIA Cloud Function Creation guide.

Append any required Kit arguments to the function configuration using the NVDA_KIT_ARGS format. Use the --/exts/<extension_name>/<setting>=<value> syntax to set extension-specific options at runtime.

Enabling NavVis IVION Authentication on DGX Cloud#

When Kit runs headless on DGX Cloud (without a local display or web browser), the default authentication method that tries to launch a local web browser will fail. The livestream client (the browser attached to the DGX Cloud session) must handle NavVis IVION authentication to set up the stream. The following setting enables NavVis IVION authentication forwarding to the livestream client:

Enable IVION authentication forwarding#
--/exts/omni.pointcloud.potree2/livestream_client_auth=true

If this setting remains disabled (the default), Kit attempts to launch a local browser, which does not work in headless DGX Cloud environments.

Optionally, Kit can show a confirmation dialog before opening the NavVis IVION login tab in the browser. Enable this behavior with:

Enable confirmation dialog#
--/exts/omni.pointcloud.potree2/livestream_client_auth_confirmation=true

To persist NavVis IVION authentication data (refresh token) in the livestream client’s browser local storage, enable storage with:

Enable authentication storage#
--/exts/omni.pointcloud.potree2/livestream_client_auth_storage=true

When enabled, Kit does not prompt for authentication again for the same NavVis IVION server until the stored authentication data expires. The NavVis IVION server sets the expiration; the default is commonly seven days.

You can configure a time-to-live (TTL) value for stored authentication data in seconds. For example, to set a three-hour TTL (10800 seconds) value:

Set authentication TTL#
--/exts/omni.pointcloud.potree2/livestream_client_auth_storage_ttl=10800

By default, the TTL value is 0, which defers to the NavVis IVION server’s default.

To encrypt stored NavVis IVION authentication data before sending it to the livestream client, provide a path to a secret file with at least 16 bytes of random data. The platform’s secrets mechanism typically maps this file into the container.

Set secret file path#
--/exts/omni.pointcloud.potree2/livestream_client_auth_storage_secret_file=/secret-file

When configured, Kit encrypts the authentication payload before sending it to the browser for local storage, and decrypts it when reading it back. This prevents the authentication data from being visible to the client if you keep the secret file private. For improved security, you may map a different secret file per user.

Streaming DGX Cloud Functions and Portal Integration#

After creating the DGX Cloud function that hosts your Point Cloud Extension Kit app, follow the application publishing guide to make the function available in the Portal Sample (NVIDIA’s reference client application for streaming Kit-based apps).

To support third-party authentication flows (for example, NavVis IVION), the Portal Sample must implement custom message handling in the web portal. Implement the handler in the onCustomEvent callback inside web/src/hooks/useStream.ts of the Portal Sample.

The event handler must support the following events to enable NavVis IVION flows:

  • omni.pointcloud.potree2@open_url — Opens NavVis IVION authentication pages in new browser tabs

  • omni.pointcloud.potree2@store_data and omni.pointcloud.potree2@get_data — Manages authentication tokens in local storage

  • omni.pointcloud.potree2@ping — Verifies connectivity between Kit and the portal

See the example Portal Sample implementation for NavVis IVION at the end of this guide. The public upstream version of the portal hook is available at useStream.ts on GitHub.