Professional Documents
Culture Documents
V100R005C30
Issue 05
Date 2015-12-07
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://e.huawei.com
Purpose
This document describes the FusionAccess deployment solutions, processes, and methods,
and provides guidance for users to install and configure FusionAccess components on
infrastructure VMs.
Intended Audience
This document is intended for:
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Issue 05 (2015-12-07)
This issue is the fifth official release.
Modify
l Modified Installing the Antivirus Server, rewrite this topic using the OfficeScan 11.0.
l Modified Installing the Antivirus Client, rewrite this topic using the OfficeScan 11.0.
Issue 04 (2015-11-10)
This issue is the forth official release.
Modify
l Modified Installing the vAG and vLB Components, added the description The system
HA can automatically enable the vAG service.
l Modified Linux Infrastructure VM Types, added the description The WI and vAG
cannot be deployed on the same VM.
Issue 03 (2015-09-30)
This issue is the third official release.
New
Added Upgrading the PV Driver.
Modify
Modified Configuring Linux Infrastructure VMs, Installing FusionCompute and Linux
Infrastructure VM Types, added descriptions about PV Driver upgrade.
Issue 02 (2015-08-20)
This issue is the second official release.
New
l Added DB Independent Deployment.
l Added Changing the IP Address Bound to Port 22 of the vAG/vLB Server.
l Added Importing WI Addresses in Batches.
l In Configuring DNS Policies, added operations for disabling IPv6 for the domain name
server (DNS).
Modify
l In Documents and Software, changed the path for obtaining documentation and
software.
l In Generating or Importing a WI/UNS Certificate, changed the certificate storage
path.
Issue 01 (2015-06-05)
This issue is the first official release.
Contents
7 Appendixes................................................................................................................................. 169
7.1 Other Software Installation Solutions.........................................................................................................................170
7.1.1 DB Independent Deployment.................................................................................................................................. 170
7.1.2 Clock Synchronization Schemes............................................................................................................................. 170
7.1.3 GSLB Deployment Scheme.....................................................................................................................................178
7.1.4 Deployment Schemes of Gateway and Loading Balancing Components............................................................... 181
7.1.5 Configuring the Existing AD, DNS, and DHCP Components................................................................................ 186
7.1.6 FusionAccess Account Planning in High Security Mode....................................................................................... 190
7.2 Operations Related to Software Installation............................................................................................................... 193
7.2.1 Upgrading the PV Driver.........................................................................................................................................193
7.2.2 Changing the IP Address Bound to Port 22 of the vAG/vLB Server...................................................................... 197
7.2.3 Changing the Time Zone of Linux Infrastructure VMs...........................................................................................198
7.2.4 Changing Linux Infrastructure VM IP Address...................................................................................................... 200
7.2.5 Configuring the Alarm Reporting Function for the FusionCompute...................................................................... 200
7.2.6 Verifying Software Packages...................................................................................................................................202
7.2.7 Changing the Password of the DB Administrator Account.....................................................................................203
8 Glossary....................................................................................................................................... 253
8.1 A-E..............................................................................................................................................................................254
8.2 F-J............................................................................................................................................................................... 255
8.3 K-O............................................................................................................................................................................. 257
8.4 P-T.............................................................................................................................................................................. 259
8.5 U-Z..............................................................................................................................................................................261
Purpose
This document describes the FusionAccess deployment solutions, processes, and methods,
and provides guidance for users to install and configure FusionAccess components on
infrastructure VMs.
Intended Audience
This document is intended for:
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Issue 05 (2015-12-07)
This issue is the fifth official release.
Modify
l Modified Installing the Antivirus Server, rewrite this topic using the OfficeScan 11.0.
l Modified Installing the Antivirus Client, rewrite this topic using the OfficeScan 11.0.
Issue 04 (2015-11-10)
This issue is the forth official release.
Modify
l Modified Installing the vAG and vLB Components, added the description The system
HA can automatically enable the vAG service.
l Modified Linux Infrastructure VM Types, added the description The WI and vAG
cannot be deployed on the same VM.
Issue 03 (2015-09-30)
This issue is the third official release.
New
Added Upgrading the PV Driver.
Modify
Modified Configuring Linux Infrastructure VMs, Installing FusionCompute and Linux
Infrastructure VM Types, added descriptions about PV Driver upgrade.
Issue 02 (2015-08-20)
This issue is the second official release.
New
l Added DB Independent Deployment.
l Added Changing the IP Address Bound to Port 22 of the vAG/vLB Server.
l Added Importing WI Addresses in Batches.
l In Configuring DNS Policies, added operations for disabling IPv6 for the domain name
server (DNS).
Modify
l In Documents and Software, changed the path for obtaining documentation and
software.
l In Generating or Importing a WI/UNS Certificate, changed the certificate storage
path.
Issue 01 (2015-06-05)
This issue is the first official release.
2 Installation Process
Installation Process
Start
End
3.1 Data
3.2 Documents and Software
3.3 Hardware Requirements
3.1 Data
3.1.1 FusionCompute Data
Table 3-1 lists the data required for FusionCompute installation.
NOTE
FusionCompute does not support IPv6 addresses.
FusionAccess Deployment
FusionAccess offers flexible configuration and deployment.
l UNS deployment
The unified name service (UNS) enables a unified domain name to be used to access
multiple FusionAccess systems. If this feature is required, use the UNS deployment
solution. For details, see (Optional) Deploying the UNS.
l Other deployment solutions
Tailored deployment solutions are also provided based on service requirements. If
GaussDB is independently deployed, see DB Independent Deployment.
The password must conform to the following rules:
l Contain at least one uppercase letter (A-Z), one lowercase letter (a-z), one digit (0-9),
and one space character or special character (~!@#$%^&*()-_=+\|{};:'",<.>/?).
l Contain 8 to 32 characters.
l Cannot be same as the recent three passwords.
l Cannot contain the username or the username in reversed order.
Table 3-3 describes the FusionAccess standard deployment solution. FusionAccess in
standard deployment supports 5000 users. A maximum of four sets of FusionAccess and a
pair of ITAs can be deployed, which supports up to 20,000 users.
VLAN pool Specifies the VLAN pool that VLAN ID range: 181 to 189
provides network resources for
creating the service plane for
infrastructure VMs.
Infrastructure VM Data
(second NIC):
192.168.180.69
– vLB floating IP address:
192.168.181.70
UNS deployment: -
See UNS Deployment
Scheme.
Subnet mask Specifies the subnet mask of Service plane subnet mask:
the infrastructure VMs. 255.255.255.0
OS Account Data
Subnet mask and Specifies the subnet mask and Mask: 255.255.255.0
gateway IP address gateway IP address of the Gateway: 192.168.181.1
of the address pool address pool.
Database Data
Reference Documents
NOTICE
The desktop cloud solution maps multiple version of FusionCompute, FusionManager, and
FusionCare. Download the matched documents and software during the actual use.
In addition to the Software Installation, obtain the documents listed in Table 3-11, and Table
3-12 before software installation.
Table 3-11 Documents required for hardware configuration of the desktop cloud solution
Categ Document Description Ma How to Obtain
ory nda
tory
/
Opt
ion
al
Feature Guide Required only when the Opti For enterprise users, visit
FusionCloud Desktop onal http://support.huawei.com/
solution is required to . enterprise and choose
provide advanced Product Support > IT >
features. FusionCloud >
Describes the features FusionAccess >
and methods used to FusionCloud Desktop
configure the features. Solution.
For telecom carrier users, visit
http://support.huawei.com
and choose Product Support
> Carrier IT > FusionCloud
> FusionAccess >
FusionCloud Desktop
Solution
TCM TCM product Describe how to install Man For enterprise users, visit
documents the Thin Client dato http://support.huawei.com/
Manager (TCM). ry. enterprise and choose
Product Support > IT >
FusionServer > TC
Terminal > TCM
For telecom carrier users, visit
http://support.huawei.com
and choose Product Support
> Carrier IT > FusionServer
> TC Terminal > TCM
Fusion FusionCare Select the document of Man For enterprise users, visit
Care V100R003C1 a version according to dato http://support.huawei.com/
0SPCxxx User the product version ry. enterprise and choose
Guide mapping. Software > IT >
FusionCloud >
FusionSphere Tool >
V100R003C10SPCxxx >
FusionSphere Tool
V100R003C10SPCxxx
Health Check and Log
Collect
For telecom carrier users, visit
http://support.huawei.com
and choose Software >
Carrier IT > FusionCloud >
FusionSphere >
FusionSphere Tool >
V100R003C10SPCxxx >
FusionSphere Tool
V100R003C10SPCxxx
Health Check and Log
Collect
FusionCompute You should download it Man For enterprise users, visit http://
version according to the version dator support.huawei.com/enterprise
Software Install mapping. y. and choose Product Support >
Guide IT > FusionCloud >
FusionSphere >
FusionCompute >
FusionCompute
For telecom carrier users, visit
http://support.huawei.com and
choose Product Support >
Carrier IT > FusionCloud >
FusionSphere >
FusionCompute
FusionManager You should download it Man For enterprise users, visit http://
version according to the version dator support.huawei.com/enterprise
Software Install mapping. y. and choose Product Support >
Guide (Server IT > FusionCloud >
Consolidation,al FusionSphere > FusionManager
l-in-one) > FusionManager
For telecom carrier users, visit
http://support.huawei.com and
choose Product Support >
Carrier IT > FusionCloud >
FusionSphere > FusionManager
Software
Before software installation, download all software packages listed in Table 3-13, and Table
3-14 to the same folder on a PC used for software installation.
NOTE
l The software versions vary with the products you use. Obtain the software of the correct version
based on the version mapping table.
l Before software installation, also download the software verification file, which has the same file
name as the software package and has the file name extension asc.
l For details about how to verify the software package, see Verifying Software Packages.
VR FusionCompute Man
M version_VRM.zip dato
inst ry.
allat
ion
soft
war
e
Fusion Fusi You should download it Man For enterprise users, visit
Manag on according to the version dato http://support.huawei.com/
er Man mapping: ry. enterprise and choose IT >
ager l FusionManager FusionCloud >
inst V100R003C10SPCxxx_GMN FusionSphere >
allat _FS.zip FusionManager.
ion For telecom carrier users,
soft l FusionManager visit http://
war V100R005C00SPC100_SV.zi support.huawei.com and
e p choose Software > Carrier
IT > FusionCloud >
FusionSphere >
FusionManager
Windo OS 2008 R2 OS files and patch Man For enterprise users, visit
ws files l Windows2008R2SP1_EN.part dator http://support.huawei.com/
Server : 1.rar y. enterprise and choose
OS Downloads > IT >
l Windows2008R2SP1_EN.part FusionCloud >
2.rar FusionAccess >
l Patch: KB2577795 FusionAccess Tool >
NOTE V100R005C30SPCxxx
l If Windows Server 2012 R2 is For telecom carrier users,
used, the OS files and patch visit http://
must be prepared by the support.huawei.com and
customer.
choose Software > Carrier
l For infrastructure VMs running IT > FusionCloud >
Windows Server 2012 R2, OS FusionAccess >
security must be ensured by the
customer.
FusionAccess Tool >
FusionAccess Tool
V100R005C30SPCxxx
Patch: http://
support.microsoft.com/kb/
2577795
NOTE
l The Windows Server 2008
R2 OS provides a trial
period of 30 days.
l The Windows Server 2012
R2 OS provides a trial
period of 180 days.
l Obtain the product license
of Windows Server 2008
R2 from legal sources.
Typical Networking
In the FusionCloud Desktop solution, network devices include switches and switch modules.
The network is divided into network planes based on service requirements. Each network
plane can consist of one or multiple virtual local area networks (VLANs). Figure 3-1 shows
the connections between hosts (servers), storage devices, and switches in a typical desktop
cloud scenario.
Controller A
NIC 2 Access management NIC Storage
Host switch device
NIC 3 Controller B
management NIC
NIC 4
BMC Storage
network port
… interface
l For details about the desktop cloud typical networking and configuration examples, see the Huawei
FusionCloud Typical Networking Assistant.
l To ensure network security, you are advised to deploy a firewall between the TC and the vAG to
isolate the TC from the management and service planes.
l The FusionAccess system provides login service ports. If the FusionAccess system is deployed in an
untrusted network, the FusionAccess system is vulnerable to DoS or DDoS attacks. Therefore, you
are advised to deploy the FusionAccess system on the customer's private network or install
professional anti-DoS or anti-DDoS devices to protect the FusionAccess system against DoS or
DDoS attacks.
BMC plane This plane enables remote access to The management plane of the
the BMC on servers. Virtual Resource
Management (VRM) nodes
interworks with the BMC
plane.
Management and The management plane and service The VRM nodes
service plane plane are physically deployed together communicate with switches
but logically separated by VLAN. The and storage devices through
following IP addresses must be the management plane.
configured for the management and The VRM nodes
service plane: communicate with Computing
l Configure the following Node Agents (CNAs) through
management plane IP addresses in the management plane.
the same VLAN:
– Management IP addresses of all
hosts, that is, IP addresses of
the management network ports
on hosts
– IP addresses of the VMs on
which FusionCompute VRM
and FusionManager are
deployed
– IP addresses of storage device
controllers
– IP address of the management
plane of infrastructure VMs
l The following service plane IP
addresses can be configured in the
same VLAN or different VLANs
based on service requirements:
– Service plane IP addresses of
infrastructure VMs
– Service plane IP addresses of
user VMs
Storage plane The hosts communicate with the The hosts communicate with
storage units on storage devices storage devices through the
through the storage plane. The storage plane.
following IP addresses must be
configured:
l Storage IP addresses of hosts, that
is, IP addresses of the storage
network ports on hosts
l IP addresses of storage devices
Configuration Process
Figure 3-2 shows the typical configuration process for storage devices.
Start
End
NOTE
For details about the desktop cloud typical networking and configuration examples, see the Huawei
FusionCloud Typical Networking Assistant.
Configuration Procedure
1. Check the storage device version.
Log in to each storage device through the serial port and check the system version
against the version mapping information.
If the storage device version is incorrect, obtain the software package and upgrade guide
based on the version mapping information and upgrade the system.
2. Set IP addresses for the management network ports.
Configure IP addresses for the management ports on storage devices based on the
network plan and allocate the ports to the management plane.
3. Configure the iSCSI host port.
Allocate all iSCSI host ports on storage device controllers A and B to the storage plane
to ensure data transmission between storage devices and servers.
4. Create storage resources, include hot spare disks, redundant array of independent disks
(RAID) groups, logical unit numbers (LUNs), host groups, and hosts. After creating
LUNs and hosts, configure the mapping between the LUNs and hosts.
A set of S5500T storage device has one controller enclosure and two disk enclosures,
which provide a maximum of 72 hard disks. Use hard disks of the same specifications in
each enclosure and the same RAID mode for the three enclosures. The RAID mode
varies depending on the hard disk type:
– SAS: RAID 5 or RAID 10
– SATA: RAID 6 or RAID 10
Table 3-16 describes the recommended RAID modes for a disk enclosure.
RAID 5 1 11 2
2 11
RAID 6 1 11 2
2 11
RAID 10 1 10 2
2 12
NOTE
RAID 5 is recommended for larger storage space. RAID 10 is recommended for higher Input/
Output Operations Per Second (IOPS).
5. Configure time synchronization.
Configure storage devices to synchronize time with FusionManager. For details, see the
related storage device document.
3.3.3 Servers
Server Configuration Process
Figure 3-3 shows the server configuration process.
Start
Configure management
modules.
Configure time
synchronization information.
End
NOTE
For details about the desktop cloud typical networking and configuration examples, see the Huawei
FusionCloud Typical Networking Assistant.
Configuration Requirements
1. Configure the baseboard management controller (BMC).
Log in to the BMC interface over the serial port and configure the management IP
address and system time for the BMC.
If two BMCs are deployed in active/standby mode, configure the management IP address
and system time for each BMC and configure a floating IP address for the active BMC.
2. Check the servers.
Log in to the servers through the BMC and check the server version information and the
number and status of hard disks.
If the server firmware version is incorrect, obtain the correct software package and
upgrade guide based on the version mapping table and upgrade the software.
3. Configure the redundant array of independent disks (RAID) and basic input/output
system (BIOS) for servers.
Table 3-17 describes the configuration requirements for the RAID and BIOS (boot mode
and PXE) of servers.
Configuration Requirements
RAID Create a RAID 1 group using two hard disks on each server for
installing the OS and service software. The RAID configuration
improves system reliability.
Configuration Requirements
PXE Enable the PXE function for the first network interface card
(NIC) for installing the OS and service software. Disable PXE
for other NICs.
Hardware Configuration.
Configure hardware devices based on the desktop cloud hardware requirements.The desktop
cloud hardware requirements are as follows:
l Network Devices
l Storage Devices
l Servers
To complete the steps as show in Table 4-1 and the Table 4-2 show the installation
requirements. For details, see Installation and Configuration > Software Installation in the
FusionCompute V100R005C00 Software Installation Guide.
Installing Mandatory.
Hosts To complete the hosts OS installation and configuration.
Installing Mandatory.
VRM To complete the VRM VMs installation and configuration.
nodes
Configu Description
ration
VRM Deploy the active and standby VRMs on different VMs. Local storage is
nodes recommended. The VM specifications are as follows:
l 2 VCPUs and 3 GB memory if the VRM node serves 200 VMs and 20
PMs.
l 4 VCPUs and 5 GB memory if the VRM node serves 1000 VMs and 50
PMs.
l 12 VCPUs and 8 GB memory if the VRM node serves 3000 VMs and 100
PMs.
l 12 VCPUs and 16 GB memory if the VRM node serves 5000 VMs and 200
PMs.
Domain The Domain 0 specifications of the management, and user clusters, and
0 gateway clusters vary with the number of VMs on a host:
specificat l max_vcpus and reserve_vcpus: 6VCPU
ions
(Standard l mem(MB): 5120 MB
Desktop) l mem_for_icache(MB)
– Common VM: Default 0
– Linked clones: 12288
Configu Description
ration
l If disks (SAS, SATA, and SSD) are used as the main storage, the memory
specification is 12 + N x Number of data disks on the host + (SSD cache
size of the host x 8)/1024.
The cache unit of SSD (including SSD card and SSD disk) is GB. The
value of the parameter N varies depending on the disk capacity:
– Using IB network:
– Disk capacity ≤ 2 TB: N = 2.4
– 2 TB < disk capacity ≤ 4 TB: N = 3.4
– Using 10GE network:
– Disk capacity ≤ 2 TB: N = 2
– 2 TB < disk capacity ≤ 4 TB: N = 3
For example, using IB network, the host Host1 uses one 2.4-TB SSD card
for cache and four 2-TB SATA disks as data disks. In this case, the CVM
memory of this host must be set to 40.8 GB (12 + 2.4 x 4 + (2.4 x 1024 x
8)/1024 = 40.8 GB).
l If SSD cards are used as the main storage, the memory specification is 14.5
+ 3.5 x Number of SSD cards x (SSD card capacity/400 GB).
For example, SSD card capacity is 2.4 TB. Then, the value of (SSD card
capacity/400 GB) is 6.
NOTE
In the preceding formula, the total memory of MDC process, VBS process, and OS is
integrated.
l The memory used by the MDC processes is 5 GB.
l When disks are used as the main storage, the memory used by the VBS processes is 4
GB. When SSD cards are used as the main storage, the memory used by the VBS
processes is 6.5 GB.
l The memory used by the OS is 3 GB.
For example, when SSD cards are used as the main storage, the total memory used by
MDC process, VBS process, and OS is 5 GB + 6.5 GB + 3 GB = 14.5 GB.
mem_for_icache (MB): 0
Initial Configuration
For details, see Installation and Configuration > Initial Configuration in the
FusionCompute Software Installation Guide.
Loading Mandatory.
a License NOTICE
File If FusionAccess works with FusionCompute V100R005C00 and later versions, you do
not need to load licenses.
Creating Mandatory.
Clusters If Solution 2 is used to deploy the access gateway and load balancing
on a Site components and the number of users is 500 to 1000, and 1000 to 2200, create a
gateway cluster and add two CNAs to the cluster for deploying the vAG/vLB
VMs and vAG VMs.
NOTICE
To use the full memory virtual desktop feature, you need to create an independent cluster.
Adding Mandatory.
Hosts to
Clusters
Adding Mandatory.
Data When adding data stores for a FusionAccess infrastructure VM, set Storage
Stores to mode to Non-virtualization.
Hosts
NOTICE
To use the full memory virtual desktop feature, you need to add the data store whose type
is Local RAM Disk.
Adding Mandatory.
Virtual
Network
Resource
s to a
Site
Configuri Optional.
ng the Configure the DNS server only when the NTP server of FusionCompute adopts
DNS the domain name mode.
Server
Configuri Mandatory.
ng a
Backup
Server
Configuri Mandatory.
ng the l If a Network Time Protocol (NTP) server is available on site, use the NTP
NTP server.
Clock
Source l If no NTP server is available on site, FusionCompute synchronizes time
and Time with the VRM hosts.
Zone NOTICE
NTP must be configured; otherwise, services may be affected.
Configu Description
ration
Configur Optional.
e a local Configure a local memory disk only when the full memory virtual desktop
memory feature.
disk (full
memory During the configuration, refer to FusionCompute Storage Management Guide
virtual to complete the following operations:
desktop) l Enabling the Local RAM Disk Function
l Creating Local RAM Disks on a Host
NOTE
When creating a local RAM disk, set the following parameters according to the
calculation results in Domain 0 specifications (full memory virtual desktop) in
Table 4-2:
l Memory size (GB)
l Device size (GB)
l Disks
NTP l If an NTP server is available, use the NTP server as the FusionManager
server NTP server.
l If no NTP server is available, configure the host where the active VRM is
located as FusionManager NTP server.
NOTE
l When logging in to the FusionManager portal using a browser for the first time, configure the
browser by following the operations described in Setting Internet Explorer.
l When logging in to the FusionCompute portal using a browser for the first time, configure the
browser based on the browser type. For details, see Setting Internet Explorer Browser or Setting
Mozilla Firefox Browser.
Configu Description
ration
mem_for_icache(MB): 0
Install FusionManager.
Install FusionManager: for details, see Installation and Commissioning > Software
Installation > Installing FusionManager in FusionCube Product Documentation-
(V100R002C02_02,Cloud Platform).
Install FusionStorage.
Install FusionStorage: for details, see Installation and Commissioning > Software
Installation > Installing FusionStorage in FusionCube Product Documentation-
(V100R002C02_02,Cloud Platform).
5. Generate or Import a
4. Perform initial configuration.
Certificate.
Prerequisites
Conditions
FusionCompute has been installed.
NOTE
The following procedure uses FusionCompute V100R005C00 as an example. For the procedures of
other versions, see the notes in related steps.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Create port groups.
1 Log in to FusionCompute.
NOTE
– Port group for the management plane NICs of the FusionAccess infrastructure VMs: During
virtual platform establishment, ManagementDVS and a port group with VLAN ID 0 are
automatically created. This port group can be used as the port group for the management plane
NICs of the FusionAccess infrastructure VMs.
– Port group for the service plane NICs of the FusionAccess infrastructure VMs: If the service
plane and the management plane belong to the same network segment, you are advised to
create a port group for the service plane NICs on the ManagementDVS. If the management
plane and service plane belong to different network segment, create a port group for the
service plane NICs on the service distributed switch.
– ManagementDVS as a example in the following step.
2 On the FusionCompute portal, choose Network Pool > Network Pool >
ManagementDVS, click VLAN Pool, delete the default VLAN pool, click Add VLAN
Pool, and add VLAN pools as planned.
3 Click Create Port Group to create the Port group for the service plane NICs of the
infrastructure VMs.
Configure aggregation switches.
NOTE
The configuration commands use an S5700 switch as an example. To configure a different model of
aggregation switch, see the user manual of the switch you use
For example, if the VLAN ID used by the infrastructure VM service plane is 181, the
service plane gateway address is 192.168.181.1, and the subnet mask is 255.255.255.0,
run the following commands:
[Quidway] interface vlanif 181
[Quidway-Vlanif181] ip address 192.168.181.1 255.255.255.0
6 Enable the port group to forward the packets containing the specified VLAN ID.
[Quidway] interface GigabitEthernet0/0/x
[Quidway-GigabitEthernet0/0/x] port hybrid tagged vlan-id mask
For example, to enable port 0/0/1 on the switch to forward packets containing VLAN
181, run the following commands:
[Quidway] interface GigabitEthernet0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid tagged vlan 181
----End
GaussDB/H Two l First VM: Deploy the GaussDB, WI, HDC, and
DC/WI/ License components.
License l Second VM: Deploy the GaussDB, WI, and HDC
components.
l The two VMs must be deployed on different CNAs.
(Optional) l 3 VMs for 500 If VM Deployment with HDP Passing Through the
vAG to 1000 users Gateway is used and the number of users ranges from
l E6 VMs for 500 to 2200, additional vAG VMs need to be deployed
1000 to 2200 to ensure system reliability.
users l If the number of users ranges from 500 to 1000, use
one CNA as the gateway cluster, and create 3 VM
to deploy the vAG. The vAG VM specifications are
4 vCPUs and 4 GB memory.
l If the number of users ranges from 1000 to 2200,
create 6 VM on 2 CNA gateway cluster nodes
respectively to deploy vAGs. The vAG VM
specifications are 4 vCPUs and 4 GB memory.
(Optional) l Two UNS Deploy this component when users need to use a
UNS VMs for users unified domain name to access VMs that have different
less than WI domain names. For details, see UNS Deployment
20000 Scheme.
l Three UNS
VMs for
20000 to
40000 users
l Add one UNS
VM each time
when the
number of
users increases
by 20000.
Scenarios
Create and install the Linux OS Infrastructure VM. During the installation process.
Prerequisites
Conditions
You have logged into the FusionCompute.
Data
For details about key data and parameters, see the description given in specific procedures.
Software
FusionAccess_Installer_Linux_V100R005C30SPCxxx.iso
Procedure
1 On the FusionCompute portal, choose VM and Template and click Create VM.
2 Select Host.
Active and standby VMs are created on different CNAs in the management cluster. The
active node is created on the first CNA, and the standby node is created on the second
CNA, as shown in Figure 6-2.
3 Use default settings for other parameters, and click Next. Retain default parameter
settings. Open the Properties page and create a VM as promoted.
Table 6-2 lists the parameter setting requirements.
Locati – Active and standby VMs are created on different CNAs in the
on ManagementCluster cluster. The active node is created on the first
CNA, and the standby node is created on the second CNA.
– The different vAGs are created on different CNAs in the gateway cluster.
– The AUS VM is created on one CNA node in the management cluster.
QoS CPU Resource Control Quotaelect Customize from Quota and set the
setting quota to the maximum value 128000. This setting guarantees CPU resources
s for the management node VMs on a CNA in resource contention.
Scenarios
Configure the Linux OS Infrastructure VM. after the installation process.
l Set the active and standby VMs to be mutually exclusive.
l Enable automatic recovery for infrastructure VMs.
l Install the OS.
l Install the PV driver.
Prerequisites
Conditions
This operation has no special requirement.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Set the active and standby VMs to be mutually exclusive.
NOTE
Set the GaussDB/HDC/WI/License and GaussDB/HDC/WI VMs to be mutually exclusive, and the
active and standby vAG/vLB VMs to be mutually exclusive.
VMs, select the active and standby servers, and click to move the servers to
Selected VMs.
NOTE
Mutually exclusive VMs: The listed VMs must run on different hosts, and one VM can be added to only
one mutually exclusive rule.
8 Click OK as prompted to add the rule.
Enable automatic recovery for infrastructure VMs.
NOTE
Storage network exceptions may cause VM automatic restoration failure. Perform this operation to ensure
system reliability.
9 User PuTTY to log in to the active VRM. Ensure that the VRM management IP address
and username gandalf are used to establish the connection. The default password is
Huawei@CLOUD8.
10 Run the following command to switch the root user. The default password is
Huawei@CLOUD8!.
su - root
11 Run the following command to disable logout on timeout.
TMOUT=0
12 Run the following commands for each infrastructure VM.
sh /opt/galax/vrm/tomcat/script/modifyRecover.sh vmId true
vmId is the ID of the VM.
You can get the vmId on the FusionCompute page, as show in Figure 6-3.
Figure 6-3 VM ID
NOTE
– To configure the management plane IP address, select eth1: not configured and configure the
management plane IP address.
– You must configure the management plane IP address for the VMs on which the vAG component is
deployed.
21 In the Network Configuration window, configure the gateway information for the
service plane and save the settings.
22 In the navigation tree, select Hostname and press Enter. In the Hostname
Configuration window, set the VM name and save the settings.
23 In the navigation tree, choose Timezone and press Enter. In the Time Zone Selection
window, change the time zone and time, and save the settings.
NOTE
If the operating system installation is complete, modify the time zone, please refer to Changing the
Time Zone of Linux Infrastructure VMs.
24 In the navigation tree, choose Password and press Enter. In the Root Password
Configuration screen, enter the root and save the settings.
25 Press F12. In the confirmation dialog box, press Enter twice.
The Package Installation screen is displayed. The system starts installing the Linux OS.
NOTE
The installation takes about 10 minutes.
26 After the OS is successfully installed, the VM automatically restarts. In the
disconnection dialog box, click Yes. On the Welcome to UVP! screen, choose Boot
from local disk and press Enter.
NOTE
During the VM restart process, if Failed is displayed for certain items, ignore these items and
continue with subsequent operations. These items do not affect the normal use of the VM.
27 Unmount the OS ISO file from the VM.
Install the PV driver.
NOTE
If FusionAccess connects to FusionSphere V100R005C00SPC30X or FusionSphere
V100R003C10SPC60X, install the matched FusionSphere SIA software (used to upgrade the PV
Driver) after installing FusionSphere. Otherwise, the PV Driver may fail to be installed. For detailed
operations, see Upgrading the PV Driver.
28 On the FusionCompute portal, locate the row that contains the VM to be operated,
choose More > Mount Tools, and click OK twice.
29 Log in to the VM which the Linux OS is installed as the root user.
30 Move the cursor to PV Driver in the navigation tree, press Enter to install the PV driver
as prompted.
31 When "PV Driver Installed successfully." is displayed, press F8 to restart the VM.
----End
Scenarios
Deploy the GaussDB, HDC, WI, and License components on a VM, and configure the
components.
Prerequisites
Conditions
Linux VMs have been created and configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Install components.
1 Log in to the active GaussDB/HDC/WI/License server using VNC as user root.
2 Enter startTools.
The FusionAccess screen is displayed, as shown in Figure 6-5.
NOTE
– If it is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
– You can press ↑ and ↓ to move the cursor up and down.
3 Select Software, run INSTALL ALL, and perform operations as prompted.
The installation is successful if the following information is displayed:
GaussDB installed successfully.HDC installed successfully.WI installed
successfully.LICENSE installed successfully.
NOTE
– During the GaussDB installation process, two GaussDB administrator accounts and an HDC
database instance account are created automatically. The usernames of the GaussDB administrator
accounts are gaussdba and fauser, and the default password is Huawei@123. The username of the
HDC database instance account is hdcdbuser, and the default password is Huawei@123. The
usernames cannot be changed. For details about how to change the passwords, see Changing the
Password of the DB Administrator Account.
– Change the database user password only after the standby GaussDB server is set up and the
communication channel between the active and standby GaussDB servers is created successfully.
By default, all the infrastructure VMs that run Linux have the HA component installed during
OS installation. After the GaussDB/HDC/WI/License/vAG/vLB components are installed on
a VM, the HA component monitors the GaussDB/HDC/WI/License/vAG/vLB services
running on the VM. When detecting a fault on a service, the HA component restarts the
service to ensure proper operation.
To ensure stable running of the database system, enable active/standby switchovers for the
HA component on the VMs deployed with the GaussDB component. When the active VM is
faulty, the standby VM takes over services, ensuring uninterrupted service processing.
4 In the navigation tree, choose GaussDB > Configure GaussDB > Configure HA and
set the following parameters:
– Local HA IP address: Enter the service plane IP address of the VM.
– Peer HA IP address: Enter the service plane IP address of the other VM in active/
standby relationship with the VM.
– Gateway: Enter the service plane Gateway IP address of the VM.
The HA information is configured successfully if "HA configured successfully" is
displayed.
5 In the navigation tree, choose GaussDB > Configure GaussDB > Configure Float IP
address and set the following parameters:
– Float IP address: Enter the floating IP address of the VM.
– Subnet mask: Enter the Subnet mask of the VM.
The floating IP address is configured successfully if "Float IP address configured
successfully" is displayed.
Install the standby GaussDB/HDC/WI server.
6 Repeat 2 to 5 to install the components on another VM and configure GaussDB
information.
----End
Scenarios
The gateway and loading balancer functions are as follows:
l Load balancer
The load balancing function can be implemented by the vLB or SVN. Load balancers are
used to allocate users' HTTP(S) requests to different WIs. In addition, load balancer can
automatically perform health check for the WIs to ensure that user requests can be
allocated to available WIs.
l Gateway
The gateway function can be implemented by the vAG or SVN. The gateway is used for
service access over Huawei Desktop Protocol (HDP) and self-help maintenance access.
In addition, the gateway encrypts client access to enhance the system security.
NOTICE
If the gateway is not configured, user data is not encrypted and leakage risks exist.
The vAG and components are deployed on VMs, while the SVN component is deployed on a
specified hardware server. Select a deployment scheme based on user types:
l For the deployment scheme used when enterprise internal users are involved, see Table
6-3.
l For the deployment scheme used when Internet users are involved, see Deployment
Solutions for Internet User Access.
Scenario 2: VM deployment is vAG/v l When the number of users is less than 500,
adopted and HDP passes LB deploy two vAG/vLB VMs in the
through the gateway. vAG management cluster.
l When the number of users ranges from 500
to 1000, deploy a gateway cluster, add one
CNA to the gateway cluster, and create
three VMs to deploy the vAG components.
The vAG VM specifications are 4 vCPUs
and 4 GB memory.
l When the number of users ranges from
1000 to 2200, deploy a gateway cluster, add
two CNAs to the gateway cluster, create six
VMs to deploy the vAG components, and
create two vAG VMs in the management
cluster. The vAG VM specifications are 4
vCPUs and 4 GB memory.
l When the number of users is more than
2200, contact Huawei technical support to
provide a deployment scheme.
For details about the specific solutions, see Deployment Schemes of Gateway and Loading
Balancing Components.
This topic describes only the VM deployment. The installation procedures of all the vAG/vLB
VMs are the same. The NIC configuration requirements are as follows:
l If the VM service plane can communicate with the TC plane, configure two NICs for
each vAG/vLB VM. One NIC is used to communicate with the service plane, and the
other NIC is used to communicate with the management plane.
l If the VM service plane cannot communicate with the TC plane, configure three NICs
for each vAG/vLB VM. In addition to the service plan and management plane NICs, add
one NIC for communication with the TC plane. The configuration of the third NIC is as
follows:
NOTE
The vLB and WI components cannot be deployed on the same VM.
Prerequisites
Conditions
Linux VMs have been created and configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Install the vAG component.
1 Log in to the first vAG/vLB server using VNC as user root.
2 Enter startTools.
The FusionAccess screen is displayed.
NOTE
You can press ↑ and ↓ to move the cursor up and down.
3 Choose Software > vAG[Option], and press Enter.
4 On the Select an Option screen, choose Install vAG and press Enter.
The system displays "Are you sure you want to install vAG?"
5 Press Enter.
The vAG component is successfully installed if "vAG installed successfully" is
displayed.
6 Press Enter.
Install the vLB component.
NOTE
After installing the vLB, you must also configure the mapping between the user login domain name and the
vLB floating IP address, which will be performed in 6 in Configuring DNS Policies.
7 Press ESC to return to the upper level directory. Choose Software > vLB[Option], and
press Enter.
8 On the Select an Option screen, select Install vLB and press Enter.
The system displays "Are you sure you want to install vLB?"
9 Press Enter.
The vLB component is successfully installed if "vLB installed successfully" is displayed.
10 Press Enter.
Configure IP addresses for the WI/UNS servers.
11 In the navigation tree, choose vLB[Option] > Configure vLB > Configure WI/UNS.
12 On the displayed screen, enter the service plane IP address of the WI/UNS server.
– For enterprise internal user access, enter the WI/UNS server IP address for
enterprise internal user access.
– For Internet user access, enter the WI/UNS server IP address for Internet user
access.
NOTE
If only one WI/UNS server is planned, enter the service plane IP address of this WI/UNS server.
13 Press Enter. If the message WI/UNS IP address configured Successfully. is displayed,
the IP address is configured successfully. Press Enter.
Configure the HA component and floating IP address.
14 In the navigation tree, choose vLB[Option] > Configure vLB > Configure HA and set
the following parameters:
– Local HA IP address: Enter the service plane IP address of the VM.
– Peer HA IP address: Enter the service plane IP address of the other VM in active/
standby relationship with the VM.
– Gateway: Enter the service plane Gateway IP address of the VM.
The HA information is configured successfully if "HA configured successfully" is
displayed.
15 In the navigation tree, choose vLB[Option] > Configure vLB > Configure Float IP
address and set the following parameters:
– Float IP address: Enter the floating IP address of the VM.
– Subnet mask: Enter the Subnet mask of the VM.
The floating IP address is configured successfully if "Float IP address configured
successfully" is displayed.
Install the second vAG/vLB server.
16 Log in to the second vAG/vLB server using VNC.
17 Install the second vAG/vLB server. For details, see 2 to 15.
(Optional) Modify the vAG/vLB configuration.
18 Modify the value of sslv3enable in the file /opt/VNCGate/config/vnc.conf.
NOTE
This configuration item is used in vAG. SSLV3 is enabled by default to ensure compatibility. To
improve security, disable SSLV3.
– sslv3eanble=1: enables SSLV3 to ensure compatibility.
– Sslv3enable=0: disables SSLV3 and use TLSV1.0 to ensure high security. The
version of the VNC client of user VMs should be the latest.
19 Run the following command to stop the vAG service:
/opt/VNCGate/ha/vncgate.sh stop
NOTE
The system HA can automatically enable the vAG service.
----End
Scenarios
Deploy the AUS component on a Linux VM.
Prerequisites
Conditions
Linux VMs have been created and configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
----End
Scenarios
On the FusionCompute portal, create a VM, install the windows OS, configure the VM, and
convert the VM into a template. The template can be used to create infrastructure VMs.
Prerequisites
Conditions
FusionCompute has been installed.
Data
For details about key data and parameters, see the description given in specific procedures.
Software
l Windows2008R2SP1_EN.part1.rar
l Windows2008R2SP1_EN.part2.rar
NOTE
You can decompress any of the two software packages to obtain the OS ISO file
Windows2008R2SP1.iso.
Procedure
Create a bare VM.
1 Log in to FusionCompute.
2 On the FusionCompute page and choose VM and Template, and click Create VM.
3 Choose Cluster > ManagementCluster, as show as Figure 6-6.
4 Retain the default values for other parameters click Next. Set key parameters on the
Properties page as shown in Figure 6-7 and click Next.
7 Choose VM and Template > VM. On the row of the newly created bare VM, choose
More > Log in using VNC.
Install the OS.
8 On the VNC login page, click , mount the ISO file Windows2008R2SP1.iso to the
VM, select Restart the VM now to install the OS, and click Confirm.
9 After the VM restarts, install the Windows OS as prompted
Select Windows Server 2008 R2 Standard (full Installation) for Operating system, as
shown in Figure 6-8.
NOTE
To open the Local Group Policy Editor window, enter gpedit.msc in the Search programs and
files text box and press Enter.
17 In the navigation tree, choose Standard Profile. In the right pane, set Windows
Firewall: Protect all network connections to Disable, as shown in Figure 6-12.
29 Choose Features in the navigation tree and click Add Features in the right pane. In
Select Features, select .NET Framework 3.5.1 Features. In the dialog box that is
displayed, click Add Required Role Services.
30 Retain the default settings and complete the software installation as prompted.
31 Close the Server Manager window.
Encapsulate a VM template.
32 Switch to C:\Windows\System32\sysprep, double-click sysprep.exe.
33 Set the following parameters as prompted:
– System Cleanup Action: Enter System Out-of-Box Experience(OOBE)
– selectGeneralize
– Shutdown Options: Shutdown
as shown in Figure 6-14.
34 Click OK.
The system displays "Sysprep is working..." after the template encapsulation is complete,
the VM automatically shuts down.
NOTE
You can convert a VM to a template when "The VM is shutdown." is displayed.
----End
Scenarios
Create Windows infrastructure VMs.
Prerequisites
Conditions
An infrastructure VM template has been created.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
1 On the FusionCompute portal, choose VM and Template, and click the Template and
Specifications tab. On the row of the VM template, click More and select Deploy VM
Using Template.
2 Select Host, and use default settings for other parameters.
Active and standby VMs are created on different CNAs in the management cluster. The
active node is created on the first CNA, and the standby node is created on the second
CNA, as shown in Figure 6-15.
3 Use default settings for other parameters, and click Next. On the Properties page, retain
the default settings. Table 6-5 shows the standard configuration requirements of
properties
4 Retain the default values for other parameters, and create the active AD/DNS/DHCP
infrastructure VM as prompted.
NOTE
– Select data stores from different RAID groups for the VMs in active/standby mode.
– Select only one NIC. After VMs are created, add the management plane NICs according to this
document.
5 Click Create Another and create the following infrastructure VMs one by one:
– Standby AD/DNS/DHCP VM
– Active and standby ITA VMs
– Loggetter/TCM VM
----End
Scenarios
Create Windows infrastructure VMs and perform the following operations on the VMs:
l Set the active and standby VMs to be mutually exclusive.
l Enable automatic recovery for infrastructure VMs.
l Add user disks.
l Add NICs.
l Set the time for VMs.
l Configure IP addresses for VMs.
Prerequisites
Conditions
An infrastructure VM template has been created.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Set the active and standby VMs to be mutually exclusive.
7 Specify the rule name, and set Type to Keep VMs mutually exclusive. In Available
VMs, select the active and standby servers, and click to move the servers to
Selected VMs.
NOTE
Mutually exclusive VMs: The listed VMs must run on different hosts, and one VM can be added to only
one mutually exclusive rule.
8 Click OK as prompted to add the rule.
Enable automatic recovery for infrastructure VMs.
NOTE
Storage network exceptions may cause VM automatic restoration failure. Perform this operation to ensure
system reliability.
9 User PuTTY to log in to the active VRM. Ensure that the VRM management IP address
and username gandalf are used to establish the connection. The default password is
Huawei@CLOUD8.
10 Run the following command to switch the root user. The default password is
Huawei@CLOUD8!.
su - root
11 Run the following command to disable logout on timeout.
TMOUT=0
12 Run the following commands for each infrastructure VM.
sh /opt/galax/vrm/tomcat/script/modifyRecover.sh vmId true
vmId is the ID of the VM.
You can get the vmId on the FusionCompute page, as show in Figure 6-16.
Figure 6-16 VM ID
VM. After the VM status changes to Stopped locate the row that contains the VM and
choose More > Start to start the VM.
15 Repeat 14 to shut down and start other infrastructure VMs.
Set the VMs.
16 Log in to all the infrastructure VMs using VNC. Set the region, time, and keyboard,
change the Administrator password, and start the VM.
Add user disks.
17 On the FusionCompute portal, choose Storage Management. In the navigation tree,
choose Data store > Storage name.
NOTE
Select non-virtualized data storage resources in Data store.
18 Right-click and choose Create Disk.
The recommended key parameter values are as follows:
– Name: Enter the data disk name.
– Capacity (GB): Set it to 20 for the AD/DNS/DHCP VM and 50 for the
Loggetter/TCM/AntiVirus/Patch VM.
19 Retain the default values for other parameters, and click OK twice.
20 On the Disks tab page, locate the row that contains the disk to be attached, and select
Attach Disk from the OperationMore area.
21 Select the target VM and click OK twice to attach the disk.
22 On the VM, choose Start, enter compmgmt.msc in the Search Programs and Files text
box, and press Enter.
23 Choose Storage > Disk Management and initialize the disks as prompted.
Select MBR for disk partition.
24 Right-click Unallocated, choose New Simple Volume from the shortcut menu, and
format the disks as prompted.
Add NICs.
During the creation of a VM, only a service plane NIC is created for the VM. In addition to
the service plane NIC, an ITA VM requires a management plane NIC. If an AD/DNS/DHCP
VM needs to synchronize time with the CNA where the VRM locates, the AD/DNS/DHCP
VM also requires a management plane NIC. See Table 6-6.
Active and standby AD/DNS/DHCP VMs Add one management plane NIC for each of
the active and standby AD/DNS/DHCP
VMs only if the AD needs to synchronize
time with the CNA on which the VRM is
located.
Active and standby ITA VMs Add one management plane NID for each
VM.
– If your Windows OS does not support DST, obtain TZEDIT.exe from http://
download.microsoft.com/download/5/8/a/
58a208b7-7dc7-4bc7-8357-28e29cdac52f/TZEDIT.exe and set the DST as
prompted.
Configure IP addresses for infrastructure VMs.
NOTE
l If the infrastructure VM is configured with only one NIC, configure NIC IP addresses only for the
service plane.
l If the infrastructure VM is configured with two NICs, configure NIC IP addresses for both the
service and management planes.
----End
Scenarios
Perform this task when you need to deploy AD/DNS/DHCP servers.
Install the active directory (AD) and domain name system (DNS) services on a Windows
infrastructure VM. The AD and DNS services can be installed at the same time. To ensure
system reliability, you are advised to configure two domain controllers in active/standby mode
to perform domain account management for the infrastructure domain and two DNS servers in
active/standby mode to perform domain name resolution for devices in the infrastructure
domain.
NOTE
If the domain name cannot be pinged when the DNS is installed independently, restart the Netlogon service in
the Server Manager window.
Table 6-7 lists the operations to be performed. Note that some operations performed on the
active and standby servers are different.
4. (Optional) √ √ No difference
Configure DNS
forwarding.
5. Configure the √ × -
DNS reverse lookup
function.
7. Enable remote √ × -
assistance.
√ indicates that the operation needs to be performed. × indicates that the operation does not
need to be performed.
Prerequisites
Conditions
The infrastructure VMs have been configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Change the AD/DNS server name on the active VM.
1 Log in to the infrastructure VM for deploying the AD and DNS services using VNC as
the administrator.
2 Choose Start, enter sysdm.cpl in the Search programs and files text box, and press
Enter. In the System Properties dialog box, click Change.
3 Enter the VM name in Computer name based on the data plan, and restart the VM.
4 Log in to the infrastructure VM using the administrator account.
Add the server role.
12 In the Set Domain Functional Level window, select Windows Server 2008 and click
Next.
13 In the Additional Domain Controller Options window, select DNS server and click
Next.
A confirmation dialog box is displayed, as shown in Figure 6-19.
In the Directory Services Restore Mode (DRSM), only the DSRM administrator account can be
used to log in to the system.
16 Log in to the AD server using an administrator account.
The administrator account format is Infrastructure domain name\Administrator, for
example vdesktop\Administrator.
Configure the DNS reverse lookup function on the active AD/DNS server.
17 In the Server Manager windows, choose Server Manager > Roles > DNS Server >
DNS > Computer name. Right-click Reverse Lookup Zones, and choose New Zone
from the shortcut menu.
18 In the Zone Type window, select Primary zone and click Next.
19 In the Reverse Lookup Zone Name window, select IPv4 Reverse Lookup Zone and
click Next.
20 In Network ID, enter the IP address segment for reverse lookup and click Next.
The Dynamic Update window is displayed.
NOTE
The IP address segment for DNS reverse lookup is the service plane IP address segment of the
infrastructure VM, for example, 192.128.131.
21 Retain the default values and complete the DNS reverse lookup configuration as
prompted.
In the Server Manager window, the added domain is displayed under Reverse Lookup
Zones.
(Optional) Configure DNS forwarding.
Perform this step only when user VMs are used to access the Internet.
22 In the Server Manager windows, choose Server Manager > Roles > DNS Server >
DNS. Right-click server name and choose Properties.
23 On the Advanced tab page, deselect Disable recursion (also disable forwarders).
24 On the Forwarders tab page, click Edit, enter the IP address or domain name of an
external DNS server, and click OK.
NOTE
NOTE
After the AD and DNS services are installed on the active VM, ensure that the DNS address of the
server is set to the service plane IP addresses for the active and standby DNSs.
The operations to be performed on the standby VM are different from the operations
performed on the active VM. For details see Table 6-7.
33 Use the administrator account to log in to the infrastructure VM for deploying the
standby AD/DNS server.
34 Change the server name and add the server role. For details, see 2 to 7.
35 Choose Start, enter dcpromo.exe in the Search programs and files text box, and press
Enter.
The Active Directory Domain Services Installation Wizard window is displayed.
36 Go to the Choose a Deployment Configuration window as prompted, choose Existing
forest > Add a domain controller to an existing domain, and click Next.
37 In the Network Credentials window, enter the domain name of the active AD server, for
example, vdesktop.huawei.com in Type the name of any domain in the forest where
you plan to install this domain controller. Click Set, enter the administrator username
and password for the active AD server, click OK, and click Next.
38 In the Select a Domain window, select the AD domain name and click Next twice.
39 In the Additional Domain Controller Options window, select DNS server and Global
catalog, and click Next.
40 Click Yes. In Location for Database. Log Files. and SYSVOL window displayed,
retain the default settings and click Next.
41 In the Directory Services Restore Mode Administrator Password window, set DSRM
password. Ensure that the password is the same as that set on the active AD server.
Complete the installation and restart the VM.
42 Configure the winrm service on the standby VM. For details, see 25 to 26.
----End
Scenarios
Perform this task when you need to deploy Dynamic Host Configuration Protocol (DHCP)
servers. The DHCP servers allocate IP addresses for Windows infrastructure VMs and user
VMs.
Prerequisites
Conditions
The infrastructure VMs have been configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Configure the active DHCP server.
1 Log in to the VM for deploying the active DHCP server using VNC as the administrator.
6 Click Next. In the Specify IPv4 WINS Server Settings window, select WINS is not
required for applications on this network and click Next.
7 Click Add, set the DHCP scope parameters, select Activate this scope, and click OK.
Set the DHCP scope parameters as follows:
– Scope name: Enter the DHCP Scope name, for example, DHCP1.
– Starting IP address and Ending IP address: Enter the service plane Start and
end IP addresses, for example, 192.168.123.50 and 192.168.123.100.
– Subnet mask and Default gateway (optional): Enter Subnet mask and gateway
IP address of the address pool, for example, 255.255.255.0 and 192.168.123.1.
NOTE
– The DHCP server dynamically allocates IP addresses in the IP address pool to user VMs.
– When the DHCP server is deployed in active and standby mode, the DHCP split-scope
configuration is 8:2 by default. That is, only 80% of the IP addresses in the DHCP address
pool can be allocated for user VMs. Therefore, when planning the start and end IP addresses of
the scope, reserve more than 20% IP addresses to ensure that the DHCP server has sufficient
IP addresses.
8 Click Next. In the Config DHCPv6 Stateless Mode window, select Disable DHCPv6
Stateless Mode for this server and Next.
9 In the Authorize DHCP Server window, select Use current credentials and click Next.
10 Click Install.
The DHCP service is installed if the system displays "Installation succeeded".
11 Close the Add Roles Wizard window.
Install the DHCP service on the standby VM.
NOTE
Perform 12 to 21 when you need to deploy the standby DHCP server.
12 Log in to the VM for deploying the standby DHCP server using VNC as the
administrator.
13 Install the DHCP service on the VM.
NOTICE
Skip step 7 because the standby DHCP server does not require an IP address pool.
21 Right-click the functional domain, and choose Activate from the shortcut menu to
activate the IP address pool.
----End
Scenarios
Create login accounts and service domain accounts for Windows infrastructure VMs on the
active directory (AD) server.
NOTE
For details about domain accounts to be created and differences in high security mode such as account
separation, see FusionAccess Account Planning in High Security Mode.
Prerequisites
Conditions
The active and standby AD servers have been configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Create the infrastructure VM OU.
1 Log in to the active AD server using an administrator account.
2 Choose Start > Administrative Tools > Active Directory Users and Computers.
The Active Directory Users and Computers window is displayed.
3 In the navigation tree, right-click a domain name, and choose New > Organizational
Unit from the shortcut menu.
The New Object - Organizational Unit window is displayed.
4 Enter the name of the infrastructure VM OU to be created, for example, UserOU, and
click OK.
Create domain users.
NOTE
For details about operations performed using AD domain accounts, see the online help information of
the AD server.
5 Right-click Infrastructure VM OU, and choose New > User from the shortcut menu.
The New Object - User window is displayed, as shown in Figure 6-24.
6 Enter the domain account in First name and User logon name, and click Next.
NOTE
The domain account consists of digits, letters, spaces, and special characters, such as `~!#$%^&()-_{}.
7 Set the password for the domain account, deselect User must change password at next
logon, and click Next.
8 Click Finish.
9 Repeat 5 to 8 to create other domain accounts.
Configure domain administrator.
10 Right-click a domain account, for example, vdsadmin, and choose Properties from the
shortcut menu.
11 Click the Member Of tab and Add, specify Domain Admins, and click Check Names.
After the verification is successful, click OK.
12 Click OK in sequence to close the Properties dialog box.
13 Repeat 10 to 12 to add the domain account, for example, vdsadmin to the DHCP Users
groups.
(Optional) Configure rights.
NOTE
If the domain account provided by the customer is not a domain administrator account, assign permission
(such as creating and deleting computers or objects) to the infrastructure VM OU.
14 Right-click the OU of the VM, and choose Delegate Control from the shortcut menu.
The Delegation of Control Wizard dialog box is displayed.
15 Click Next. The Users or Groups window is displayed. Click Add.
The Select Users, Computers, Groups dialog box is displayed.
16 Add a domain account provided by the customer based on the VM type in the OU, and
click Check Names.
17 Click OK to complete the domain user addition, as shown in Figure 6-25.
18 Click Next.
The Tasks to Delegate window is displayed.
19 Select Create a custom task to delegate and click Next.
20 Select This folder, existing objects in this folder, and creation of new objects in this
folder and click Next.
21 Select Creation/deletion of specific child objects. In the Permissions area, select
Create Computer objects and Delete Computer objects, and click Next.
22 Click Finish.
----End
Scenarios
Install the backup tool and perform security hardening on the AD/DNS/DHCP servers.
Prerequisites
Conditions
The AD/DNS/DHCP servers have been installed.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Install the backup tool.
In a scenario that involves multiple forests and multiple domains, you must configure
communication between domains first before install the backup tool on the AD server of a
domain in which non-infrastructure VMs locate to ensure that the domain can communicate
with the domain of the Loggetter server.Configuring Communication Between Domains to see
F201_Multiple-domains > Configuration Process > Configuration in the Multiple-
Forests, Multiple-Domains Scenario > Configuring Communication Between Domains in
the Feature Guide.
1 Log in to the active AD/DNS/DHCP VM as the administrator.
2 Mount the FusionAccess software package
FusionAccess_Installer_Win_V100R005C30SPCxxx.iso to the Windows infrastructure
VM by using the CD/DVD-ROM drive.
3 Double-click the CD-ROM drive (autorun is executed by default) and click Backup
Tools in the Installation Wizard window.
4 Go to the Select run mode window as prompted, select Domain, and click Next.
5 Deselect ITA and click Next.
NOTE
In the Choose Components window, select the components based on requirements. This topic
describes how to install the backup tool for the components deployed on the same VM.
6 Set the backup parameters and click Next:
Set the following parameters:
– Backup path: Select the server data backup path. Create a folder on the user disk to
store the backup data, for example, E:\VDS_backup.
NOTE
If the backup tool is deployed on the AD/DNS/DHCP VM, the available space for the
backup folder must be larger than 15 GB.
– Shared domain user: Enter the planned domain account of logging in to the
Loggetter server, for example, vdesktop\vdsuser.
7 Select the destination folder, click Install, and complete the installation as prompted.
Perform security hardening.
NOTE
----End
Scenarios
Configure domain name server (DNS) policies on active and standby VMs. Table 6-9 lists the
operations to be performed.
2. Configure advanced √ × -
DNS properties.
√ indicates that the operation needs to be performed. × indicates that the operation does not
need to be performed.
Prerequisites
Conditions
The DNS software is installed.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Configure the DNS forward lookup function on the active VM.
1 Log in to the active DNS server as user SWMaster.
2 Choose Start, enter DNS in the Search programs and files text box, and press Enter.
The DNS Manager window is displayed.
3 In the navigation tree, choose DNS > Computer name > Forward Lookup Zones.
Right-click the infrastructure domain, for example, vdesktop.huawei.com, and choose
New Host from the shortcut menu.
4 Enter the host information, select Create associated pointer (PTR) record, and click
Add Host, as shown in Figure 6-26.
Set the following parameters in the New Host dialog box:
– Name: Enter the HDC VM name. The value must be the same as the value of HDC
Name.
– IP address: Enter the HDC service plane IP address.
– Select Create associated pointer (PTR) record to add reverse lookup data at the
same time.
5 If multiple HDCs are deployed in load-sharing mode, repeat 4 to add each HDC.
6 Repeat 4 to configure the mapping between the vLB floating IP address and the user
login domain name.
– Name: Enter the prefix of the user login domain name. For example, if the
infrastructure domain name is vdesktop.huawei.com, enter fusionaccess in Name.
Fully qualified domain name (FQDN) changes to
fusionaccess.vdesktop.huawei.com.
– IP address: Enter the floating IP address of the VM where the vLB component is
installed.
– Select Create associated pointer (PTR) record to add reverse lookup data at the
same time.
7 Click Done to close the New Host window. In the navigation tree, expand Reverse
Lookup Zones, right-click Reverse IP address segment, and choose Refresh from the
shortcut menu. Check that the DNS reverse lookup information is automatically added.
Configure advanced DNS properties.
8 In the Server Manager window, choose DNS Server > DNS. Right-click the computer
name and choose Properties from the shortcut menu.
The Computer name Properties window is displayed.
9 Click the Advanced tab and set the parameters as shown in Figure 6-27.
NOTE
If user VMs need to access the Internet, deselect Disable recursion (also disable forwarders).
10 Click the Root Hints tab. In the Name servers area, click Remove to delete all *.root-
servers.net..
11 Delete the file c:\windows\system32\dns\CACHE.DNS to prevent the deleted data
from being restored with the DNS restart.
12 Click OK and close the Properties dialog box.
Enable the aging and scavenging functions for the DNS.
13 Expand DNS, right-click the VM name, and choose Set Aging/Scavenging for All
Zones from the shortcut menu.
14 Select Scavenging stale resource records and click OK, as shown in Figure 6-28.
15 Select Apply these settings to the existing Active Directory-integrated zones and
click OK.
Select the IP address on which the server listens for DNS queries.
16 Expand DNS. Right-click the computer name and choose Properties from the shortcut
menu.
17 Click the Interfaces tab. Select Only the following IP address and the IPv4 address for
the service plane NIC, as shown in Figure 6-29.
18 Click OK.
Change the start of authority (SOA).
19 In the navigation tree, choose DNS > Computer name > Reverse Lookup Zones.
20 Right-click Reverse IP address segment, for example, 181.168.192.in-addr.arpa and
choose Properties from the shortcut menu.
21 Click the Start of Authority (SOA) tab and set Expires after to 100, as shown in
Figure 6-30.
22 Click OK.
(Optional) Disable IPv6 for the DNS server.
23 Choose Start, enter ncpa.cpl in the Search programs and files text box, and press
Enter.
24 Right-click the service plane NIC, choose Properties, and deselect Internet Protocol
Version 6 (TCP/IPv6), as shown in Figure 6-31.
25 Click OK.
26 On the CLI, run the following commands in sequence to disable the tunnel adapter:
netsh interface teredo set state disabled
netsh interface 6to4 set state disabled
netsh interface isatap set state disabled
(Optional) Deregister the connection address in DNS.
NOTE
Perform the following operations only when the management plane NICs are configured.
27 Choose Start, enter ncpa.cpl in the Search programs and files text box, and press
Enter.
28 Double-click the management plane NIC, click Properties, double-click Internet
Protocol Version 4 (TCP/IPv4), and select Advanced.
29 In the Advanced TCP/IP Settings dialog box, click the DNS tab, and deselect Register
this connection's addresses in DNS, as shown in Figure 6-32.
30 Click OK.
Configure the DNS policies on the standby VM.
Some operations do not need to be performed on the standby DNS. For details, see Table 6-9.
----End
Scenarios
Install the IT Adapter (ITA) software and deploy the ITA server. The ITA provides an
interface for virtual IT asset management, such as creating and assigning VMs, managing VM
status and templates, O&M of virtual desktops.
Prerequisites
Conditions
l Windows infrastructure VMs have been created and configured.
l The GaussDB has been installed.
Data
For details about key data and parameters, see the description given in specific procedures.
Software
FusionAccess_Installer_Win_V100R005C30SPCxxx.iso
Procedure
Log in to the VM.
1 Log in to the active infrastructure VM for deploying the ITA service using VNC as the
administrator.
Add the VM to a domain.
2 Choose Start, enter sysdm.cpl in the Search programs and files text box, and press
Enter. In the System Properties dialog box, click Change.
3 In Computer name, enter the VM name. In Member of, select Domain, enter the
infrastructure domain name, and click OK.
4 Enter the account and password of the domain administrator to be added to the domain,
for example vdsadmin, and click OK.
5 Complete the configuration as prompted, restart the VM, and log in to the VM as the
administrator.
NOTICE
Do not use any client tool to connect to the TEMPLATE1 database for the GaussDB during
the configuration.
10 Use the domain account (such as vdsuser) to log in to the infrastructure VM on which
the ITA service is to be installed.
11 On the VNC login page, mount FusionAccess_Installer_Win_V100R005C30SPCxxx.iso
to the ITA server by using the CD/DVD-ROM drive.
12 Double-click the CD-ROM (autorun is executed by default), click IT Adaptor, and go
to the Select run mode window as prompted. Select Domain and click Next.
13 Set the following parameters in ITA Configuration:
– Username: Enter the Domain administrator account, for example, vdesktop
\vdsadmin. This account has been created on the AD server and is added to the
administrator group on the ITA server.
– Password: Enter the password of the Domain administrator account, for
example, Huawei@123.
14 In Rights Management Mode, select common mode or rights separation mode based
on the settings of FusionCompute and FusionManager, and click Next.
NOTICE
The selected rights must be the same as those set during FusionCompute and
FusionManager installation and cannot be changed after installation.
– If the existing database instances are used on the ITA, select Use the existing database.
– When installing the standby ITA server, select Use the existing database, and enter the
database parameters set on the active ITA.
Perform this task only when the administrator needs to log in to user VMs to locate faults.
The operations performed on the standby VM are different from the operations on the active
VM.
36 Log in to the standby infrastructure VM for deploying the ITA service using VNC as the
administrator.
37 Install the ITA service on the standby VM. For details, see 2 to 35. When configuring the
database in 15, select Use the existing database.
----End
Scenarios
The Loggetter is used to back up important files and data of each component.
Prerequisites
Conditions
Windows infrastructure VMs have been created and configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Software
FusionAccess_Installer_Win_V100R005C30SPCxxx.iso
Procedure
Log in to the VM.
1 Log in to the infrastructure VM for deploying the Loggetter using VNC as the
administrator.
Add the VM to a domain.
2 Choose Start, enter sysdm.cpl in the Search programs and files text box, and press
Enter. In the System Properties dialog box, click Change.
3 In Computer name, enter the VM name. In Member of, select Domain, enter the
infrastructure domain name, and click OK.
4 Enter the account and password of the domain administrator to be added to the domain,
for example vdsadmin, and click OK.
5 Complete the configuration as prompted, restart the VM, and log in to the VM as the
administrator.
Add domain accounts to the administrator group.
Add the following accounts to the administrator group:
l LoggetterDomain administrator account (for example, vdesktop\vdsadmin)
l LoggetterDomain accounts for logging in to infrastructure servers (for example,
vdesktop\vdsuser)
6 Choose Start, enter compmgmt.msc in the Search programs and files text box, and
press Enter. In the Computer Management window, choose System Tools > Local
Users and Groups > Groups.
7 Right-click Administrators, and choose Add to Group from the shortcut menu.
8 Click Add. In Enter the object names to select, enter Domain administrator account,
click OK. Enter the username and password for the domain administrator and click OK.
9 Add other domain accounts to the administrator group in the same way.
Install the Loggetter service.
10 Use the domain account to log in to the infrastructure VM on which the Loggetter
service is to be installed.
11 On the VNC login page, mount FusionAccess_Installer_Win_V100R005C30SPCxxx.iso
to the Loggetter server by using the CD/DVD-ROM drive.
12 Double-click the CD-ROM drive (autorun is executed by default), click Loggetter, and
go to the Select run mode window as prompted. Select Domain and click Next.
13 In Configuration Page, set the following parameter:
– FTP shared folder: specify the FTP service folder, for example, E:
\Loggetter_PATH.
– Username: Enter the Domain accounts for logging in to infrastructure servers
of loggetter server, for example, vdesktop\vdsuser, which has been created on the
AD server.
– Password: Enter the password, for example, Huawei@123.
14 Complete the Loggetter software installation as prompted.
Configure the Loggetter backup tasks.
15 Choose Start > All Programs > Loggetter > Loggetter.
The Loggetter Configuration window is displayed.
16 Set the following parameters in FTP Data Configuration:
– IP: Enter the FTP server IP address. If the Loggetter server also serves as an FTP
server, retain the default value.
NOTE
You are advised to configure a third-party FTP server to improve the backup data reliability.
– Port: Enter the FTP service port number. If the Loggetter server also serves as an
FTP server, retain the default value 989.
– Account: Enter the backup server account, which is ConfBack_User by default. If
the Loggetter server also serves as an FTP server, retain the default value.
– Password: Enter the password for the backup server account, which is
Huawei123# by default. If the Loggetter server also serves as an FTP server, retain
the default value.
17 In Connect Components, enter the IP addresses of the infrastructure VMs whose data is
to be backed up, as shown in Figure 6-36.
NOTE
– Enter the floating IP address for the GaussDB and enter the service plane IP addresses for
other components.
– For the nodes working in active/standby mode, enter the service plane IP address of the active
node in the first row and the IP address of the standby node in the second row.
– For the License server, enter only the IP address of the active License node in the first row.
– There is no data to be filled in the columns if the corresponding component is deployed.
18 Click Finish.
The configuration is complete.
Perform security hardening.
19 In the Installation Wizard window, click Security.
The window for installing the security hardening tool is displayed.
20 Click Next, select the installation path, and click Install.
21 Restart the VM as prompted and log in to the infrastructure VM as user SWMaster.
22 Unmount the CD/DVD-ROM drive from the VM.
----End
Scenarios
Deploy the TCM server to centrally manage and maintain TCs.
NOTE
You are advised to deploy the TCM and Loggetter on the same server.
l You are advised to deploy the TCM and Loggetter on the same server.
l You are advised to access the TCM portal using Internet Explorer 8.0, because browsers of other
versions may be not compatible with the TCM portal.
The TCM consists of the Management server, Data server, and Database server.
NOTE
You are advised to deploy Management server, Data server, and Database server together.
Prerequisites
Conditions
Windows infrastructure VMs have been created and configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Documents
Software
Procedure
Log in to the VM.
1 Log in to the Loggetter/TCM infrastructure VM using VNC as an administrator.
Install the TCM component.
2 Install the database.
For details, to see CCCM_Installation Guide > 3 Installation and Configuration >
3.1 Installation Process > Installing Database.
NOTE
----End
Scenarios
Configure WI server addresses of TCs in batches by using a tool to improve work efficiency.
Prerequisites
Conditions
TCs have been installed.
Data
For details about key data and parameters, see the description given in specific procedures.
Documents
Software
Procedure
Generate a WI address configuration file.
1 Install the desktop cloud client software AccessClient_Win.msi on a physical machine
running the Windows operating system.
2 Choose Start > AccessClient > CloudClient.
The client software management page is displayed.
3 Click Add.
The Edit Server Info page is displayed.
4 Set Server Name and Server Address, and select Set as default if required.
5 Determine whether to set DR Address.
– If yes, go to 6.
– If no, go to 8.
6 Click Advanced.
7 Set DR Address and click OK.
The servers.xml file is generated in the C:\PermanenceDataPath\cloudclient directory.
8 Click OK.
9 Repeat 3 to 7 to add other WI server addresses.
Create a TC patch file.
10 Perform the following operations based on TC types.
Upload the patch file created in 11, and the target file path is /root/.local/share/data/Huawei.
14 Upgrade the Windows TC.
For detailed operations, see CCCM_UserManual > File Deployment Management >
Windows Software Management.
NOTE
----End
Scenarios
After FusionAccess components are installed, configure the virtualization environment to
ensure communication between FusionAccess and the virtualization environment.
FusionAccess interworks with virtualization environment to provide virtual desktop services.
NOTE
FusionAccess can interconnect with two types of virtualization environments, FusionCompute and
OpenStack. The following uses FusionCompute as an example to describe the interconnection. To
interconnect with OpenStack, perform operations as prompted on the GUI.
Prerequisites
Conditions
There are no special conditions for this operation.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Step 1 In the address box of your web browser, enter http://service plane IP address of the active IT
adapter (ITA) server:8081 to log in to FusionAccess.
Username and Password vary with the value of Rights Management Mode set when the
ITA server is installed.
l If Rights Management Mode is Common mode, Username is admin and the default
password is Huawei123#. You will be asked to change the password upon your first
login.
l If Rights Management Mode is Rights separation mode, Username is sysadmin and
the default password is Sysadmin#. You will be asked to change the password upon your
first login.
NOTE
l During login, if incompatibility problems occur in Internet Explorer or Firefox, see Setting Internet
Explorer Browser or Setting Mozilla Firefox Browser to configure the browser.
l After the login from a browser, if the FusionAccess page cannot be displayed normally due to a
certificate problem, follow the steps provided in Configuring a Browser for Accessing
FusionAccess to resolve the problem.
Step 2 On the FusionAccess page, choose System > Initial Configuration > Virtual Environment
to enter the Virtual Environment page.
Step 3 Select FusionCompute or OpenStack.
NOTE
The following uses FusionCompute as an example to describe the interconnection. To interconnect with
OpenStack, perform operations as prompted.
Step 4 Click , and set the following example parameters as show as Figure 6-37.
l FusionCompute IP: Enter the floating IP address of the virtual resource management
(VRM) node.
l FusionCompute port number: Enter 7070.
l SSL port number: Enter 7443.
l Username: The default value is vdisysman.
l Password: The default value is VdiEnginE@234.
l Protocol: Select the protocol used for communication between FusionCompute and the
ITA. You are advised to select https.
----End
Scenarios
Add a user domain to implement unified management of user VMs in the desktop cloud
system.
Prerequisites
Conditions
There are no special conditions for this operation.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Step 1 On the FusionAccess page, choose System > Initial Configuration > Domain/OU.
Step 2
NOTICE
The values of Domain and Domain name must be the same as Domain and Domain name
set on the AD server.
Click in the upper part of the page, and configure domain information. The
following example parameters as show as Figure 6-38.
l Domain: Enter the Fully Qualified Domain Name (FQDN) of the infrastructure domain,
for example, vdesktop.huawei.com.
l Account: Enter the domain administrator account. The account format is Domain name
\Account, for example, vdesktop\vdsadmin.
l Password: Enter the password of the domain administrator account, for example,
Huawei@123.
l Active domain controller IP: Enter the service plane IP address of the active AD server.
l Standby domain controller IP: Enter the service plane IP address of the standby AD
server. This parameter is required only when AD servers are deployed in active/standby
mode.
l VM ID Deletion: Select Delete or Reserved as required. The recommended choice
Reserved.
l Domain controller time synchronization exception threshold: Enter the time
difference allowed between domain controllers. If Enable time monitoring service is
set to Yes in Configuring Alarm Components, an alarm will be generated when the
time difference between the primary domain controller and other domain controllers
exceeds this threshold.
----End
Scenarios
On the FusionAccess portal, configure desktop components to enable the ITA to manage
virtual machines (VMs) on the desktop cloud and assign VMs.
Prerequisites
Conditions
There are no special conditions for this operation.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Configure ITA data.
1 On the FusionAccess page, choose System. Choose Initial Configuration > Desktop
Components from the navigation tree, and click Config the Database Info in the ITA
configuration area.
The ITA Database Information page is displayed. Please enter the following
parameters. The following example parameters as show as Figure 6-39.
– Database IP:
n If two GaussDB VMs are deployed in active/standby mode, enter the floating
IP address of the GaussDB VMs.
n If there is only one GaussDB VM, enter the service plane IP address of the
GaussDB VM.
– Active database IP: Enter the service IP address of the active GaussDB.
– Standby database IP: Enter the service IP address of the standby GaussDB.
– Port number: The default value is 5432.
– Database name: Enter the ITA database name created on GaussDB, The default
value is FusionAccess.
– Username: DB connect account, The default value is ITALoginUser.
– Password: Enter the password of the ITA server for connecting to the database,
such as Huawei@123.
2 Click OK.
3 Set the following parameters in the ITA configuration area. The following example
parameters as show as Figure 6-40.
– Principal ITA IP: Enter the service plane IP address of the active ITA server.
– Principal ITA port: Retain the default value 8081.
– Standby ITA IP: Enter the service plane IP address of the standby ITA server.
– Standby ITA port: Enter 8081.
– Active DNS IP: Enter the service plane IP address of the active DNS server.
– Standby DNS IP: Enter the service plane IP address of the standby DNS server.
– Loggetter IP: Enter the service plane IP address of the Loggetter server.
– Loggetter Port: Enter the FTP service port number of the Loggetter server. The
default port number is 989.
– User Name: Enter the FTP service username of the Loggetter server, The default
value is ConfBack_User.
– Password: indicates the FTP service password of the Loggetter server, The default
value is Huawei123#.
4 Click OK.
Configure a license.
5 Click in the License Information area, set the license information, and
click OK.
Set the following parameters:
– License name: Enter the license name, for example, License01.
– IP: Enter to the service plane IP address of the License server. In the standard
deployment mode, enter the service plane IP address of the active
GaussDB/HDC/WI/License server.
– Password: The password of SSH, The default value is Huawei@123.
6 Click OK to configure a license and click Back.
7 In the Operation column, click to obtain the equipment serial number (ESN).
8 Apply for a license based on the ESN.
NOTE
For details about how to apply for a license, see the FusionCloud Desktop Solution V100R005C30
License User Guide. You can download it from http://support.huawei.com/enterprise and choose
Product Support > IT > FusionCloud > FusionAccess > FusionCloud Desktop Solution.
NOTICE
During the configuration, do not connect to the GaussDB TEMPLATE1 database using any
client tool.
12 In the Desktop Information area, click , and set the following parameters.
The following example parameters as show as Figure 6-41.
– DesktopID: Enter the name of the Desktop, for example, Desktop01.
– Database name: Enter the HDC database name, for example, HDCGaussDB01.
– Database IP:
n If two GaussDB VMs are deployed in active/standby mode, enter the floating
IP address of the GaussDB VMs.
n If there is only one GaussDB VM, enter the service plane IP address of the
GaussDB VM.
– Active database IP: Enter the service IP address of the active GaussDB VM.
– Standby database IP: Enter the service IP address of the standby GaussDB VM.
– Database port: Retain the default value 5432.
– Database username: Enter the HDC database username created on GaussDB,
Default, hdcdbuser.
– Database password: Enter the HDC database user password created on GaussDB,
Default, Huawei@123.
– HDC Name: Enter the HDC server name. The value must be the same as the value
of Name.
– HDC IP: Enter the service plane IP address of the HDC server.
NOTE
n The value of HDC Name must be the same as the value of Name set when DNS forward
lookup is configured; otherwise, the VMs that are successfully provisioned will be in the
Unregistered state.
n If multiple HDCs exist, click the plus (+) sign to add HDC information.
– Password: The password of SSH, The default value is Huawei@123.
– License name: Enter the license name configured in 5.
13 Click OK.
vAG/vLB Configuration.
16 In the AUS Configuration area, click , and set the following parameters:
– AUS Name: The name of the AUS server.
– AUS IP: Enter the service IP address of the AUS server.
– Description: (Optional) Describe something about the AUS server.
– SSH Account: The default value is gandalf.
– Password: The password of SSH, The default value is Huawei@123.
Configure WI data.
NOTICE
If the gateway is not configured, user data is not encrypted and leakage risks exist.
NOTICE
If the gateway is not configured, user data is not encrypted and leakage risks
exist.
n Auto run Self-help console: If you select Open, the self-service console is
automatically enabled when a user logs in to a VM in the shutdown or
abnormal state.
n Login retry Times: This parameter takes effect when Auto run Self-help
console is set to Open. It specifies the maximum retry times for establishing a
connection between the self-service console and the WI server. The value is a
positive integer. The default value is 4.
– Emergency Login: Specify the authentication mode if the AD is faulty.
NOTE
If you select Auto or Force, the WI may not perform authentication on the AD. Therefore,
uses can log in to the WI without authentication and view the VM lists of other users. This
brings security risks.
n Auto: Perform authentication on the local machine if the AD is faulty.
n Force: Log in to the WI without authentication on the AD. User VM lists can
be viewed and user authentication is performed on the local VM after login.
n Forbid: Use the AD server to perform authentication forcibly. That is, if the
AD is faulty, users cannot log in to VMs.
– Auth Account: Specify the WI NBI account. After Open is selected, third-party
applications can communicate with the WI by using this account.
n Account: Defined by users. The default value is WIRestUser.
----End
Scenarios
On FusionAccess, configure IP addresses and enable the alarm function of components so that
the components can be monitored through FusionAccess.
NOTE
After FusionCompute and FusionManager are installed, enable FusionCompute alarms to be reported to
FusionManager on realtime basis. For details, see Configuring the Alarm Reporting Function for the
FusionCompute.
Prerequisites
Conditions
l You have logged in to the FusionAccess portal.
l The Tomcat service domain account (for example, vdesktop\vdsadmin) has been added
to the administrator group of the virtual machines (VMs) on which the alarm function
needs to be enabled.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Step 1 On the FusionAccess portal, choose System > Initial Configuration > Alarm Components.
The Alarm Components page is displayed.
Step 4 Select Yes and add the IP addresses of the components to be monitored. Table 6-16 describes
the parameters to be set.
----End
Prerequisites
Conditions
l The domain username and password for logging in to the ITA server have been obtained.
l A PC or laptop on which the target language operating system (OS), for example, the
Dutch OS, is installed has been obtained.
Data
Data preparation is not required for this operation.
Procedure
Obtain property configuration parameters of target language VMs.
NOTE
5 In the navigation tree, choose Computer Management(Local) > System Tools > Local
Users and Groups > Users. The value of Administrator is displayed, as shown in
Figure 6-42.
NOTE
If the value of state on Windows 7 is different from that on Windows XP, the two values must be listed
and separated by a space. For example, the value of state on the Spanish Windows 7 OS is ESTADO
and that on the Spanish Windows XP OS is STATE. In this case, the content in the 0C0A.properties
configuration file is as follows:
state=ESTADO STATE
administrator=administrador
administrators=administradores
users=usuarios
NOTICE
When VMs are assigned, enter the values translated into the target language in
Administrators and Users in Set Authority Group.
----End
Scenarios
Set the time zone for the system, and configure the daylight saving time (DST) based on local
time requirements. If Active Directory (AD) servers are deployed, configure the AD server IP
addresses and upper-layer clock source IP address to ensure time synchronization of the AD
servers.
Prerequisites
Conditions
There are no special conditions for this operation.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
(Optional) Configure the DST rule.
This task is required when the DST is used.
1 On the FusionAccess portal, choose System > Time Management, select Support DST,
and set the DST rule based on actual situations.
NOTE
After the operating system (OS) time zone is set on the IT adapter (ITA) server, Time Zone will
be updated to the time zone of the site.
2 Click OK.
3 Log in to the active ITA server using a domain account.
4 Choose Start > Administrative Tools > Services. In the right pane of the Services
window, right-click Apache Tomcat 7, and choose Restart from the shortcut menu.
5 Log in to the FusionAccess portal using the service plane IP address of the standby ITA
server, and repeat 1 to configure the DST rule.
6 Log in to the standby ITA server using a domain account, and repeat 4 to restart the
Tomcat service.
7 Click OK, and complete the configuration as prompted.
Configure time synchronization.
l This task is required when a new AD server is deployed on site. The IP addresses of the
AD and the upper-layer clock source must be configured to ensure that the AD can
synchronize time with the upper-layer clock source.
l This task is not required if an existing AD server is used on site. For details about the
implementation scheme, see Clock Synchronization Schemes.
NOTE
When using an external clock source, to reduce the risk management platform being attacked, you
are suggest to enable NTP security authentication mechanism based on the requirements of an
external clock source.
8 Configure time synchronization data. Table 6-18 describes the parameters to be set.
Query period (s) Specifies the interval for querying the time consistency between
the AD server and the upper-layer clock source.
Clock source IP Configure a clock source only for the AD component provided
by Huawei.
– If the customer provides a stable clock source, enter the IP
address of the clock source.
– If the customer does not provide a stable clock source, enter
the management plane IP addresses of the CNA nodes on
which the VRMs are deployed. That is, the AD synchronizes
time with the active and standby VRM hosts of
FusionCompute through the management plane.
NOTE
For details about the clock synchronization schemes in the desktop cloud
solution, see Clock Synchronization Schemes.
9 Click OK.
----End
Scenarios
After installing FusionAccess components, check component status. If the status is Normal
for all components, the software is installed successfully.
Prerequisites
Conditions
Alarm components have been configured on the FusionAccess portal.
Data
Data preparation is not required for this operation.
Procedure
l Check the status of FusionAccess components.
a. On the FusionAccess portal, choose Alarm > Status Check.
b. Check whether the component status is Normal.
If the component status is not Normal, check whether data configuration is correct.
l Check FusionCare status.
a. Log in to the infrastructure VM, on which the AD/DNS/DHCP services are
deployed, using VNC.
b. Check whether the FusionCare folder exists in C:\.
n If yes, go to e.
n If no, go to c.
----End
Scenarios
The VMs running the Windows Server 2008 R2 Standard edition only has a 30-day free trial
license. Users must purchase an official license from the OS vendor.
This topic provides guidance for software installation engineers to activate the operating
system (OS) of each Windows infrastructure VM.
Prerequisites
Conditions
l The FusionAccess software is installed and the status of the components of
FusionAccess is Normal.
l You have obtained the product key of Windows Server 2008 R2 from legal sources.
Data
Data preparation is not required for this operation.
Procedure
Step 1 On FusionCompute, use VNC to log in to a random Windows infrastructure VM.
Step 2 Choose Start, enter serverManager.msc in the Search programs and files text box, and
press Enter.
Step 3 In the Server Manager window, click Activate Windows.
Step 4
NOTICE
l Obtain the product key of Windows Server 2008 R2 from legal sources.
l Use the English product key for an OS in English. If a product key of another language is
used, blue screen of death (BSOD) will occur on the infrastructure VM.
Enter the Windows product key and activate the Windows OS as prompted.
Step 5 Repeat Step 1 to Step 4 to activate the OSs of other Windows infrastructure VMs.
----End
Scenarios
If you want to the FusionAccess connect to the FusionManager and FusionCare system, you
should unlock the systemman account and advised to change the VDIRest password.
NOTE
The password of FusionManager and FusionCare should be changed.
Prerequisites
Conditions
You have logon the FusionAccess.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Unlock the systemman account
1 On the FusionAccess page, choose System > Rights Management > User
Management, enter the User Management page.
2 Click in the row systemman
The Reset Passwords page is displayed.
NOTE
Unlock the systemman account, you are forced to change the password.
3 Enter the password of the administrator account for authentication, enter the new
password of the systemman account and confirm the password, and click OK.
NOTE
administrator account: the password of admin to logon the FusionAccess.
The password of the systemman account is reset.
4 Click Return to Account List.
The changed to .
Change the VDIRest password
5 For details, see Account Management > Changing the Password for Internal
Communication Between FusionManager and FusionAccess in FusionCloud Desktop
V100R005C20 System Management Guide.
----End
Scenarios
Configure the desktop cloud address on FusionManager. After the address is configured, the
desktop cloud can be operated and maintained, and alarms about FusionAccess components
can be reported through FusionManager.
After the desktop cloud address is configured, configure your browser to ensure successful
access to FusionManager.
NOTE
If the FusionManager management IP address is changed after this task is complete, ensure that the new
IP address allow communication between FusionManager and the FusionAccess infrastructure VMs. In
addition, you need to reconfigure the desktop cloud address on FusionManager by following the steps
provided in this topic and restart the Tomcat service on the IT adapter (ITA) server.
Prerequisites
Conditions
l You have logon the FusionAccess.
l You have obtained the password for unlock systemman.
l You have obtained the administrator username and password for logging in to
FusionManager.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Configure the desktop cloud address (Connect to FusionSphere V100R005C00).
1 Open your browser, enter the FusionSphere IP address, and press Enter.
The network address format is http:// FusionSphere floating IP address. For example,
enter http://192.168.40.2.
The FusionSphere login page is displayed.
2 Enter the username and password, select the login view, input the verification code and
click Login.
The FusionSphere page is displayed.
3 Choose User > Domain Management.
The Domain Management page is displayed.
4 Click .
The Add Domain page is displayed.
5 Input the Name and Description and click Create.
6 Choose System > Set Desktop Server Address in the navigation tree.
The Set Desktop Server Address page is displayed.
12 Click Stop.
The Tomcat service is stopped.
13 Click Start.
The Tomcat service is started.
14 Click OK.
The Apache Tomcat 7 Properties window is closed.
15 Repeat 11 to 14 to restart the Tomcat service on the standby ITA infrastructure server.
Configure the browser.
16 Re-log in to FusionManager using your browser.
17 Configure the browser.
The operations vary with the type of your browser.
– If the browser is Internet Explorer, go to 18.
– If the browser is Mozilla Firefox, go to 32.
– If the browser is Google Chrome, go to 45.
NOTE
43 Click OK.
The Certificate Manager dialog box is closed.
44 Click OK.
The Options dialog box is closed, and the browser page is displayed.
Set Google Chrome.
45 Log in to FusionManager using Google Chrome, and click Desktop.
The Desktop page is displayed.
46 Check whether the system displays "The page cannot be displayed."
– If yes, go to 47.
– If no, no further action is required.
47 Copy the uniform resource locator (URL) on the page.
48 Open a new page on the browser, paste the URL to the address box, and press Enter.
49 Click Continue Anyway.
The Desktop page is displayed.
50 Close the new browser page.
On the original FusionManager page, click Desktop again. This page can be displayed
normally.
----End
Overview
The process for importing certificates varies depending on whether a Certificate Authority
(CA) server is used.
l If a CA server is not used, generate and import web interface (WI) certificates by
following the process described in this document.
l If a CA server is used, import WI certificates by following the Config WI chapter in the
FusionCloud Desktop V100R005C30 Smartcard Login Feature Guide.
NOTE
Scenarios
Create a WI/UNS certificate and a root certificate on the active ITA VM and import the
WI/UNS certificate to the WI/UNS VM.
NOTE
This topic describes how to generate and import a WI certificate as an example. Use the same method to
create and import the UNS certificate.
Prerequisites
Conditions
l You have obtained the service plane IP address of the active and standby WI servers.
l You have obtained the passwords of root and gandalf accounts for logging in to the WI
servers.
Data
Data preparation is not required for this operation.
Procedure
Create the WI certificate and root certificate.
1 Log in to the active ITA server using a domain account.
2 Choose Start > All Programs > ITA > UpdateCert, and open FusionAccess
Certificate Replacement Tool.
3 Select Other certificate replacement, and choose WI Portal certificate from the Select
certificates to be replaced drop-down list, as shown in Figure 6-45.
4 Click Certificate properties in the lower left corner of the window, set the certificate
property parameters, and click OK.
Set the following parameters:
– What is your first and last name: Enter the certificate full name in the FQDN
format. The value must be the same as the user login domain name matching the
vLB floating IP address or the WI service IP address in Configuring the DNS
forward lookup function, for example, fusionaccess.vdesktop.huawei.com.
NOTE
n The parameter value must be the same as the address for users to access the WI.
n If this parameter is not set correctly, an error message such as "The certificate is only
valid for fusionaccess.vdesktop.huawei.com" will be displayed.
– What is the name of your organizational unit: Enter the organization unit name,
for example, FusionAccess.
– What is the name of your organization: Enter the organization name, for
example, Huawei.
– What is the name of your City or Locality: Enter the name of your city, for
example, Shenzhen.
– What is the name of your State or Province: Enter the state or province name, for
example, Guangdong.
– What is the two-letter country code for this unit: Enter the country code, for
example, CN, the code of China.
NOTE
If any of the parameters are not set correctly, an error message about certificate invalidity,
such as "The validity period of the certificate is xxxx, but the current time is xxxx." will be
displayed.
----End
Scenarios
Import the root certificate to terminals to encrypt and hide data to be transmitted, ensuring
secure and reliable data transmission between terminals and servers.
Prerequisites
Conditions
l You have obtained the root certificate, whose file name extension is .cer.
l The thin clients (TCs) to be imported with the certificate have started.
l The TCs have been added to the Thin Client Manager (TCM) system.
Data
Data preparation is not required for this operation.
Documents
Software
Procedure
Check the type of the terminal operating system (OS).
1 Perform the following operations based on the terminal OS.
– If the terminals run the Windows OS, go to 2.
– If the terminals run the Linux OS, go to 14.
Import the root certificate to Windows TCs or software clients (SCs).
NOTE
l The TCM can distribute the root certificate to Windows TCs provided by Huawei. For details, see File
Distribution > Windows File Distribution in the TCM_UserManual. For the Windows TCs provided by
other vendors, user the vendors' TCM to distribute the root certificate to the TCs.
l If SCs are used, manually import the root certificate to the PCs where the SCs are installed.
2 On the PC, choose Start, enter inetcpl.cpl in Search programs and files, and press
Enter.
The Internet Properties window is displayed.
3 Click the Content tab, and click Certificates.
4 Click Import.
5 Click Next.
6 Click Browse, select the root certificate to be imported, and click Next.
7 Click Browse.
8 Select Trusted Root Certification Authorities and click OK, as shown in Figure 6-49.
9 Click Next.
10 Click Finish.
NOTE
If a security warning is displayed, click Yes.
11 Click OK.
12 Click Close.
13 Click OK.
The task is complete.
Import the root certificate to Linux TCs.
l This operation is required only when Mozilla Firefox is used to log in to the WI from
Linux TCs. After this operation is performed, users can directly access the WI. The
message indicating that the connection is untrusted will not be displayed.
l If a cloud client is used to log in to the WI from Linux TCs, a message indicating that the
connection is untrusted is displayed. Click Add Exception.
14 Create a patch containing the certificate by using the patch creation software of Linux
TCs.
15 Install the patch on the Linux TCs through the TCM.
For details, see File Distribution > Linux File Distribution in the TCM_UserManual.
----End
Verification
After importing the root certificate on terminals, configure DNS. Then, open the web browser
and enter https://Terminal user login FQDN in the address box. If the login is successful
without any certificate errors, the root certificate is successfully imported.
l For Linux TCs, if information shown in Figure 6-50 is displayed, import the root
certificate again.
l For Windows TC/SCs, if the value of What is your first and last name is set to a
domain name when the root certificate is created but the WI access address is an IP
address, perform the following operations:
a. In the Internet Options window, click the Advanced tab.
b. Deselect Warn about certificate address mismatch (to disable the message about
certificate address mismatch from being displayed) and Enable SmartScreen
Filter (to ensure that users can download the HDP client file), as shown in Figure
6-51.
Scheme Overview
The Unified Name Service (UNS) component allows a unified domain name to be used to
access multiple FusionAccess systems. One WI domain name usually can be used to access
only one FusionAccess system. However, an enterprise may have multiple FusionAccess
systems deployed due to business development or disaster recovery (DR) purpose. If
enterprise employees need to access desktops offered by different FusionAccess systems, they
need to alternate between different WI domain names. The UNS component allows
employees to use a unified domain name to access their desktops in different FusionAccess
systems. Figure 6-52 shows the difference before and after the UNS component is deployed.
NOTE
l The UNS is applicable only when the customer provides AD/DNS/DHCP servers.
l The UNS does not apply to the scenario in which the vLB is used to perform load balancing for the
WI.
l The UNS component supports the following browsers: Internet Explorer 8, 9, 10, or 11 and Firefox
14 or later.
l The WIs connected to the UNS must use the account and password authentication mode. In this
authentication mode, two-factor authentication must be disabled.
l The recommended resolution is 650 x 620 to 1900 x 1200 to ensure the display effect for end users
who log in using the UNS.
l The UNS currently supports only VDesktop6000 V100R002C01, FusionAccess V100R005C10,
FusionAccess V100R005C20 and FusionAccess V100R005C30 to be connected.
l To connect FusionAccess V100R002C01 to the UNS, you need to install the related patch. For
details, see VDesktop6000 V100R002C01SPC205 Patch Installation Guide. The document can be
obtained from Product Support > IT > FusionCloud > FusionAccess > VDesktop6000 at http://
support.huawei.com/enterprise.
Figure 6-52 Difference before and after the UNS component is deployed
Site1和
Site2
UNS
Site1 AD Site2
WI/DB/HDC/ WI/DB/HDC/
ITA License DNS License ITA
The FusionAccess software version can be different on Site 1 and Site 2 in scenarios, such as upgrade
scenarios.
Site 1 and Site 2 can locate in different regions in scenarios, such as branch office scenarios.
TC
UNS_1 UNS_2 ... UNS_n
Table 6-21 describes the UNS deployment requirements when vLB is used as the load
balancer.
Number of VMs 4
VM creation position The two VMs running the same component must belong to
different CNAs.
vLB l Location:
Each vLB VM must be created on
different CNAs in the management
cluster.
l VM name:
User-defined. FA-vLB-01 and FA-
vLB-02 are recommended.
l OS: Linux
l OS Version:
Novell SUSE Linux Enterprise
Server 11 SP1 64-bit
l Hardware:
Two vCPUs/2 GB memory/One
disk/One NIC
l QoS settings:
– CPU Resource Control-Quota
Select Customize and set the
parameter to the maximum value
128000. This setting guarantees
CPU resources for the
management node VMs on a
CNA in resource contention.
– Memory Resource Control-
Reserved (MB)
Set the parameter to 2048.
– In Advanced Settings, set NIC
type to HW_V_NET.
2. Install the UNS component. For details, see Installing the UNS Component.
Plan service IP addresses for UNS VMs. For example:
– Service IP address of the first UNS VM: 192.168.181.91
– Service IP address of the second UNS VM: 192.168.181.92
3. Install the vLB component. For details, see Installing the vLB Component.
Plan service IP addresses for vLB VMs. For example:
– Service IP address of the first vLB VM: 192.168.181.101
– Service IP address of the second vLB VM: 192.168.181.102
– vLB floating IP address: 192.168.181.100
4. Configure the UNS. For details, see Configuring the UNS.
5. On the DNS server, configure the mapping between the unified login domain name and
the vLB floating IP address. For details, see Configure the DNS forward and reverse
lookup functions in Configuring the Existing AD, DNS, and DHCP Components.
You are advised to use GSLB to perform load balancing for UNS VMs if the number of users
is greater than 20000 and there are requirements for preferential access to local VMs. Figure
6-54 shows the recommended networking.
Shenzhen Xi’an
TC GSLB TC GSLB
Table 6-23 describes the UNS deployment requirements when GSLB is used as the load
balancer.
Item Requirement
Item Requirement
Component UNS
2. Install the UNS component. For details, see Installing the UNS Component.
Plan service IP addresses for UNS VMs. For example:
– Service IP address of the first UNS VM: 192.168.181.91
– Service IP address of the second UNS VM: 192.168.181.92
– Service IP address of the third UNS VM: 192.168.181.93
3. Configure the UNS. For details, see Configuring the UNS.
4. On the GSLB, configure the load balancing function for the UNS component. For
details, see the related GSLB documentation.
5. On the DNS server, configure the mapping between the unified login domain name and
the GSLB IP address. For details, see Configure the DNS forward and reverse lookup
functions in Configuring the Existing AD, DNS, and DHCP Components.
Scenarios
Perform this task when users need to use a unified domain name to access VMs that have
different WI domain names. For details about the deployment scheme, see UNS Deployment
Scheme.
NOTE
l The Unified Name Service (UNS) component does not support a multi-domain environment.
l The UNS component is deployed only when the customer provides AD/DNS/DHCP servers.
Prerequisites
Conditions
A Linux VM has been created and configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Install the UNS component.
1 Log in to the Linux VM as user root using VNC.
2 Enter startTools to go to the FusionAccess portal.
NOTE
– If this is the first time for user root to log in to the VM, the FusionAccess portal is displayed.
– Press ↑ and ↓ to move the cursor upwards and downwards.
3 Go to the Software directory, select UNS > Install UNS, and install the component as
prompted. The system displays the following information after the installation is
complete.
Scenarios
Either vLB or Global Server Load Balancing (GSLB) can be used to implement load
balancing of UNSs. Deploy the vLB component if the number of users is less than 20000 and
there is no requirements for preferential access to local VMs. For details about the
deployment solutions, see UNS Deployment Scheme.
NOTE
Do not deploy the vLB component on the same VM with WI and UNS components.
Prerequisites
Conditions
Linux VMs have been created and configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Install the vLB component.
1 Log in to the VM for deploying the vLB component using VNC as user root.
2 Move the cursor to Software > vLB[Option] in the navigation tree, and press Enter.
NOTE
You can press ↑ and ↓ to move the cursor up and down.
3 On the Install or Uninstall or Configure vLB screen, select Install vLB and press
Enter.
4 On the confirmation screen, press Enter.
5 When "vLB installed successfully." is displayed. Press Enter.
Configure an IP address for the UNS server.
6 Choose vLB[Option] > Configure vLB > Configure WI/UNS.
7 On the displayed screen, press Enter.
8 On the displayed screen, enter the service plane IP address of the WI server.
– For enterprise internal user access, enter the WI server IP address for enterprise
internal user access.
– For Internet user access, enter the WI server IP address for Internet user access.
NOTE
If only one UNS server is planned, enter the service plane IP address of this UNS server.
9 When "WI IP address configured successfully." is displayed, press Enter.
Configure HA and the floating IP address.
10 In the navigation tree, choose vLB[Option] > Configure vLB > Configure HA and set
the following parameters:
Scenarios
Log in to the FusionAccess portal to configure the Unified Name Service (UNS).
Prerequisites
Conditions
You have unlocked the systemman account.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Configure the UNS.
NOTE
The default certification default use RSA 1024 bit algorithm between FusionAccess and UNS, If
connection to V100R005 version FusionAccess only, please replace the UNS certificates using
FusionAccess Certificate Replacement Tool.
1 In the address box of your web browser, enter http://service plane IP address of the
active IT adapter (ITA) server that manages the UNS:8081 to log in to related
FusionAccess. The address of FusionAccess is the IP address of the ITA configured in
Installing the UNS Component and Installing the vLB Component.
2 On the FusionAccess page, choose System. In the navigation tree on the left, choose
Initial > Desktop Components.
3 In the UNS Information area, click , and set the following parameters:
7
– UNS Information
n UNS name: Specify the UNS name, for example, UNS01.
n UNS IP: Specify the service plane IP address of the UNS server. You can click
to add more UNS servers.
n SSH Account: The default value is gandalf.
n Password: The password of SSH, The default value is Huawei@123.
n port: Retain the default value 4477.
n Style: Specify a login page style to be presented to end users.
n Service access gateway: Specify whether to enable the service access
gateway. Select Open or Disable based on actual conditions.
n Auto run Self-help console: If you select Open, the self-service console is
automatically enabled when a user logs in to a VM in the shutdown or
abnormal state.
n Login retry Times: This parameter takes effect when Auto run Self-help
console is set to Open. It specifies the maximum retry times for establishing a
connection between the self-service console and the UNS server. The value is
a positive integer. The default value is 4.
n Authentication Type: Specify the authentication mode when the UNS
connects to the WI. User Authenticate is selected by default.
○ User Authenticate: The domain username and password entered on the
UNS are used for authentication.
○ System Authenticate: The username and password configured by the
system are used for authentication. Enable the NBI authentication account
on the WI before system authentication is implemented, and ensure that
the authentication accounts of all WIs connected to the UNS are the same.
○ Select System Authenticate when a mobile terminal is used to log in to
the UNS, a dynamic password is used to log in to the UNS, and a
customized UNS is used.
n Account: Specify the WI NBI account. The default value is WIRestUser.
n Password: Specify the WI NBI account password.
– Synchronization Info
Set Synchronization Time to the time for the data synchronization between the
UNS and the ITA. You can click to add multiple data synchronization time
points. However, it is recommended that the synchronization be performed once
every day in off-peak hours.
n Set Backup IP to the service plane IP address of the standby ITA server.
n If ITA Version is set to V100R002, Port is 8773 by default; if ITA Version is
set to V100R005, Port is 7773 by default.
n Set ITA Account to the account for the ITA to communicate with the UNS.
The default account is systemman.
n Set Password when the activation of the FusionAccess ITA systemman user,
for details to see (Optional) Unlock NBI User and Reset the Password.
– S*et WI List to the WI of a set of FusionAccess connected to the UNS. You can
click to add more WIs.
n Set WI name to the name of a WI cluster that corresponds to a set of
FusionAccess interconnected with the UNS. The name must be the same as the
WI cluster name configured on the ITA of the set of FusionAccess.
NOTE
The name of each WI cluster interconnected with the UNS must be unique. In case of
duplicate cluster name, change the WI cluster name on the related ITA to ensure that the
name of the WI cluster interconnected with the UNS is unique.
n Set LB IP to the floating IP address of the LB if the LB is deployed in
FusionAccess connected to the UNS.
n Retain the default value 443 for Port.
n Set WI IP to the service plane IP address of a WI server if the LB is not
deployed in FusionAccess connected to the UNS.
n Retain the default value 443 for Port.
n Set Global to Yes if a WI cluster contains only dynamic pool desktop groups
and the desktop groups can be accessed by the users of the UNS cluster;
otherwise, set this parameter to No. If this parameter is set to Yes, any user can
access a VM through the UNS after passing the authentication on the WI and
the UNS does not need to synchronize the user data from the ITA. If this
parameter is set to No, only the users of the WI cluster can access VMs after
passing the authentication on the WI.
5 After setting the preceding parameters, click OK twice as prompted.
Copy the protocol client matching the version of FusionAccess connected to the UNS to a specified
directory on each UNS server.
NOTICE
For example, if the version of FusionAccess connected to the UNS is V100R002C01, copy
the protocol client matching FusionAccess V100R002C01.
6 Log in to the WI server as user gandalf using the WinSCP tool. Copy the Clients folder
in C:\inetpub\wwwroot\VDesktop on a WI server to /opt/WI/tomcat/WI/ROOT/
plugin on each UNS server.
7 Copy the protocol client of the correct version to other UNS servers in the same way.
----End
Deployment Overview
The deployment solutions for Internet user access are based on deployment solutions II and
IV for intranet user access (see Deployment Schemes of Gateway and Loading Balancing
Components). The following two deployment solutions are available:
l VM deployment with HDP passing through the gateway
In addition to the components required in the deployment solution for intranet user
access, the following components need to be added:
– vAG+vLB: The vAG is used for self-service maintenance access and service
access, and the vLB is used for load balancing. The vAG and vLB are deployed on
the same VM.
– WI: provides a web interface for Internet user access.
l Physical server deployment with HDP passing through the gateway
In addition to the components required in the deployment solution for intranet user
access, the following components need to be added:
– SVN: used for load balancing and service access.
– WI: provides a web interface for Internet user access.
vLB WI
VNC/HDP VNC/HDP
Internal network
access data stream
vAG
FireWall VM
vAG
HDC
External network
access data stream VNC/HDP
VNC/HDP
Internet users vLB
HTTPS REST
HTTPS
Op Load- The vLBs work in active/standby mode, and the vAGs work in load-
era sharing sharing mode.
tin mode
g
mo
de
2. Install the WI component on VMs. For details, see Installing the WI Component.
IP address planning example:
– Service IP address of the first WI server: 192.168.181.71
– Service IP address of the second WI server: 192.168.181.72
3. Install the vAG and vLB components on VMs. For details, see Installing the vAG and
vLB Components.
IP address planning example:
– Service IP address of the first VM (NIC 1): 192.168.181.81
– Management IP address of the first VM (NIC 2): 192.168.180.81
– Service IP address of the second VM (NIC 1): 192.168.181.82
– Management IP address of the second VM (NIC 2): 192.168.180.82
– vLB floating IP address: 192.168.181.80
NOTE
To prevent access from Internet users to the management port of the vAG/vLB server, change the
IP address bound to port 22 of the vAG/vLB server. For details, see Changing the IP Address
Bound to Port 22 of the vAG/vLB Server.
4. Install the vAG server. For details, see Installing the vAG and vLB Components.
IP address planning example for one vAG VM:
– Service IP address (NIC 1): 192.168.181.93
– Management IP address (NIC 2): 192.168.180.93
NOTE
To prevent access from Internet users to the management port of the vAG server, change the IP
address bound to port 22 of the vAG server. For details, see Changing the IP Address Bound to
Port 22 of the vAG/vLB Server.
5. Configure the WI information on the ITA to enable Internet user access. For details, see
Configure the WI, Service Access Gateway config, and Self-help console gateway
config in Configuring Desktop Components.
– If only one public IP address exists, configure port mapping. Table 6-29 describes
the configuration requirements.
NOTE
You are advised to use continuous IP addresses so that the vLB can evenly distribute access
requests to WIs.
Figure 6-56 Networking in which internal and external users are connected
Enterprise
internal users WI
HTTPS REST
VNC/HDP
Internal network access data stream
HTTPS/
VNC/HDP
VM
FireWall SVN
External network access data stream HDC
VNC/HDP
Number of 2
VMs
Indicator WI
VM l Location
specifications The active and standby VMs must be deployed on different CNAs.
l OS Version
Novell SUSE Linux Enterprise Server 11 SP1 64-bit
l Hardware
2 vCPUs/4 GB memory/1 disk/1 NIC
l QoS Settings
– CPU Resource Control
Quota: Select Customize from Quota and set the quota to the
maximum value 128000. This setting guarantees CPU
resources for the management node VMs on a CNA in
resource contention.
– Memory Resource Control
Reserved (MB): Set it to 4096, which is the same as the VM
memory size.
l NIC Settings: Select the port group on the service plane.
l Disk Settings
– Data store: Select unvirtualized data storage resources.
– Configuration mode: Common
– Capacity (GB): 30
NOTE
To improve data reliability, select data stores on different RAID groups for
the VMs working in active/standby mode.
l Retain the default values for other parameters.
3. Install the WI component on VMs. For details, see Installing the WI Component.
IP address planning example:
– Service IP address of the first WI server: 192.168.181.71
– Service IP address of the second WI server: 192.168.181.72
4. Configure WI access information for Internet users on the ITA. For details, see
Configure the WI in Configuring Desktop Components.
Pay special attention to the following parameters:
– WI cluster name: Enter the name of an independent WI cluster exclusively used
for Internet users.
– Service Access Gateway config: Enter the public IP address of the access
gateway and port number 443.
– Self-help console gateway config: Enter the public IP address of the access
gateway and port number 443.
– If only one public IP address exists, configure port mapping. Table 6-32 describes
the configuration requirements.
NOTE
l Port 1 and Port 2 are defined by users. Ensure that the ports are enabled.
l You are advised to use continuous IP addresses so that the SVN can evenly distribute access
requests to WIs.
Scenarios
Install the vAG component. The vAG component serves as the desktop access gateway and
self-service console gateway. If a user cannot log in to the VM, the user can use the VNC self-
service console to log in to the VM.
If VM Deployment with HDP Passing Through the Gateway is used and the number of
users ranges from 500 to 2200, additional vAG VMs need to be deployed to ensure system
reliability.
l If the number of users ranges from 500 to 1000, use one CNA as the gateway cluster, and
create 3 VM to deploy the vAG. The vAG VM specifications are 4 vCPUs and 4 GB
memory.
l If the number of users ranges from 1000 to 2200, create 6 VM on 2 CNA gateway cluster
nodes respectively to deploy vAGs. The vAG VM specifications are 4 vCPUs and 4 GB
memory.
l 3 VMs for 500 to 1000 users
l E6 VMs for 1000 to 2200 users
Prerequisites
Conditions
There are no special conditions for this operation.
Data
There are no special datas for this operation.
Procedure
Install the vAG component.
1 Log in to the first vAG/vLB server using VNC as user root.
2 Enter startTools.
The FusionAccess screen is displayed.
NOTE
You can press ↑ and ↓ to move the cursor up and down.
3 Choose Software > vAG[Option], and press Enter.
4 On the Select an Option screen, choose Install vAG and press Enter.
The system displays "Are you sure you want to install vAG?"
5 Press Enter.
The vAG component is successfully installed if "vAG installed successfully" is
displayed.
6 Press Enter.
vAG/vLB Configuration.
----End
Scenarios
Perform this operation only in Internet user access scenarios. For details about the deployment
solution, see Deployment Solutions for Internet User Access.
Prerequisites
Conditions
The Linux VM has been created and configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Install components.
1 Log in to a VM that is used to install the WI as the root user by using the Virtual
Network Computing (VNC) mode.
2 Enter startTools.
The FusionAccess screen is displayed.
NOTE
– If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
– Press ↑ and ↓ to move the cursor upwards and downwards.
3 Go to the Software directory, select the component to be installed on the VM, and install
the component as prompted. The system displays the following information after the
installation is complete.
WI installed successfully.
Install the Second WI VM.
4 Log in to the Second WI VM as the root user by using the VNC mode.
5 Repeat the previous steps to install the standby WI VM.
----End
7 Appendixes
Scenarios
When the DB is separately deployed from other infrastructure components, such as HDC, you
need to manually configure related information, such as the ITA IP address, DNS, and NTP,
on the DB server.
Prerequisites
Conditions
The GaussDB has been installed.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
ensures time consistency between the FusionCloud desktop system and virtual machines
(VMs).
l If the customer does not provide the external clock source and Huawei provides the
active directory (AD) (the AD is a FusionAccess component), the scheme in which the
AD synchronizes time with the hosts of the active and standby VRMs of FusionCompute
over the management plane is recommended, that is, Scheme 1: AD Synchronizing
Time with hosts of the active and standby VRMs of FusionCompute.
l If the customer provides a stable clock source, no matter whether the AD is provided by
the customer or Huawei, the Scheme 2: Clock Synchronization Scheme When the
Customer Provides a Stable Clock Source clock synchronization scheme is used.
l In the case of desktops without a domain, if the customer provides a stable clock source,
the Scheme 3: Clock Synchronization Scheme When the Customer Provides a
Stable Clock Source in the Case of Desktops Without a domain clock
synchronization scheme is used.
l In the case of desktops without a domain, if the customer does not provide an external
clock source, the scheme in which the time is synchronized from the hosts of the active
and standby VRMs of FusionCompute is recommended, that is, Scheme 4: Time
Synchronized from the hosts of the active and standby VRMs of FusionCompute.
Scheme 1: AD Synchronizing Time with hosts of the active and standby VRMs
of FusionCompute
When the customer does not provide an external clock source and the AD is provided by
Huawei, the AD synchronizes time with the hosts of the active and standby VRMs of
FusionCompute over the management plane, and other components of FusionAccess
synchronize time with the AD, as shown in Figure 7-1.
Figure 7-1 AD synchronizing time with hosts of the active and standby VRMs of
FusionCompute
FusionCompute
Stratum 1 clock
source
VRM
FusionManager FusionAccess
Stratum 2 clock
Stratum 2 clock source
source
AD
Switch
NOTE
If the TCM is not deployed, the customer must provide a clock source for TCs to synchronize
time.
Figure 7-2 Clock synchronization scheme When the customer provides the clock source and
AD
Customer' AD
FusionCompute
Stratum 2 clock
source
FusionManager FusionAccess
Stratum 3 clock
source
Switch
Firewall User
Server SVN Infrastructure VM: TC
VM
WI/HDC/ITA...
Management plane clock signal path
l Configure the VRM and CNA nodes of FusionCompute to synchronize time with the
customer's AD.
l Configure components of FusionAccess to synchronize time with the customer's AD.
l Configure FusionManager to synchronize time with the CNA where the VRM of
FusionCompute is deployed.
l Configure servers, firewalls, switches, IP SAN, and SVN to synchronize time with
FusionManager.
l Configure user VMs and infrastructure VMs, including the TCM, to synchronize time
with the AD.
l Configure the TCM as a stratum 2 clock source so that TCs can synchronize time with
the TCM.
NOTE
If the TCM is not deployed, the customer must provide a clock source for TCs to synchronize
time.
Figure 7-3 Clock synchronization scheme when the customer provides the clock source and
Huawei provides the AD
FusionCompute
Stratum 2 clock
source
FusionManager FusionAccess
Stratum 3 clock Stratum 2 clock
source source
AD
Switch
NOTE
If the TCM is not deployed, the customer must provide a clock source for TCs to synchronize
time.
Figure 7-4 Clock synchronization scheme when the customer provides a stable clock source
in the case of desktops without a domain
FusionCompute
Stratum 2
clock source
FusionAccess
Stratum 3
clock source
TCM
DB/WI/HDC/LIC/vAG/ User VM ITA/Loggetter
vLB infrastructure VM Infrastructure VM
TC
l Configure the database, Web interface (WI), Huawei Desktop Controller (HDC), license,
virtual access gateway (vAG), and virtual load balancer (vLB) Linux infrastructure VMs
to synchronize time with the customer's clock source.
l Configure user VMs and Windows infrastructure VMs, including the ITA and Loggetter,
to synchronize time with the CNA where the VRM of FusionCompute is deployed.
l Configure user VMs to automatically synchronize time the CNA where the VRM of
FusionCompute is deployed.
l Configure the TCM as a stratum 3 clock source so that TCs can synchronize time with
the TCM.
NOTE
If the TCM is not deployed, the customer must provide a clock source for TCs to synchronize
time.
Scheme 4: Time Synchronized from the hosts of the active and standby VRMs of
FusionCompute
When no AD is deployed, that is, desktops without a domain are used, and the customer does
not provide an external clock source, the scheme in which components of FusionAccess
synchronize time with the hosts of the active and standby VRMs of FusionCompute is used,
as shown in Figure 7-5.
Figure 7-5 Time synchronized from the hosts of the active and standby VRMs of
FusionCompute
Stratum 1
FusionCompute
clock source
VRM
FusionAccess Stratum 2
clock source
TC
Scheme Overview
The Global Server Load Balancing (GSLB) can adjust the traffic between servers in different
locations on wide area networks (WANs), including the Internet, to ensure that each user can
enjoy the services provided by the nearest server and guarantee the best service quality.
Based on data loads such as the CPU usage and bandwidth usage, the GSLB can determine
the link between the user (visitor) and the server, and select the server with the best link.
Common GSLB policies include the DNS-based policy, redirection-based policy, and routing
protocol-based policy.
This section describes the DNS-based GSLB policy. Most applications using the load
balancing technology access the target host using domain names. After an application
connection request is sent, the DNS obtains the server IP address and then returns the service
IP address of the most appropriate server based on intelligent decision-marking, ensuring the
proper running of services.
The service processing capability is the concern of the GSLB service redundancy disaster
recovery (DR) solution, that is, the GSLB service redundancy DR solution ensures the
continuous service operation after a disaster occurs. In other words, a DR center equivalent to
the production center is constructed in a DR site (these two centers can work in the load
sharing mode) to ensure that services provided by the information system can run
continuously.
In the FusionCloud Desktop Solution, the GSLB selects the data center that distributes
desktop resources to users, ensuring that users can connect to their desktops. Based on the
running status of the data center and geographical positions of users, the GSLB selects
policies to implement automatic load balancing and DR switchover among data center
desktops.
Solution, user VMs must be configured with the same performance and specifications to
ensure the continuous running of services after DR switchover.
Figure 7-6 describes the recommended networking of the GSLB service redundancy DR
solution.
TCs in physical site A can access VMs in data center A using GSLB_A. Data center B is the
service DR site of data center A.
TCs in physical site B can access VMs in data center B using GSLB_B. Data center A is the
service DR site of data center B.
Access to WI
Component communication
Cross-region communication
TC_A TC_B
GSLB_A GSLB_B
Site A Site B
LB_A LB_B
Working principles:
1. On the TC, set the IP addresses of the active and standby DNS to the GSLB IP addresses
of the two data centers. The GSLB resolves the domain name.
2. The GSLB monitors the running status of data centers. The domain name is usually
resolved as the access IP address of the active data center where the user locates. This
allows the user access request to be routed to the active user desktop.
3. The GSLB is configured with the DNS resolution policy, which provides the intelligent
resolution based on the source IP address of TCs. For example, if the source IP address
of a user belongs to the IP address segment A, the data center whose IP address belongs
to segment A is the active data center for the user and the data center whose IP address
belongs to segment B is the standby data center for the user. Similarly, if the source IP
address of a user belongs to the IP address segment B, the data center whose IP address
belongs to segment B is the active data center for the user and the data center whose IP
address belongs to segment A is the standby data center for the user. This enables the
user to log in to the VM of the active data center as the preferred choice.
4. The two data centers share the same VM username and password to ensure uninterrupted
services. Therefore, it is recommended that unified AD domain controllers be used.
When a user changes the password, the AD domain controllers synchronize the data. The
AD domain controller of site A is configured in data center A while the AD domain
controller of site B is configured in data center B to ensure that the AD domain controller
in data center B can take over services when the AD domain controller in data center A
is faulty.
5. Virtual desktops are distributed in pool mode to fully use VM resources. VMs are not
bound to users.
6. Maintenance operations, such as the upgrade and patch installation, must be performed
on the two data centers respectively. If the two data centers are in the same AD domain,
data can be synchronized using the data copying mechanism.
GSLB DR Solution
Working principles:
1. When the TC detects a fault on the GSLB providing active DNS services, the system
automatically sends the DNS request to the GSLB providing the standby DNS services.
The GSLB resolves the request to the access IP address of the standby virtual desktop of
the user. The user can use this IP address to access the virtual desktop of the standby data
center.
2. After the fault is rectified, the new DNS request is sent to the GSLB providing active
DNS services. The DNS resolves the request to the IP address of the active site so that
the user can use the original active virtual desktop.
3. When the LB is faulty or all WIs are faulty on the active site, the GSLB of the active site
sends the login request to the LB of the standby site. Then the user can log in to the VM
of the standby site to continue services. After the fault is rectified, the user can log in to
the VM of the active site as the preferred choice.
Deployment Requirements
Table 7-1 describes the component deployment requirements.
GSLB device The GSLB device provides the intelligent DNS function and
can select a site based on the source IP address of the TC.
Configuration Process
The following uses NetScaler as an example.
1. Log in to the active NetScaler configuration management page, import the GSLB license
file, and start the GSLB service.
2. Add the GSLB IP address that is planned to the active NetScaler.
3. Create a local site and a remote site on the active NetScaler.
4. Configure a local GSLB service and a remote GSLB service on the active NetScaler.
5. Configure a local GSLB virtual server on the active NetScaler.
6. Create a DNS server on the active NetScaler, and set the DNS IP address to the GSLB IP
address.
7. Create a static table file based on the TC IP address segment that is planned, and import
the static table to NetScaler. This allows the user in the TC IP address segment of site A
to access site A as the preferred choice. Similarly, the user in the TC IP address of site B
can access site B as the preferred choice.
8. Configure the GSLB DR on site B in the same way.
NOTE
l For details about the NetScaler installation and configuration, see NetScaler GSLB Configuration
Guide.
l For the GSLB service DR deployment of F5 and Array, see the installation and configuration
process of NetScaler.
Scheme Overview
The gateway and loading balancer functions are as follows:
l Load balancer
The load balancing function can be implemented by the vLB or SVN. Load balancers are
used to allocate users' HTTP(S) requests to different WIs. In addition, load balancer can
automatically perform health check for the WIs to ensure that user requests can be
allocated to available WIs.
l Gateway
The gateway function can be implemented by the vAG or SVN. The gateway is used for
service access over Huawei Desktop Protocol (HDP) and self-help maintenance access.
In addition, the gateway encrypts client access to enhance the system security.
NOTICE
If the gateway is not configured, user data is not encrypted and leakage risks exist.
The vAG and components are deployed on VMs, while the SVN component is deployed on a
specified hardware server. Select a deployment scheme based on user types:
l For the deployment scheme used when enterprise internal users are involved, see Table
7-2.
l For the deployment scheme used when Internet users are involved, see Deployment
Solutions for Internet User Access.
Scenario 2: VM deployment is vAG/v l When the number of users is less than 500,
adopted and HDP passes LB deploy two vAG/vLB VMs in the
through the gateway. vAG management cluster.
l When the number of users ranges from 500
to 1000, deploy a gateway cluster, add one
CNA to the gateway cluster, and create
three VMs to deploy the vAG components.
The vAG VM specifications are 4 vCPUs
and 4 GB memory.
l When the number of users ranges from
1000 to 2200, deploy a gateway cluster, add
two CNAs to the gateway cluster, create six
VMs to deploy the vAG components, and
create two vAG VMs in the management
cluster. The vAG VM specifications are 4
vCPUs and 4 GB memory.
l When the number of users is more than
2200, contact Huawei technical support to
provide a deployment scheme.
Scenario 1: VM deployment is adopted and HDP does not pass through the
gateway.
In this scenario, the vLB implements load balancing for WIs, the vAG functions as a self-help
maintenance gateway, HDP does not pass through the vAG, and clients directly communicate
with the VM desktop protocol service. Figure 7-7 shows the networking.
WI HDC
vLB
VNC VNC
FireWall vAG
HDP
VM
Number of VMs 2
l First VM: deploys the vAG and vLB.
l Second VM: deploys the vAG and vLB.
Operating mode Two vLB VMs are in active/standby mode, and two vAG VMs are
in load balancing mode.
Data planning For the vAG/vLB data planning requirements, see FusionAccess
Data.
WI HDC
vLB
VNC/HDP
VNC/HDP
VM
FireWall vAG
Each vAG VM supports 500 users. To ensure reliability, deploy an independent vAG server
when the number of users exceeds 500. This independent vAG server is used to ensure that
users can access virtual desktops properly when a vAG is faulty. Table 7-4 describes the
deployment requirements.
Number of 2 5 8
VMs l First VM: deploys l First and second l First and second
the vAG and vLB. VMs: The vAG and VMs: The vAG and
l Second VM: vLB components vLB components
deploys the vAG are deployed on the are deployed on the
and vLB. same VM. The two same VM. The two
VMs must have the VMs must have the
same deployment. same deployment.
l Other three VM: l Other six VMs:
Only the vAG is vAGs are deployed
deployed. based on the same
deployment
requirements.
Operating Two vLB VMs are in active/standby mode, and vAG VMs are in load
mode balancing mode.
Data planning For the vAG/vLB data planning requirements, see FusionAccess Data.
vAG data planning requirements (use one vAG VM as an example):
l Service IP address (NIC 1): 192.168.181.91
l Management IP address (NIC 2): 192.168.180.91
Scenario 3: SVN deployment is adopted and HDP does not pass through the
gateway.
In this scenario, the SVN implements load balancing for WIs and functions as a self-help
maintenance gateway, HDP does not pass through the SVN, and clients directly communicate
with the VM desktop protocol service. Figure 7-9 shows the networking.
HTTPS REST
WI HDC
VNC\HTTPS VNC
FireWall SVN
HDP
VM
For details about the SVN operations, see HUAWEI SVN2000&5000 V200R001C01 Web
Typical Configuration Examples 02. The document can be obtained from Product Support >
Enterprise Networking > Security > Firewall & VPN Gateway > SVN5000 > SVN5530-
C1.
Scenario 4: SVN deployment is adopted and HDP passes through the gateway.
In this scenario, the SVN implements load balancing for WIs and functions as a self-help
maintenance gateway and service access gateway. Figure 7-10 shows the networking. The
SVN virtual gateway can be used for the access of terminals from the Internet.
SVN HD VM
FireWall P
VM
For details about the SVN operations, see HUAWEI SVN2000&5000 V200R001C01 Web
Typical Configuration Examples 02. The document can be obtained from Product Support >
Enterprise Networking > Security > Firewall & VPN Gateway > SVN5000 > SVN5530-
C1.
Scenarios
If the existing AD, DNS, and DHCP components are used, perform the following operations:
l Set AD, DNS, and DHCP port policies on the firewall.
l Create domain accounts on the AD server and set account rights.
l Configure the forward and reverse lookup functions on the DNS server.
Prerequisites
Conditions
The existing AD/DNS/DHCP server is running properly.
NOTE
l FusionAccess is compatible with AD servers that run only Windows Server 2003 and Windows
Server 2008 R2 and Windows Server 2012 R2.
l You need to configure clock synchronization on the AD server.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Set firewall ports.
1 If firewalls have been configured between infrastructure VMs and the AD, DNS, and
DHCP components, set AD, DNS, and DHCP port policies on the firewalls. For the port
setting requirements, see FusionAccess Communication Matrix.
Create domain accounts on the AD server and set account rights.
2 Log in to the active AD server as the administrator.
3 Create domain accounts and set account rights. For details, see Creating Domain
Accounts.
Configure the DNS forward and reverse lookup functions.
4 Log in to the active DNS server as the administrator.
5 Choose Start, enter DNS in the Search programs and files text box, and press Enter.
The DNS Manager window is displayed.
6 In the navigation tree, choose DNS > Computer name > Forward Lookup Zones.
Right-click the infrastructure domain, for example, vdesktop.huawei.com, and choose
New Host from the shortcut menu.
7 Enter the host information, select Create associated pointer (PTR) record, and click
Add Host, as shown in Figure 7-11.
Set the following parameters in the New Host dialog box:
– Name: Enter the HDC VM name. The value must be the same as the value of HDC
Name.
– IP address: Enter the HDC service plane IP address.
– Select Create associated pointer (PTR) record to add reverse lookup data at the
same time.
8 If multiple HDCs are deployed in load-sharing mode, repeat 7 to configure forward and
reverse lookup data for each HDC.
9 Repeat 7 to configure the mapping between the vLB floating IP address and the user
login domain name.
– Name: Enter the prefix of the user login domain name. For example, if the
infrastructure domain name is vdesktop.huawei.com, enter fusionaccess in Name.
Fully qualified domain name (FQDN) changes to
fusionaccess.vdesktop.huawei.com.
– IP address: Enter the floating IP address of the VM where the vLB component is
installed.
– Select Create associated pointer (PTR) record to add reverse lookup data at the
same time.
10 (Optional) If (Optional) Deploying the UNS is performed, repeat 7 to configure the
mapping between the vLB floating IP address or GSLB load balancing IP address and
the unified login domain name of end users.
Set the following parameters:
– Name: Enter the prefix of the unified login domain name of end users. For
example, if the infrastructure domain name is vdesktop.huawei.com, enter UNS in
Name. Fully qualified domain name (FQDN) changes to
UNS.vdesktop.huawei.com.
– IP address: Enter the vLB floating IP address or the GSLB IP address.
– Select Create associated pointer (PTR) record to add reverse lookup data at the
same time.
11 (Optional) In the navigation tree, choose DNS > Computer name > Forward Lookup
Zones. Right-click the infrastructure domain, for example, vdesktop.huawei.com, and
choose Properties from the shortcut menu. If Dynamic updates is None on the General
tab, as shown in Figure 7-12, repeat 7 to set the following parameters:
– Forward and reverse lookup data of the active and standby ITA servers:
n Name: Enter the VM name of the active and standby ITA servers.
n IP address: Enter the service plane IP address of the active and standby ITA
servers.
n Select Create associated pointer (PTR) record to add reverse lookup data at
the same time.
– Forward and reverse lookup data of the active and standby AD servers:
n Name: Enter the VM name of the active and standby AD servers.
n IP address: Enter the service plane IP address of the active and standby AD
servers.
n Select Create associated pointer (PTR) record to add reverse lookup data at
the same time.
12 Click Done to close the New Host window. In the navigation tree, expand Reverse
Lookup Zones, right-click Reverse IP address segment, and choose Refresh from the
shortcut menu. Check that the DNS reverse lookup information is automatically added.
Check the AD server status.
13 Check the AD and DNS server status using the AD check tool in Huawei vTools. For the
check items that do not meet requirements, contact the customer for assistant.
You can obtain the tool from:
– For enterprise users, visit http://support.huawei.com/enterprise and choose
Software > IT > FusionCloud > FusionAccess > FusionAccess >
V100R005C30SPCxxx > V100R005C30SPCxxx
– For telecom carrier users, visit http://support.huawei.com and choose Software >
Carrier IT > FusionCloud > FusionAccess > FusionAccess > FusionAccess
----End
Configure domain In high security mode such as account separation, you need
administrator in Creating to add Tomcat service domain account, for example,
Domain Accounts ITAServiceUser, to Domain Admins and DHCP Users.
Install the backup tool in In high security mode such as account separation, you need
Installing the Backup to enter Log service domain account in Shared domain
Tool and Performing user, for example, vdesktop\LogServiceUser.
Security Hardening
Add the domain account In high security mode such as account separation, add the
to the administrator following accounts to the administrator group:
group in Installing the l Tomcat service domain account (for example, vdesktop
ITA Component \ITAServiceUser)
l ITADomain accounts for logging in to infrastructure
servers (for example, vdesktop\itauser)
Install the ITA service in In high security mode such as account separation, you need
Installing the ITA to enter Tomcat service domain account and the
Component corresponding password in Username on the Configuration
Page, for example, vdesktop\ITAServiceUser and
Huawei@123.
Install the backup tool in In high security mode such as account separation, you need
Installing the ITA to enter Log service domain account in Shared domain
Component user, for example, vdesktop\LogServiceUser.
Add domain accounts to In high security mode such as account separation, add the
the administrator group following accounts to the administrator group:
in Install the Loggetter l Tomcat service domain account (for example, vdesktop
service. \ITAServiceUser)
l Domain accounts for logging in to infrastructure
servers(for example, vdesktop\loguser)
l Log service domain account (for example, vdesktop
\LogServiceUser)
Install the Loggetter In high security mode such as account separation, you need
service in Installing the to enter Log service domain account and the corresponding
Loggetter Component password in Username on the Configuration Page, for
example, vdesktop\LogServiceUser and Huawei@123.
Scenarios
Upgrade the PV Driver after installing FusionCompute.
NOTE
If FusionAccess connects to FusionSphere V100R005C00SPC30X or FusionSphere
V100R003C10SPC60X, install the matched FusionSphere SIA software (used to upgrade the PV
Driver) after installing FusionSphere. Otherwise, the PV Driver may fail to be installed.
Prerequisites
Conditions
FusionCompute has been installed.
Data
For details about key data and parameters, see the description given in specific procedures.
Software
Table 7-10 lists software to be obtained before the PV Driver is upgraded.
Procedure
5 On the Configure Software Package Directory page, click Browse and select a
software package directory. See Figure 7-15.
NOTE
– Select the PV Driver compressed file of the latest version. The latest version is V1.2.10.150.
– The software package path must be an absolute path, for example, D:\pvdriver\UpdateTool
\pvdriver-patch-1.3.10.38-462.zip.
– If the path is incorrectly displayed, click Help and choose FAQ > Incorrect Drive Letter
Displayed for Software Package Path in the upper right corner of the upgrade tool.
NOTE
Select the PV Driver compressed file of the latest version. You need to manually enter the software
package directory.
6 Click Next.
The software packages is being verified.
7 On the Configure Node Information page, enter related information as prompted. Click
Verify Parameters to verify parameters, such as the username and password. Click
Create Project to create a project. See Figure 7-16.
NOTE
On the upgrade tool page, choose Help > Tool Introduction to obtain the configuration
information about nodes.
8 In the node list, click PV Driver, select the CNA nodes to which the software package is
distributed, and click Distribute Software Package. In the Information dialog box that
is displayed, click OK.
The software package is being distributed. The distribution progress is displayed in the
right pane, as shown in Figure 7-17.
9 Select the CNA nodes to be checked and click Upgrade Check. In the Information
dialog box that is displayed, click OK.
The upgrade check starts. A progress bar is displayed indicating the upgrade check
progress.
NOTE
If the upgrade check fails, click Details to view the prompt information. If Failed to query
information about the components. is displayed, ignore the error and go to the next step.
10 Select the CNA nodes to be upgraded and click Upgrade.
The Information dialog box is displayed.
11 Click OK.
The upgrade progress is displayed, as shown in Figure 7-18.
NOTE
You can ignore the upgrade status because it does not affect subsequent operations.
----End
Scenarios
Change the IP address bound to port 22 of the vAG/vLB server or the vAG server to the
management plane IP address of the vAG/vLB server or the vAG server, to prevent access
from Internet users to the management plane of the vAG/vLB server or the vAG server.
Prerequisites
Conditions
You have obtained the root account for logging in to the vAG/vLB server or the vAG server.
Data
None
Procedure
1 Log in to the vAG/vLB server or the vAG server as user root by using virtual network
computing (VNC).
2 Run the following command to disable logout on timeout:
TMOUT=0
3 Run the following command to open the file sshd_config.
vi /etc/ssh/sshd_config
----End
Scenarios
Change the time zone of Linux infrastructure VMs.
Prerequisites
Conditions
Linux infrastructure VMs have been created and configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
NOTE
You can press ↑ and ↓ to move the cursor up and down.
3 Select System > Set Timezone.
The Set Timezone screen is displayed, as shown in Figure 7-20.
7 Click OK.
8 Select Reboot Server and press Enter.
9 Press F8.
The infrastructure VM is restarted to make the new time zone take effect.
----End
Prerequisites
Conditions
Linux VMs have been created and configured.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
switches to the login page of the FusionManager. Log in to the FusionManager as user
geadmin, you can enter the FusionCompute and perform operations. However, multiple users
cannot log in to the FusionCompute using the same account.
NOTE
After the alarm reporting function configuration, you need to configure it again if either of the following
events occurs:
l When the FusionManager is deployed working in active and standby mode, the floating IP address
of the management plane is changed.
l When the FusionManager is deployed working in standalone mode, the management IP address is
changed.
Prerequisites
Conditions
l You have obtained the management IP addresses and floating IP address of the active
and standby VRMs when two VRMs are deployed on one site, or the management IP
address of the VRM when one VRM is deployed on one site.
l You have obtained the floating IP addresses of the FusionManager nodes
l A tool that can be used for remote access on various platforms, such as PuTTY, is
available.
Data
Data preparation is not required for this operation.
Procedure
NOTICE
Before you configure SSO, ensure that the rights management modes of FusionCompute
and FusionManager are the same.
If FusionCompute is set to rights separation mode, SSO can take effect only after
FusionManager is set to the same rights management mode.
If the rights management modes of the two systems are different, FusionCompute logins
may fail due to inconsistency between accounts and roles after SSO is enabled.
– If yes, go to 4.
– If no, go to 5.
4 Select Enable SSO on the right of SSO Configuration.
5 Click Save.
A dialog box is displayed.
6 Click OK.
A dialog box is displayed.
7 Click OK.
FusionManager connection configuration is complete.
----End
Scenarios
Verify the software packages using OpenPGP.
Prerequisites
Conditions
You have obtained the software package to be verified and the verification file. The
verification file has the same file name as the software package, and the file name extension is
asc.
Data
Data preparation is not required for this operation.
Software
Procedure
Step 1 Verify digital Signature files of software packages according to the OpenPGP Signature
Verification Guide.
----End
Scenarios
Change the password of the GaussDB administrator account.
To enhance data security, you are advised to periodically change the password of the
GaussDB administrator account.
NOTE
l The GaussDB has three accounts: GaussDB administrator account, Huawei Desktop Controller
(HDC) database instance account, and IT adapter (ITA) database instance account. This topic
describes how to change the password of the GaussDB administrator account.
l The GaussDB administrator account is automatically created during database installation. The
usernames are gaussdba and fauser, and password is Huawei@123.
Prerequisites
Conditions
The username and password for logging in to the DB server have been obtained.
Data
Table 7-12 lists the data to be obtained.
New password The password must conform to the following rules: Huawei123!
l Contains at least one uppercase letter (A-Z), one
lowercase letter (a-z), one digit (0–9), and one
special character (such as ~!@#$%^&*()-_=+\|
{};:'",<.>/? and space).
l Contains 8 to 32 characters.
l Cannot be the same as the recent three passwords.
l Cannot contain the username or reversed
username.
Procedure
Switch to the configuration page.
1 Log in to the VM where the active GaussDB server is located using Virtual Network
Computing (VNC) as user root.
NOTE
The server which the floating IP address is associated with is the active GaussDB server.
2 Run the sh /opt/InstallTools/startTools command.
5 Press Enter.
When Password changed successfully is displayed, changing the login password is
complete.
6 Press Enter.
----End
Scenarios
Manually enable firewalls for Windows infrastructure virtual machines (VMs).
Firewalls need to be enabled only when the desktop cloud system is in a high risk
environment or to meet enterprise standard requirements on the desktop cloud system.
NOTE
This operation applies to the Windows infrastructure VMs of the IT adapter (ITA) and Loggetter in the
desktop cloud system.
Prerequisites
Conditions
The domain account and password for logging in to the Windows infrastructure VMs have
been obtained.
Data
Data preparation is not required for this operation.
Procedure
6 Click OK.
Close the dialog boxes and windows.
7 Choose Start > Run.
The Run window is displayed.
8 In the Open text box, enter gpedit.msc, and press Enter.
The Local Group Policy Editor window is displayed.
9 In the navigation tree, choose Computer Configuration > Windows Settings >
Security Settings > Windows Firewall with Advanced Security > Windows Firewall
with Advanced Security – Local Group Policy Object.
The Overview pane is displayed on the right.
10 Click Windows Firewall Properties.
The Windows Firewall with Advanced Security – Local Group Policy Object
Properties dialog box is displayed.
11 On the Domain Profile tab page, set Firewall state to Not configured, as shown in
Figure 7-24.
Figure 7-24 Windows Firewall with Advanced Security – Local Group Policy Object
Properties
12 Click OK.
This command is used to add the firewall port used by the FusionAccess to the firewall
exception.
NOTE
Close all windows. The firewall is enabled for the Windows infrastructure VM of the
ITA server.
19 Repeat 1 to 18 to enable the firewall for the Windows infrastructure VM of the
Loggetter.
----End
Scenarios
Log in to a server using PuTTY through a serial port.
Prerequisites
Conditions
The PC is connected to the server by a serial cable.
Data
Table 7-13 lists the data required for performing this operation.
Tools
The PuTTY 0.6 or later is available. You can obtain this tool from http://www.putty.org/.
Procedure
Step 1 Double-click PuTTY.exe.
The PuTTY Configuration dialog box is displayed.
Step 2 In the navigation tree on the left, choose Connection > Serial.
Step 5 Select Serial from Connection type in the right pane, and click Open.
The PuTTY operation page is displayed. login as: is displayed for you to enter a username.
NOTE
The login as: message is not displayed for entering the username and password when you log in to a
switch. The switch name will be displayed on the left of the command prompt after you press Enter.
Step 6 Enter the username on the right of login as, and press Enter.
Step 7 Enter the password on the right of Password, and press Enter.
After you log in to the server, the host name of the server is displayed on the left of the
command prompt.
----End
Scenarios
Configure network security policies to isolate user VMs from the system management plane
network.
There are two types of network security policies:
l Aggregation switch security policy
S5752 switches in stacking mode are as an example. The operations on switches of other
models are similar.
l Firewall security policy
For details, see FusionCloud Desktop V100R005C30 Firewall Security Policies 01.
The document can be obtained from Support > Product Support > IT > FusionCloud
> FusionAccess > FusionAccess > V100R005C30 at http://support.huawei.com/
enterprise.
Prerequisites
Conditions
A PC that has a remote access tool (such as PuTTY) installed is available.
Data
Table 7-14 and Table 7-15 list the data to be obtained before this operation.
0 to
Health check tool (HTTP) TCP 8800
65535
0 to
Health check tool (HTTPS) TCP 8803
65535
0 to
Health check tool (AJP) TCP 8801
65535
0 to
UHM portal (HTTP) TCP 8088
65535
0 to
UHM portal (HTTPS) TCP 9443
65535
0 to
FusionManager HAMon web port (HTTP) TCP 5790
65535
0 to
FusionManager HAMon web port (AJP) TCP 5799
65535
Sourc Destin
Prot
Name e ation
ocol
Port Port
0 to
VRM port (HTTP) TCP 7070
65535
0 to
VRM port (HTTPS) TCP 7443
65535
0 to
FusionManager/FusionCompute portal (HTTP) TCP 80
65535
0 to
FusionManager/FusionCompute portal (HTTPS) TCP 443
65535
0 to TCP
Security hardening port 2399
65535 UDP
0 to TCP
Port for remotely mounting the CD/DVD-ROM drive 25110
65535 UDP
0 to
ITAC (HTTP) TCP 8081
65535
0 to
ITAC (HTTPS) TCP 8448
65535
0 to
ITA alarm northbound interface TCP 8773
65535
0 to
ITA northbound interface (REST) TCP 7773
65535
0 to
ssh TCP 22
65535
0 to
telnet TCP 23
65535
0 to 5900 to
VNC TCP
65535 6155
NOTE
This topic uses the data in Table 7-14 and Table 7-15 as examples to describe how to configure network
security policies.
Procedure
Log in to the active switch through the CONSOLE port.
1 Run the PC terminal emulator to create a serial port connection between the PC and the
switch.
– Port on the switch: CONSOLE port on the right of the front panel
– Serial Line to connect to: COM1 (example only)
– Speed (baud): 9600
– Connection type: Serial
NOTE
If "Info: There is no response because the system is in the slave state." is displayed, the current switch is
in standby mode. Connect to the active switch.
Configure network security policies.
2 Run the following command to switch to the system view:
<Quidway> system-view
3 Run the following commands to configure the active switch based on the data plan:
#Open the view of the advanced access control list (ACL) by name,
and name the ACL securityAcl.
acl name securityAcl advance
quit
----End
Scenarios
When configuring desktop cloud addresses on the FusionManager portal, perform this
operation if the administrator's PC and the desktop cloud management plane do not belong to
the same network segment.
Prerequisites
Conditions
There are no special conditions for this operation.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Step 1 Use an administrator account to log in to the active ITA infrastructure VM to which the local
administrator account belongs.
Step 2 On the active ITA VM, click Start and enter cmd in the Search the Programmes and files,
and click Enter to enter the CMD interface.
Step 3 Query the network interface card (NIC) media access control (MAC) address of the
infrastructure VM based on the IP address segment of the management plane:
Run the following command:
ipconfig /all
For example, if the IP address segment of the system management plane is 192.168.1.XXX,
information similar to the following is displayed:
Ethernet adapter Local Area Connection 2:
According to the command output, the management NIC MAC address of the infrastructure
VM is 28-6E-D4-88-B2-BE.
Step 4 Query the management NIC interface index based on the management NIC MAC address.
Run the following command:
route print
For example, if the management NIC MAC address of the infrastructure VM is 28-6E-D4-88-
B2-BE, information similar to the following is displayed:
===========================================================================
Interface List
14...28 6e d4 88 b2 be ......Xen Net Device Driver #2
12...28 6e d4 88 b2 bd ......Xen Net Device Driver
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================
According to the command output, the management NIC interface index is 14.
Step 5 Add routes between the network segment of the local computer and the network segment of
the desktop cloud management plane.
Run the following command:
route -p add Network segment of the system administrator's PC mask Subnet mask of the
network segment for system administrator's PC Management plane gateway of the desktop
cloud if Management NIC interface index
As shown in Figure 7-25, the system administrator accesses FusionManager from the
network segment 192.168.5.0/24, the management plane gateway is 192.168.1.1, and the
management NIC interface index is 14. Run the following command:
Access
Access
switch
switch
... ...
Step 6 If the system administrator needs to access FusionManager from multiple network segments,
add routes for all the network segments.
For details, see Step 5.
Step 7 Repeat Step 2 to Step 6 to add route data on the standby AD, active ITA, and standby ITA in
sequence.
----End
Scenarios
Configure your browser to enable successful access to FusionAccess.
Prerequisites
Conditions
The FusionAccess home page cannot be displayed properly.
Data
Data preparation is not required for this operation.
Procedure
Perform operations based on the browser type.
1 Enter the FusionAccess address in the address box of your browser and press Enter.
2 Determine the operations to be performed based on the browser type.
– If Internet Explorer is used, go to 3.
– If Mozilla Firefox is used, go to 16.
– If Google Chrome is used, go to 28.
NOTE
– If yes, go to 17.
– If no, no further action is required.
17 Record the IP address and port number displayed, as shown in the red box in Figure
7-26.
Scenarios
Set Internet Explorer before logging in to the FusionManager the first time. After the setting,
you can use Internet Explorer to perform operations on the FusionManager.
This section uses Internet Explorer 9.0 as an example to describe how to configure Internet
Explorer settings.
Prerequisites
Conditions
l The version of Internet Explorer used for logging in to the FusionManager is 9.0 or 10.0.
l You have obtained the floating IP address of the FusionManager.
Data
Data preparation is not required for this operation.
Procedure
30 Click OK.
You need to restart the browser to make the settings take effect.
31 Check whether the terminal used to log in to FusionManager run the Windows Server
2008 OS.
– If yes, go to 32.
– If no, no further action is required.
Scenarios
Set Mozilla Firefox browser before logging in to the the first time. After the setting, you can
use Firefox browser to perform operations on the .
Prerequisites
Conditions
l You have obtained the IP address of the .
Data
Data preparation is not required for this operation.
Procedure
Scenarios
Set Internet Explorer browser before logging in to FusionCompute the first time. After the
setting, you can use Internet Explorer to perform operations on FusionCompute.
This section uses Internet Explorer 9.0 as an example to describe how to configure Internet
Explorer settings.
If you have configured Internet Explorer, do not configure Google Chrome, because Google
Chrome inherits all the Internet Explorer settings, such as certificate settings.
NOTE
If the security certificate has not been installed during Internet Explorer configuration, the browser may
prompt users with a web page display exception message when they log in to FusionCompute for the
first time or log in to VMs using Virtual Network Computing (VNC). In this case, press F5 to refresh the
web page.
Prerequisites
Conditions
l The Internet Explorer browser used for logging in to FusionCompute is an official
release from Internet Explorer 9.0 to Internet Explorer 11.0.
l You have obtained the IP address of the VRM node.
Data
Data preparation is not required for this operation.
Procedure
Enter the login page.
1 Open Internet Explorer.
2 Enter http://IP address of the VRM node and press Enter.
NOTE
– If the local PC uses the Windows Server 2003 or Windows XP operating system (OS),
connection to FusionCompute from the PC using the Hypertext Transfer Protocol Secure
(HTTPS) protocol may file. In such cases, if the connection is triggered through an Internet
Explorer browser, the PC prompts the user to choose a digital certificate. If the connection is
triggered through a Google Chrome browser, the PC displays a message indicating that the
server certificate is invalid. To address this issue, see http://support.microsoft.com/kb/
968730/zh-cn.
– The HTTPS protocol used by FusionCompute supports only TLS 1.0. If SSL 2.0, SSL 3.0,
TLS 1.1, or TLS 1.2 is used, the FusionCompute system cannot be accessed. You must open
the browser, choose Internet Options > Advanced > Security, and select only Use TLS 1.0
among the protocols.
– If Internet Explorer slows down after running for a period of time and no data is required to be
saved, press F6 on the current page to move the cursor to the address bar of the browser. Then,
press F5 to refresh the page and increase the browser running speed.
3 Click Continue to this website (not recommended).
In common mode, the FusionCompute login page is displayed, as shown in Figure 7-27.
In single sign-on (SSO) mode, the FusionManager login page is displayed, as shown in
Figure 7-28.
12 Click OK.
13 Click OK in the Certificate dialog box.
The browser page is displayed.
Delete historical data.
14 Press Ctrl+Shift+Delete.
The Delete Browsing History dialog box is displayed.
15 Select the following options:
– Preserve Favorites website data
– Temporary Internet files
– Cookies
– History
16 Click Delete.
Historical data is deleted.
Configure compatibility view settings.
17 Press Alt to show the menu bar and choose Tools > Compatibility View Settings on the
menu bar.
The Compatibility View Settings dialog box is displayed.
18 Click Add.
The address for logging in to the current system is added to the compatibility view.
19 Click Close.
20 Close Internet Explorer, open it again, and log in to the .
The settings take effect after the browser is restarted.
----End
Scenarios
When a VM is faulty, log in to the VM using virtual network computing (VNC) from the
FusionCompute to troubleshoot the VM. For details about the default VNC login mode
configuration, see Configuring the VNC Login Mode.
The VM must be in the Running, Migrating, Hibernating, or Stopping state and has no
attached.
NOTE
l If an administrator has logged in to a user VM using VNC, the VM user cannot log in to the VM.
l Declaration: This feature is a high-risk feature. Using this feature complies with industry
practices. However, end user data may be required for implementing the feature. Exercise caution
and obtain end user's consent when using this feature.
This operation involves VM user privacy issues. Ensure that your login complies with local laws.
l If operations have been performed to migrate or power cycle a VM after you log in to the VM
using noVNC, the noVNC window cannot be automatically reconnected after the VM migration or
power cycling. Therefore, you must close the noVNC window and log in to the VM using noVNC
again after the VM is successfully migrated or power cycled.
l If the login fails, see VNC Login Troubleshooting.
Prerequisites
Conditions
l You have logged in to the FusionCompute.
Procedure
Search for a VM.
1 On the FusionCompute, choose VM and Template.
The VM and Template page is displayed.
2 Select VM in the navigation tree on the left, enter the search criteria on the VM page,
and click Search.
The query result is displayed.
ID, Name, Status, Type, IP Address, MAC Address, are optional.
DR VM and placeholder VM apply only to the host-based remote replica DR scenario.
For details about how to query a DR VM or placeholder VM, see the FusionSphere
Solution Documentation.
Log in to a VM using VNC.
3 Locate the row that contains the VM name and click Log in using VNC.
The VNC login page is displayed.
You can log in to a VM using noVNC or TightVNC. The TightVNC is dependent on the
Java (TM) plug-in, while the noVNC is independent from the Java (TM) plug-in.
Therefore, noVNC does not support operations related to the Java (TM) plug-in, such as
mounting a CD/DVD-ROM drive or ISO image to a VM or forcibly restarting or
stopping a VM in the VNC window.
Before you use Java (TM) plug-in, ensure that the bit version of the browser matches that
of the Java plug-in. For example, a 32-bit browser supports only a 32-bit Java plug-in.
The following browsers support noVNC:
– Internet Explorer 10 and 11
– Mozilla Firefox 26 and later
– Google Chrome 21 and later
NOTE
To ensure security, disable SSL 3.0 for the browser if you log in to the VM using noVNC.
For example, if the browser is Internet Explorer, choose Internet Options > Advanced >
Security on the browser and deselect Use SSL 3.0.
During the first login using TightVNC:
– If a pop-up blocking message is displayed, click the message, select Always Allow Pop-ups
from This Site as prompted, and log in to the VM again using VNC.
– If the Warning-Security dialog box is displayed, select Always trust content from this
publisher, and click Run.
After you log in to a VM using VNC, the following operations cannot be performed:
– Lower the screen resolution and color quality settings on the VM.
– Press Ctrl or Alt on the keyboard.
You are advised to click Ctrl or Alt on the VNC toolbar.
– Press Ctrl+Alt+Del on the keyboard.
You are advised to click Send Ctrl-Alt-Del on the VNC toolbar to switch to the page for
entering the username and password.
----End
Scenarios
On FusionCompute, configure the virtual network computing (VNC) login mode. You can
select the default VNC login mode used by the browser. The configuration takes effect
immediately. After you clear the browser cache, the configuration is reset.
Prerequisites
Conditions
You have logged in to the FusionCompute.
Procedure
Login Faults
Fault 1: After Log in using VNC is clicked, a dialog box is blocked.
Solution:
l Disable the pop-up blocker of the browser.
l Configure the pop-up blocker settings to always see pop-ups for the site.
Fault 2: If "The web site certificate cannot be validated. Do you want to continue?" is
displayed, the VM login using VNC fails after No is clicked.
Solution:
1. Deregister the current user.
2. Close all the pages of the browser.
3. Log in to the FusionCompute again.
Fault 6: During VNC login, a dialog box is displayed asking you to enter the password.
Solution:
1. In the Java installation directory (for example, C:\Program Files\Java\jre7\bin),
double-click javacpl.exe to open the Java Control Panel window.
2. Click Settings to open the Temporary Files Settings window.
3. Deselect Keep temporary files on my computer.
4. Click Delete Files, select all the files in the displayed dialog box, and click OK.
Fault 2: During CD/DVD-ROM drive or ISO file mounting, the CD/DVD-ROM drive or ISO
file is disconnected.
Solution: Mount the CD/DVD-ROM drive or ISO file again. The following operations cause
CD/DVD-ROM drive or ISO file disconnection during mounting:
l The VNC login page is closed.
l The VNC login page is refreshed.
l Log in to the same VM using VNC for multiple times.
Input Delay
Fault 1: When a user inputs information using a keyboard, the VNC window responds
slowly.
Possible Causes:
l The network delay is high.
l The CPU or memory usage on the local PC is high.
l The Java plug-in cache is high.
l The host loads are high due to excessive VM VNC logins.
Solution: Typically, the VNC window responds to user inputs within 0.3 second. If the VNC
window takes more than 0.3 second to respond, check the system based on the preceding
possible causes, and troubleshoot the system.
Other Faults
Fault 1: The keyboard does not function in a VM.
Solution: Click Alt or Ctrl on the VNC toolbar to unlock the keyboard.
Installation Overview
Installation Scenario
Install the antivirus and patch service software provided by Huawei.
Installation Process
Figure 7-29 shows the process for installing the antivirus and patch service software.
Figure 7-29 Process for installing the antivirus and patch service software
Start
End
Scenarios
To protect infrastructure VMs against virus attacks, deploy the antivirus server on the
infrastructure VM where the Antivirus server is deployed.
NOTE
Please update virus library after the antivirus server installation and daily use.
Prerequisites
Conditions
There are no special conditions for this operation.
Data
Table 7-16 lists the data to be obtained before this operation.
Activatio l Antivirus -
n code l Damage Cleanup Services
l Web Reputation and Anti-spyware
Client Specifies the port used for the OfficeScan client to 29001: Defined when the
port access the OfficeScan web console. The port can OfficeScan server is
number also be used to update services to the OfficeScan installed.
client.
Software
Procedure
Close the Server Manager window.
1 Log in to the infrastructure VM on which the Antivirus server is installed using a domain
account.
– Stop the Server Manager program, which starts by default on the operating system (OS).
Otherwise, the antivirus server cannot be successfully installed.
– Stop the mmc.exe process if it exists in Task Manager.
Install the antivirus server software.
3 Copy the software package to the antivirus server.
4 Double-click OSCE_11.0PLUS_GM_with_patch1_SC.exe.
NOTE
It takes about 1 minute for the system to extract files. If the installation fails, reinstall the antivirus
server.
18 Enter the activation code obtained before installation in Antivirus and click Next.
NOTE
You can enable the Damage Cleanup Services and Web Reputation and Anti-spyware
functions as required.
19 Click Next.
A dialog box is displayed.
20 Click Yes.
The Online License Verification window is displayed.
21 Click Next.
The OfficeScan Agent Deoloyment window is displayed.
22 Click Next.
The Install Integrated Smart Protection Server window is displayed.
23 Select Yes, install the integrated Smart Protection Server and click Next.
The Enable Web Reputation Service window is displayed.
24 Keep the default value and click Next.
The Install officeScan agent window is displayed.
25 Click Next.
The Smart Protection Network window is displayed.
26 Deselect Enable Trend Micro Smart Feedback and click Next.
The Administrator Account Password window is displayed.
27 Set the following parameters:
– Web console password: Enter the password used for logging in to the web console.
– Client unload and uninstall password: Enter the password used for uninstalling
the client.
NOTE
You are advised to set different passwords for Web console password and Client unload and
uninstall password.
28 Click Next.
The OfficeScan Agent Installation window is displayed.
29 Keep the default value and click Next.
The OfficeScan Firwall window is displayed.
30 Deselect Enable firewall and click Next.
The Anti-spyware Feature window is displayed.
31 Select No, do not enable assessment mode and click Next.
The Web Reputation Feature window is displayed.
32 Deselect Enable web reputation policy and click Next.
The Server Authentication Certificate window is displayed.
33 Select Generate a new authentication certificate and input the Backup password and
Confirm password and click Next.
The OfficeScan Program Shortcuts window is displayed.
34 Click Next.
The Installation Information window is displayed.
35 仔细核对安装信息,确认无误后,单击Install。
大约10分钟后,软件安装完成。
36 Click Finish.
Close the Trend Micro OfficeScan window.
Check the antivirus services.
NOTE
45 Click Add.
The IP address of the antivirus server is set as a trusted address.
46 Click Close.
The OfficeScan Web Console login page is displayed.
Load AtxEnc.cab.
47 Click the message displayed in the upper part of the page, and select Install This Add-
on for All Users on This Computer.
The Internet Explorer - Security Warning dialog box is displayed asking you to install
AtxEnc.cab.
48 Click Install.
The Internet Explorer - Security Warning dialog box is closed.
Load AtxPie.cab.
49 Enter root in User Name and the password for logging in to the web console in
Password, and click Log On.
The OfficeScan Web Console home page is displayed, and a message is displayed at the
top of the page.
50 Repeat 47 and 48 to load AtxPie.cab.
Check the settings of software installation parameters.
51 In the navigation tree of the OfficeScan Web Console, choose Administration >
Settings > Product License.
The Product License pane is displayed.
52 In the Additional Services area, check that the value of Firewall for endpoints is
Disabled.
Set antivirus policies.
53 In the navigation tree of the OfficeScan Web Console, choose Updates > Server >
Manual Update.
The Server Manual Update pane is displayed on the right.
54 Select all options and click Update.
The OfficeScan server starts to download antivirus definition files from the web upgrade
source and update the scan engine.
55 Choose Updates > Server > Scheduled Update.
56 Select Enable scheduled update of the OfficeScan server.
57 Set the Update Schedule.
NOTE
Scenarios
If an antivirus server is deployed in the desktop cloud environment, install the antivirus client
software on all the Windows infrastructure VMs to protect the Windows infrastructure VMs
from virus attacks.
Prerequisites
Conditions
Basic configuration of the Windows infrastructure VMs is complete.
Data
Data preparation is not required for this operation.
Procedure
Install the antivirus client.
1 Log in to the infrastructure VM using a domain account.
2 Open Internet Explorer, enter https://Antivirus server IP address:4343/officescan in the
address box, and press Enter.
The Security Alert dialog box is displayed, showing "You are about to view pages over
a secure connection."
3 Click OK.
The system displays "There is a problem with this website's security certificate."
4 Click Continue to this website (not recommended).
The Security Alert dialog box is displayed, showing "You are about to view pages over
a secure connection."
5 Click OK.
The Internet Explorer dialog box is displayed, prompting you to add the website to
trusted websites.
6 Click Add.
The Trusted sites dialog box is displayed.
7 Click Add.
The antivirus server IP address is added to Websites.
8 Click Close.
The login page of the OfficeScan Web Console is displayed.
9 Click the message displayed in the upper part of the page, and select Install This Add-
on for All Users on This Computer.
The Internet Explorer - Security Warning dialog box is displayed asking you to install
AtxEnc.cab.
NOTE
If the installation fails, reinstall the antivirus client.
10 Click , select Always install software from Trend Micro,Inc., and click Install.
The Internet Explorer - Security Warning dialog box is closed.
11 In the lower part on the login page of the OfficeScan Web Console, click the hyperlink
for installing the client, for example, https://https://Antivirus server IP address:4343/
officescan/console/html/cgi/cgiWebUpdate.exe。
如Figure 7-34所示:
13 按照提示安装软件包。
14 Close Internet Explorer.
Verify the installation of the antivirus agent client.
----End
Scenarios
Install the WSUS SP2 patch service software on the infrastructure VM where the Loggetter
server is deployed.
Prerequisites
Conditions
The connection between the infrastructure VM and the Internet or upper-layer patch server is
normal. Otherwise, the patch service software cannot be installed.
NOTE
If the system does not support deployment of the patch server software, visit the Microsoft website to
download and manually install operating system patches periodically according to the security patch
bulletin published by Microsoft.
To view the patch release bulletin, visit http://support.huawei.com/enterprise and choose News >
Services News > software bulletin.
To download patches, visit http://www.microsoft.com/en-us and choose Downloads > Download
Center.
Data
Table 7-18 lists the data to be obtained before this operation.
Software
Procedure
Install IIS.
1 Log in to the Loggetter server using the domain account.
2 On the OS, open the Server Manager window.
3 In the navigation tree of the Server Manager window, right-click Roles, and choose
Add Roles.
The Add Roles Wizard window is displayed.
14 Select I accept the terms of the license agreement and click Next.
The Select Update Source window is displayed.
15 Select Store updates locally, click Browse, and select the directory where the update
source is stored.
NOTE
The disk space of the update source must be at least 6 GB.
16 Click Next.
The Database Options window is displayed.
17 Click Next.
The Web Site Selection window is displayed.
18 Select Use the existing IIS Default Web site and click Next.
The Ready to Install Windows Server Update Services 3.0 SP2 window is displayed.
19 Click Next.
The Installing window is displayed.
After about 10 minutes, the Completing the Windows Server Update Services 3.0 SP2
Setup Wizard window is displayed.
20 Click Finish.
The Windows Server Update Services configuration wizard window is displayed, as
shown in Figure 7-37.
24 Click Next.
42 Select Enabled in Configure Automatic Updates, and set the following parameters:
– Configure automatic updating
– Scheduled install day
– Scheduled install time
NOTE
Do not set the same update time for the components. A one-day interval is recommended for one
patch update.
43 Click OK.
The Configure Automatic Updates dialog box is closed.
44 In the right pane, double-click Specify intranet Microsoft updates service location.
The Specify intranet Microsoft updates service location dialog box is displayed.
45 Select Enabled in the Specify intranet Microsoft updates service location area and set
the following parameters:
– Set the intranet update service for detecting updates: Enter the service IP
address of the patch server.
– Set the intranet statistics server: Enter the service IP address of the patch server.
46 Click OK.
The Specify intranet Microsoft updates service location dialog box is closed.
47 Close the Group Policy Management Editor window.
48 Repeat 38 to 47 to set patch update policies for the following servers.
– Active AD\DNS\DHCP
– Standby AD\DNS\DHCP
– Standby ITA
– Loggetter\TCM
Approve patches.
49 Log in to the patch server using the domain account.
50 Choose Start > Administrative Tools > Windows Server Update Services.
The Update Services window is displayed.
51 Choose Patch server name > Updates > All Updates, as shown in Figure 7-40.
52 In the middle pane, select Unapproved from the Approval drop-down list, select Any
from the Status drop-down list, and click Refresh.
Information about the required and unapproved patches is displayed.
53 Right-click a patch and choose approve from the shortcut menu.
NOTE
After the command is executed, a message is displayed in the lower right corner of the desktop,
reminding you of updating patches.
----End
Scenarios
To fix SSLv3 vulnerability CVE-2014-3566, modify the server.xml file on the active and
standby ITA, WI, and UNS servers.
NOTE
Browsers must support TLSv1, TLSv1.1, and TLSv1.2 security protocols. Configure your browser to support
the protocols.
Prerequisites
Conditions
There are no special conditions for this operation.
Data
Table 7-20 lists the paths of the server.xml file
ITA C:\ita\tomcat\conf
WI /opt/WI/tomcat/conf
UNS /opt/WI/tomcat/conf
Procedure
Modify the configuration file on the ITA server.
1 Change the sslEnabledProtocols="SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2"
parameter under Connector port="8448" in the server.xml file to
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2".
8 Click OK.
----End
8 Glossary
8.1 A-E
8.2 F-J
8.3 K-O
8.4 P-T
8.5 U-Z
8.1 A-E
A
bare VM A VM that is assigned an identifier but does not occupy any CPU, memory, storage, or
network resources.
baseboard A dedicated micro controller embedded in the main board of a computer (especially a
management controller server).
basic input/output Firmware installed on the computer main board that contains basic input/output
system control programs, power-on self test (POST) programs, bootstraps, and system setting
information. The BIOS provides the hardware setting function and control function for
the computer.
BMC See baseboard management controller.
BIOS See basic input/output system.
Charging Gateway The gateway between the cloud system and an external billing center.
cloud computing A scheme that provides computing resources for users over the Internet by using large
data centers or super computer clusters.
Cluster Monitor Node The cluster-level monitoring manager.
CMN See Cluster Monitor Node.
CNA See Computing Node Agent.
Computing Node A component that is deployed on a computing node and manages VMs and VM
Agent mounting on the computing node.
data center A system used by enterprises and organizations with deployed networks to store,
manage, and share information.
DC See data center.
DHCP See Dynamic Host Configuration Protocol.
dom0 See domain 0.
E
EC See elastic computing.
elastic computing A cloud service that allocates computing resources to users as required.
equipment serial An unique ID for a set of equipment.
number
ESN See equipment serial number.
8.2 F-J
F
facility operating A system that intelligently controls facilities, such as air conditioners and
system uninterruptible power systems (UPSs), in an equipment room, and exposes and
manages the API.
fast Ethernet An extension and enhancement of the traditional Ethernet that is based on shared
media. The maximum data transmission rate is 100 Mbit/s. FE complies with the IEEE
802.3u standard.
FE See fast Ethernet.
File Transfer Protocol A type of TCP/IP used to copy files between computers over the Internet. In FTP
transmission, one computer must serve as the FTP client and the other as the FTP
server.
FOS See facility operating system.
FTP See File Transfer Protocol.
full clone A complete and independent copy of a VM. It shares nothing with the parent VM after
the cloning operation. A full clone can have independent system disks and different
software from the parent VM. Full clones apply to various scenarios, for example,
office automation (OA).
G
GE See Gigabit Ethernet.
Gigabit Ethernet A collection of technologies for transmitting data at a rate of 1 Gbit/s in compliance
with IEEE 802.3 standards.
GPU See graphics processing unit.
graphics processing A microprocessor that performs image computing on PCs, workstations, or game
unit machines.
Guest OS The operating system on domain U.
H
HDC See Huawei Desktop Controller.
HDP See Huawei Desktop Protocol.
host A physical server that runs virtual software. VMs can be created on a host.
HTTP See Hypertext Transfer Protocol.
Hypertext Transfer A request-response protocol in the client-server computing model. In HTTP, a Web
Protocol browser submits an HTTP request message to the server, and the server returns a
response message to the client.
Hypervisor The software layer on a virtual server, which manages the VMs on the server and
helps VMs share the hardware resources of the virtual server. The Xen Hypervisor is a
software layer between the hardware and operating system, which performs CPU
scheduling and partitioning between VMs. The Xen Hypervisor controls VM
migration between hardware devices and other VM-related operations (because the
VMs share a processing environment). The Xen Hypervisor does not process
networks, storage devices, videos, or other I/O resources.
Huawei Desktop A unit that controls the desktop policy of a user VM.
Controller
Huawei Desktop A desktop protocol that controls user VMs.
Protocol
I
I/O input/output
ICP See information content provider.
IDC See Internet Data Center.
information content Any person or entity that creates or develops information provided over the Internet or
provider other interactive computer services.
Internet Data Center The data center that carries Internet services.
Internet Small A protocol that enables SCSI transmission on a TCP over IP network.
Computer Systems
Interface
iSCSI See Internet Small Computer Systems Interface.
ISO VM A VM that connects to an ISO image of a local disk. With the ISO image, users can
install and upgrade the OS and other software.
ISP Internet service provider
IT Adapter An adapter for the interworking between the cloud platform and the IT system. With
IT adapters, the IT system can perform VM management, VM mirroring management,
VM allocation management, and system O&M management.
ITA See IT Adapter.
J
Java Runtime An environment that provides libraries, Java Virtual Machine, and other components
Environment to run applets and applications written in the Java programming language.
JRE See Java Runtime Environment.
8.3 K-O
L
linked clone A technology that allows VMs to be made from a snapshot of the parent.
linked clone VM A duplicate of a VM that uses the same base disk as the parent VM and a chain of
delta disks to keep track of the differences between the original and the clone. The
linked clone technology reduces the need for disk space and increases the maintenance
efficiency. Linked clones apply to scenarios in which the VMs use the same software,
for example, call centers. The differences between the parent VM and the linked
clones are stored on the delta disks for the linked clones.
live migration A method of migrating VMs without interrupting services.
LLA See Local Log Agent.
LMA See Local Monitor Agent.
Local Log Agent A component that collects log information from the local node.
Local Monitor Agent A component that is deployed on a physical node and monitors data of various
processes on the node.
Log A type of file that records the system events that occur while the system is operating.
The system events include the operation, input/output (I/O) operations, exceptions,
and security events. Engineers use logs to query information and perform maintenance
on the system.
log node Records system operation logs.
logical unit number An unique identifier of a LUN device. A RAID group can be divided into multiple
LUNs. Each LUN contains one or more physical disks.
LUN See logical unit number.
M
MAC See Media Access Control.
management module The management module of a server.
Media Access Control A protocol at the media access control sublayer and the lower part of the data link
layer in the OSI model that is responsible for controlling and connecting the physical
media at the physical layer. When transmitting data, the MAC protocol checks
whether the data can be transmitted. If it can, certain control information is added to
the data, and then it is transmitted in a specific format to the physical layer. Upon
receiving the data, the MAC protocol checks whether the control information is
correct and the data was transmitted correctly. If both of these is true, the control
information is removed from the data, which is then transmitted to the logical link
control (LLC) layer.
MM See management module.
N
NC See Network Computer.
Network Computer A device that provides virtual desktop service.
network file server A distributed file system that allows remote file storage and access to the existing
server through the NFS protocol.
Network File System A method of executing file sharing between UNIX systems. Through the NFS and the
network, applications on the client can save and obtain data on the disk of a server.
The NFS was first developed by Sun in 1984, and designed to facilitate sharing
materials between PCs and operating systems through networks.
network interface card A device that is identified as pethN in the virtual system, where N indicates a certain
digit.
Network Resource A node for managing and allocating network resources.
Manager
Network Time An application-layer protocol which uses IP and UDP to synchronize the time
Protocol between the distributed time server and the client. NTP is evolved from Time Protocol
and ICMP Timestamp Message and features high protocol accuracy and good health.
NFS See network file server.
NFS See Network File System.
NIC See network interface card.
NP network processor
NRM See Network Resource Manager.
NTP See Network Time Protocol.
O
OM See operation and maintenance.
operation and The operations and maintenance performed on the system by maintenance engineers.
maintenance
8.4 P-T
P
power-off The process of shutting down the physical servers.
preboot execution A technology that enables computers to boot from the network. This technology is the
environment successor of Remote Initial Program Load (RPL). The PXE works in client/server
mode. The PXE client resides in the ROM of a network card. When the computer
boots up, the BIOS invokes the PXE client to the memory. The PXE client obtains an
IP address from the DHCP server and downloads the operating system from the
remote server through TFTP.
PV driver paravirtualized driver
PXE See preboot execution environment.
R
RAID See redundant array of independent disks.
RDP See Remote Desktop Protocol.
Redhat Package A packeting and installation tool for packages downloaded from the Internet. The
Manager RPM is contained in certain Linux distribution versions and it generates .rpm files.
Redundant Array of A technology that provides a hard disk group (logical hard disk) consisting of multiple
Independent Disks physical hard disks combined in different modes. The hard disk group features higher
storage performance over a single hard disk and supports data redundancy. The
different combination modes for disk arrays are called RAID levels. At present, there
are seven basic RAID levels, RAID 0 to RAID 6. These basic RAID levels can be
further combined to form new RAID levels, such as RAID 10 (a combination of RAID
1 and RAID 0) and RAID 50 (a combination of RAID 5 and RAID 0).
Remote Desktop A Microsoft virtual desktop protocol.
Protocol
Remote Procedure Call A computer communication protocol that allows programs running on a computer to
invoke subprograms on another computer. The programmer does not need to program
for the interaction.
resource cluster A cloud service unit that contains resources of the same attributes. A cloud system
may contain one or more clusters. Clusters are categorized as management clusters
and virtual clusters.
resource pool A component that discovers physical resources and manages and schedules physical
and virtual resources.
RPC See Remote Procedure Call.
RPM See Redhat package manager.
RPOOL See Resource Pool.
S
SAN See storage area network.
SC See software client.
SDRAM synchronous dynamic random access memory
serial over LAN An interface complying with the IPMI V2.0 standard that controls serial data
transmission over a LAN connection. SOL specifies the packet formats and protocols
for serial data transmission between a remote workstation and the computers it
manages. SOL is based on the IPMI-over-LAN specification.
server farm A group of network servers with the same location that streamlines internal processes
by distributing the workload to the individual components of the farm and expedites
computing processes by harnessing the power of multiple servers.
service level agreement A service contract between a customer and a service provider that specifies the
forwarding service a customer should receive and under what conditions. The
customer may be a user organization (source domain) or a differentiated services
domain (upstream domain). An SLA may consist wholly or partially of traffic
conditioning rules.
service private cloud Cloud infrastructure operated solely for a single organization.
Simple Network A network management protocol of TCP/IP that enables remote users to view and
Management Protocol modify the management information on a network element. This protocol ensures the
transmission of management information between any two points. The polling
mechanism is adopted to provide basic function sets. In accordance with SNMP, both
hardware and software agents can monitor the activities of various devices on the
network and report these activities to the network console workstation. Control
information about each device is maintained by a management information block.
SLA See service level agreement.
SNMP See Simple Network Management Protocol.
software client Software running on a common PC to process the virtual desktop protocol.
SOL See serial over LAN.
SPC See Service Private Cloud.
storage area network A network dedicated to transporting data for storage and retrieval.
storage node A storage server.
T
TC See thin client.
TFTP See Trivial File Transfer Protocol.
thin client A terminal with lower processing power than a Thick Client that processes the virtual
desktop protocol, serves as the client of the remote desktop, and provides an access
method for users.
Trivial File Transfer A type of FTP that does not require a user name and password and is used for
Protocol automatic downloading.
8.5 U-Z
U
Unified Virtualization Virtual management software that divides each computing resource into multiple VM
Platform resources.
UVP See Unified Virtualization Platform.
UVP Black Box A component that collects and stores kernel logs and diagnosis information provided
by the diagnosis tool before the physical machine where the UVP (that is, domain 0) is
installed crashes. After the system crashes, the logs and information are exported for
analysis.
virtual server A device on which the operating system and applications run based on various
virtualization technologies, unlike the original physical server. When using certain
resources of the physical server, the virtual server is the same as the physical server
for users. Both partitions and VMs are considered virtual servers.
Virtual Software A device that is deployed on a computing node and performs the virtual network
Switch switching function for the VMs on the node.
virtual storage A technology used to uniformly manage multiple storage devices to provide storage
systems featuring customized capacity, high reliability, and high I/O performance for
users.
virtual switch A software program created on a physical server to implement data switching between
VMs on the same or different servers.
virtualization A technology that enables a single physical server to operate multiple independent
technology virtual OSs.
VLAN See virtual local area network.
VM See virtual machine.
VM high availability A feature that enables the O&M system to continuously monitor all physical hosts and
automatically migrate all VMs off a faulty host.
VM migration A technology used to migrate VMs to another hardware resource for VM operations.
VM specifications A set of predefined VM attributes for creating VMs with unified specifications.
VM template A template used to create VMs that have the same specifications. A template is a VM
in essence. A VM and a VM template can convert to each other as required. After a
VM is converted to a template, only its isTemplate field is changed to true.
volume The logical storage volume of a VM, which can either be system volume or user
volume.
VPS See Virtual Private Server.
VSS See Virtual Software Switch.
VT See virtualization technology.
Y
Yast A central management and installation tool in SUSE Linux.