FusionCloud Desktop V100R005C30 Software Installation Guide 05

FusionCloud Desktop
V100R005C30
Software Installation Guide
Issue 05
Date 2015-12-07
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://e.huawei.com
Issue 05 (2015-12-07) Huawei Proprietary and Confidential i

Copyright © Huawei Technologies Co., Ltd.
FusionCloud Desktop
Software Installation Guide About This Document
About This Document
Purpose
This document describes the FusionAccess deployment solutions, processes, and methods,
and provides guidance for users to install and configure FusionAccess components on
infrastructure VMs.
Intended Audience
This document is intended for:
l Installation and commissioning engineers

l Technical support engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Alerts you to a high risk hazard that could, if not

avoided, result in serious injury or death.
DANGER
Alerts you to a medium or low risk hazard that could, if

not avoided, result in moderate or minor injury.
WARNING
Alerts you to a potentially hazardous situation that could,

if not avoided, result in equipment damage, data loss,
CAUTION
performance deterioration, or unanticipated results.
TIP Provides a tip that may help you solve a problem or save
time.
NOTE Provides additional information to emphasize or

supplement important points in the main text.
Issue 05 (2015-12-07) Huawei Proprietary and Confidential ii

FusionCloud Desktop
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Issue 05 (2015-12-07)
This issue is the fifth official release.
Modify
l Modified Installing the Antivirus Server, rewrite this topic using the OfficeScan 11.0.
l Modified Installing the Antivirus Client, rewrite this topic using the OfficeScan 11.0.
Issue 04 (2015-11-10)
This issue is the forth official release.
Modify
l Modified Installing the vAG and vLB Components, added the description The system
HA can automatically enable the vAG service.
l Modified Linux Infrastructure VM Types, added the description The WI and vAG
cannot be deployed on the same VM.
Issue 03 (2015-09-30)
This issue is the third official release.
New
Added Upgrading the PV Driver.
Modify
Modified Configuring Linux Infrastructure VMs, Installing FusionCompute and Linux
Infrastructure VM Types, added descriptions about PV Driver upgrade.
Issue 02 (2015-08-20)
This issue is the second official release.
New
l Added DB Independent Deployment.
l Added Changing the IP Address Bound to Port 22 of the vAG/vLB Server.
l Added Importing WI Addresses in Batches.
l In Configuring DNS Policies, added operations for disabling IPv6 for the domain name
server (DNS).
Modify
l In Documents and Software, changed the path for obtaining documentation and
software.
l In Generating or Importing a WI/UNS Certificate, changed the certificate storage
path.
Issue 05 (2015-12-07) Huawei Proprietary and Confidential iii

FusionCloud Desktop
Issue 01 (2015-06-05)
This issue is the first official release.
Issue 05 (2015-12-07) Huawei Proprietary and Confidential iv

FusionCloud Desktop
Software Installation Guide Contents
Contents
About This Document.....................................................................................................................ii

1 About This Document.................................................................................................................. 1
2 Installation Process....................................................................................................................... 4
3 Preparing for the Installation...................................................................................................... 5
3.1 Data.................................................................................................................................................................................6
3.1.1 FusionCompute Data................................................................................................................................................... 6
3.1.2 FusionManager Data....................................................................................................................................................8
3.1.3 FusionAccess Data...................................................................................................................................................... 8
3.2 Documents and Software..............................................................................................................................................18
3.3 Hardware Requirements............................................................................................................................................... 29
3.3.1 Network Devices....................................................................................................................................................... 29
3.3.2 Storage Devices......................................................................................................................................................... 32
3.3.3 Servers....................................................................................................................................................................... 33
4 Cloud Platform Software Installation Guide (Standard Desktop)....................................36

4.1 Installing FusionCompute.............................................................................................................................................37
4.2 Installing FusionManager............................................................................................................................................. 41
5 Cloud Platform Software Installation Guide (Desktop Appliance)..................................43

5.1 Installing Cloud Platform Software.............................................................................................................................. 44
5.2 Initial Configuring Cloud Platform Software............................................................................................................... 45
6 FusionAccess Software Installation......................................................................................... 46

6.1 Installation Process....................................................................................................................................................... 47
6.2 Configuring Network Information................................................................................................................................48
6.3 Installing Linux-based Infrastructure VMs.................................................................................................................. 49
6.3.1 Linux Infrastructure VM Types................................................................................................................................. 49
6.3.2 Creating Linux Infrastructure VMs........................................................................................................................... 51
6.3.3 Configuring Linux Infrastructure VMs..................................................................................................................... 54
6.3.4 Installing the GaussDB, HDC, WI, and License Components.................................................................................. 57
6.3.5 Installing the vAG and vLB Components................................................................................................................. 59
6.3.6 (Optional) Installing the AUS Component................................................................................................................ 62
6.4 Installing Windows-based Infrastructure VMs.............................................................................................................64
6.4.1 Creating an Infrastructure VM Template...................................................................................................................64
Issue 05 (2015-12-07) Huawei Proprietary and Confidential v

FusionCloud Desktop
6.4.2 Creating Windows Infrastructure VMs......................................................................................................................72

6.4.3 Configuring Windows Infrastructure VMs................................................................................................................76
6.4.4 Deploying the AD, DNS, and DHCP Components................................................................................................... 81
6.4.5 Installing the ITA Component................................................................................................................................. 101
6.4.6 Installing the Loggetter and TCM Components...................................................................................................... 105
6.5 FusionAccess Initial Configuration............................................................................................................................ 113
6.5.1 Configuring the Virtualization Environment........................................................................................................... 113
6.5.2 Configuring a User Domain.....................................................................................................................................115
6.5.3 Configuring Desktop Components.......................................................................................................................... 117
6.5.4 Configuring Alarm Components............................................................................................................................. 124
6.5.5 (Optional) Configuring Multi-Language Images on ITA Servers........................................................................... 126
6.5.6 Configuring Time Synchronization......................................................................................................................... 129
6.5.7 Checking Component Status................................................................................................................................... 131
6.5.8 Activating the OSs of Windows Infrastructure VMs...............................................................................................131
6.5.9 (Optional) Unlock NBI User and Reset the Password............................................................................................ 132
6.5.10 (Optional)Configuring the Desktop Cloud Address.............................................................................................. 133
6.5.11 Generating or Importing a Certificate....................................................................................................................137
6.6 (Optional) Deploying the UNS...................................................................................................................................144
6.6.1 UNS Deployment Scheme.......................................................................................................................................144
6.6.2 Installing the UNS Component................................................................................................................................151
6.6.3 Installing the vLB Component................................................................................................................................ 152
6.6.4 Configuring the UNS...............................................................................................................................................153
6.7 (Optional) Enabling Internet User Access..................................................................................................................156
6.7.1 Deployment Solutions for Internet User Access..................................................................................................... 156
6.7.2 Installing the vAG Component................................................................................................................................167
6.7.3 Installing the WI Component.................................................................................................................................. 168
7 Appendixes................................................................................................................................. 169
7.1 Other Software Installation Solutions.........................................................................................................................170
7.1.1 DB Independent Deployment.................................................................................................................................. 170
7.1.2 Clock Synchronization Schemes............................................................................................................................. 170
7.1.3 GSLB Deployment Scheme.....................................................................................................................................178
7.1.4 Deployment Schemes of Gateway and Loading Balancing Components............................................................... 181
7.1.5 Configuring the Existing AD, DNS, and DHCP Components................................................................................ 186
7.1.6 FusionAccess Account Planning in High Security Mode....................................................................................... 190
7.2 Operations Related to Software Installation............................................................................................................... 193
7.2.1 Upgrading the PV Driver.........................................................................................................................................193
7.2.2 Changing the IP Address Bound to Port 22 of the vAG/vLB Server...................................................................... 197
7.2.3 Changing the Time Zone of Linux Infrastructure VMs...........................................................................................198
7.2.4 Changing Linux Infrastructure VM IP Address...................................................................................................... 200
7.2.5 Configuring the Alarm Reporting Function for the FusionCompute...................................................................... 200
7.2.6 Verifying Software Packages...................................................................................................................................202
7.2.7 Changing the Password of the DB Administrator Account.....................................................................................203
Issue 05 (2015-12-07) Huawei Proprietary and Confidential vi

FusionCloud Desktop
7.2.8 Enabling the Firewalls for Windows Infrastructure VMs....................................................................................... 204

7.2.9 Configuring Network Data...................................................................................................................................... 208
7.2.10 Login-related Operations....................................................................................................................................... 216
7.2.11 Installing the Antivirus and Patch Servers.............................................................................................................230
7.2.12 Solution to SSLv3 Vulnerability CVE-2014-3566................................................................................................ 250
8 Glossary....................................................................................................................................... 253
8.1 A-E..............................................................................................................................................................................254
8.2 F-J............................................................................................................................................................................... 255
8.3 K-O............................................................................................................................................................................. 257
8.4 P-T.............................................................................................................................................................................. 259
8.5 U-Z..............................................................................................................................................................................261
Issue 05 (2015-12-07) Huawei Proprietary and Confidential vii

FusionCloud Desktop
Software Installation Guide 1 About This Document
1 About This Document
Purpose
This document describes the FusionAccess deployment solutions, processes, and methods,
and provides guidance for users to install and configure FusionAccess components on
infrastructure VMs.
Intended Audience
This document is intended for:
l Installation and commissioning engineers

l Technical support engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Alerts you to a high risk hazard that could, if not

avoided, result in serious injury or death.
DANGER
Alerts you to a medium or low risk hazard that could, if

not avoided, result in moderate or minor injury.
WARNING
Alerts you to a potentially hazardous situation that could,

if not avoided, result in equipment damage, data loss,
CAUTION
performance deterioration, or unanticipated results.
TIP Provides a tip that may help you solve a problem or save
time.
NOTE Provides additional information to emphasize or

supplement important points in the main text.
Issue 05 (2015-12-07) Huawei Proprietary and Confidential 1

FusionCloud Desktop
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Issue 05 (2015-12-07)
This issue is the fifth official release.
Modify
l Modified Installing the Antivirus Server, rewrite this topic using the OfficeScan 11.0.
l Modified Installing the Antivirus Client, rewrite this topic using the OfficeScan 11.0.
Issue 04 (2015-11-10)
This issue is the forth official release.
Modify
l Modified Installing the vAG and vLB Components, added the description The system
HA can automatically enable the vAG service.
l Modified Linux Infrastructure VM Types, added the description The WI and vAG
cannot be deployed on the same VM.
Issue 03 (2015-09-30)
This issue is the third official release.
New
Added Upgrading the PV Driver.
Modify
Modified Configuring Linux Infrastructure VMs, Installing FusionCompute and Linux
Infrastructure VM Types, added descriptions about PV Driver upgrade.
Issue 02 (2015-08-20)
This issue is the second official release.
New
l Added DB Independent Deployment.
l Added Changing the IP Address Bound to Port 22 of the vAG/vLB Server.
l Added Importing WI Addresses in Batches.
l In Configuring DNS Policies, added operations for disabling IPv6 for the domain name
server (DNS).
Modify
l In Documents and Software, changed the path for obtaining documentation and
software.
l In Generating or Importing a WI/UNS Certificate, changed the certificate storage
path.

FusionCloud Desktop
Issue 01 (2015-06-05)
This issue is the first official release.

FusionCloud Desktop
Software Installation Guide 2 Installation Process
2 Installation Process
Installation Process
Figure 2-1 Process
Start
Preparing for the Installation.
Install Platform Software.
Install FusionAccess Software.
End

FusionCloud Desktop
Software Installation Guide 3 Preparing for the Installation
3 Preparing for the Installation
About This Chapter
3.1 Data
3.2 Documents and Software
3.3 Hardware Requirements

FusionCloud Desktop
3.1 Data
3.1.1 FusionCompute Data
Table 3-1 lists the data required for FusionCompute installation.
NOTE
FusionCompute does not support IPv6 addresses.
Table 3-1 Data to be obtained

Category Paramete Description Example Value
r
Host Host This parameter is mandatory. CNA01

informatio name Uniquely identifies a host in the system.
n
The host name can contain only digits,
letters, hyphens (-), and underscores (_).
It must start with a letter or a digit and
cannot exceed 63 characters.
Managem This parameter is mandatory. 192.168.180.40

ent plane Specifies the IP address of the
IP address management network port on the host.

ent plane Specifies the subnet mask of the host
subnet management plane.
mask

ent plane Specifies the gateway IP address of the
gateway host management plane.
Virtual VRM This parameter is mandatory. Active: VRM01

Resource name Identifies a VRM node in the system. Standby: VRM02
Managem
ent The VRM name can contain only digits,
(VRM) letters, hyphens (-), and underscores (_).
node It must start with a letter and cannot
informatio exceed 32 characters.
n Managem This parameter is mandatory. Active VRM:
ent plane Specifies the IP address of the VRM 192.168.180.11
IP address management network port if VRM is Standby VRM:
deployed on a physical server or the IP 192.168.180.12
address of the VM on which VRM is
deployed.

FusionCloud Desktop
Category Paramete Description Example Value

r

ent plane Specifies the subnet mask of the VRM
subnet management plane.
mask

ent plane Specifies the gateway address of the
gateway VRM management plane.
Floating Specifies the VRM floating IP address. 192.168.180.10

IP address This address is required only when
VRMs are deployed in active/standby
mode.
Shared Storage Identifies a storage device. This IP 192.168.30.31

storage managem address is the management IP address of
informatio ent IP a storage device.
n address This parameter is required only when
shared storage resources are used in the
system.
Storage This parameter is required only when 172.20.100.100

port IP shared storage resources are used in the
address system.
Specifies the storage port IP address of
the device.
Storage Specifies the storage device type. NAS

device This parameter is required only when
type shared storage resources are used in the
system.
Value:
l SAN
l Advanced SAN
l FusionStorage
l NAS
Storage This parameter is required only when Huawei

device shared storage resources are used in the
vendor system.
Value:
l Huawei
l Non-Huawei

FusionCloud Desktop
3.1.2 FusionManager Data

Table 3-2 lists the data required for FusionManager installation.

Parameter Description Example Value
Management IP address This parameter is Active FusionManager:

mandatory. 192.168.180.21
Specifies the Standby FusionManager:
FusionManager 192.168.180.22
management IP address.
If two FusionManager nodes
are deployed in active/
standby mode, configure the
management IP addresses
for the active and standby
nodes.
Floating IP address This parameter is 192.168.180.20

mandatory.
Specifies the
FusionManager floating IP
address.
This IP address must be
configured even if only one
FusionManager node is
deployed.
Gateway IP address of the This parameter is 192.168.180.1

management plane mandatory.
Specifies the gateway IP
address of the
FusionManager
management plane.
3.1.3 FusionAccess Data
FusionAccess Deployment
FusionAccess offers flexible configuration and deployment.
l Standard deployment (recommended)

Table 3-3 describes the standard deployment. This deployment applies to scenarios
involving only intranet access.
l Deployment for Internet access
For details, see Deployment Solutions for Internet User Access.

FusionCloud Desktop
l UNS deployment
The unified name service (UNS) enables a unified domain name to be used to access
multiple FusionAccess systems. If this feature is required, use the UNS deployment
solution. For details, see (Optional) Deploying the UNS.
l Other deployment solutions
Tailored deployment solutions are also provided based on service requirements. If
GaussDB is independently deployed, see DB Independent Deployment.
The password must conform to the following rules:
l Contain at least one uppercase letter (A-Z), one lowercase letter (a-z), one digit (0-9),
and one space character or special character (~!@#$%^&*()-_=+\|{};:'",<.>/?).
l Contain 8 to 32 characters.
l Cannot be same as the recent three passwords.
l Cannot contain the username or the username in reversed order.
Table 3-3 describes the FusionAccess standard deployment solution. FusionAccess in
standard deployment supports 5000 users. A maximum of four sets of FusionAccess and a
pair of ITAs can be deployed, which supports up to 20,000 users.
Table 3-3 Deployment solution

Compone Operatin VM Numb Deployment
nt g System Specifications er of
(OS) VMs
Active Windows l 2 VCPUs 2 l VM 1: primary domain

directory Server l 2 GB controller, active DNS, and
(AD)/ 2008 R2 memory active DHCP.
Domain Standard l VM 2: backup domain
name SP1 64bit l 50 GB
system disk controller, standby DNS, and
server standby DHCP.
(DNS)/ l 20 GB user
Dynamic disk To improve reliability, deploy the
Host two VMs on different Computing
l 1 network Node Agents (CNAs).
Configurat interface
ion card (NIC)
Protocol
NOTE
(DHCP) If the AD needs
to synchronize
time with the
CNA where the
VRM locates,
the AD requires
two NICs.

FusionCloud Desktop

(OS) VMs
GaussDB/ Novell l 4 VCPUs 2 Active GaussDB, active WI,

HDC/WI/ SUSE l 8 GB active HDC, and License
License Linux memory To improve reliability, deploy the
Enterprise two VMs on different CNAs.
Server 11 l 30 GB
SP1 64bit system disk
l 1 NIC
NOTICE
On a site with
more than 2000
VM users, the
VM
specifications
must be 4
VCPU/12 GB
memory.
GaussDB/ Novell l 4 VCPUs 1 Standby GaussDB, standby WI,

HDC/WI/ SUSE l 8 GB and standby HDC
Linux memory To improve reliability, deploy the
Enterprise two VMs on different CNAs.
Server 11 l 30 GB
l 1 NIC
NOTICE
On a site with
more than 2000
VM users, the
VM
specifications
must be 4
VCPU/12 GB
memory.
(Optional) Novell l 4 VCPUs 1 HDA Update Server.

AUS SUSE l 4 GB
Linux memory
Enterprise
Server 11 l 30 GB
l 1 NIC

FusionCloud Desktop

(OS) VMs
ITA Windows l 4 VCPUs 2 l VM 1: active ITA

Server l 4 GB l VM 2: standby ITA
2008 R2 memory
Standard To improve reliability, deploy the
SP1 64bit l 50 GB two VMs on different CNAs.
system disk
l 2 NICs
NOTICE
On a site with
more than 5000
VM users, the
VM
specifications
must be 4
VCPU/8 GB
memory.
Loggetter/ Windows l 2 VCPUs 1 The TCM, AntiVirus, and Patch

TCM Server l 2 GB components are optional and can
(Optional) 2008 R2 memory be deployed on the same VM with
AntiVirus/ Standard the Loggetter.
SP1 64bit l 50 GB
Patch system disk The TCM uses the free MySQL
database by default. The TCM and
l 50 GB user the MySQL database are deployed
disk on the same VM.
l 1 NIC
vAG/vLB Novell l 4 VCPUs 2 The vAG and vLB components

SUSE l 4 GB are deployed on the same VM, and
Linux memory two VMs are deployed.
Enterprise NOTE
Server 11 l 30 GB
system disk l The vAG/vLB implements
SP1 64bit gateway and load balancing
l 2 NICs functions. The hardware device
SVN plays the same functions.
For details about how to deploy
these components, see
Deployment Schemes of
Gateway and Loading
Balancing Components.
l The vAG/vLB is recommended in
the standard deployment solution.
(Optional) Novell l 4 VCPUs 2 Deployed in load sharing mode.

UNS SUSE l 4 GB
Linux memory
Enterprise
Server 11 l 30 GB
l 1 NIC

FusionCloud Desktop
Network Resource Data
Table 3-4 Network resource data

Data Description Example Value
DVS Specifies the distributed virtual ServiceDVS

switch (DVS) for the service
plane.
VLAN pool Specifies the VLAN pool that VLAN ID range: 181 to 189
provides network resources for
creating the service plane for
infrastructure VMs.
Port group Specifies the ports used for VM l Name: VDIPort

service plane communication. l VLAN ID: 181
The infrastructure VMs
connecting to the same port
group belong to the same
network and can communicate
with each other.
Service plane Specify the service plane l Gateway: 192.168.181.1

gateway and gateway and subnet mask of l Subnet mask: 255.255.255.0
subnet mask infrastructure VMs. These two
parameters are used to configure
a VLANIF interface for the
VLAN ID used by the
infrastructure VM service plane.
Infrastructure VM Data
Table 3-5 Data for creating Windows OS infrastructure VMs

Data disk name Identifies a data disk attached ITA: FA-ITA-DISK

to an infrastructure VM Loggetter: FA-LOG-DISK
running Windows OS.

FusionCloud Desktop
IP address Standard deployment: l AD/DNS/DHCP service IP

l Service plane IP addresses addresses:
of infrastructure VMs – Active: 192.168.181.66
l ITA management plane IP – Standby: 192.168.181.67
addresses l GaussDB/WI/HDC/License
l GaussDB floating IP service IP address:
address 192.168.181.61
l vAG/vLB floating IP l GaussDB/WI/HDC service
address IP address: 192.168.181.63
l vLB floating IP address l GaussDB floating IP
address: 192.168.181.60
l (Optional) AUS:
192.168.181.71
l ITA addresses:
– Active ITA service IP
address (first NIC):
192.168.181.62
– Active ITA management
IP address (second NIC):
192.168.180.62
– Standby ITA service IP
192.168.181.64
– Standby ITA
management IP address
(second NIC):
192.168.180.64
l Loggetter/TCM/AntiVirus/
Patch service IP address:
192.168.181.65
l (Optional) AUS:
192.168.181.71
l vAG/vLB:
– Active server service IP
192.168.181.68
– Active server
(second NIC):
192.168.180.68
– Standby server service
IP address (first NIC):
192.168.181.69
– Standby server

FusionCloud Desktop
(second NIC):
192.168.180.69
– vLB floating IP address:
192.168.181.70
Deployment for Internet -

access:
See Deployment Schemes of
Gateway and Loading
UNS deployment: -
See UNS Deployment
Scheme.
Subnet mask Specifies the subnet mask of Service plane subnet mask:
the infrastructure VMs. 255.255.255.0
Gateway IP address Specifies the service plane Service plane gateway IP

gateway IP address of the address: 192.168.181.1
infrastructure VMs.
VM name Identifies an infrastructure Standard deployment:

VM. l Active AD/DNS/DHCP VM
name: FA-AD-01
l Standby AD/DNS/DHCP
VM name: FA-AD-02
l GaussDB/WI/HDC/License
VM name: FA-HDC-01
l GaussDB/WI/HDC VM
name: FA-HDC-02
l Active ITA VM name: FA-
ITA-01
l Standby ITA VM name: FA-
ITA-021
l Loggetter/TCM/AntiVirus/
Patch VM name: FA-
LOG-01
l (Optional) AUS: FA-AUS
l First vAG/vLB VM name:
FA-vAG-01
l Second vAG/vLB VM
name: FA-vAG-02

FusionCloud Desktop
OS Account Data
Table 3-6 OS account data

Account Description Username and Password
Administrator System administrator account Username: Administrator

of the Windows VM created by Password: Huawei@123
using the image provided by
Huawei. This account has the
highest rights for the VM OS.
root System administrator of a Username: root

Linux OS VM. This account Password: Huawei@123
has the highest rights for the
VM OS.
Account for starting Account for starting or Username: gandalf

or stopping services stopping services after the Password: Huawei@123
Linux components are installed
on the infrastructure VM.
GaussDB account Login account created when Username:gaussdba

GaussDB is installed. Password: Huawei@123
Data for AD/DNS Installation

NOTE
If the AD/DNS/DHCP server is provided by the customer, obtain the IP address, username, and password of
the AD/DNS/DHCP server before software installation.
Table 3-7 Data for AD/DNS installation

Document Description Example Value
Infrastructure Identifies the AD domain that vdesktop.huawei.com

domain name manages the accounts of
Windows servers and clients.
All server and client computers
must be added to the domain
for management and
configured with group policies.

FusionCloud Desktop
DSRM password Specifies the password used to Huawei@123

log in to the OS in directory
services restore mode
(DSRM). In DSRM, only the
DSRM administrator account
and the AD DSRM password
can be used to log in to the OS.
The password must meet the
following requirements:
l Contain at least six
characters. (The password
for privileged users must
contain at least eight
characters.)
l Contain at least two of the
following combinations:
– At least one lowercase
letter
– At least one uppercase
letter
– At least one digit
– Special characters `~!
@#$%^&*()-_=+\|
[{}];:'",<.>/? and space
l Cannot be the same as the
username or the username
in reverse order.
IP address segment Specifies the VM IP addresses 192.168.123

for reverse lookup corresponding to domain
names for reverse DNS
lookup.
Reverse DNS lookup is using
an IP address to find a domain
name.
Domain name for Specifies the cloud server fusionaccess.vdesktop.huawei.c

logging in to WI address to be used when a om
servers client user attempts to log in to
a VM.

FusionCloud Desktop
Table 3-8 Data for DHCP installation

Scope name Identifies a DHCP scope. DHCP1

A DHCP scope is an
administrative group of IP
addresses for computers on a
subnet that use the DHCP
service.
Start and end IP Specifies the IP address pool of Start IP address:

addresses the service plane. The DHCP 192.168.181.150
server dynamically assigns IP End IP address:
addresses to VMs from this IP 192.168.181.200
address pool.
Subnet mask and Specifies the subnet mask and Mask: 255.255.255.0
gateway IP address gateway IP address of the Gateway: 192.168.181.1
of the address pool address pool.
Domain Account Data

NOTE
For details about domain accounts to be created and differences in high security mode such as account
separation, see FusionAccess Account Planning in High Security Mode.
Table 3-9 Domain account data

Account Description Example Value
Domain accounts l Domain accounts for logging in to the vdsuser

for logging in to Windows infrastructure VMs (except the
infrastructure AD/DNS/DHCP servers). The domain
servers account must be added to the
administrator group of the server.
l Account for accessing the backup
service when the Loggetter server is
deployed.

FusionCloud Desktop
Domain l The operation for creating the domain vdsadmin

administrator administrator account varies with the
account AD server to be used.
l Add the domain administrator account to
the Domain Admins group for
managing the domain.
the DHCP Users group for monitoring
DHCP alarms.
l Account for starting the Tomcat service
on the ITA servers. This account must be
added to the server administrator group.
l Add the Tomcat service domain account
to the administrator group of the ITA
and Loggetter servers for monitoring
ITA and Loggetter alarms.
Database Data
Table 3-10 Data required for configuring an HDC server
Name Description Example Value
HDC database name HDC database instance created HDCGaussDB01

on the GaussDB.
ITA database name ITA database instance created FusionAccess

on the GaussDB.
ITA database Username and password for Username: ITALoginUser

account ITA server connecting to the Password: Huawei@123
database instance.
3.2 Documents and Software
Reference Documents
NOTICE
The desktop cloud solution maps multiple version of FusionCompute, FusionManager, and
FusionCare. Download the matched documents and software during the actual use.

FusionCloud Desktop
In addition to the Software Installation, obtain the documents listed in Table 3-11, and Table
3-12 before software installation.
Table 3-11 Documents required for hardware configuration of the desktop cloud solution
Categ Document Description Ma How to Obtain
ory nda
tory
/
Opt
ion
al
Hardw Hardware Describe how to Man Obtain the documents based

are device configure the hardware dato on the hardware devices used.
device documents devices. ry.
configu
ration
Deskto Version Provides version Man For enterprise users, visit

p cloud mapping table information about the dato http://support.huawei.com/
solutio of the desktop components used in the ry. enterprise and choose
n cloud solution desktop cloud solution. Product Support > IT >
FusionCloud >
FusionAccess >
FusionCloud Desktop
Solution.
For telecom carrier users, visit
http://support.huawei.com
and choose Product Support
> Carrier IT > FusionCloud
> FusionAccess >
FusionCloud Desktop
Solution
Feature Guide Required only when the Opti For enterprise users, visit
FusionCloud Desktop onal http://support.huawei.com/
solution is required to . enterprise and choose
provide advanced Product Support > IT >
features. FusionCloud >
Describes the features FusionAccess >
and methods used to FusionCloud Desktop
configure the features. Solution.
> Carrier IT > FusionCloud
> FusionAccess >
FusionCloud Desktop
Solution

FusionCloud Desktop

ory nda
tory
/
Opt
ion
al
TCM TCM product Describe how to install Man For enterprise users, visit
documents the Thin Client dato http://support.huawei.com/
Manager (TCM). ry. enterprise and choose
Product Support > IT >
FusionServer > TC
Terminal > TCM
> Carrier IT > FusionServer
> TC Terminal > TCM
Fusion FusionCare Select the document of Man For enterprise users, visit
Care V100R003C1 a version according to dato http://support.huawei.com/
0SPCxxx User the product version ry. enterprise and choose
Guide mapping. Software > IT >
FusionCloud >
FusionSphere Tool >
V100R003C10SPCxxx >
FusionSphere Tool
V100R003C10SPCxxx
Health Check and Log
Collect
and choose Software >
Carrier IT > FusionCloud >
FusionSphere >
FusionSphere Tool >
V100R003C10SPCxxx >
FusionSphere Tool
V100R003C10SPCxxx
Health Check and Log
Collect

FusionCloud Desktop

ory nda
tory
/
Opt
ion
al
Fusion FusionCare For enterprise users, visit

Tool V100R005C0 http://support.huawei.com/
0SPC100 enterprise > Software > IT >
User Guide FusionCloud >
FusionSphere > FusionTool
> V100R005C00SPC100
http://support.huawei.com >
Software > Carrier IT >
FusionCloud >
> V100R005C00SPC100
Table 3-12 Documents required for FusionCompute&FusionManager

(V100R005C00SPCXXX) software deployment
Document Description Man How to Obtain
dato
ry/
Opti
onal
FusionCompute You should download it Man For enterprise users, visit http://
version according to the version dator support.huawei.com/enterprise
Software Install mapping. y. and choose Product Support >
Guide IT > FusionCloud >
FusionSphere >
FusionCompute >
FusionCompute
http://support.huawei.com and
choose Product Support >
FusionSphere >
FusionCompute

FusionCloud Desktop
Document Description Man How to Obtain

dato
ry/
Opti
onal
Adapter FusionSphere SIA Man For enterprise users, visit http://

software NOTE dator support.huawei.com/enterprise
document If FusionAccess needs to y. and choose Product Support >
connect to FusionSphere IT > FusionCloud >
V100R005C00SPC30X or FusionSphere > FusionSphere
FusionSphere
SIAFor telecom carrier users,
V100R003C10SPC600, the
matched FusionSphere SIA visit http://support.huawei.com
software is mandatory. and choose Product Support >
FusionSphere > FusionSphere
SIA
FusionManager You should download it Man For enterprise users, visit http://
version according to the version dator support.huawei.com/enterprise
Software Install mapping. y. and choose Product Support >
Guide (Server IT > FusionCloud >
Consolidation,al FusionSphere > FusionManager
l-in-one) > FusionManager
http://support.huawei.com and
FusionSphere > FusionManager
Software
Before software installation, download all software packages listed in Table 3-13, and Table
3-14 to the same folder on a PC used for software installation.
NOTE
l The software versions vary with the products you use. Obtain the software of the correct version
based on the version mapping table.
l Before software installation, also download the software verification file, which has the same file
name as the software package and has the file name extension asc.
l For details about how to verify the software package, see Verifying Software Packages.

FusionCloud Desktop
Table 3-13 FusionCompute&FusionManager (V100R005C00SPCXXX) Software package

list
Produ Sof Software Package Ma How to Obtain
cts twa nda
re tory
Typ /
e Opt
ion
al
Fusion Fusi FusionCompute Man For enterprise users, visit

Compu onC version_Tools.zip dato http://support.huawei.com/
te omp ry. enterprise and choose
ute Software > IT >
inst FusionCloud >
allat FusionSphere >
ion FusionCompute
wiz For telecom carrier users,
ard visit http://
CN FusionCompute Man support.huawei.com and
A version_CNA.iso dato choose Software > Carrier
oper ry. IT > FusionCloud >
atin FusionSphere >
g FusionCompute
syst
em
(OS
)
soft
war
e
VR FusionCompute Man
M version_VRM.zip dato
inst ry.
allat
ion
soft
war
e

FusionCloud Desktop
Produ Sof Software Package Ma How to Obtain

cts twa nda
re tory
Typ /
e Opt
ion
al
Ada FusionSphere SIA Man For enterprise users, visit

pter NOTE dato http://support.huawei.com/
soft If FusionAccess needs to connect to ry. enterprise and choose
war FusionSphere Product Support > IT >
e V100R005C00SPC30X or FusionCloud >
FusionSphere
FusionSphere >
V100R003C10SPC600, the matched
FusionSphere SIA software is FusionSphere SIA
mandatory. For telecom carrier users,
visit http://
support.huawei.com and
FusionSphere >
FusionSphere SIA
Fusion Fusi You should download it Man For enterprise users, visit
Manag on according to the version dato http://support.huawei.com/
er Man mapping: ry. enterprise and choose IT >
ager l FusionManager FusionCloud >
inst V100R003C10SPCxxx_GMN FusionSphere >
allat _FS.zip FusionManager.
ion For telecom carrier users,
soft l FusionManager visit http://
war V100R005C00SPC100_SV.zi support.huawei.com and
e p choose Software > Carrier
IT > FusionCloud >
FusionSphere >
FusionManager

FusionCloud Desktop
Table 3-14 FusionAccess Software package list

Produc Sof Software Package Man How to Obtain
ts twa dato
re ry/
Ty Opti
pe onal
Windo OS 2008 R2 OS files and patch Man For enterprise users, visit
ws files l Windows2008R2SP1_EN.part dator http://support.huawei.com/
Server : 1.rar y. enterprise and choose
OS Downloads > IT >
l Windows2008R2SP1_EN.part FusionCloud >
2.rar FusionAccess >
l Patch: KB2577795 FusionAccess Tool >
NOTE V100R005C30SPCxxx
l If Windows Server 2012 R2 is For telecom carrier users,
used, the OS files and patch visit http://
must be prepared by the support.huawei.com and
customer.
choose Software > Carrier
l For infrastructure VMs running IT > FusionCloud >
Windows Server 2012 R2, OS FusionAccess >
security must be ensured by the
customer.
FusionAccess Tool >
FusionAccess Tool
V100R005C30SPCxxx
Patch: http://
support.microsoft.com/kb/
2577795
NOTE
l The Windows Server 2008
R2 OS provides a trial
period of 30 days.
l The Windows Server 2012
R2 OS provides a trial
period of 180 days.
l Obtain the product license
of Windows Server 2008
R2 from legal sources.
OS KB2577795 Man http://

patc dator support.microsoft.com/kb/
h y. 2577795

FusionCloud Desktop

ts twa dato
re ry/
Ty Opti
pe onal
Fusion Fusi l Linux OS component Man For enterprise users, visit

Access onA installation software: dator http://support.huawei.com/
cces FusionAccess_Installer_Win_ y. enterprise and choose
s V100R005C30SPCxxx.iso Software > IT >
man l Windows OS component FusionCloud >
age installation software: FusionAccess >
men FusionAccess_Mirror_V100R FusionAccess >
t 005C30SPCxxx.iso V100R005C30SPCxxx
soft For telecom carrier users,
war visit http://
e support.huawei.com and
IT > FusionCloud >
FusionAccess >
FusionAccess >
V100R005C30SPCxxx
Ser FusionAccess_Mirror_V100R00 Man For enterprise users, visit

vice 5C30SPCxxx.iso dator http://support.huawei.com/
pro y. enterprise and choose
visi Software > IT >
oni FusionCloud >
ng FusionAccess >
tem FusionAccess >
plat V100R005C30SPCxxx
e For telecom carrier users,
crea visit http://
tion support.huawei.com and
tool choose Software > Carrier
IT > FusionCloud >
FusionAccess >
FusionAccess >
V100R005C30SPCxxx

FusionCloud Desktop

ts twa dato
re ry/
Ty Opti
pe onal
Fusi Huawei_vTools_V100R005C30S Opti For enterprise users, visit

onA PCxxx.zip onal. http://support.huawei.com/
cces enterprise and choose
s Software > IT >
syst FusionCloud >
em FusionAccess >
O& FusionAccess >
M V100R005C30SPCxxx >
tool V100R005C30SPCxxx
For telecom carrier users,
visit http://
IT > FusionCloud >
FusionAccess >
FusionAccess >
FusionAccess
Acc FusionAccess_AccessClient_V10 Opti For enterprise users, visit

ess 0R005C30SPCxxx.zip onal. http://support.huawei.com/
Loc enterprise and choose
k Software > IT >
inst FusionCloud >
allat FusionAccess >
ion FusionAccess >
soft V100R005C30SPCxxx
war For telecom carrier users,
e visit http://
IT > FusionCloud >
FusionAccess >
FusionAccess >
V100R005C30SPCxxx

FusionCloud Desktop

ts twa dato
re ry/
Ty Opti
pe onal
TCM TC l Data server installation Man For enterprise users, visit

M program (CDS): dator http://support.huawei.com/
soft CDSsetupCDSsetup_5.x.xxx. y. enterprise and choose
war xxx.exe Software > IT >
e l Database import FusionServer > TC
program(UnitedDB): Terminal > TCM
UnitedDBsetup_5.x.xxx.xxx.e For telecom carrier users,
xe visit http://
l Management server choose Software > Carrier
installation program(CCCM): IT > FusionServer > TC
CCCMsetup5.x.xxx.xxx.exe Terminal > TCM
l License patch installation Decompress the following
program(CCCM_License_Pat software packages
ch): CCCM_License_Patch
l CDS_Version_5.x.xxx.xx
x_xxxxxxxxxx(Required).
zip
l UnitedDB_Version_5.x.x
xx.xxx_xxxxxxxxxx(Req
uired).zip
l CCCM_Version_5.x.xxx.
xxx_xxxxxxxxx(Required
).zip
l CCCM_License_Patch_5.
2.000.803_2013121101(R
equired).zip
My mysql-5.x.xx-winx64 Man Obtain the software from the

SQ dator paths provided in the TCM
L y. product document.
Dat
aba
se

FusionCloud Desktop

ts twa dato
re ry/
Ty Opti
pe onal
OpenP Soft OpenPGP Man For enterprise users, visit

GP war dator http://support.huawei.com/
Signatu e y. enterprise and choose Tools
re che > Tools software >
Verifica ck Enterprises Common >
tion tool Software digital signature
Guide (OpenPGP) validation tool
For telecom carrier users,
visit http://
support.huawei.com/
carrier/digitalSignatureAc-
tion
Download and decompress
the following software
package OpenPGP
Signature Verification
Guide.zip.
Fusion Hea FusionTool Man For enterprise users, visit

Tool lth V100R005C00SPCXXX dator http://support.huawei.com/
che FusionCare.zip y. enterprise > Software > IT
ck > FusionCloud >
and FusionSphere > FusionTool
log > V100R005C00SPC100
coll For telecom carrier users,
ecti visit http://
on support.huawei.com >
tool Software > Carrier IT >
FusionCloud >
> V100R005C00SPC100
3.3 Hardware Requirements

3.3.1 Network Devices
Typical Networking
In the FusionCloud Desktop solution, network devices include switches and switch modules.
The network is divided into network planes based on service requirements. Each network
plane can consist of one or multiple virtual local area networks (VLANs). Figure 3-1 shows
the connections between hosts (servers), storage devices, and switches in a typical desktop
cloud scenario.

FusionCloud Desktop
Figure 3-1 Typical networking

Management and service plane Uplink access aggregation switch
Storage plane
BMC plane Storage
… interface
NIC 1
Controller A
NIC 2 Access management NIC Storage
Host switch device
NIC 3 Controller B
management NIC
NIC 4
BMC Storage
network port
… interface
Network Communication Requirements

You must configure the following for network devices:
l Time synchronization for network devices
The network devices synchronize time with FusionManager.
l SNMP and SSH
The Simple Network Management Protocol (SNMP) and Secure Shell (SSH) must be
enabled for switches and server switch modules to ensure network security.
l IP addresses for network plane communication
Table 3-15 describes communication between network planes.
NOTE
l For details about the desktop cloud typical networking and configuration examples, see the Huawei
FusionCloud Typical Networking Assistant.
l To ensure network security, you are advised to deploy a firewall between the TC and the vAG to
isolate the TC from the management and service planes.
l The FusionAccess system provides login service ports. If the FusionAccess system is deployed in an
untrusted network, the FusionAccess system is vulnerable to DoS or DDoS attacks. Therefore, you
are advised to deploy the FusionAccess system on the customer's private network or install
professional anti-DoS or anti-DDoS devices to protect the FusionAccess system against DoS or
DDoS attacks.

FusionCloud Desktop
Table 3-15 Communication between network planes

Communicatio Description Network Communication
n Plane
BMC plane This plane enables remote access to The management plane of the
the BMC on servers. Virtual Resource
Management (VRM) nodes
interworks with the BMC
plane.
Management and The management plane and service The VRM nodes
service plane plane are physically deployed together communicate with switches
but logically separated by VLAN. The and storage devices through
following IP addresses must be the management plane.
configured for the management and The VRM nodes
service plane: communicate with Computing
l Configure the following Node Agents (CNAs) through
management plane IP addresses in the management plane.
the same VLAN:
– Management IP addresses of all
hosts, that is, IP addresses of
the management network ports
on hosts
– IP addresses of the VMs on
which FusionCompute VRM
and FusionManager are
deployed
– IP addresses of storage device
controllers
– IP address of the management
plane of infrastructure VMs
l The following service plane IP
addresses can be configured in the
same VLAN or different VLANs
based on service requirements:
– Service plane IP addresses of
infrastructure VMs
– Service plane IP addresses of
user VMs
Storage plane The hosts communicate with the The hosts communicate with
storage units on storage devices storage devices through the
through the storage plane. The storage plane.
following IP addresses must be
configured:
l Storage IP addresses of hosts, that
is, IP addresses of the storage
network ports on hosts
l IP addresses of storage devices

FusionCloud Desktop
3.3.2 Storage Devices
Configuration Process
Figure 3-2 shows the typical configuration process for storage devices.
Figure 3-2 Storage device configuration process
Start
Check the storage device.
Configure IP address of the

management network port.
Configure the iSCSI host port.
Create storage resources.
Configure time synchronization

information.
End
NOTE
For details about the desktop cloud typical networking and configuration examples, see the Huawei
Configuration Procedure
1. Check the storage device version.
Log in to each storage device through the serial port and check the system version
against the version mapping information.
If the storage device version is incorrect, obtain the software package and upgrade guide
based on the version mapping information and upgrade the system.
2. Set IP addresses for the management network ports.
Configure IP addresses for the management ports on storage devices based on the
network plan and allocate the ports to the management plane.
3. Configure the iSCSI host port.
Allocate all iSCSI host ports on storage device controllers A and B to the storage plane
to ensure data transmission between storage devices and servers.

FusionCloud Desktop
4. Create storage resources, include hot spare disks, redundant array of independent disks
(RAID) groups, logical unit numbers (LUNs), host groups, and hosts. After creating
LUNs and hosts, configure the mapping between the LUNs and hosts.
A set of S5500T storage device has one controller enclosure and two disk enclosures,
which provide a maximum of 72 hard disks. Use hard disks of the same specifications in
each enclosure and the same RAID mode for the three enclosures. The RAID mode
varies depending on the hard disk type:
– SAS: RAID 5 or RAID 10
– SATA: RAID 6 or RAID 10
Table 3-16 describes the recommended RAID modes for a disk enclosure.
Table 3-16 RAID configuration modes

RAID Mode RAID Group Number of Hard Number of Hot
Disks Spare Disks
RAID 5 1 11 2
2 11
RAID 6 1 11 2
2 11
RAID 10 1 10 2
2 12
NOTE
RAID 5 is recommended for larger storage space. RAID 10 is recommended for higher Input/
Output Operations Per Second (IOPS).
5. Configure time synchronization.
Configure storage devices to synchronize time with FusionManager. For details, see the
related storage device document.
3.3.3 Servers
Server Configuration Process
Figure 3-3 shows the server configuration process.

FusionCloud Desktop
Figure 3-3 Server configuration process
Start
Configure management
modules.
Check the server blade.
Configure RAID and BIOS.
Configure time
synchronization information.
End
NOTE
For details about the desktop cloud typical networking and configuration examples, see the Huawei
Configuration Requirements
1. Configure the baseboard management controller (BMC).
Log in to the BMC interface over the serial port and configure the management IP
address and system time for the BMC.
If two BMCs are deployed in active/standby mode, configure the management IP address
and system time for each BMC and configure a floating IP address for the active BMC.
2. Check the servers.
Log in to the servers through the BMC and check the server version information and the
number and status of hard disks.
If the server firmware version is incorrect, obtain the correct software package and
upgrade guide based on the version mapping table and upgrade the software.
3. Configure the redundant array of independent disks (RAID) and basic input/output
system (BIOS) for servers.
Table 3-17 describes the configuration requirements for the RAID and BIOS (boot mode
and PXE) of servers.
Table 3-17 Server configuration description
RAID Create a RAID 1 group using two hard disks on each server for
installing the OS and service software. The RAID configuration
improves system reliability.

FusionCloud Desktop
Boot mode Set boot devices as follows:

l First boot device: Hard Disk Drive
l Second boot device: BEV
l Third boot device: CD/DVD-ROM Drive
BEV and CD/DVD-ROM Drive are used for OS and service
software installation. After the installation is complete, servers
boot from the hard disk by default.
PXE Enable the PXE function for the first network interface card
(NIC) for installing the OS and service software. Disable PXE
for other NICs.
4. Configure time synchronization.

Enable the servers to synchronize time with FusionManager.

FusionCloud Desktop 4 Cloud Platform Software Installation Guide (Standard
Software Installation Guide Desktop)
4 Cloud Platform Software Installation

Guide (Standard Desktop)
About This Chapter
4.1 Installing FusionCompute

4.2 Installing FusionManager

4.1 Installing FusionCompute
Hardware Configuration.
Configure hardware devices based on the desktop cloud hardware requirements.The desktop
cloud hardware requirements are as follows:
l Network Devices
l Storage Devices
l Servers
Install Hosts and VRMs.

NOTE
If FusionAccess connects to FusionSphere V100R005C00SPC30X or FusionSphere
V100R003C10SPC60X, install the matched FusionSphere SIA software (used to upgrade the PV
Driver) after installing FusionSphere. Otherwise, the PV Driver may fail to be installed. For detailed
operations, see Upgrading the PV Driver.
To complete the steps as show in Table 4-1 and the Table 4-2 show the installation
requirements. For details, see Installation and Configuration > Software Installation in the
FusionCompute V100R005C00 Software Installation Guide.
Table 4-1 Steps

Steps Description
Installing Mandatory.
Hosts To complete the hosts OS installation and configuration.
Installing Mandatory.
VRM To complete the VRM VMs installation and configuration.
nodes
Table 4-2 Installation requirements

Configu Description
ration
Hardwar See System Requirements in the FusionCompute Software Installation Guide.

e
requirem
ents

Configu Description
ration
VRM Deploy the active and standby VRMs on different VMs. Local storage is
nodes recommended. The VM specifications are as follows:
l 2 VCPUs and 3 GB memory if the VRM node serves 200 VMs and 20
PMs.
PMs.
PMs.
PMs.
Domain The Domain 0 specifications of the management, and user clusters, and
0 gateway clusters vary with the number of VMs on a host:
specificat l max_vcpus and reserve_vcpus: 6VCPU
ions
(Standard l mem(MB): 5120 MB
Desktop) l mem_for_icache(MB)
– Common VM: Default 0
– Linked clones: 12288
Domain Domain 0 specification requirements for a full memory virtual desktop:

0 l Both max_vcpus and reserve_vcpus are set to 6 VCPUs
specificat
ions (full l For the memory requirement, see Full Memory VM Configuration
memory Calculation Tool.
virtual l Retain the default value for icache.
desktop)
NOTE
The
followin
g
specific
ations
are for a
full
memory
cluster
only.
Domain max_vcpus and reserve_vcpus: 8VCPU

0
specificat
ions
(Desktop
Applianc
e)

Configu Description
ration
l If disks (SAS, SATA, and SSD) are used as the main storage, the memory
specification is 12 + N x Number of data disks on the host + (SSD cache
size of the host x 8)/1024.
The cache unit of SSD (including SSD card and SSD disk) is GB. The
value of the parameter N varies depending on the disk capacity:
– Using IB network:
– Disk capacity ≤ 2 TB: N = 2.4
– 2 TB < disk capacity ≤ 4 TB: N = 3.4
– Using 10GE network:
– Disk capacity ≤ 2 TB: N = 2
– 2 TB < disk capacity ≤ 4 TB: N = 3
For example, using IB network, the host Host1 uses one 2.4-TB SSD card
for cache and four 2-TB SATA disks as data disks. In this case, the CVM
memory of this host must be set to 40.8 GB (12 + 2.4 x 4 + (2.4 x 1024 x
8)/1024 = 40.8 GB).
l If SSD cards are used as the main storage, the memory specification is 14.5
+ 3.5 x Number of SSD cards x (SSD card capacity/400 GB).
For example, SSD card capacity is 2.4 TB. Then, the value of (SSD card
capacity/400 GB) is 6.
NOTE
In the preceding formula, the total memory of MDC process, VBS process, and OS is
integrated.
l The memory used by the MDC processes is 5 GB.
l When disks are used as the main storage, the memory used by the VBS processes is 4
GB. When SSD cards are used as the main storage, the memory used by the VBS
processes is 6.5 GB.
l The memory used by the OS is 3 GB.
For example, when SSD cards are used as the main storage, the total memory used by
MDC process, VBS process, and OS is 5 GB + 6.5 GB + 3 GB = 14.5 GB.
mem_for_icache (MB): 0
Initial Configuration
For details, see Installation and Configuration > Initial Configuration in the
FusionCompute Software Installation Guide.

Table 4-3 Initial Configuration

Configu Description
ration
Loading Mandatory.
a License NOTICE
File If FusionAccess works with FusionCompute V100R005C00 and later versions, you do
not need to load licenses.
Creating Mandatory.
Clusters If Solution 2 is used to deploy the access gateway and load balancing
on a Site components and the number of users is 500 to 1000, and 1000 to 2200, create a
gateway cluster and add two CNAs to the cluster for deploying the vAG/vLB
VMs and vAG VMs.
NOTICE
To use the full memory virtual desktop feature, you need to create an independent cluster.
Adding Mandatory.
Hosts to
Clusters
Adding Mandatory.
Data When adding data stores for a FusionAccess infrastructure VM, set Storage
Stores to mode to Non-virtualization.
Hosts
NOTICE
To use the full memory virtual desktop feature, you need to add the data store whose type
is Local RAM Disk.
Adding Mandatory.
Virtual
Network
Resource
s to a
Site
Configuri Optional.
ng the Configure the DNS server only when the NTP server of FusionCompute adopts
DNS the domain name mode.
Server
Configuri Mandatory.
ng a
Backup
Server
Configuri Mandatory.
ng the l If a Network Time Protocol (NTP) server is available on site, use the NTP
NTP server.
Clock
Source l If no NTP server is available on site, FusionCompute synchronizes time
and Time with the VRM hosts.
Zone NOTICE
NTP must be configured; otherwise, services may be affected.

Configu Description
ration
Configur Optional.
e a local Configure a local memory disk only when the full memory virtual desktop
memory feature.
disk (full
memory During the configuration, refer to FusionCompute Storage Management Guide
virtual to complete the following operations:
desktop) l Enabling the Local RAM Disk Function
l Creating Local RAM Disks on a Host
NOTE
When creating a local RAM disk, set the following parameters according to the
calculation results in Domain 0 specifications (full memory virtual desktop) in
Table 4-2:
l Memory size (GB)
l Device size (GB)
l Disks
4.2 Installing FusionManager

Install FusionManager, for details, see Initial Installation and Configuration > Installing
FusionManager Using an ISO Image and Initial Installation and Configuration >
Configuring FusionManager in the FusionCompute V100R005C00 Software Installation
Guide. When installing FusionManager observe the following:
Configu Description
ration
NTP l If an NTP server is available, use the NTP server as the FusionManager
server NTP server.
l If no NTP server is available, configure the host where the active VRM is
located as FusionManager NTP server.
Operatio When installing FusionManager according to FusionManager Software

n Installation Guide, you only need to install FusionManager using an ISO file
procedur and configure FusionManager.
es in the
reference
documen
t
Single l Enable FusionCompute alarms to be reported to FusionManager.

sign-on l Enable users to switch to FusionCompute from FusionManager once you
and have logged in to FusionManager.
alarm
report

NOTE
l When logging in to the FusionManager portal using a browser for the first time, configure the
browser by following the operations described in Setting Internet Explorer.
l When logging in to the FusionCompute portal using a browser for the first time, configure the
browser based on the browser type. For details, see Setting Internet Explorer Browser or Setting
Mozilla Firefox Browser.

FusionCloud Desktop 5 Cloud Platform Software Installation Guide (Desktop
Software Installation Guide Appliance)
5 Cloud Platform Software Installation

Guide (Desktop Appliance)
About This Chapter
5.1 Installing Cloud Platform Software

5.2 Initial Configuring Cloud Platform Software

5.1 Installing Cloud Platform Software

Install FusionCompute.
Install FusionCompute: for details, see Installation and Commissioning > Software
Installation > Installing FusionCompute in FusionCube Product Documentation-
(V100R002C02_02,Cloud Platform).
Table 5-1 Domain 0 specifications
Configu Description
ration
Domain max_vcpus and reserve_vcpus: 8 VCPU

0
specificat l If disks (SAS, SATA, and SSD) are used as the main storage, the memory
ions specification is 12 + N x Number of data disks on the host + (SSD cache
size of the host x 8)/1024.
The cache unit of SSD (including SSD card and SSD disk) is GB. The
value of the parameter N varies depending on the disk capacity:
– Using IB network:
– Disk capacity ≤ 2 TB: N = 2.4
– 2 TB < disk capacity ≤ 4 TB: N = 3.4
– Using 10GE network:
– Disk capacity ≤ 2 TB: N = 2
– 2 TB < disk capacity ≤ 4 TB: N = 3
For example, using IB network, the host Host1 uses one 2.4-TB SSD card
for cache and four 2-TB SATA disks as data disks. In this case, the CVM
memory of this host must be set to 40.8 GB (12 + 2.4 x 4 + (2.4 x 1024 x
8)/1024 = 40.8 GB).
l If SSD cards are used as the main storage, the memory specification is 14.5
+ 3.5 x Number of SSD cards x (SSD card capacity/400 GB).
For example, SSD card capacity is 2.4 TB. Then, the value of (SSD card
capacity/400 GB) is 6.
NOTE
In the preceding formula, the total memory of MDC process, VBS process, and OS is
integrated.
l The memory used by the MDC processes is 5 GB.
l When disks are used as the main storage, the memory used by the VBS processes is 4
GB. When SSD cards are used as the main storage, the memory used by the VBS
processes is 6.5 GB.
l The memory used by the OS is 3 GB.
For example, when SSD cards are used as the main storage, the total memory used by
MDC process, VBS process, and OS is 5 GB + 6.5 GB + 3 GB = 14.5 GB.
mem_for_icache(MB): 0

Install FusionManager.
Install FusionManager: for details, see Installation and Commissioning > Software
Installation > Installing FusionManager in FusionCube Product Documentation-
Install FusionStorage.
Install FusionStorage: for details, see Installation and Commissioning > Software
Installation > Installing FusionStorage in FusionCube Product Documentation-
5.2 Initial Configuring Cloud Platform Software

Initial configuring cloud platform software: for details, see Installation and Commissioning
> Initial Configuration in FusionCube Product Documentation-
NOTE
Adding Data Stores to Hosts to see Resource Configuration > Adding Data Stores to Hosts > Adding
Data Stores to Hosts Using FusionStorage.

FusionCloud Desktop
Software Installation Guide 6 FusionAccess Software Installation
6 FusionAccess Software Installation
About This Chapter
6.1 Installation Process

6.2 Configuring Network Information
6.3 Installing Linux-based Infrastructure VMs
6.4 Installing Windows-based Infrastructure VMs
6.5 FusionAccess Initial Configuration
6.6 (Optional) Deploying the UNS
6.7 (Optional) Enabling Internet User Access

FusionCloud Desktop
6.1 Installation Process

The FusionAccess installation scenarios are as follows:
l Domain: Infrastructure VMs and user VMs in FusionAccess are managed using AD
domains. In this scenario, refer to this document to perform the installation.
NOTE
The application virtualization feature is deployed on a FusionAccess infrastructure VM, and the
RD Licensing server and APS server must be independently deployed. For details about how to
deploy the application virtualization feature, see F103_Application Virtualization in
FusionCloud Desktop V100R005C30 Feature Guide.
l Non-domain: Infrastructure VMs and user VMs in FusionAccess are managed using
local accounts. For the installation process, see the FusionCloud Non-domain Desktop
V100R005C30 User Guide.
Figure 6-1 shows the overall process in the domain scenario for installing FusionAccess.
Figure 6-1 Installation process
1. Prepare for 2.Install Linux-based 3. Install Windows-based

installation. infrastructure VMs. infrastructure VMs.
Configure Network Create Linux Create an infrastructure

Information. Infrastructure VMs. VM template.
Configure Linux Create infrastructure VMs.

Infrastructure VMs.
Install the GaussDB, Configure infrastructure

HDC, WI, and License 4.VMs.
Install AD/DNS/DHCP
Components. components.
Install AD/DNS/DHCP.
Install the vAG/vLB
Components.
Install ITA.
(Optional) Install AUS.
Install Loggetter/TCM.
5. Generate or Import a
4. Perform initial configuration.
Certificate.
Generate or import a 1.Configure the

virtualization environment.
2.Configure domains.
WI/UNS Certificate.
Import root certificates 3.Configure desktop 4.Configure alarm

to terminals. Components. components.
5. (Optional) Configure 6. Configure time

Multi-Language Images synchronization.
on ITA Servers.
8.Activating the OS of
7. Check component Each Windows
status. Infrastructure VM.
9.(Optional) Unlock NBI

10.(Optional) Configure
User and Reset the
desktop cloud addresses.
Password.

FusionCloud Desktop
6.2 Configuring Network Information

Scenarios
Configure Network Information for infrastructure VMs, as follow as:
l Create port groups on the FusionCompute portal.
l Configure VLANIF interface for the Port group and enable port to forward packets
containing VLAN in the aggregation switch.
Prerequisites
Conditions
FusionCompute has been installed.
NOTE
The following procedure uses FusionCompute V100R005C00 as an example. For the procedures of
other versions, see the notes in related steps.
Data
For details about key data and parameters, see the description given in specific procedures.
Procedure
Create port groups.
1 Log in to FusionCompute.
NOTE
– Port group for the management plane NICs of the FusionAccess infrastructure VMs: During
virtual platform establishment, ManagementDVS and a port group with VLAN ID 0 are
automatically created. This port group can be used as the port group for the management plane
NICs of the FusionAccess infrastructure VMs.
– Port group for the service plane NICs of the FusionAccess infrastructure VMs: If the service
plane and the management plane belong to the same network segment, you are advised to
create a port group for the service plane NICs on the ManagementDVS. If the management
plane and service plane belong to different network segment, create a port group for the
service plane NICs on the service distributed switch.
– ManagementDVS as a example in the following step.
2 On the FusionCompute portal, choose Network Pool > Network Pool >
ManagementDVS, click VLAN Pool, delete the default VLAN pool, click Add VLAN
Pool, and add VLAN pools as planned.
3 Click Create Port Group to create the Port group for the service plane NICs of the
infrastructure VMs.
Configure aggregation switches.
NOTE
The configuration commands use an S5700 switch as an example. To configure a different model of
aggregation switch, see the user manual of the switch you use
4 Log in to the aggregation switch.

FusionCloud Desktop
5 On the aggregation switch, run the following commands to configure a VLANIF

interface for the Port group used by the infrastructure VM service plane:
[Quidway] interface vlanif vlan-id
[Quidway-Vlanifx] ip address ip-address mask
For example, if the VLAN ID used by the infrastructure VM service plane is 181, the
service plane gateway address is 192.168.181.1, and the subnet mask is 255.255.255.0,
run the following commands:
[Quidway] interface vlanif 181
[Quidway-Vlanif181] ip address 192.168.181.1 255.255.255.0
6 Enable the port group to forward the packets containing the specified VLAN ID.
[Quidway] interface GigabitEthernet0/0/x
[Quidway-GigabitEthernet0/0/x] port hybrid tagged vlan-id mask
For example, to enable port 0/0/1 on the switch to forward packets containing VLAN
181, run the following commands:
[Quidway] interface GigabitEthernet0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid tagged vlan 181
----End
6.3 Installing Linux-based Infrastructure VMs

6.3.1 Linux Infrastructure VM Types
NOTE
l If FusionAccess connects to FusionSphere V100R005C00SPC30X or FusionSphere

l If the Linux infrastructure VM types are determined, you do not need to observe requirements listed
in Table 6-1 and can directly do Creating Linux Infrastructure VMs.
l The WI and vAG cannot be deployed on the same VM.
Table 6-1 Linux infrastructure VMs

Compone Number of Deployment Requirements
nt VMs
GaussDB/H Two l First VM: Deploy the GaussDB, WI, HDC, and
DC/WI/ License components.
License l Second VM: Deploy the GaussDB, WI, and HDC
components.
l The two VMs must be deployed on different CNAs.

FusionCloud Desktop

nt VMs
vAG/vLB Two l If the number of users is less than 2200, use

vAG/vLB VMs as gateways and load balancing
servers. vAG/vLB is mandatory.
l Two vAG/vLB VMs must be deployed on different
CNAs in the management cluster.
l Two deployment schemes are available: Scenario
1: VM deployment is adopted and HDP does not
pass through the gateway. and Scenario 2: VM
deployment is adopted and HDP passes through
the gateway.
NOTE
When the number of users exceeds 2200, you are advised to
use physical SVNs as the gateway and load balancing servers.
(Optional) l 3 VMs for 500 If VM Deployment with HDP Passing Through the
vAG to 1000 users Gateway is used and the number of users ranges from
l E6 VMs for 500 to 2200, additional vAG VMs need to be deployed
1000 to 2200 to ensure system reliability.
users l If the number of users ranges from 500 to 1000, use
one CNA as the gateway cluster, and create 3 VM
to deploy the vAG. The vAG VM specifications are
4 vCPUs and 4 GB memory.
l If the number of users ranges from 1000 to 2200,
create 6 VM on 2 CNA gateway cluster nodes
respectively to deploy vAGs. The vAG VM
specifications are 4 vCPUs and 4 GB memory.
(Optional) l Two UNS Deploy this component when users need to use a
UNS VMs for users unified domain name to access VMs that have different
less than WI domain names. For details, see UNS Deployment
20000 Scheme.
l Three UNS
VMs for
20000 to
40000 users
l Add one UNS
VM each time
when the
number of
users increases
by 20000.

FusionCloud Desktop

nt VMs
(Optional) Two Deploy this component when the following conditions

vLB are met:
l Users need to use a unified domain name to access
VMs that have different WI domain names.
l The number of users is less than 20000.
l Preferential access of local users is not required.
For details, see UNS Deployment Scheme.
(Optional) One HDA Update Server.

AUS
6.3.2 Creating Linux Infrastructure VMs
Scenarios
Create and install the Linux OS Infrastructure VM. During the installation process.
Prerequisites
Conditions
You have logged into the FusionCompute.
Data
Software
FusionAccess_Installer_Linux_V100R005C30SPCxxx.iso
Procedure
1 On the FusionCompute portal, choose VM and Template and click Create VM.
2 Select Host.
Active and standby VMs are created on different CNAs in the management cluster. The
active node is created on the first CNA, and the standby node is created on the second
CNA, as shown in Figure 6-2.

FusionCloud Desktop
Figure 6-2 Create VM
3 Use default settings for other parameters, and click Next. Retain default parameter
settings. Open the Properties page and create a VM as promoted.
Table 6-2 lists the parameter setting requirements.
Table 6-2 Linux VM specifications

Com GaussDB/HDC/ vAG/vLB vAG UNS vLB AUS
pone WI/License
nt
Locati – Active and standby VMs are created on different CNAs in the
on ManagementCluster cluster. The active node is created on the first
CNA, and the standby node is created on the second CNA.
– The different vAGs are created on different CNAs in the gateway cluster.
– The AUS VM is created on one CNA node in the management cluster.
VM User-defined. The recommended are as fellows:

name – GaussDB/HDC/WI/License: Active and standby VMs are FA-
DBHDCWILI and FA-DBHDCWI.
– vAG/vLB: Active and standby VMs are FA-vAGvLB-01 and FA-
vAGvLB-02.
– vAG: Are FA-vAG-01 and FA-vAG-02.
– UNS: Active and standby VMs are FA-UNS-01 and FA-UNS-02.
– vLB: Are FA-vLB-01 and FA-vLB-02.
– AUS: FA-AUS
OS Linux: Novell SUSE Linux Enterprise Server 11 SP1 64bit

and
OS
Versio
n

FusionCloud Desktop
Com GaussDB/HDC/ vAG/vLB vAG UNS vLB AUS

pone WI/License
nt
Hardw – GaussDB/HDC/WI/License: 4 vCPUs/8 GB memory/1 disk/1 NIC

are – vAG/vLB: 4 vCPUs/4 GB memory/1 disk/2 NIC
– vAG: 4 vCPUs/4 GB memory/1 disk/2 NICs
– UNS: 4 vCPUs/4 GB memory/1 disk/1 NIC
– vLB: 2 vCPUs/2 GB memory/1 disk/1 NIC
– AUS: 4 vCPUs/4 GB memory/1 disk/1 NIC
QoS CPU Resource Control Quotaelect Customize from Quota and set the
setting quota to the maximum value 128000. This setting guarantees CPU resources
s for the management node VMs on a CNA in resource contention.
Memory Resource Memory Resource Control: Mem Memory

Control: 4096 ory Resourc
8192 Reso e
urce Control:
Cont 4096
rol:
2048
Advan Default. In Advanced Settings, Default.

ced set NIC type to
Settin HW_V_NET.
gs
VM NIC Settings: NIC Settings: NIC Settings: Select the

Settin Select the port Configure the first NIC port group on the service
gs group on the service as the service plane plane.
plane. NIC, and configure the
second NIC as the
management plane
NIC.
Standard Desktop Disk Settings:

– Data store: Select NON-Virtualized data storage resources.
– Configuration mode: Common
– Capacity (GB): 30
Desktop Appliance Disk Settings:
– Data store: Select FusionStorage.
NOTE
To improve data reliability, select data stores on different RAID groups for the VMs
working in active/standby mode.
Other Retain the default values.

param
eters

FusionCloud Desktop
4 Create the VM as prompted.

5 Click Create Another, and create other infrastructure VMs one by one.
----End
6.3.3 Configuring Linux Infrastructure VMs
Scenarios
Configure the Linux OS Infrastructure VM. after the installation process.
l Set the active and standby VMs to be mutually exclusive.
l Enable automatic recovery for infrastructure VMs.
l Install the OS.
l Install the PV driver.
Prerequisites
Conditions
This operation has no special requirement.
Data
Procedure
Set the active and standby VMs to be mutually exclusive.
NOTE
Set the GaussDB/HDC/WI/License and GaussDB/HDC/WI VMs to be mutually exclusive, and the
active and standby vAG/vLB VMs to be mutually exclusive.
1 On the FusionCompute portal, Choose Computing Pool.

2 In the navigation tree on the left, choose Site > Cluster name. For example, choose Site
> ManagementCluster.
3 On the Configuration tab, click Configure Resource Scheduling.
4 Click Control Cluster Resource. In the displayed Set Cluster Resource Control page,
select Enable computing resource scheduling, and click OK twice.
5 On the Rule Group page, click Control Cluster Resource.
6 On the Set Cluster Resource Control page, click Add.
7 Specify the rule name, and set Type to Keep VMs mutually exclusive. In Available
VMs, select the active and standby servers, and click to move the servers to
Selected VMs.
NOTE
Mutually exclusive VMs: The listed VMs must run on different hosts, and one VM can be added to only
one mutually exclusive rule.
8 Click OK as prompted to add the rule.
Enable automatic recovery for infrastructure VMs.

FusionCloud Desktop
NOTE
Storage network exceptions may cause VM automatic restoration failure. Perform this operation to ensure
system reliability.
9 User PuTTY to log in to the active VRM. Ensure that the VRM management IP address
and username gandalf are used to establish the connection. The default password is
Huawei@CLOUD8.
10 Run the following command to switch the root user. The default password is
Huawei@CLOUD8!.
su - root
11 Run the following command to disable logout on timeout.
TMOUT=0
12 Run the following commands for each infrastructure VM.
sh /opt/galax/vrm/tomcat/script/modifyRecover.sh vmId true
vmId is the ID of the VM.
You can get the vmId on the FusionCompute page, as show in Figure 6-3.
Figure 6-3 VM ID
13 Restart the VRM process.

service vrmd restart
14 On the FusionCompute portal, choose VM and Template. On the VM tab, locate the
row that contains the infrastructure VM, choose More > Forcibly Stop to shut down the
VM. After the VM status changes to Stopped locate the row that contains the VM and
choose More > Start to start the VM.
15 Repeat 14 to shut down and start other infrastructure VMs.
Log in to the VM.
16 After the VMs restarted finished, in the row that contains the created VM, choose Log in
using VNC. For details, see Logging In to a VM Using VNC.
Install the OS.
NOTE
When automatic installation is being executed on an infrastructure VM, you can install OSs on other VMs.

FusionCloud Desktop
17 On the VNC login page, click to mount

FusionAccess_Installer_Linux_V100R005C30SPCxxx.iso to the VM, select Restart the
VM now to install the OS, and click Confirm.
18 When the Welcome to UVP! screen is displayed after the VM restarts, select Install
within 30 seconds and press Enter.
NOTE
If you do not select Install within 30 seconds, the system boots from the local hard disk by
default.
The system starts automatic loading, which takes about 3 minutes. Then, the Main
Installation Window screen is displayed, as shown in Figure 6-4.
Figure 6-4 Main Installation Window
NOTE
– Press Tab or ↑ and ↓ to move the cursor.

– Press Enter to select an item or execute the selected item.
– Press the space key to select the item selected by the cursor.
– Use the digital keys in the upper part of the main keyboard area to enter digits.
19 Press ↓ to move the cursor to Network in the navigation tree, and press Enter.
20 Press Enter. In the IP Configuration for eth0 window, select Manual address
configuration, set the following parameters, and save the settings:
– IP Address: Set the service plane IP address.
– Netmask: Set the Subnet mask.
NOTE
– To configure the management plane IP address, select eth1: not configured and configure the
management plane IP address.
– You must configure the management plane IP address for the VMs on which the vAG component is
deployed.

FusionCloud Desktop
21 In the Network Configuration window, configure the gateway information for the
service plane and save the settings.
22 In the navigation tree, select Hostname and press Enter. In the Hostname
Configuration window, set the VM name and save the settings.
23 In the navigation tree, choose Timezone and press Enter. In the Time Zone Selection
window, change the time zone and time, and save the settings.
NOTE
If the operating system installation is complete, modify the time zone, please refer to Changing the
Time Zone of Linux Infrastructure VMs.
24 In the navigation tree, choose Password and press Enter. In the Root Password
Configuration screen, enter the root and save the settings.
25 Press F12. In the confirmation dialog box, press Enter twice.
The Package Installation screen is displayed. The system starts installing the Linux OS.
NOTE
The installation takes about 10 minutes.
26 After the OS is successfully installed, the VM automatically restarts. In the
disconnection dialog box, click Yes. On the Welcome to UVP! screen, choose Boot
from local disk and press Enter.
NOTE
During the VM restart process, if Failed is displayed for certain items, ignore these items and
continue with subsequent operations. These items do not affect the normal use of the VM.
27 Unmount the OS ISO file from the VM.
Install the PV driver.
NOTE
28 On the FusionCompute portal, locate the row that contains the VM to be operated,
choose More > Mount Tools, and click OK twice.
29 Log in to the VM which the Linux OS is installed as the root user.
30 Move the cursor to PV Driver in the navigation tree, press Enter to install the PV driver
as prompted.
31 When "PV Driver Installed successfully." is displayed, press F8 to restart the VM.
----End
6.3.4 Installing the GaussDB, HDC, WI, and License Components
Scenarios
Deploy the GaussDB, HDC, WI, and License components on a VM, and configure the
components.
Prerequisites
Conditions
Linux VMs have been created and configured.

FusionCloud Desktop
Data
Procedure
Install components.
1 Log in to the active GaussDB/HDC/WI/License server using VNC as user root.
2 Enter startTools.
The FusionAccess screen is displayed, as shown in Figure 6-5.
Figure 6-5 FusionAccess screen
NOTE
– If it is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
– You can press ↑ and ↓ to move the cursor up and down.
3 Select Software, run INSTALL ALL, and perform operations as prompted.
The installation is successful if the following information is displayed:
GaussDB installed successfully.HDC installed successfully.WI installed
successfully.LICENSE installed successfully.
NOTE
– During the GaussDB installation process, two GaussDB administrator accounts and an HDC
database instance account are created automatically. The usernames of the GaussDB administrator
accounts are gaussdba and fauser, and the default password is Huawei@123. The username of the
HDC database instance account is hdcdbuser, and the default password is Huawei@123. The
usernames cannot be changed. For details about how to change the passwords, see Changing the
Password of the DB Administrator Account.
– Change the database user password only after the standby GaussDB server is set up and the
communication channel between the active and standby GaussDB servers is created successfully.
Configure the HA.
By default, all the infrastructure VMs that run Linux have the HA component installed during
OS installation. After the GaussDB/HDC/WI/License/vAG/vLB components are installed on
a VM, the HA component monitors the GaussDB/HDC/WI/License/vAG/vLB services
running on the VM. When detecting a fault on a service, the HA component restarts the
service to ensure proper operation.

FusionCloud Desktop
To ensure stable running of the database system, enable active/standby switchovers for the
HA component on the VMs deployed with the GaussDB component. When the active VM is
faulty, the standby VM takes over services, ensuring uninterrupted service processing.
4 In the navigation tree, choose GaussDB > Configure GaussDB > Configure HA and
set the following parameters:
– Local HA IP address: Enter the service plane IP address of the VM.
– Peer HA IP address: Enter the service plane IP address of the other VM in active/
standby relationship with the VM.
– Gateway: Enter the service plane Gateway IP address of the VM.
The HA information is configured successfully if "HA configured successfully" is
displayed.
5 In the navigation tree, choose GaussDB > Configure GaussDB > Configure Float IP
address and set the following parameters:
– Float IP address: Enter the floating IP address of the VM.
– Subnet mask: Enter the Subnet mask of the VM.
The floating IP address is configured successfully if "Float IP address configured
successfully" is displayed.
Install the standby GaussDB/HDC/WI server.
6 Repeat 2 to 5 to install the components on another VM and configure GaussDB
information.
----End
6.3.5 Installing the vAG and vLB Components
Scenarios
The gateway and loading balancer functions are as follows:
l Load balancer
The load balancing function can be implemented by the vLB or SVN. Load balancers are
used to allocate users' HTTP(S) requests to different WIs. In addition, load balancer can
automatically perform health check for the WIs to ensure that user requests can be
allocated to available WIs.
l Gateway
The gateway function can be implemented by the vAG or SVN. The gateway is used for
service access over Huawei Desktop Protocol (HDP) and self-help maintenance access.
In addition, the gateway encrypts client access to enhance the system security.
NOTICE
If the gateway is not configured, user data is not encrypted and leakage risks exist.
The vAG and components are deployed on VMs, while the SVN component is deployed on a
specified hardware server. Select a deployment scheme based on user types:
l For the deployment scheme used when enterprise internal users are involved, see Table
6-3.

FusionCloud Desktop
l For the deployment scheme used when Internet users are involved, see Deployment
Solutions for Internet User Access.
Table 6-3 Deployment scheme of gateway and loading balancing components

Scenario Comp Number of Users Supported
onent
Scenario 1: VM deployment is vAG/v Two vAG/vLB VMs, supporting a maximum

adopted and HDP does not LB of 5000 users
pass through the gateway.
Scenario 2: VM deployment is vAG/v l When the number of users is less than 500,
adopted and HDP passes LB deploy two vAG/vLB VMs in the
through the gateway. vAG management cluster.
l When the number of users ranges from 500
to 1000, deploy a gateway cluster, add one
CNA to the gateway cluster, and create
three VMs to deploy the vAG components.
The vAG VM specifications are 4 vCPUs
and 4 GB memory.
l When the number of users ranges from
1000 to 2200, deploy a gateway cluster, add
two CNAs to the gateway cluster, create six
VMs to deploy the vAG components, and
create two vAG VMs in the management
cluster. The vAG VM specifications are 4
vCPUs and 4 GB memory.
l When the number of users is more than
2200, contact Huawei technical support to
provide a deployment scheme.
Scenario 3: SVN deployment SVN Two SVN supporting a maximum of 1000

is adopted and HDP does not users
pass through the gateway. Add two SVNs for each 1000 users increased.
Scenario 4: SVN deployment SVN
is adopted and HDP passes
through the gateway.
For details about the specific solutions, see Deployment Schemes of Gateway and Loading
This topic describes only the VM deployment. The installation procedures of all the vAG/vLB
VMs are the same. The NIC configuration requirements are as follows:
l If the VM service plane can communicate with the TC plane, configure two NICs for
each vAG/vLB VM. One NIC is used to communicate with the service plane, and the
other NIC is used to communicate with the management plane.
l If the VM service plane cannot communicate with the TC plane, configure three NICs
for each vAG/vLB VM. In addition to the service plan and management plane NICs, add
one NIC for communication with the TC plane. The configuration of the third NIC is as
follows:

FusionCloud Desktop
a. Create a port group for communication with the TC plane.

b. During the VM creation, select the port group for communication with the TC plane
as the third NIC.
c. Log in to the VM and add the route from the third NIC to the TC plane.
vAG VMs are optional. The installation procedures of all vAG VMs are the same. For details,
see Installing the vAG Component.
NOTE
The vLB and WI components cannot be deployed on the same VM.
Prerequisites
Conditions
Data
Procedure
Install the vAG component.
1 Log in to the first vAG/vLB server using VNC as user root.
2 Enter startTools.
The FusionAccess screen is displayed.
NOTE
You can press ↑ and ↓ to move the cursor up and down.
3 Choose Software > vAG[Option], and press Enter.
4 On the Select an Option screen, choose Install vAG and press Enter.
The system displays "Are you sure you want to install vAG?"
5 Press Enter.
The vAG component is successfully installed if "vAG installed successfully" is
displayed.
6 Press Enter.
Install the vLB component.
NOTE
After installing the vLB, you must also configure the mapping between the user login domain name and the
vLB floating IP address, which will be performed in 6 in Configuring DNS Policies.
7 Press ESC to return to the upper level directory. Choose Software > vLB[Option], and
press Enter.
8 On the Select an Option screen, select Install vLB and press Enter.
The system displays "Are you sure you want to install vLB?"
9 Press Enter.
The vLB component is successfully installed if "vLB installed successfully" is displayed.
10 Press Enter.
Configure IP addresses for the WI/UNS servers.
11 In the navigation tree, choose vLB[Option] > Configure vLB > Configure WI/UNS.

FusionCloud Desktop
12 On the displayed screen, enter the service plane IP address of the WI/UNS server.
– For enterprise internal user access, enter the WI/UNS server IP address for
enterprise internal user access.
– For Internet user access, enter the WI/UNS server IP address for Internet user
access.
NOTE
If only one WI/UNS server is planned, enter the service plane IP address of this WI/UNS server.
13 Press Enter. If the message WI/UNS IP address configured Successfully. is displayed,
the IP address is configured successfully. Press Enter.
Configure the HA component and floating IP address.
14 In the navigation tree, choose vLB[Option] > Configure vLB > Configure HA and set
the following parameters:
displayed.
15 In the navigation tree, choose vLB[Option] > Configure vLB > Configure Float IP
Install the second vAG/vLB server.
16 Log in to the second vAG/vLB server using VNC.
17 Install the second vAG/vLB server. For details, see 2 to 15.
(Optional) Modify the vAG/vLB configuration.
18 Modify the value of sslv3enable in the file /opt/VNCGate/config/vnc.conf.
NOTE
This configuration item is used in vAG. SSLV3 is enabled by default to ensure compatibility. To
improve security, disable SSLV3.
– sslv3eanble=1: enables SSLV3 to ensure compatibility.
– Sslv3enable=0: disables SSLV3 and use TLSV1.0 to ensure high security. The
version of the VNC client of user VMs should be the latest.
19 Run the following command to stop the vAG service:
/opt/VNCGate/ha/vncgate.sh stop
NOTE
The system HA can automatically enable the vAG service.
----End
6.3.6 (Optional) Installing the AUS Component

FusionCloud Desktop
Scenarios
Deploy the AUS component on a Linux VM.
Prerequisites
Conditions
Data
Procedure
1 Log in to the active AUS server using VNC as user root.

2 Enter startTools.
NOTE
3 Choose Software > AUS, and press Enter.
4 On the Install or Uninstall AUS screen, choose Install AUS and press Enter.
The system displays "Are you sure you want to install AUS?"
5 Press Enter.
6 When the following message is displayed and press Enter.
AUS installed successfully.
7 Run the following command to check whether the AUS service is running properly:
service AUSService status
The command output and description are as follows:

– AUS is running: indicates that the AUS service is running properly. No further
action is required.
– AUS has been stopped: indicates that the AUS service is stopped. Go to 8.
8 Run the following command to start the AUS service:
service AUSService start
2015-05-29 09:51:02 gandalf Ready to start...
Using CATALINA_BASE: /opt/AUS/tomcat
Using CATALINA_HOME: /opt/AUS/tomcat
Using CATALINA_TMPDIR: /opt/AUS/tomcat/temp
Using JRE_HOME: /opt/AUS/jre
Using CLASSPATH: /opt/AUS/tomcat/bin/bootstrap.jar:/opt/AUS/tomcat/bin/
tomcat-juli.jar
Tomcat started.
2015-05-29 09:51:02 gandalf AUS Service is starting now...
done
9 Repeat 7 to ensure the output information is AUS is running.
----End

FusionCloud Desktop
6.4 Installing Windows-based Infrastructure VMs
6.4.1 Creating an Infrastructure VM Template
Scenarios
On the FusionCompute portal, create a VM, install the windows OS, configure the VM, and
convert the VM into a template. The template can be used to create infrastructure VMs.
Prerequisites
Conditions
Data
Software
l Windows2008R2SP1_EN.part1.rar
l Windows2008R2SP1_EN.part2.rar
NOTE
You can decompress any of the two software packages to obtain the OS ISO file
Windows2008R2SP1.iso.
Procedure
Create a bare VM.
1 Log in to FusionCompute.
2 On the FusionCompute page and choose VM and Template, and click Create VM.
3 Choose Cluster > ManagementCluster, as show as Figure 6-6.

FusionCloud Desktop
4 Retain the default values for other parameters click Next. Set key parameters on the
Properties page as shown in Figure 6-7 and click Next.
Figure 6-7 Settings of key parameters
5 Set the key parameters as follows:

– NIC Settings: Select the service plane port group.
– Standard Desktop Disk Settings:
n Data store: Select non-virtualized data storage resources.
n Configuration mode: Common
n Capacity (GB): 50
– Desktop Appliance Disk Settings:
n Data store: Select FusionStorage.
n Capacity (GB): 50
6 Retain the default values for other parameters and complete the VM creation as
prompted.

FusionCloud Desktop
7 Choose VM and Template > VM. On the row of the newly created bare VM, choose
More > Log in using VNC.
Install the OS.
8 On the VNC login page, click , mount the ISO file Windows2008R2SP1.iso to the
VM, select Restart the VM now to install the OS, and click Confirm.
9 After the VM restarts, install the Windows OS as prompted
Select Windows Server 2008 R2 Standard (full Installation) for Operating system, as
shown in Figure 6-8.
Figure 6-8 Operating system
10 Set the Administrator password, and log in to the VM.

11 Unmount the CD/DVD-ROM drive from the VM.
(Optional) Enable the remote desktop connection service.
The remote desktop connection service allows you to access the infrastructure VM remotely.
You can perform this operation when creating the template or on each infrastructure VM.
12 In the VNC window for the bare VM, choose Start, enter sysdm.cpl in the Search
programs and files text box, and press Enter.
The System window is displayed.
13 On the Remote tab page, select Allow connections from computers running any
version of Remote Desktop (less secure), and click OK, as shown in Figure 6-9.

FusionCloud Desktop
Figure 6-9 Enabling remote desktop connection
(Optional) Set group policies.

Disable Activate Shutdown Event Tracker System State Data feature and Display
Shutdown Event Tracker to prevent the shutdown event confirmation dialog box from being
displayed when you shut down the infrastructure VM. You can perform this operation when
creating the template or on each infrastructure VM.
14 Choose Start, enter gpedit.msc in Search Programs and files, and press Enter.
The Local Group Policy Editor window is displayed.
15 Disable Activate Shutdown Event Tracker System State Data feature and Display
Shutdown Event Tracker, as shown in Figure 6-10.

FusionCloud Desktop
Figure 6-10 Setting group policies
Disable the Windows firewall.

If the firewall is not disabled, a communication failure may occur when a Windows
infrastructure VM is faulty or during fault recovery. After service provisioning, you can
manually enable the firewall on Windows infrastructure VMs. For details, see Enabling the
Firewalls for Windows Infrastructure VMs.
16 In the navigation tree in the Local Group Policy Editor window, choose
Administrative Templates > Network > Network Connections > Domain Profile. In
the right pane, disable Windows Firewall: Protect all network connections, as shown
in Figure 6-11.
NOTE
To open the Local Group Policy Editor window, enter gpedit.msc in the Search programs and
files text box and press Enter.

FusionCloud Desktop
Figure 6-11 Disabling the Windows firewall
17 In the navigation tree, choose Standard Profile. In the right pane, set Windows
Firewall: Protect all network connections to Disable, as shown in Figure 6-12.

FusionCloud Desktop
Figure 6-12 Disabling the Windows firewall
18 Close the Local Group Policy Editor window.

19 Choose Start, enter services.msc in the Search programs and files text box, and press
Enter.
The Services window is displayed.
20 Disable Application Layer Gateway Service, as shown in Figure 6-13.

FusionCloud Desktop
Figure 6-13 Application Layer Gateway Service Properties (Local Computer)
21 Disable the Windows Firewall service in the same way.

22 Close the Services window.
Install the PV driver.
23 On the FusionCompute portal, locate the row that contains the VM, choose More >
Mount Tools, and click OK twice.
24 Switch to the CD-ROM drive on the VM, right-click Setup, and choose Run as
Administrator from the shortcut menu. Install the software as prompted. During the
installation, retain the default settings.
Copy the log collection and health check tools.
26 In the VNC login window, click to mount

FusionAccess_Installer_Win_V100R005C30SPCxxx.iso.
27 Right-click the virtual CD-ROM drive and select Open and switch to the CD-ROM
drive on the VM and copy the FusionCare folder in the tools directory to the root
directory under drive C.
Install .NET framework 3.5.1.
28 On the task bar, click to open the Server Manager window.

FusionCloud Desktop
29 Choose Features in the navigation tree and click Add Features in the right pane. In
Select Features, select .NET Framework 3.5.1 Features. In the dialog box that is
displayed, click Add Required Role Services.
30 Retain the default settings and complete the software installation as prompted.
31 Close the Server Manager window.
Encapsulate a VM template.
32 Switch to C:\Windows\System32\sysprep, double-click sysprep.exe.
33 Set the following parameters as prompted:
– System Cleanup Action: Enter System Out-of-Box Experience(OOBE)
– selectGeneralize
– Shutdown Options: Shutdown
as shown in Figure 6-14.
Figure 6-14 Parameters for encapsulating VM templates
34 Click OK.
The system displays "Sysprep is working..." after the template encapsulation is complete,
the VM automatically shuts down.
NOTE
You can convert a VM to a template when "The VM is shutdown." is displayed.
Convert the VM into a template.

35 On the FusionCompute portal, choose VM and Template.
The VM tab page is displayed.
36 Locate the row that contains the VM and click Convert to template in the More
column.
The VM display under the Template and Specifications > VM Template,
----End
6.4.2 Creating Windows Infrastructure VMs

FusionCloud Desktop
Scenarios
Create Windows infrastructure VMs.
Prerequisites
Conditions
An infrastructure VM template has been created.
Data
Procedure
Table 6-4 Windows infrastructure component deployment requirements

Component Number of Deployment Requirements
VMs
AD/DNS/DHCP 2 l First VM: Deploy the primary domain

NOTE controller, active DNS, and active DHCP.
Do not deploy the l Second VM: Deploy the backup domain
AD/DNS/DHCP
controller, standby DNS, and standby DHCP.
component if the site
has an AD server. l The two VMs must be deployed on different
CNAs.
ITA 2 The two VMs must be deployed on different

CNAs.
Loggetter/TCM 1 The VM must be deployed on any CNA of the

(Optional) management cluster.
AntiVirus/Patch Deploy the Loggetter, TCM, and AntiVirus
components on the same VM.
The AntiVirus components are optional.
1 On the FusionCompute portal, choose VM and Template, and click the Template and
Specifications tab. On the row of the VM template, click More and select Deploy VM
Using Template.
2 Select Host, and use default settings for other parameters.
Active and standby VMs are created on different CNAs in the management cluster. The
active node is created on the first CNA, and the standby node is created on the second
CNA, as shown in Figure 6-15.

FusionCloud Desktop
3 Use default settings for other parameters, and click Next. On the Properties page, retain
the default settings. Table 6-5 shows the standard configuration requirements of
properties
Table 6-5 Windows infrastructure VM specifications

Component Location and QoS Settings
Properties
AD/DNS/DHCP – Location – CPU Resource Control

The active and Quota: Select Customize from Quota
standby VMs and set the quota to the maximum
must be deployed value 128000. This setting guarantees
on different CPU resources for the management
CNAs. node VMs on a CNA in resource
– VM name contention.
Set the VM name – Memory Resource Control
based on the data Reserved (MB): Set it to the
plan. maximum value as the VM memory
– Hardware size. For example, if the VM memory
size is 2048 MB, set Reserved (MB)
2 vCPUs/2 GB to 2048.
memory/50 GB
system disk/20 – Retain the default values for other
GB user disk parameters.
– Retain the default
values for other
parameters.

FusionCloud Desktop
Component Location and QoS Settings

Properties
ITA – Location – CPU Resource Control

The active and Quota: Select Customize from Quota
standby VMs and set the quota to the maximum
must be deployed value 128000. This setting guarantees
on different CPU resources for the management
CNAs. node VMs on a CNA in resource
– VM name contention.
Set the VM name – Memory Resource Control
based on the data Reserved (MB): Set it to the
plan. maximum value as the VM memory
– Hardware size. For example, if the VM memory
size is 4096 MB, set Reserved (MB)
4 vCPUs/4 GB to 4096.
memory/50 GB
system disk – Retain the default values for other
parameters.
NOTICE
On a site with
more than 5000
VM users, the
VM
specifications
must be 4
VCPU/8 GB
memory.
– Retain the default
values for other
parameters.
Loggetter/TVM – VM name – CPU Resource Control

(Optional) / Set the VM name Quota: Select Customize from Quota
AntiVirus/Patch based on the data and set the quota to the maximum
plan. value 128000. This setting guarantees
– Hardware CPU resources for the management
node VMs on a CNA in resource
2 vCPUs/2 GB contention.
memory/50 GB
system disk/50 – Memory Resource Control
GB user disk Reserved (MB): Set it to the
– Retain the default maximum value as the VM memory
values for other size. For example, if the VM memory
parameters. size is 2048 MB, set Reserved (MB)
to 2048.
– Retain the default values for other
parameters.
4 Retain the default values for other parameters, and create the active AD/DNS/DHCP
infrastructure VM as prompted.

FusionCloud Desktop
NOTE
– Select data stores from different RAID groups for the VMs in active/standby mode.
– Select only one NIC. After VMs are created, add the management plane NICs according to this
document.
5 Click Create Another and create the following infrastructure VMs one by one:
– Standby AD/DNS/DHCP VM
– Active and standby ITA VMs
– Loggetter/TCM VM
----End
6.4.3 Configuring Windows Infrastructure VMs
Scenarios
Create Windows infrastructure VMs and perform the following operations on the VMs:
l Set the active and standby VMs to be mutually exclusive.
l Enable automatic recovery for infrastructure VMs.
l Add user disks.
l Add NICs.
l Set the time for VMs.
l Configure IP addresses for VMs.
Prerequisites
Conditions
An infrastructure VM template has been created.
Data
Procedure
Set the active and standby VMs to be mutually exclusive.
The following VMs work in active/standby mode:

l AD/DNS/DHCP VMs
l ITA VMs
1 On the FusionCompute portal, Choose Computing Pool.

2 In the navigation tree on the left, choose Site > Cluster name. For example, choose Site
> ManagementCluster.
3 On the Configuration tab, click Configure Resource Scheduling.
4 Click Control Cluster Resource. In the displayed Set Cluster Resource Control page,
select Enable computing resource scheduling, and click OK twice.
5 On the Rule Group page, click Control Cluster Resource.
6 On the Set Cluster Resource Control page, click Add.

FusionCloud Desktop
7 Specify the rule name, and set Type to Keep VMs mutually exclusive. In Available
VMs, select the active and standby servers, and click to move the servers to
Selected VMs.
NOTE
Mutually exclusive VMs: The listed VMs must run on different hosts, and one VM can be added to only
one mutually exclusive rule.
8 Click OK as prompted to add the rule.
Enable automatic recovery for infrastructure VMs.
NOTE
Storage network exceptions may cause VM automatic restoration failure. Perform this operation to ensure
system reliability.
9 User PuTTY to log in to the active VRM. Ensure that the VRM management IP address
and username gandalf are used to establish the connection. The default password is
Huawei@CLOUD8.
10 Run the following command to switch the root user. The default password is
Huawei@CLOUD8!.
su - root
11 Run the following command to disable logout on timeout.
TMOUT=0
12 Run the following commands for each infrastructure VM.
sh /opt/galax/vrm/tomcat/script/modifyRecover.sh vmId true
vmId is the ID of the VM.
You can get the vmId on the FusionCompute page, as show in Figure 6-16.
Figure 6-16 VM ID
13 Restart the VRM process.

service vrmd restart
14 On the FusionCompute portal, choose VM and Template. On the VM tab, locate the
row that contains the infrastructure VM, choose More > Forcibly Stop to shut down the

FusionCloud Desktop
VM. After the VM status changes to Stopped locate the row that contains the VM and
choose More > Start to start the VM.
15 Repeat 14 to shut down and start other infrastructure VMs.
Set the VMs.
16 Log in to all the infrastructure VMs using VNC. Set the region, time, and keyboard,
change the Administrator password, and start the VM.
Add user disks.
17 On the FusionCompute portal, choose Storage Management. In the navigation tree,
choose Data store > Storage name.
NOTE
Select non-virtualized data storage resources in Data store.
18 Right-click and choose Create Disk.
The recommended key parameter values are as follows:
– Name: Enter the data disk name.
– Capacity (GB): Set it to 20 for the AD/DNS/DHCP VM and 50 for the
Loggetter/TCM/AntiVirus/Patch VM.
19 Retain the default values for other parameters, and click OK twice.
20 On the Disks tab page, locate the row that contains the disk to be attached, and select
Attach Disk from the OperationMore area.
21 Select the target VM and click OK twice to attach the disk.
22 On the VM, choose Start, enter compmgmt.msc in the Search Programs and Files text
box, and press Enter.
23 Choose Storage > Disk Management and initialize the disks as prompted.
Select MBR for disk partition.
24 Right-click Unallocated, choose New Simple Volume from the shortcut menu, and
format the disks as prompted.
Add NICs.
During the creation of a VM, only a service plane NIC is created for the VM. In addition to
the service plane NIC, an ITA VM requires a management plane NIC. If an AD/DNS/DHCP
VM needs to synchronize time with the CNA where the VRM locates, the AD/DNS/DHCP
VM also requires a management plane NIC. See Table 6-6.
Table 6-6 Adding NICs
VM Number and Type of NICs
Active and standby AD/DNS/DHCP VMs Add one management plane NIC for each of
the active and standby AD/DNS/DHCP
VMs only if the AD needs to synchronize
time with the CNA on which the VRM is
located.
Active and standby ITA VMs Add one management plane NID for each
VM.

FusionCloud Desktop
25 On the FusionCompute portal, choose VM and Template > VM.

26 The VM tab page is displayed. In the Name column, click the VM to which the NIC is to
be added.
27 On the Hardware tab page, click NICs, and click Add NIC on the right pane.
28 Select the ManagementDVS distribution switch and ManagePortgroup port group, and
click OK.
Set the time zone and DST rule for VMs.
29 Set the zone and time on the infrastructure VMs.
– For regions that use the DST, determine whether to select Automatically adjust
clock for Daylight Saving Time based on site requirements. See Figure 6-17.
Figure 6-17 Set the time zone
– If your Windows OS does not support DST, obtain TZEDIT.exe from http://
download.microsoft.com/download/5/8/a/
58a208b7-7dc7-4bc7-8357-28e29cdac52f/TZEDIT.exe and set the DST as
prompted.
Configure IP addresses for infrastructure VMs.
NOTE
l If the infrastructure VM is configured with only one NIC, configure NIC IP addresses only for the
service plane.
l If the infrastructure VM is configured with two NICs, configure NIC IP addresses for both the
service and management planes.
30 Set IP address based on the following rules:

– Configure the service plane information on the first NIC:
n IP address: Enter the planned service plane IP address.
n Subnet mask: Enter the planned service plane subnet mask.
n Default gateway: Enter the planned service plane gateway IP address.
n Preferred DNS server: Enter the planned IP address of the active DNS server.
n Alternate DNS server: Enter the planned IP address of the standby DNS
server.

FusionCloud Desktop
– Configure the management plane information on the second NIC:

n IP address: Enter the planned management plane IP address.
n Subnet mask: Enter the planned management plane subnet mask.
n Default gateway: Leave this parameter unspecified.
n Preferred DNS server: Leave this parameter unspecified.
n Alternate DNS server: Leave this parameter unspecified.
31 Right-click the management plane NIC and select Properties > Internet Protocol
Version 4 > Advanced > DNS, and deselect the Register this connection's addresses
in DNS, See Figure 6-18.
NOTE
This step only for the management plane NIC.
Figure 6-18 Advanced TCP/IP Settings
----End

FusionCloud Desktop
6.4.4 Deploying the AD, DNS, and DHCP Components
Installing the AD and DNS Services
Scenarios
Perform this task when you need to deploy AD/DNS/DHCP servers.
Install the active directory (AD) and domain name system (DNS) services on a Windows
infrastructure VM. The AD and DNS services can be installed at the same time. To ensure
system reliability, you are advised to configure two domain controllers in active/standby mode
to perform domain account management for the infrastructure domain and two DNS servers in
active/standby mode to perform domain name resolution for devices in the infrastructure
domain.
NOTE
If the domain name cannot be pinged when the DNS is installed independently, restart the Netlogon service in
the Server Manager window.
Table 6-7 lists the operations to be performed. Note that some operations performed on the
active and standby servers are different.
Table 6-7 Operations on active and standby servers
Operation Active Standby Operation Difference

Server Server
1. Change the √ √ No difference

AD/DNS server
name.
2. Add the server √ √ No difference

role.
3. Install the AD and √ √ On the Choose a Deployment

DNS services. Configuration page:
l Select Create a new domain in
a new forest for the active
server.
l Select Add a domain
controller to an existing
domain for the standby server.
4. (Optional) √ √ No difference
Configure DNS
forwarding.
5. Configure the √ × -
DNS reverse lookup
function.
6. Configure the √ √ No difference

winrm service.

FusionCloud Desktop
Operation Active Standby Operation Difference

Server Server
7. Enable remote √ × -
assistance.
√ indicates that the operation needs to be performed. × indicates that the operation does not
need to be performed.
Prerequisites
Conditions
The infrastructure VMs have been configured.
Data
Procedure
Change the AD/DNS server name on the active VM.
1 Log in to the infrastructure VM for deploying the AD and DNS services using VNC as
the administrator.
2 Choose Start, enter sysdm.cpl in the Search programs and files text box, and press
Enter. In the System Properties dialog box, click Change.
3 Enter the VM name in Computer name based on the data plan, and restart the VM.
4 Log in to the infrastructure VM using the administrator account.
Add the server role.
5 Click on the taskbar.

The Server Manager window is displayed.
6 Click Roles in the navigation tree and click Add Roles in the Roles Summary area.
7 Click Next, select Active Directory Domain Services, and proceed as prompted.
Install the AD and DNS services.
NOTE
The DNS service is installed during the AD installation process.

8 Choose Start, enter dcpromo.exe in the Search programs and files text box, and press
Enter.
The Active Directory Domain Services Installation Wizard window is displayed.
9 Go to the Choose a Deployment Configuration window as prompted, select Create a
new domain in a new forest, and click Next.
10 In the Name the Forest Root Domain window, enter the planned Infrastructure
domain name in FQDN of the forest root domain, for example,
vdesktop.huawei.com, and click Next.
11 In the Set Forest Functional Level window, select Windows Server 2008 and click
Next.

FusionCloud Desktop
12 In the Set Domain Functional Level window, select Windows Server 2008 and click
Next.
13 In the Additional Domain Controller Options window, select DNS server and click
Next.
A confirmation dialog box is displayed, as shown in Figure 6-19.
Figure 6-19 Installation prompt message
14 Click Yes, retain the default settings, and click Next.

15 In the Directory Services Restore Mode Administrator Password page, set DSRM
password, complete the AD/DNS service installation, and restart the VM.
NOTE
In the Directory Services Restore Mode (DRSM), only the DSRM administrator account can be
used to log in to the system.
16 Log in to the AD server using an administrator account.
The administrator account format is Infrastructure domain name\Administrator, for
example vdesktop\Administrator.
Configure the DNS reverse lookup function on the active AD/DNS server.
17 In the Server Manager windows, choose Server Manager > Roles > DNS Server >
DNS > Computer name. Right-click Reverse Lookup Zones, and choose New Zone
from the shortcut menu.
18 In the Zone Type window, select Primary zone and click Next.
19 In the Reverse Lookup Zone Name window, select IPv4 Reverse Lookup Zone and
click Next.
20 In Network ID, enter the IP address segment for reverse lookup and click Next.
The Dynamic Update window is displayed.
NOTE
The IP address segment for DNS reverse lookup is the service plane IP address segment of the
infrastructure VM, for example, 192.128.131.
21 Retain the default values and complete the DNS reverse lookup configuration as
prompted.
In the Server Manager window, the added domain is displayed under Reverse Lookup
Zones.
(Optional) Configure DNS forwarding.

FusionCloud Desktop
Perform this step only when user VMs are used to access the Internet.
22 In the Server Manager windows, choose Server Manager > Roles > DNS Server >
DNS. Right-click server name and choose Properties.
23 On the Advanced tab page, deselect Disable recursion (also disable forwarders).
24 On the Forwarders tab page, click Edit, enter the IP address or domain name of an
external DNS server, and click OK.
NOTE
A branded and reliable DNS server is recommended, such as:

– DNS server 114.114.114.114 of China Telecom in China
– DNS server 8.8.8.8 of Google outside China
Configure the winrm service.
25 On the active AD server, choose Start, enter cmd in the Search programs and files text
box, and press Enter.
26 Run the winrm qc /q command.
Figure 6-20 shows the command output.
Figure 6-20 Configuring the winrm service
27 Close the CLI.

Configure remote assistance.
28 On the active AD server, choose Start. In the Search programs and files text box, enter
gpmc.msc, and press Enter.
29 Choose Group Policy Management > Forest: Domain name > Domains > Domain
name. Right-click Group Policy Objects, choose New from the shortcut menu, and
enter the name to create a group policy.
30 Right-click the created group policy, and choose Edit. In the displayed dialog box,
choose Computer Configuration > Policies > Administrative Templates > System >
Remote Assistance.
31 Double-click Solicited Remote Assistance, select Enable, and click OK.
32 Double-click Offer Remote Assistance, select Enable, click Show, enter the Tomcat
service domain account, for example, vdesktop\vdsadmin, and click OK twice, as

FusionCloud Desktop
Figure 6-21 Offering remote assistance
NOTE
After the AD and DNS services are installed on the active VM, ensure that the DNS address of the
server is set to the service plane IP addresses for the active and standby DNSs.
Install the AD and DNS services on the standby VM.
The operations to be performed on the standby VM are different from the operations
performed on the active VM. For details see Table 6-7.
33 Use the administrator account to log in to the infrastructure VM for deploying the
standby AD/DNS server.
34 Change the server name and add the server role. For details, see 2 to 7.
35 Choose Start, enter dcpromo.exe in the Search programs and files text box, and press
Enter.
The Active Directory Domain Services Installation Wizard window is displayed.
36 Go to the Choose a Deployment Configuration window as prompted, choose Existing
forest > Add a domain controller to an existing domain, and click Next.
37 In the Network Credentials window, enter the domain name of the active AD server, for
example, vdesktop.huawei.com in Type the name of any domain in the forest where
you plan to install this domain controller. Click Set, enter the administrator username
and password for the active AD server, click OK, and click Next.
38 In the Select a Domain window, select the AD domain name and click Next twice.
39 In the Additional Domain Controller Options window, select DNS server and Global
catalog, and click Next.
40 Click Yes. In Location for Database. Log Files. and SYSVOL window displayed,
retain the default settings and click Next.

FusionCloud Desktop
41 In the Directory Services Restore Mode Administrator Password window, set DSRM
password. Ensure that the password is the same as that set on the active AD server.
Complete the installation and restart the VM.
42 Configure the winrm service on the standby VM. For details, see 25 to 26.
----End
Installing the DHCP Service
Scenarios
Perform this task when you need to deploy Dynamic Host Configuration Protocol (DHCP)
servers. The DHCP servers allocate IP addresses for Windows infrastructure VMs and user
VMs.
Prerequisites
Conditions
The infrastructure VMs have been configured.
Data
Procedure
Configure the active DHCP server.
1 Log in to the VM for deploying the active DHCP server using VNC as the administrator.

The Server Manager window is displayed.
3 Click Roles in the navigation tree and click Add Roles in the Roles Summary area.
4 Click Next, select DHCP Server, and click Next.
5 Go to the Specify IPv4 DNS Server Settings window as prompted, and enter the service
plane IP address for the active and standby DNSs, as shown in Figure 6-22.
– Preferred DNS server IPv4 address: Enter the service IP address of the active
DNS.
– Alternate DNS server IPv4 address: Enter the service IP address of the standby
DNS.

FusionCloud Desktop
Figure 6-22 Specify IPv4 DNS Server Settings
6 Click Next. In the Specify IPv4 WINS Server Settings window, select WINS is not
required for applications on this network and click Next.
7 Click Add, set the DHCP scope parameters, select Activate this scope, and click OK.
Set the DHCP scope parameters as follows:
– Scope name: Enter the DHCP Scope name, for example, DHCP1.
– Starting IP address and Ending IP address: Enter the service plane Start and
end IP addresses, for example, 192.168.123.50 and 192.168.123.100.
– Subnet mask and Default gateway (optional): Enter Subnet mask and gateway
IP address of the address pool, for example, 255.255.255.0 and 192.168.123.1.
NOTE
– The DHCP server dynamically allocates IP addresses in the IP address pool to user VMs.
– When the DHCP server is deployed in active and standby mode, the DHCP split-scope
configuration is 8:2 by default. That is, only 80% of the IP addresses in the DHCP address
pool can be allocated for user VMs. Therefore, when planning the start and end IP addresses of
the scope, reserve more than 20% IP addresses to ensure that the DHCP server has sufficient
IP addresses.
8 Click Next. In the Config DHCPv6 Stateless Mode window, select Disable DHCPv6
Stateless Mode for this server and Next.
9 In the Authorize DHCP Server window, select Use current credentials and click Next.
10 Click Install.
The DHCP service is installed if the system displays "Installation succeeded".
11 Close the Add Roles Wizard window.
Install the DHCP service on the standby VM.
NOTE
Perform 12 to 21 when you need to deploy the standby DHCP server.

FusionCloud Desktop
12 Log in to the VM for deploying the standby DHCP server using VNC as the
administrator.
13 Install the DHCP service on the VM.
NOTICE
Skip step 7 because the standby DHCP server does not require an IP address pool.
For details, see 2 to 11.

Synchronize the IP address pool between the active and standby DHCP servers.
14 On the active DHCP server, open Server Manager and choose Roles > DHCP Server >
Computer name > IPv4. Right-click Scope [IP address segment]DHCP Scope name,
and choose Advanced > Split-Scope from the shortcut menu.
The DHCP Split-Scope dialog box is displayed.
15 Click Next, and in the Additional DHCP Server window displayed, click Add Server.
16 Click Browse, enter the name or IP address of the standby DHCP server, and click OK
twice.
17 Click Next and set the ratio of IP addresses on the active DHCP server to those on the
standby DHCP server. The recommended value is 80:20.
NOTE
If the ratio is set to 80:20, 80% of the IP addresses in the DHCP address pool can be allocated to VMs
and 20% are reserved to ensure that the standby DHCP server has sufficient IP addresses when the
active DHCP server is faulty.
18 Click Next and set Delay in DHCP Offer to 0 for Host DHCP Server and 1000 for
Added DHCP Server.
NOTE
This setting allows the standby DHCP server to allocate IP addresses 1000 ms after the active DHCP
server is faulty.
19 Complete the synchronization and close the window.
Activate the standby DHCP IP address pool.
20 On the standby DHCP server, open Server Manager and choose Roles > DHCP Server
> Computer name. Right-click IPv4, and choose Refresh from the shortcut menu.
An IP address pool node is displayed under IPv4, such as Figure 6-23.
Figure 6-23 Server Manager

FusionCloud Desktop
21 Right-click the functional domain, and choose Activate from the shortcut menu to
activate the IP address pool.
----End
Creating Domain Accounts
Scenarios
Create login accounts and service domain accounts for Windows infrastructure VMs on the
active directory (AD) server.
NOTE
For details about domain accounts to be created and differences in high security mode such as account
separation, see FusionAccess Account Planning in High Security Mode.
Prerequisites
Conditions
The active and standby AD servers have been configured.
Data
Procedure
Create the infrastructure VM OU.
1 Log in to the active AD server using an administrator account.
2 Choose Start > Administrative Tools > Active Directory Users and Computers.
The Active Directory Users and Computers window is displayed.
3 In the navigation tree, right-click a domain name, and choose New > Organizational
Unit from the shortcut menu.
The New Object - Organizational Unit window is displayed.
4 Enter the name of the infrastructure VM OU to be created, for example, UserOU, and
click OK.
Create domain users.
Table 6-8 describes the domain accounts to be created.

FusionCloud Desktop

Domain accounts l Domain accounts for logging in to the vdsuser

for logging in to Windows infrastructure VMs (except the
infrastructure AD/DNS/DHCP servers). The domain
servers account must be added to the
administrator group of the server.
l Account for accessing the backup
service when the Loggetter server is
deployed.
Domain l The operation for creating the domain vdsadmin

administrator administrator account varies with the
account AD server to be used.
the Domain Admins group for
managing the domain.
the DHCP Users group for monitoring
DHCP alarms.
l Account for starting the Tomcat service
on the ITA servers. This account must be
added to the server administrator group.
l Add the Tomcat service domain account
NOTE
For details about operations performed using AD domain accounts, see the online help information of
the AD server.
5 Right-click Infrastructure VM OU, and choose New > User from the shortcut menu.
The New Object - User window is displayed, as shown in Figure 6-24.

FusionCloud Desktop
Figure 6-24 Creating a domain account
6 Enter the domain account in First name and User logon name, and click Next.
NOTE
The domain account consists of digits, letters, spaces, and special characters, such as `~!#$%^&()-_{}.
7 Set the password for the domain account, deselect User must change password at next
logon, and click Next.
8 Click Finish.
9 Repeat 5 to 8 to create other domain accounts.
Configure domain administrator.
10 Right-click a domain account, for example, vdsadmin, and choose Properties from the
shortcut menu.
11 Click the Member Of tab and Add, specify Domain Admins, and click Check Names.
After the verification is successful, click OK.
12 Click OK in sequence to close the Properties dialog box.
13 Repeat 10 to 12 to add the domain account, for example, vdsadmin to the DHCP Users
groups.
(Optional) Configure rights.
NOTE
If the domain account provided by the customer is not a domain administrator account, assign permission
(such as creating and deleting computers or objects) to the infrastructure VM OU.
14 Right-click the OU of the VM, and choose Delegate Control from the shortcut menu.
The Delegation of Control Wizard dialog box is displayed.
15 Click Next. The Users or Groups window is displayed. Click Add.
The Select Users, Computers, Groups dialog box is displayed.

FusionCloud Desktop
16 Add a domain account provided by the customer based on the VM type in the OU, and
click Check Names.
17 Click OK to complete the domain user addition, as shown in Figure 6-25.
Figure 6-25 Creating a domain account
18 Click Next.
The Tasks to Delegate window is displayed.
19 Select Create a custom task to delegate and click Next.
20 Select This folder, existing objects in this folder, and creation of new objects in this
folder and click Next.
21 Select Creation/deletion of specific child objects. In the Permissions area, select
Create Computer objects and Delete Computer objects, and click Next.
22 Click Finish.
----End
Configuring Backup and Security
Scenarios
Install the backup tool and perform security hardening on the AD/DNS/DHCP servers.
Prerequisites
Conditions
The AD/DNS/DHCP servers have been installed.

FusionCloud Desktop
Data
Procedure
Install the backup tool.
In a scenario that involves multiple forests and multiple domains, you must configure
communication between domains first before install the backup tool on the AD server of a
domain in which non-infrastructure VMs locate to ensure that the domain can communicate
with the domain of the Loggetter server.Configuring Communication Between Domains to see
F201_Multiple-domains > Configuration Process > Configuration in the Multiple-
Forests, Multiple-Domains Scenario > Configuring Communication Between Domains in
the Feature Guide.
1 Log in to the active AD/DNS/DHCP VM as the administrator.
2 Mount the FusionAccess software package
FusionAccess_Installer_Win_V100R005C30SPCxxx.iso to the Windows infrastructure
VM by using the CD/DVD-ROM drive.
3 Double-click the CD-ROM drive (autorun is executed by default) and click Backup
Tools in the Installation Wizard window.
4 Go to the Select run mode window as prompted, select Domain, and click Next.
5 Deselect ITA and click Next.
NOTE
In the Choose Components window, select the components based on requirements. This topic
describes how to install the backup tool for the components deployed on the same VM.
6 Set the backup parameters and click Next:
Set the following parameters:
– Backup path: Select the server data backup path. Create a folder on the user disk to
store the backup data, for example, E:\VDS_backup.
NOTE
If the backup tool is deployed on the AD/DNS/DHCP VM, the available space for the
backup folder must be larger than 15 GB.
– Shared domain user: Enter the planned domain account of logging in to the
Loggetter server, for example, vdesktop\vdsuser.
7 Select the destination folder, click Install, and complete the installation as prompted.
Perform security hardening.
NOTE
After security hardening:

l Before performing security hardening, ensure that no user logs in to the standby AD/DNS/DHCP
VM. Otherwise, the security hardening on the standby AD/DNS/DHCP VM will fail.
l The Administrator account switches to the SWMaster account.
l The first restart of the AD/DNS/DHCP infrastructure VM takes about 20 minutes.
8 In the Installation Wizard window, click Security.

The window for installing the security hardening tool is displayed.
9 Click Next, select the installation path, and click Install.
10 Restart the VM as prompted and log in to the infrastructure VM as user SWMaster.

FusionCloud Desktop

Install the backup tool and perform security hardening on the standby AD/DNS/DHCP VM.
12 Log in to the standby AD/DNS/DHCP VM as user SWMaster.

13 Repeat 1 to 10 to install the backup tool and perform security hardening on the standby
AD/DNS/DHCP VM in the same way.
----End
Configuring DNS Policies
Scenarios
Configure domain name server (DNS) policies on active and standby VMs. Table 6-9 lists the
operations to be performed.
Table 6-9 Operations on active and standby VMs
Operation Active Stand Operation Difference

Server by
Server
1. Configure the DNS √ × -

forward lookup
function.
2. Configure advanced √ × -
DNS properties.
3. Enable the aging and √ × -

scavenging functions
for the DNS.
4. Select the IP address √ √ No difference

on which the server
listens for DNS queries.
5. Change the start of √ × -

authority (SOA).
6. (Optional) Disable √ √ No difference

IPv6 for the DNS
server.
7. Deregister the √ √ No difference

connection address in
DNS.
√ indicates that the operation needs to be performed. × indicates that the operation does not
need to be performed.

FusionCloud Desktop
Prerequisites
Conditions
The DNS software is installed.
Data
Procedure
Configure the DNS forward lookup function on the active VM.
1 Log in to the active DNS server as user SWMaster.
2 Choose Start, enter DNS in the Search programs and files text box, and press Enter.
The DNS Manager window is displayed.
3 In the navigation tree, choose DNS > Computer name > Forward Lookup Zones.
Right-click the infrastructure domain, for example, vdesktop.huawei.com, and choose
New Host from the shortcut menu.
4 Enter the host information, select Create associated pointer (PTR) record, and click
Add Host, as shown in Figure 6-26.
Set the following parameters in the New Host dialog box:
– Name: Enter the HDC VM name. The value must be the same as the value of HDC
Name.
– IP address: Enter the HDC service plane IP address.
– Select Create associated pointer (PTR) record to add reverse lookup data at the
same time.
Figure 6-26 Adding a host
5 If multiple HDCs are deployed in load-sharing mode, repeat 4 to add each HDC.

FusionCloud Desktop
6 Repeat 4 to configure the mapping between the vLB floating IP address and the user
login domain name.
– Name: Enter the prefix of the user login domain name. For example, if the
infrastructure domain name is vdesktop.huawei.com, enter fusionaccess in Name.
Fully qualified domain name (FQDN) changes to
fusionaccess.vdesktop.huawei.com.
– IP address: Enter the floating IP address of the VM where the vLB component is
installed.
same time.
7 Click Done to close the New Host window. In the navigation tree, expand Reverse
Lookup Zones, right-click Reverse IP address segment, and choose Refresh from the
shortcut menu. Check that the DNS reverse lookup information is automatically added.
Configure advanced DNS properties.
8 In the Server Manager window, choose DNS Server > DNS. Right-click the computer
name and choose Properties from the shortcut menu.
The Computer name Properties window is displayed.
9 Click the Advanced tab and set the parameters as shown in Figure 6-27.
NOTE
If user VMs need to access the Internet, deselect Disable recursion (also disable forwarders).
Figure 6-27 Settings on the Advanced tab page

FusionCloud Desktop
10 Click the Root Hints tab. In the Name servers area, click Remove to delete all *.root-
servers.net..
11 Delete the file c:\windows\system32\dns\CACHE.DNS to prevent the deleted data
from being restored with the DNS restart.
12 Click OK and close the Properties dialog box.
Enable the aging and scavenging functions for the DNS.
13 Expand DNS, right-click the VM name, and choose Set Aging/Scavenging for All
Zones from the shortcut menu.
14 Select Scavenging stale resource records and click OK, as shown in Figure 6-28.
Figure 6-28 Scavenging stale resource records
15 Select Apply these settings to the existing Active Directory-integrated zones and
click OK.
Select the IP address on which the server listens for DNS queries.
16 Expand DNS. Right-click the computer name and choose Properties from the shortcut
menu.
17 Click the Interfaces tab. Select Only the following IP address and the IPv4 address for
the service plane NIC, as shown in Figure 6-29.

FusionCloud Desktop
Figure 6-29 Selecting IP address on the Interfaces tab page
18 Click OK.
Change the start of authority (SOA).
19 In the navigation tree, choose DNS > Computer name > Reverse Lookup Zones.
20 Right-click Reverse IP address segment, for example, 181.168.192.in-addr.arpa and
choose Properties from the shortcut menu.
21 Click the Start of Authority (SOA) tab and set Expires after to 100, as shown in
Figure 6-30.

FusionCloud Desktop
Figure 6-30 Settings on the Start of Authority (SOA) tab page
22 Click OK.
(Optional) Disable IPv6 for the DNS server.
23 Choose Start, enter ncpa.cpl in the Search programs and files text box, and press
Enter.
24 Right-click the service plane NIC, choose Properties, and deselect Internet Protocol
Version 6 (TCP/IPv6), as shown in Figure 6-31.

FusionCloud Desktop
Figure 6-31 Local Area Connection Properties
25 Click OK.
26 On the CLI, run the following commands in sequence to disable the tunnel adapter:
netsh interface teredo set state disabled
netsh interface 6to4 set state disabled
netsh interface isatap set state disabled
(Optional) Deregister the connection address in DNS.
NOTE
Perform the following operations only when the management plane NICs are configured.
27 Choose Start, enter ncpa.cpl in the Search programs and files text box, and press
Enter.
28 Double-click the management plane NIC, click Properties, double-click Internet
Protocol Version 4 (TCP/IPv4), and select Advanced.
29 In the Advanced TCP/IP Settings dialog box, click the DNS tab, and deselect Register
this connection's addresses in DNS, as shown in Figure 6-32.

FusionCloud Desktop
Figure 6-32 Settings on the DNS tab page
30 Click OK.
Configure the DNS policies on the standby VM.
Some operations do not need to be performed on the standby DNS. For details, see Table 6-9.
31 Log in to the standby AD/DNS VM as user SWMaster.

32 Select the IP address on which the server listens for DNS queries. For details, see 16 to
18.
33 Deregister the connection address in DNS. For details, see 27 to 30.
----End
6.4.5 Installing the ITA Component
Scenarios
Install the IT Adapter (ITA) software and deploy the ITA server. The ITA provides an
interface for virtual IT asset management, such as creating and assigning VMs, managing VM
status and templates, O&M of virtual desktops.

FusionCloud Desktop
Prerequisites
Conditions
l Windows infrastructure VMs have been created and configured.
l The GaussDB has been installed.
Data
Software
FusionAccess_Installer_Win_V100R005C30SPCxxx.iso
Procedure
Log in to the VM.
1 Log in to the active infrastructure VM for deploying the ITA service using VNC as the
administrator.
Add the VM to a domain.
3 In Computer name, enter the VM name. In Member of, select Domain, enter the
infrastructure domain name, and click OK.
Figure 6-33 System properties
4 Enter the account and password of the domain administrator to be added to the domain,
for example vdsadmin, and click OK.
5 Complete the configuration as prompted, restart the VM, and log in to the VM as the
administrator.

FusionCloud Desktop
Add the domain account to the administrator group.

Add the following accounts to the administrator group:
l Domain administrator account (for example, vdesktop\vdsadmin)
l Domain accounts for logging in to infrastructure servers (for example, vdesktop
\vdsuser)
6 Choose Start, enter compmgmt.msc in the Search programs and files text box, and
press Enter. In the Computer Management window, choose System Tools > Local
Users and Groups > Groups.
7 Right-click Administrators, and choose Add to Group from the shortcut menu.
8 Click Add. In Enter the object names to select, enter Domain administrator account,
click OK. Enter the username and password for the domain administrator and click OK.
9 Add other domain accounts to the administrator group in the same way.
Install the ITA service.
NOTICE
Do not use any client tool to connect to the TEMPLATE1 database for the GaussDB during
the configuration.
10 Use the domain account (such as vdsuser) to log in to the infrastructure VM on which
the ITA service is to be installed.
11 On the VNC login page, mount FusionAccess_Installer_Win_V100R005C30SPCxxx.iso
to the ITA server by using the CD/DVD-ROM drive.
12 Double-click the CD-ROM (autorun is executed by default), click IT Adaptor, and go
to the Select run mode window as prompted. Select Domain and click Next.
13 Set the following parameters in ITA Configuration:
– Username: Enter the Domain administrator account, for example, vdesktop
\vdsadmin. This account has been created on the AD server and is added to the
administrator group on the ITA server.
– Password: Enter the password of the Domain administrator account, for
example, Huawei@123.
14 In Rights Management Mode, select common mode or rights separation mode based
on the settings of FusionCompute and FusionManager, and click Next.
NOTICE
The selected rights must be the same as those set during FusionCompute and
FusionManager installation and cannot be changed after installation.
15 In Database Configuration, select Create a database.

NOTE
– If the existing database instances are used on the ITA, select Use the existing database.
– When installing the standby ITA server, select Use the existing database, and enter the
database parameters set on the active ITA.

FusionCloud Desktop
16 Set the following parameters:

– Database IP address: If active and standby GaussDB servers are deployed, enter
the GaussDB floating IP address. If only one GaussDB server is deployed, enter
the service plane IP address of the GaussDB.
– Port: Retain the default value 5432.
– Database name: Enter the ITA database name created on GaussDB, for example,
FusionAccess.
– DB connect account: Enter the ITA database account, for example,
ITALoginUser.
– Password: Enter the password of the ITA server for connecting to the database,
such as Huawei@123.
– Confirm password: Enter the password again for confirmation.
– Administrator username: Enter the database administrator account. For the
GaussDB database, enter fauser.
– Password: Enter the password of the database administrator, such as Huawei@123.
17 Click Check connectivity.
If the GaussDB server is connected, a dialog box is displayed indicating that the
connection is successful.
18 Click OK and complete the software installation as prompted.
Install the backup tool.
19 In the Installation Wizard window, click BackupTools.
20 Go to the Select run mode window as prompted.
21 Select Domain and click Next.
22 Deselect AD, DNS, and DHCP, and click Next.
23 Set the following parameters, and click Next:
– Backup path: Select the server data backup path, for example, C:\VDS_backup.
– Shared domain user: Enter the service domain account of the Loggetter server, for
example, vdesktop\vdsadmin.
24 Select the destination folder and complete the installation as prompted.
(Optional) Change the port number for interconnecting with FusionManager.
NOTE
Change this port number only when FusionAccess interconnects with FusionManager of the version
V100R003.
29 Go to C:\ITA\tomcat\vDesktop\WEB-INF\classes on the ITA server.
30 Change the protocolPort=643 to protocolPort=443 in the file alarm.properties.
31 Save and close the file alarm.properties.
Configure remote assistance.

FusionCloud Desktop
Perform this task only when the administrator needs to log in to user VMs to locate faults.

33 In the navigation tree, click Features. In the right pane, click Add Features.
34 Select Remote Assistant, as shown in Figure 6-34, and click Next.
Figure 6-34 Remote assistance
35 Complete the installation as prompted.

Install the ITA service on the standby VM.
The operations performed on the standby VM are different from the operations on the active
VM.
36 Log in to the standby infrastructure VM for deploying the ITA service using VNC as the
administrator.
37 Install the ITA service on the standby VM. For details, see 2 to 35. When configuring the
database in 15, select Use the existing database.
----End
6.4.6 Installing the Loggetter and TCM Components
Installing the Loggetter Component

FusionCloud Desktop
Scenarios
The Loggetter is used to back up important files and data of each component.
Prerequisites
Conditions
Windows infrastructure VMs have been created and configured.
Data
Software
FusionAccess_Installer_Win_V100R005C30SPCxxx.iso
Procedure
Log in to the VM.
1 Log in to the infrastructure VM for deploying the Loggetter using VNC as the
administrator.
Add the VM to a domain.
3 In Computer name, enter the VM name. In Member of, select Domain, enter the
infrastructure domain name, and click OK.
Figure 6-35 System properties
4 Enter the account and password of the domain administrator to be added to the domain,
for example vdsadmin, and click OK.

FusionCloud Desktop
5 Complete the configuration as prompted, restart the VM, and log in to the VM as the
administrator.
Add domain accounts to the administrator group.
Add the following accounts to the administrator group:
l LoggetterDomain administrator account (for example, vdesktop\vdsadmin)
l LoggetterDomain accounts for logging in to infrastructure servers (for example,
vdesktop\vdsuser)
6 Choose Start, enter compmgmt.msc in the Search programs and files text box, and
press Enter. In the Computer Management window, choose System Tools > Local
Users and Groups > Groups.
7 Right-click Administrators, and choose Add to Group from the shortcut menu.
8 Click Add. In Enter the object names to select, enter Domain administrator account,
click OK. Enter the username and password for the domain administrator and click OK.
9 Add other domain accounts to the administrator group in the same way.
Install the Loggetter service.
10 Use the domain account to log in to the infrastructure VM on which the Loggetter
service is to be installed.
11 On the VNC login page, mount FusionAccess_Installer_Win_V100R005C30SPCxxx.iso
to the Loggetter server by using the CD/DVD-ROM drive.
12 Double-click the CD-ROM drive (autorun is executed by default), click Loggetter, and
go to the Select run mode window as prompted. Select Domain and click Next.
13 In Configuration Page, set the following parameter:
– FTP shared folder: specify the FTP service folder, for example, E:
\Loggetter_PATH.
– Username: Enter the Domain accounts for logging in to infrastructure servers
of loggetter server, for example, vdesktop\vdsuser, which has been created on the
AD server.
– Password: Enter the password, for example, Huawei@123.
14 Complete the Loggetter software installation as prompted.
Configure the Loggetter backup tasks.
15 Choose Start > All Programs > Loggetter > Loggetter.
The Loggetter Configuration window is displayed.
16 Set the following parameters in FTP Data Configuration:
– IP: Enter the FTP server IP address. If the Loggetter server also serves as an FTP
server, retain the default value.
NOTE
You are advised to configure a third-party FTP server to improve the backup data reliability.
– Port: Enter the FTP service port number. If the Loggetter server also serves as an
FTP server, retain the default value 989.
– Account: Enter the backup server account, which is ConfBack_User by default. If
the Loggetter server also serves as an FTP server, retain the default value.
– Password: Enter the password for the backup server account, which is
Huawei123# by default. If the Loggetter server also serves as an FTP server, retain
the default value.

FusionCloud Desktop
17 In Connect Components, enter the IP addresses of the infrastructure VMs whose data is
to be backed up, as shown in Figure 6-36.
NOTE
– Enter the floating IP address for the GaussDB and enter the service plane IP addresses for
other components.
– For the nodes working in active/standby mode, enter the service plane IP address of the active
node in the first row and the IP address of the standby node in the second row.
– For the License server, enter only the IP address of the active License node in the first row.
– There is no data to be filled in the columns if the corresponding component is deployed.
Figure 6-36 Configuring service IP addresses for components
18 Click Finish.
The configuration is complete.
----End
Installing the TCM Component
Scenarios
Deploy the TCM server to centrally manage and maintain TCs.
NOTE
You are advised to deploy the TCM and Loggetter on the same server.
l You are advised to deploy the TCM and Loggetter on the same server.
l You are advised to access the TCM portal using Internet Explorer 8.0, because browsers of other
versions may be not compatible with the TCM portal.

FusionCloud Desktop
The TCM consists of the Management server, Data server, and Database server.
NOTE
You are advised to deploy Management server, Data server, and Database server together.
Prerequisites
Conditions
Windows infrastructure VMs have been created and configured.
Data
Documents
Table 6-10 Document List
Document File Name Path

Name
Centerm Cloud CCCM_Installation For enterprise users, visit http://

Client Manager Manual_5.x_xx.xx.p support.huawei.com/enterprise and choose
Installation df Product Support > IT > FusionServer > TC
Guide Terminal > TCM
For telecom carrier users, visit http://
Centerm Cloud CCCM_UserManual support.huawei.com and choose Product
Client Manager _5.x.xxx.xxx_Vx.xx Support > Carrier IT > FusionServer > TC
User Guide .pdf Terminal > TCM
TCM_V100R001C00SPC201_Product_Docu
ments.zip.
Software
Table 6-11 Software List
Software Software Package Path

Type Name
MySQL mysql-5.x.xx- Through official website or so on official

Database winx64 channel gain: http://www.mysql.com
Data server CDSsetupCDSsetup For enterprise users, visit http://

installation _5.x.xxx.xxx.exe support.huawei.com/enterprise and choose
program (CDS) Software > IT > FusionServer > TC Terminal
> TCM
Database UnitedDBsetup_5.x. For telecom carrier users, visit http://
import xxx.xxx.exe support.huawei.com and choose Software >
program(United Carrier IT > FusionServer > TC Terminal >
DB) TCM
Decompress the following software packages

FusionCloud Desktop

Type Name
Management CCCMsetup5.x.xxx. l CDS_Version_5.x.xxx.xxx_xxxxxxxxxx(Req

server xxx.exe uired).zip
installation l UnitedDB_Version_5.x.xxx.xxx_xxxxxxxxx
program(CCC x(Required).zip
M) l CCCM_Version_5.x.xxx.xxx_xxxxxxxxx(Re
License patch CCCM_License_Pat quired).zip
installation ch l CCCM_License_Patch_5.2.000.803_201312
program(CCC 1101(Required).zip
M_License_Pat
ch)
Procedure
Log in to the VM.
1 Log in to the Loggetter/TCM infrastructure VM using VNC as an administrator.
Install the TCM component.
2 Install the database.
For details, to see CCCM_Installation Guide > 3 Installation and Configuration >
3.1 Installation Process > Installing Database.
NOTE
– The MySQL (MySQL Community Server 5.1.52-5.5.23) database is recommended

– Pay attention to key parameters, such as database port.
3 Install the database import package.
For details, see CCCM_InstallationManual > Installation and Configuration >
Installation Process > Installing Database Import Package.
4 Install the Management Server.
Installation Process > Installing Management Server.
5 Install the License Patch.
Installation Process > Installing License Patch.
6 Install the Data Server.
Installation Process > Installing Data Server.
Configure the TCM.
7 Perform basic configuration.
For details, see CCCM_UserManual.
8 Upgrade the Linux TC.
For details, see CCCM_UserManual > File Deployment Management > Linux File
Deployment.

FusionCloud Desktop
9 Upgrade the Windows TC.

For details, see CCCM_UserManual > File Deployment Management > Windows
Software Management.
----End
Importing WI Addresses in Batches
Scenarios
Configure WI server addresses of TCs in batches by using a tool to improve work efficiency.
Prerequisites
Conditions
TCs have been installed.
Data
Documents
Table 6-12 Document list
Document Document How to Obtain

Name
Centerm Cloud CCCM_UserManu For enterprise users, visit http://

Terminal al support.huawei.com/enterprise and choose
Management Product Support > IT > FusionServer > TC
System User Terminal > TCM
Manual For telecom carrier users, visit http://
support.huawei.com and choose Product
Support > Carrier IT > FusionServer > TC
Terminal > TCM
Download and decompress the TCM product
documentation.
PackTool PackTool_Manual http://eip.centerm.com.cn:7100/Huawei/Linux/

Manual release/Common/Tool/LinuxPack/
PackToolSetup_V5.00-2015072201_CRC701F7
2C0.zip
PackToolSetup_V5.00-2015072201_CRC701F
72C0.zip.
Software

FusionCloud Desktop
Table 6-13 Software list
Software Software Name How to Obtain

Type
CloudClient AccessClient_Win. For enterprise users, visit http://

msi support.huawei.com/enterprise and choose
Software > IT > FusionCloud > FusionAccess
> FusionAccess > V100R005C30SPCxxx
support.huawei.com and choose Software >
Carrier IT > FusionCloud > FusionAccess >
FusionAccess > V100R005C30SPCxxx
FusionAccess_AccessClient_V100R005C30.zi
p.
Patch creation PackToolSetup http://eip.centerm.com.cn:7100/Huawei/Linux/

software of release/Common/Tool/LinuxPack/
Linux TCs PackToolSetup_V5.00-2015072201_CRC701F7
2C0.zip
PackToolSetup_V5.00-2015072201_CRC701F
72C0.zip.
Procedure
Generate a WI address configuration file.
1 Install the desktop cloud client software AccessClient_Win.msi on a physical machine
running the Windows operating system.
2 Choose Start > AccessClient > CloudClient.
The client software management page is displayed.
3 Click Add.
The Edit Server Info page is displayed.
4 Set Server Name and Server Address, and select Set as default if required.
5 Determine whether to set DR Address.
– If yes, go to 6.
– If no, go to 8.
6 Click Advanced.
7 Set DR Address and click OK.
The servers.xml file is generated in the C:\PermanenceDataPath\cloudclient directory.
8 Click OK.
9 Repeat 3 to 7 to add other WI server addresses.
Create a TC patch file.
10 Perform the following operations based on TC types.

FusionCloud Desktop
– For Centerm Linux TCs, go to 11.

– For Centerm Windows TCs, go to 14.
11 For details about how to create a patch file for Centerm Linux TCs, see
PackTool_UserManual > 3.9 Building HDPConfigure Patch.
Set key parameters as follows:
– For TCs running on the x86 platform, select XOS Platform Linux System.
– For TCs running on the Arm platform, select AOS Platform Linux System.
– Set Type to HDPConfigure.
– Patch content:
n File Name: C:\PermanenceDataPath\cloudclient
n Install path: /root/.local/share/data/Huawei/cloudclient
– Patch Output: Select a non-default path.
Upload the TC patch folder.
12 Perform the following operations based on TC types.
– For Centerm Linux TCs, go to 13.
– For Centerm Windows TCs, go to 14.
13 Upgrade the Linux TC.
For detailed operations, see CCCM_UserManual > File Deployment Management >
Linux File Deployment.
NOTE
Upload the patch file created in 11, and the target file path is /root/.local/share/data/Huawei.
14 Upgrade the Windows TC.
For detailed operations, see CCCM_UserManual > File Deployment Management >
Windows Software Management.
NOTE
– Upload the C:\PermanenceDataPath\cloudclient\servers.xml folder, and the target file path

is C:\PermanenceDataPath\cloudclient.
– For detailed operations, select Copy to Windows Clients.
----End
6.5 FusionAccess Initial Configuration

6.5.1 Configuring the Virtualization Environment
Scenarios
After FusionAccess components are installed, configure the virtualization environment to
ensure communication between FusionAccess and the virtualization environment.
FusionAccess interworks with virtualization environment to provide virtual desktop services.
NOTE
FusionAccess can interconnect with two types of virtualization environments, FusionCompute and
OpenStack. The following uses FusionCompute as an example to describe the interconnection. To
interconnect with OpenStack, perform operations as prompted on the GUI.

FusionCloud Desktop
Prerequisites
Conditions
There are no special conditions for this operation.
Data
Procedure
Step 1 In the address box of your web browser, enter http://service plane IP address of the active IT
adapter (ITA) server:8081 to log in to FusionAccess.
Username and Password vary with the value of Rights Management Mode set when the
ITA server is installed.
l If Rights Management Mode is Common mode, Username is admin and the default
password is Huawei123#. You will be asked to change the password upon your first
login.
l If Rights Management Mode is Rights separation mode, Username is sysadmin and
the default password is Sysadmin#. You will be asked to change the password upon your
first login.
NOTE
l During login, if incompatibility problems occur in Internet Explorer or Firefox, see Setting Internet
Explorer Browser or Setting Mozilla Firefox Browser to configure the browser.
l After the login from a browser, if the FusionAccess page cannot be displayed normally due to a
certificate problem, follow the steps provided in Configuring a Browser for Accessing
FusionAccess to resolve the problem.
Step 2 On the FusionAccess page, choose System > Initial Configuration > Virtual Environment
to enter the Virtual Environment page.
Step 3 Select FusionCompute or OpenStack.
NOTE
The following uses FusionCompute as an example to describe the interconnection. To interconnect with
OpenStack, perform operations as prompted.
Step 4 Click , and set the following example parameters as show as Figure 6-37.
l FusionCompute IP: Enter the floating IP address of the virtual resource management
(VRM) node.
l FusionCompute port number: Enter 7070.
l SSL port number: Enter 7443.
l Username: The default value is vdisysman.
l Password: The default value is VdiEnginE@234.
l Protocol: Select the protocol used for communication between FusionCompute and the
ITA. You are advised to select https.

FusionCloud Desktop
Figure 6-37 Virtual Environment
Step 5 Click OK.
----End
6.5.2 Configuring a User Domain
Scenarios
Add a user domain to implement unified management of user VMs in the desktop cloud
system.
Prerequisites
Conditions
Data
Procedure
Step 1 On the FusionAccess page, choose System > Initial Configuration > Domain/OU.
Step 2
NOTICE
The values of Domain and Domain name must be the same as Domain and Domain name
set on the AD server.

FusionCloud Desktop
Click in the upper part of the page, and configure domain information. The
following example parameters as show as Figure 6-38.
l Domain: Enter the Fully Qualified Domain Name (FQDN) of the infrastructure domain,
for example, vdesktop.huawei.com.
l Account: Enter the domain administrator account. The account format is Domain name
\Account, for example, vdesktop\vdsadmin.
l Password: Enter the password of the domain administrator account, for example,
Huawei@123.
l Active domain controller IP: Enter the service plane IP address of the active AD server.
l Standby domain controller IP: Enter the service plane IP address of the standby AD
server. This parameter is required only when AD servers are deployed in active/standby
mode.
l VM ID Deletion: Select Delete or Reserved as required. The recommended choice
Reserved.
l Domain controller time synchronization exception threshold: Enter the time
difference allowed between domain controllers. If Enable time monitoring service is
set to Yes in Configuring Alarm Components, an alarm will be generated when the
time difference between the primary domain controller and other domain controllers
exceeds this threshold.
Figure 6-38 Domain
Step 3 Click OK.

NOTE
The OUs on the Domain/OU page divide user VMs into different groups and are used during VM
provisioning. This task does not involve OU-related operations.
----End

FusionCloud Desktop
6.5.3 Configuring Desktop Components
Scenarios
On the FusionAccess portal, configure desktop components to enable the ITA to manage
virtual machines (VMs) on the desktop cloud and assign VMs.
Prerequisites
Conditions
Data
Procedure
Configure ITA data.
1 On the FusionAccess page, choose System. Choose Initial Configuration > Desktop
Components from the navigation tree, and click Config the Database Info in the ITA
configuration area.
The ITA Database Information page is displayed. Please enter the following
parameters. The following example parameters as show as Figure 6-39.
– Database IP:
n If two GaussDB VMs are deployed in active/standby mode, enter the floating
IP address of the GaussDB VMs.
n If there is only one GaussDB VM, enter the service plane IP address of the
GaussDB VM.
– Active database IP: Enter the service IP address of the active GaussDB.
– Standby database IP: Enter the service IP address of the standby GaussDB.
– Port number: The default value is 5432.
– Database name: Enter the ITA database name created on GaussDB, The default
value is FusionAccess.
– Username: DB connect account, The default value is ITALoginUser.
– Password: Enter the password of the ITA server for connecting to the database,
such as Huawei@123.

FusionCloud Desktop
Figure 6-39 ITA Database Information
2 Click OK.
3 Set the following parameters in the ITA configuration area. The following example
parameters as show as Figure 6-40.
– Principal ITA IP: Enter the service plane IP address of the active ITA server.
– Principal ITA port: Retain the default value 8081.
– Standby ITA IP: Enter the service plane IP address of the standby ITA server.
– Standby ITA port: Enter 8081.
– Active DNS IP: Enter the service plane IP address of the active DNS server.
– Standby DNS IP: Enter the service plane IP address of the standby DNS server.
– Loggetter IP: Enter the service plane IP address of the Loggetter server.
– Loggetter Port: Enter the FTP service port number of the Loggetter server. The
default port number is 989.
– User Name: Enter the FTP service username of the Loggetter server, The default
value is ConfBack_User.
– Password: indicates the FTP service password of the Loggetter server, The default
value is Huawei123#.

FusionCloud Desktop
Figure 6-40 ITA configuration
4 Click OK.
Configure a license.
5 Click in the License Information area, set the license information, and
click OK.
– License name: Enter the license name, for example, License01.
– IP: Enter to the service plane IP address of the License server. In the standard
deployment mode, enter the service plane IP address of the active
GaussDB/HDC/WI/License server.
– Password: The password of SSH, The default value is Huawei@123.
6 Click OK to configure a license and click Back.
7 In the Operation column, click to obtain the equipment serial number (ESN).
8 Apply for a license based on the ESN.
NOTE
For details about how to apply for a license, see the FusionCloud Desktop Solution V100R005C30
License User Guide. You can download it from http://support.huawei.com/enterprise and choose
Product Support > IT > FusionCloud > FusionAccess > FusionCloud Desktop Solution.
9 In the Operation column, click .

10 In the Load License window displayed, select the license file and loading mode, and
click Load License.
– If Force loaded is selected, tasks such as checking the change in control items, the
number of licenses, and the validity period will be skipped over.
– If Normal loaded is selected, the preceding checks will not be skipped over.
11 Click Load License.
Configure a Desktop.
A Desktop is a set of desktop cloud system consisting of the ITA, License, HDC, WI, DB, and
Loggetter components.

FusionCloud Desktop
NOTICE
During the configuration, do not connect to the GaussDB TEMPLATE1 database using any
client tool.
12 In the Desktop Information area, click , and set the following parameters.
The following example parameters as show as Figure 6-41.
– DesktopID: Enter the name of the Desktop, for example, Desktop01.
– Database name: Enter the HDC database name, for example, HDCGaussDB01.
– Database IP:
n If two GaussDB VMs are deployed in active/standby mode, enter the floating
IP address of the GaussDB VMs.
n If there is only one GaussDB VM, enter the service plane IP address of the
GaussDB VM.
– Active database IP: Enter the service IP address of the active GaussDB VM.
– Standby database IP: Enter the service IP address of the standby GaussDB VM.
– Database port: Retain the default value 5432.
– Database username: Enter the HDC database username created on GaussDB,
Default, hdcdbuser.
– Database password: Enter the HDC database user password created on GaussDB,
Default, Huawei@123.
– HDC Name: Enter the HDC server name. The value must be the same as the value
of Name.
– HDC IP: Enter the service plane IP address of the HDC server.
NOTE
n The value of HDC Name must be the same as the value of Name set when DNS forward
lookup is configured; otherwise, the VMs that are successfully provisioned will be in the
Unregistered state.
n If multiple HDCs exist, click the plus (+) sign to add HDC information.
– License name: Enter the license name configured in 5.

FusionCloud Desktop
Figure 6-41 Desktop Information
13 Click OK.
vAG/vLB Configuration.
14 In the vAG/vLB Configuration area, click , and set the following

parameters:
– Server IP: Enter the service IP address of the vAG server.
– Deploy Type: Specify whether vAGs and vLBs are independently deployed or
deployed together.
– Description: (Optional) Describe something about the vAG server.
– SSH Account: The default value is gandalf.
15 Repeat 14 to add all the vAG servers.
(Optional) AUS Configuration.
16 In the AUS Configuration area, click , and set the following parameters:
– AUS Name: The name of the AUS server.
– AUS IP: Enter the service IP address of the AUS server.
– Description: (Optional) Describe something about the AUS server.
Configure WI data.
17 In the WI Cluster Information area, click , and set the following

parameters:
– WI cluster name: Enter the WI cluster name, for example, WI01. Create different
clusters for the WIs serving enterprise internal users and the WIs serving Internet
users.

FusionCloud Desktop
– WI IP: Enter the service plane IP address of a WI server. To add IP addresses of

other WI servers in the same cluster, click .
– Port: Retain the default value 9003.
– HDC component: Select vdesktop.
18 Configure domain information.
– Domain: Select the domain.
– Domain site and Domain controller IP: These two parameters are optional. To
enable the WI to preferentially interact with a specified domain controller, set these
two parameters. If you leave these two parameters unspecified, the WI
preferentially interacts with the primary and backup domain controllers configured
for the domain in Configuring a User Domain.
19 Configure WI cluster information.
– Identity type: Enter the authentication mode for user login, which can be any of the
following:
n Username and Password: A user can log in to the VM only after entering the
correct username and password.
n Smart Card: A user can log in to the VM only after entering the correct
personal identification number (PIN) of the USB key twice. The user is
required to enter the PIN of the USB key when attempting to log in to the WI
and when attempting to log in to the VM.
n Pass-through Smart Card: A user can log in to the VM after entering the
correct PIN of the USB key during the login to the WI.
n Smart Card Gateway: A user can log in to the WI and VM only after
entering the correct PIN of the USB key and passing the authentication of a
third-party gateway.
– Two-factor authentication: Specify whether to enable two-factor authentication.
n Disable: Disable two-factor authentication.
n RADIUS: Enable two-factor authentication for RADIUS. Select this option if
the two-factor authentication feature is required.
For details, see FusionCloud Desktop V100R005C30 Feature Guide.
– Service access gateway: Specify whether to enable the service access gateway. If
you select Open, configure Service Access Gateway config based on the access
gateway type. Table 6-14 describes the configuration. If you select Open, the
parameters are set as show as Table 6-14.
Table 6-14 Service access gateway

Not select Support NAT Select Support NAT Access
Access
Service access gateway: n Service access gateway: Gateway IP address

Actual service IP address of for client to initiating connections (before
the gateway. Port is 8443. NAT). Port is 8443.
n vAG Business IPActual service IP address of
the gateway.

FusionCloud Desktop
NOTICE
– Self-help console gateway: Specify whether to enable the self-service console

gateway. If you select Open, set the parameters as follows:
n Configure Self-help console gateway config based on the access gateway
type. Table 6-15 describes the configuration. If you select Open, the
parameters are set as show as Table 6-15.
Table 6-15 Self-help console gateway config
Not select Support Select Support NAT Access

NAT Access
Self-help console gateway ○ Self-help console gateway config:

config: Actual service IP Gateway IP address for client to initiating
address of the gateway. connections (before NAT). Port is 8443.
Port is 8443. ○ vAG Business IPActual service IP address
of the gateway.
NOTICE
If the gateway is not configured, user data is not encrypted and leakage risks
exist.
n Auto run Self-help console: If you select Open, the self-service console is
automatically enabled when a user logs in to a VM in the shutdown or
abnormal state.
n Login retry Times: This parameter takes effect when Auto run Self-help
console is set to Open. It specifies the maximum retry times for establishing a
connection between the self-service console and the WI server. The value is a
positive integer. The default value is 4.
– Emergency Login: Specify the authentication mode if the AD is faulty.
NOTE
If you select Auto or Force, the WI may not perform authentication on the AD. Therefore,
uses can log in to the WI without authentication and view the VM lists of other users. This
brings security risks.
n Auto: Perform authentication on the local machine if the AD is faulty.
n Force: Log in to the WI without authentication on the AD. User VM lists can
be viewed and user authentication is performed on the local VM after login.
n Forbid: Use the AD server to perform authentication forcibly. That is, if the
AD is faulty, users cannot log in to VMs.
– Auth Account: Specify the WI NBI account. After Open is selected, third-party
applications can communicate with the WI by using this account.
n Account: Defined by users. The default value is WIRestUser.

FusionCloud Desktop
n Password: Defined by users.

20 Click OK.
----End
6.5.4 Configuring Alarm Components
Scenarios
On FusionAccess, configure IP addresses and enable the alarm function of components so that
the components can be monitored through FusionAccess.
NOTE
After FusionCompute and FusionManager are installed, enable FusionCompute alarms to be reported to
FusionManager on realtime basis. For details, see Configuring the Alarm Reporting Function for the
FusionCompute.
Prerequisites
Conditions
l You have logged in to the FusionAccess portal.
l The Tomcat service domain account (for example, vdesktop\vdsadmin) has been added
to the administrator group of the virtual machines (VMs) on which the alarm function
needs to be enabled.
Data
Procedure
Step 1 On the FusionAccess portal, choose System > Initial Configuration > Alarm Components.
The Alarm Components page is displayed.
Step 2 Determine whether to enable the alarm function.

l If yes, go to Step 4.
l If no, go to Step 3.
Step 3 Select No, and disable alarm function configuration as prompted.
Step 4 Select Yes and add the IP addresses of the components to be monitored. Table 6-16 describes
the parameters to be set.
Table 6-16 Data to be configured
Category Parameter Description Example Value
Server TCM IP Specifies the service plane IP 192.168.1.14

Information address of the Thin Client
Manager (TCM) server.

FusionCloud Desktop
TSM IP Specifies the service plane IP 192.168.1.13

address of the Terminal Security
Management (TSM) server.
Active DNS Specifies the service plane IP 192.168.1.15

IP address of the active DNS
server.
Standby Specifies the service plane IP 192.168.1.18

DNS IP address of the standby DNS
server.
Active Specifies the service plane IP 192.168.1.16

DHCP IP address of the active DHCP
server.
Standby Specifies the service plane IP 192.168.1.17

DHCP IP address of the standby DHCP
server.
Loggetter IP Specifies the service plane IP 192.168.1.19

address of the Loggetter server.
Domain Domain Specifies the service plane IP 192.168.1.21

controller controller IP address of the AD server. The
information service plane IP addresses of the
active and standby AD servers
must be configured.
After domain information is
configured (see Configuring a
User Domain), the domain
controller information is
automatically displayed. You do
not need to enter any
information.
Domain Specifies the FQDN of the AD vdesktop.huawei.com

domain.
Enable time Specifies whether to enable the Yes

monitoring time monitoring service on the
service AD server.
If time monitoring is enabled, an
alarm will be generated when
the time difference between the
primary domain controller and
other domain controllers
exceeds the value specified by
Domain controller time
synchronization exception
threshold.

FusionCloud Desktop
Step 5 Click OK and save the configuration.
----End
6.5.5 (Optional) Configuring Multi-Language Images on ITA

Servers
Scenarios
Manually add language configuration items (CIs) on IT adapter (ITA) servers so that the
system can create virtual machines (VMs) using multi-language images, assign created VMs,
and add or remove users from VMs.
Prerequisites
Conditions
l The domain username and password for logging in to the ITA server have been obtained.
l A PC or laptop on which the target language operating system (OS), for example, the
Dutch OS, is installed has been obtained.
Data
Data preparation is not required for this operation.
Procedure
Obtain property configuration parameters of target language VMs.
NOTE
This topic uses VMs with the Dutch Windows XP OS as an example.

1 Log in to the PC or laptop.
2 Run the following command on the command-line interface (CLI):
reg query HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls
\Language /v InstallLanguage
The language installation code, for example, 0413, is obtained. The information similar
to the following is displayed:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language
InstallLanguage REG_SZ 0413
3 Run the following command:

sc query Dnscache
The value of STATE in the target language is obtained, for example, STATE. The
information similar to the following is displayed:
SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
4 Click Start, right-click My Computer, and choose Manage.

The Computer Management window is displayed.

FusionCloud Desktop
5 In the navigation tree, choose Computer Management(Local) > System Tools > Local
Users and Groups > Users. The value of Administrator is displayed, as shown in
Figure 6-42.
Figure 6-42 Computer Management (Users)
6 In the navigation tree of the Computer Management window, choose Computer

Management(Local) > System Tools > Local Users and Groups > Groups. The
values of Administrators and Users are displayed, as shown in Figure 6-43.
Figure 6-43 Computer Management (user group)

FusionCloud Desktop
Create a property configuration file.

7 Log in to the active ITA server using the domain account.
8 Switch to C:\ITA\tomcat\vDesktop\WEB-INF\conf\language, copy the
0409.properties file to C:\ITA\tomcat\vDesktop\WEB-INF\conf\language, and
rename the file as the property configuration file with the target language code, for
example, 0413.properties.
NOTE
This topic uses the 0413.properties property configuration file of the Dutch OS as an example.
9 Open the 0413.properties file using Notepad.
The file content is as follows:
state=STATE
administrator=administrator
administrators=administrators
users=users
10 Change parameter values to values translated into the target language.

Table 6-17 describes the information about target language parameters.
Table 6-17 Information about target language parameters
Param Parameter How to Obtain Example Value

eter Descriptio
n
STATE STATE For details, see 3. STATE

value
translated
into the
target
language
adminis administra For details, see 4 to 5. Administrator

trator tor value
translated
into the
target
language
adminis administra For details, see 6. Administrators

trators tors value
translated
into the
target
language
users users value Gebruikers

translated
into the
target
language

FusionCloud Desktop
NOTE
If the value of state on Windows 7 is different from that on Windows XP, the two values must be listed
and separated by a space. For example, the value of state on the Spanish Windows 7 OS is ESTADO
and that on the Spanish Windows XP OS is STATE. In this case, the content in the 0C0A.properties
configuration file is as follows:
state=ESTADO STATE
administrator=administrador
administrators=administradores
users=usuarios
11 Save the 0413.properties file.

Restart the Tomcat service.
12 Choose Start > Administrative Tools > Services.
13 In the list on the right, right-click Apache Tomcat 7, and choose Restart from the
shortcut menu.
The Tomcat service is restarted.
14 Repeat 8 to 13 to configure multi-language images on the standby ITA server.
NOTICE
When VMs are assigned, enter the values translated into the target language in
Administrators and Users in Set Authority Group.
----End
6.5.6 Configuring Time Synchronization
Scenarios
Set the time zone for the system, and configure the daylight saving time (DST) based on local
time requirements. If Active Directory (AD) servers are deployed, configure the AD server IP
addresses and upper-layer clock source IP address to ensure time synchronization of the AD
servers.
Prerequisites
Conditions
Data
Procedure
(Optional) Configure the DST rule.
This task is required when the DST is used.
1 On the FusionAccess portal, choose System > Time Management, select Support DST,
and set the DST rule based on actual situations.

FusionCloud Desktop
NOTE
After the operating system (OS) time zone is set on the IT adapter (ITA) server, Time Zone will
be updated to the time zone of the site.
2 Click OK.
3 Log in to the active ITA server using a domain account.
4 Choose Start > Administrative Tools > Services. In the right pane of the Services
window, right-click Apache Tomcat 7, and choose Restart from the shortcut menu.
5 Log in to the FusionAccess portal using the service plane IP address of the standby ITA
server, and repeat 1 to configure the DST rule.
6 Log in to the standby ITA server using a domain account, and repeat 4 to restart the
Tomcat service.
7 Click OK, and complete the configuration as prompted.
Configure time synchronization.
l This task is required when a new AD server is deployed on site. The IP addresses of the
AD and the upper-layer clock source must be configured to ensure that the AD can
synchronize time with the upper-layer clock source.
l This task is not required if an existing AD server is used on site. For details about the
implementation scheme, see Clock Synchronization Schemes.
NOTE
When using an external clock source, to reduce the risk management platform being attacked, you
are suggest to enable NTP security authentication mechanism based on the requirements of an
external clock source.
8 Configure time synchronization data. Table 6-18 describes the parameters to be set.
Table 6-18 Data to be configured

Parameter Description
Primary DC IP Specifies the service plane IP address of the active AD server.
Secondary DC IP Specifies the service plane IP address of the standby AD server.
Query period (s) Specifies the interval for querying the time consistency between
the AD server and the upper-layer clock source.
Clock source IP Configure a clock source only for the AD component provided
by Huawei.
– If the customer provides a stable clock source, enter the IP
address of the clock source.
– If the customer does not provide a stable clock source, enter
the management plane IP addresses of the CNA nodes on
which the VRMs are deployed. That is, the AD synchronizes
time with the active and standby VRM hosts of
FusionCompute through the management plane.
NOTE
For details about the clock synchronization schemes in the desktop cloud
solution, see Clock Synchronization Schemes.
Description Provides supplementary information about the upper-layer clock

source.

FusionCloud Desktop
9 Click OK.
----End
6.5.7 Checking Component Status
Scenarios
After installing FusionAccess components, check component status. If the status is Normal
for all components, the software is installed successfully.
Prerequisites
Conditions
Alarm components have been configured on the FusionAccess portal.
Data
Procedure
l Check the status of FusionAccess components.
a. On the FusionAccess portal, choose Alarm > Status Check.
b. Check whether the component status is Normal.
If the component status is not Normal, check whether data configuration is correct.
l Check FusionCare status.
a. Log in to the infrastructure VM, on which the AD/DNS/DHCP services are
deployed, using VNC.
b. Check whether the FusionCare folder exists in C:\.
n If yes, go to e.
n If no, go to c.
c. In the VNC login window, click to mount

FusionAccess_Installer_Win_V100R005C30SPCxxx.iso.
d. Switch to the CD-ROM drive on the VM and copy the FusionCare folder in the
tools folder to C:\.
e. Check whether the FusionCare folder exists on the other AD/DNS/DHCP VM,
active and standby ITA VMs, and Loggetter VMs in the same way.
----End
6.5.8 Activating the OSs of Windows Infrastructure VMs
Scenarios
The VMs running the Windows Server 2008 R2 Standard edition only has a 30-day free trial
license. Users must purchase an official license from the OS vendor.

FusionCloud Desktop
This topic provides guidance for software installation engineers to activate the operating
system (OS) of each Windows infrastructure VM.
Prerequisites
Conditions
l The FusionAccess software is installed and the status of the components of
FusionAccess is Normal.
l You have obtained the product key of Windows Server 2008 R2 from legal sources.
Data
Procedure
Step 1 On FusionCompute, use VNC to log in to a random Windows infrastructure VM.
Step 2 Choose Start, enter serverManager.msc in the Search programs and files text box, and
press Enter.
Step 3 In the Server Manager window, click Activate Windows.
Step 4
NOTICE
l Obtain the product key of Windows Server 2008 R2 from legal sources.
l Use the English product key for an OS in English. If a product key of another language is
used, blue screen of death (BSOD) will occur on the infrastructure VM.
Enter the Windows product key and activate the Windows OS as prompted.
Step 5 Repeat Step 1 to Step 4 to activate the OSs of other Windows infrastructure VMs.
----End
6.5.9 (Optional) Unlock NBI User and Reset the Password
Scenarios
If you want to the FusionAccess connect to the FusionManager and FusionCare system, you
should unlock the systemman account and advised to change the VDIRest password.
NOTE
The password of FusionManager and FusionCare should be changed.
Prerequisites
Conditions
You have logon the FusionAccess.
Data

FusionCloud Desktop
Procedure
Unlock the systemman account
1 On the FusionAccess page, choose System > Rights Management > User
Management, enter the User Management page.
2 Click in the row systemman
The Reset Passwords page is displayed.
NOTE
Unlock the systemman account, you are forced to change the password.
3 Enter the password of the administrator account for authentication, enter the new
password of the systemman account and confirm the password, and click OK.
NOTE
administrator account: the password of admin to logon the FusionAccess.
The password of the systemman account is reset.
4 Click Return to Account List.
The changed to .
Change the VDIRest password
5 For details, see Account Management > Changing the Password for Internal
Communication Between FusionManager and FusionAccess in FusionCloud Desktop
V100R005C20 System Management Guide.
----End
6.5.10 (Optional)Configuring the Desktop Cloud Address
Scenarios
Configure the desktop cloud address on FusionManager. After the address is configured, the
desktop cloud can be operated and maintained, and alarms about FusionAccess components
can be reported through FusionManager.
After the desktop cloud address is configured, configure your browser to ensure successful
access to FusionManager.
NOTE
If the FusionManager management IP address is changed after this task is complete, ensure that the new
IP address allow communication between FusionManager and the FusionAccess infrastructure VMs. In
addition, you need to reconfigure the desktop cloud address on FusionManager by following the steps
provided in this topic and restart the Tomcat service on the IT adapter (ITA) server.
Prerequisites
Conditions
l You have logon the FusionAccess.
l You have obtained the password for unlock systemman.
l You have obtained the administrator username and password for logging in to
FusionManager.

FusionCloud Desktop
Data
Procedure
Configure the desktop cloud address (Connect to FusionSphere V100R005C00).
1 Open your browser, enter the FusionSphere IP address, and press Enter.
The network address format is http:// FusionSphere floating IP address. For example,
enter http://192.168.40.2.
The FusionSphere login page is displayed.
2 Enter the username and password, select the login view, input the verification code and
click Login.
The FusionSphere page is displayed.
3 Choose User > Domain Management.
The Domain Management page is displayed.
4 Click .
The Add Domain page is displayed.
5 Input the Name and Description and click Create.
6 Choose System > Set Desktop Server Address in the navigation tree.
The Set Desktop Server Address page is displayed.
7 Click , and set the following parameters:

– Name: Enter the desktop cloud name, for example, VDesktop.
– Domain: Select the domain name in 5.
– Active IP Address: Enter the management plane IP address of the active ITA
server.
– Standby IP Address: Enter the management plane IP address of the standby ITA
server.
– Port: Enter default port number 8773.
– Username: Enter the username for logging in to the ITA. The default value is
systemman.
– Password: Enter the reset password.
– Confirm Password
8 Click Add.
Restart the Tomcat service
9 Check whether the user access network and the system management plane belong to the
same network segment.
– If no, go to Adding Routes for the Management Plane.
10 On the FusionCompute page, Log in to the active ITA infrastructure server to which the
domain account belongs using the administrator account using the VNC.
11 Switch to the C:\ITA directory, and double-click tomcat7w.exe.
The Apache Tomcat 7 Properties window is displayed.

FusionCloud Desktop
12 Click Stop.
The Tomcat service is stopped.
13 Click Start.
The Tomcat service is started.
14 Click OK.
The Apache Tomcat 7 Properties window is closed.
15 Repeat 11 to 14 to restart the Tomcat service on the standby ITA infrastructure server.
Configure the browser.
16 Re-log in to FusionManager using your browser.
17 Configure the browser.
The operations vary with the type of your browser.
– If the browser is Internet Explorer, go to 18.
– If the browser is Mozilla Firefox, go to 32.
– If the browser is Google Chrome, go to 45.
NOTE
FusionAccess supports the following types of browsers:

– IE: Internet Explorer 8, 9 and 10
– Firefox: Mozilla Firefox 32
– Chrome: Chrome 37
If the browser you use is not supported by FusionAccess, buttons on the FusionAccess portal may
not work properly and display errors may occur.
Set Internet Explorer.
18 In the address box of Internet Explorer, click Certificate Error, and click View
certificates in the dialog box displayed.
The Certificate dialog box is displayed.
19 Click Install Certificate.
The Certificate Import Wizard dialog box is displayed.
20 Click Next.
The Certificate Store dialog box is displayed.
21 Select Place all certificates in the following store and click Browse.
The Select Certificate Store dialog box is displayed.
22 Select Trusted Root Certification Authorities and click OK.
23 Click Next.
The Completing the Certificate Import Wizard dialog box is displayed.
24 Click Finish.
The Security Warning dialog box is displayed.
25 Click Yes.
26 Click OK.
27 In the Certificate dialog box, click OK.

FusionCloud Desktop
28 Open Internet Explorer, choose Tools > Internet Options.

The Internet Options dialog box is displayed.
29 Click the Advanced tab.
30 In the Settings area, deselect Warn about certificate address mismatch.
31 Click OK.
The browser page is displayed, and the browser on the local computer is configured.
Set Mozilla Firefox.
32 Log in to FusionManager using Mozilla Firefox, and click Desktop.
The Desktop page is displayed.
33 Check whether the system displays "This Connection is Untrusted."
– If no, no further action is required.
34 Record the IP address and port number, as shown in the red box in Figure 6-44.
Figure 6-44 Desktop management message
35 Choose Tools > Options.

The Options dialog box is displayed.
36 Click Advanced, and click the Encryption tab.
37 Click View Certificates.
The Certificate Manager dialog box is displayed.
38 Click the Servers tab.
39 Choose the huawei certificate, select ssoserver, and click Add Exception.
The Add Security Exception dialog box is displayed.
40 In the address box of your web browser, enter the IP address and port number obtained in
34 next to https://, for example, https://192.168.22.82:8448.
41 Click Get Certificate.
42 Click Confirm Security Exception.
The Add Security Exception dialog box is closed.

FusionCloud Desktop
43 Click OK.
The Certificate Manager dialog box is closed.
44 Click OK.
The Options dialog box is closed, and the browser page is displayed.
Set Google Chrome.
45 Log in to FusionManager using Google Chrome, and click Desktop.
46 Check whether the system displays "The page cannot be displayed."
47 Copy the uniform resource locator (URL) on the page.
48 Open a new page on the browser, paste the URL to the address box, and press Enter.
49 Click Continue Anyway.
50 Close the new browser page.
On the original FusionManager page, click Desktop again. This page can be displayed
normally.
----End
6.5.11 Generating or Importing a Certificate
Overview
The process for importing certificates varies depending on whether a Certificate Authority
(CA) server is used.
l If a CA server is not used, generate and import web interface (WI) certificates by
following the process described in this document.
l If a CA server is used, import WI certificates by following the Config WI chapter in the
FusionCloud Desktop V100R005C30 Smartcard Login Feature Guide.
NOTE
Importing certificates is optional. If you do not import WI certificates:

l A message is displayed indicating that the security certificate is untrusted when you open the WI page
using HTTPS.
l A message is displayed indicating that the certificate is incorrect after you log in to the WI page.
Generating or Importing a WI/UNS Certificate
Scenarios
Create a WI/UNS certificate and a root certificate on the active ITA VM and import the
WI/UNS certificate to the WI/UNS VM.

FusionCloud Desktop
NOTE
This topic describes how to generate and import a WI certificate as an example. Use the same method to
create and import the UNS certificate.
Prerequisites
Conditions
l You have obtained the service plane IP address of the active and standby WI servers.
l You have obtained the passwords of root and gandalf accounts for logging in to the WI
servers.
Data
Procedure
Create the WI certificate and root certificate.
1 Log in to the active ITA server using a domain account.
2 Choose Start > All Programs > ITA > UpdateCert, and open FusionAccess
Certificate Replacement Tool.
3 Select Other certificate replacement, and choose WI Portal certificate from the Select
certificates to be replaced drop-down list, as shown in Figure 6-45.
Figure 6-45 WI Portal certificate
4 Click Certificate properties in the lower left corner of the window, set the certificate
property parameters, and click OK.
– What is your first and last name: Enter the certificate full name in the FQDN
format. The value must be the same as the user login domain name matching the
vLB floating IP address or the WI service IP address in Configuring the DNS
forward lookup function, for example, fusionaccess.vdesktop.huawei.com.
NOTE
n The parameter value must be the same as the address for users to access the WI.
n If this parameter is not set correctly, an error message such as "The certificate is only
valid for fusionaccess.vdesktop.huawei.com" will be displayed.
– What is the name of your organizational unit: Enter the organization unit name,
for example, FusionAccess.
– What is the name of your organization: Enter the organization name, for
example, Huawei.

FusionCloud Desktop
– What is the name of your City or Locality: Enter the name of your city, for
example, Shenzhen.
– What is the name of your State or Province: Enter the state or province name, for
example, Guangdong.
– What is the two-letter country code for this unit: Enter the country code, for
example, CN, the code of China.
NOTE
If any of the parameters are not set correctly, an error message about certificate invalidity,
such as "The validity period of the certificate is xxxx, but the current time is xxxx." will be
displayed.
Figure 6-46 Certificate properties
5 Click Generate certificate.

The certificate wica.cer is generated and automatically saved in the same directory as the
wi.keystore file, as shown in Figure 6-47.
Figure 6-47 Certificate information

FusionCloud Desktop
6 Download the root certificate wica.cer to a local directory.

Import the certificate to the WI VM.
7 In the Host information area of the FusionAccess Certificate Replacement Tool
window, enter the WI server information.
– IP address: Enter the service plane IP address of the WI VM to which the
certificate is to be imported.
– Maintenance account: Enter gandalf.
– Maintenance password: Enter Huawei@123.
– Root password: Enter the password set for user root when Linux is installed on the
VM where the WI is deployed.
Figure 6-48 Host information
8 Click Certificate Update.

The certificate is imported to the WI server.
9 Repeat 7 to 8 to import the WI certificate to other WI servers.
----End
Importing the Root Certificate to Terminals
Scenarios
Import the root certificate to terminals to encrypt and hide data to be transmitted, ensuring
secure and reliable data transmission between terminals and servers.
Prerequisites
Conditions
l You have obtained the root certificate, whose file name extension is .cer.
l The thin clients (TCs) to be imported with the certificate have started.
l The TCs have been added to the Thin Client Manager (TCM) system.

FusionCloud Desktop
Data
Documents
Table 6-19 Documents to be obtained

Document Description How to Obtain
TCM_UserMan Describes how to For enterprise users, visit http://

ual import the root support.huawei.com/enterprise and choose
certificate to TCs Product Support > IT > FusionServer > TC
through the TCM. Terminal > TCM
Software
Table 6-20 Software to be obtained

Software Software Package How to Obtain
Patch creation This software is For enterprise users, visit http://

software of required when Linux support.huawei.com/enterprise and choose
Linux TCs TCs are used. Software > IT > FusionServer > TC Terminal
For example, the > CloudTerminal
software package for
V100R001C00SPC2
08 is
PackToolSetup_V3.
10-2013070801.zip.
Procedure
Check the type of the terminal operating system (OS).
1 Perform the following operations based on the terminal OS.
– If the terminals run the Windows OS, go to 2.
– If the terminals run the Linux OS, go to 14.
Import the root certificate to Windows TCs or software clients (SCs).
NOTE
l The TCM can distribute the root certificate to Windows TCs provided by Huawei. For details, see File
Distribution > Windows File Distribution in the TCM_UserManual. For the Windows TCs provided by
other vendors, user the vendors' TCM to distribute the root certificate to the TCs.
l If SCs are used, manually import the root certificate to the PCs where the SCs are installed.
2 On the PC, choose Start, enter inetcpl.cpl in Search programs and files, and press
Enter.
The Internet Properties window is displayed.
3 Click the Content tab, and click Certificates.

FusionCloud Desktop
4 Click Import.
5 Click Next.
6 Click Browse, select the root certificate to be imported, and click Next.
7 Click Browse.
8 Select Trusted Root Certification Authorities and click OK, as shown in Figure 6-49.
Figure 6-49 Selecting Trusted Root Certification Authorities
9 Click Next.
10 Click Finish.
NOTE
If a security warning is displayed, click Yes.
11 Click OK.
12 Click Close.
13 Click OK.
The task is complete.
Import the root certificate to Linux TCs.
l This operation is required only when Mozilla Firefox is used to log in to the WI from
Linux TCs. After this operation is performed, users can directly access the WI. The
message indicating that the connection is untrusted will not be displayed.
l If a cloud client is used to log in to the WI from Linux TCs, a message indicating that the
connection is untrusted is displayed. Click Add Exception.
14 Create a patch containing the certificate by using the patch creation software of Linux
TCs.
15 Install the patch on the Linux TCs through the TCM.
For details, see File Distribution > Linux File Distribution in the TCM_UserManual.
----End

FusionCloud Desktop
Verification
After importing the root certificate on terminals, configure DNS. Then, open the web browser
and enter https://Terminal user login FQDN in the address box. If the login is successful
without any certificate errors, the root certificate is successfully imported.
l For Linux TCs, if information shown in Figure 6-50 is displayed, import the root
certificate again.
Figure 6-50 Certificate error
l For Windows TC/SCs, if the value of What is your first and last name is set to a
domain name when the root certificate is created but the WI access address is an IP
address, perform the following operations:
a. In the Internet Options window, click the Advanced tab.
b. Deselect Warn about certificate address mismatch (to disable the message about
certificate address mismatch from being displayed) and Enable SmartScreen
Filter (to ensure that users can download the HDP client file), as shown in Figure
6-51.

FusionCloud Desktop
Figure 6-51 Setting Internet Options
6.6 (Optional) Deploying the UNS

6.6.1 UNS Deployment Scheme
Scheme Overview
The Unified Name Service (UNS) component allows a unified domain name to be used to
access multiple FusionAccess systems. One WI domain name usually can be used to access
only one FusionAccess system. However, an enterprise may have multiple FusionAccess
systems deployed due to business development or disaster recovery (DR) purpose. If
enterprise employees need to access desktops offered by different FusionAccess systems, they
need to alternate between different WI domain names. The UNS component allows
employees to use a unified domain name to access their desktops in different FusionAccess
systems. Figure 6-52 shows the difference before and after the UNS component is deployed.

FusionCloud Desktop
NOTE
l The UNS is applicable only when the customer provides AD/DNS/DHCP servers.
l The UNS does not apply to the scenario in which the vLB is used to perform load balancing for the
WI.
l The UNS component supports the following browsers: Internet Explorer 8, 9, 10, or 11 and Firefox
14 or later.
l The WIs connected to the UNS must use the account and password authentication mode. In this
authentication mode, two-factor authentication must be disabled.
l The recommended resolution is 650 x 620 to 1900 x 1200 to ensure the display effect for end users
who log in using the UNS.
l The UNS currently supports only VDesktop6000 V100R002C01, FusionAccess V100R005C10,
FusionAccess V100R005C20 and FusionAccess V100R005C30 to be connected.
l To connect FusionAccess V100R002C01 to the UNS, you need to install the related patch. For
details, see VDesktop6000 V100R002C01SPC205 Patch Installation Guide. The document can be
obtained from Product Support > IT > FusionCloud > FusionAccess > VDesktop6000 at http://
support.huawei.com/enterprise.
Figure 6-52 Difference before and after the UNS component is deployed
Site1和
Site2
Site1 Login domain name: Site1

company.china.com
Login domain name: Login domain name:

Office.china.com department.china.com
UNS
Site1 AD Site2
WI/DB/HDC/ WI/DB/HDC/
ITA License DNS License ITA
Loggeter vAG/vLB DHCP vAG/vLB Loggeter
The FusionAccess software version can be different on Site 1 and Site 2 in scenarios, such as upgrade
scenarios.
Site 1 and Site 2 can locate in different regions in scenarios, such as branch office scenarios.
Using vLB to Perform Load Balancing for UNS VMs

You are advised to use vLB to perform load balancing for UNS VMs if the number of users is
less than 20000 and there is no requirements for preferential access to local VMs. Figure 6-53
shows the recommended networking.

FusionCloud Desktop
Figure 6-53 Networking when vLB is used as the load balancer

Path from which a TC accesses the WI
Component communication path
DNS vLB vLB ...
TC
UNS_1 UNS_2 ... UNS_n
vLB vLB vLB
WI_11 WI_12 WI_21 WI_22 ... WI_21 WI_22

WI cluster 1 WI cluster 2 WI cluster 2
Table 6-21 describes the UNS deployment requirements when vLB is used as the load
balancer.
Table 6-21 UNS deployment requirements

Item Requirement
Number of VMs 4
Component l Two VMs for deploying the UNS component

l Two VMs for deploying the vLB component
NOTE
When the vLB component is not used to perform load balancing for
the WI component, the number of WIs in a WI cluster cannot exceed
two.
Operating mode Load sharing
VM creation position The two VMs running the same component must belong to
different CNAs.
The installation and configuration procedure is as follows:

1. Create VMs for installing the UNS and vLB components. For details, see Configuring
Linux Infrastructure VMs. Table 6-22 describes the VM specifications.

FusionCloud Desktop
Table 6-22 VM specifications

Com Location and Properties VM Specifications
pone
nt
UNS l Location: l NIC Settings: Select the service

Each UNS VM must be created on plane port group.
different CNAs in the management l Standard Desktop Disk
cluster. Settings
l VM name: – Data store: Select NON-
User-defined. FA-UNS-01 and FA- Virtualized data storage
UNS-02 are recommended. resources.
l OS: Linux – Configuration mode:
Common
l OS Version:
Novell SUSE Linux Enterprise
Server 11 SP1 64-bit Desktop Appliance Disk
Settings
l Hardware:
– Data store: Select
Four vCPUs/4 GB memory/One FusionStorage.
disk/One NIC
l QoS settings:
NOTE
– CPU Resource Control-Quota To improve data reliability, select data
stores on different RAID groups for
Select Customize and set the
the VMs working in active/standby
parameter to the maximum value mode.
128000. This setting guarantees
CPU resources for the
management node VMs on a
CNA in resource contention.
– Memory Resource Control-
Reserved (MB)
Set the parameter to 4096.

FusionCloud Desktop

pone
nt
vLB l Location:
Each vLB VM must be created on
different CNAs in the management
cluster.
l VM name:
User-defined. FA-vLB-01 and FA-
vLB-02 are recommended.
l OS: Linux
l OS Version:
Novell SUSE Linux Enterprise
Server 11 SP1 64-bit
l Hardware:
Two vCPUs/2 GB memory/One
disk/One NIC
l QoS settings:
– CPU Resource Control-Quota
parameter to the maximum value
128000. This setting guarantees
CPU resources for the
management node VMs on a
CNA in resource contention.
Reserved (MB)
– In Advanced Settings, set NIC
type to HW_V_NET.
2. Install the UNS component. For details, see Installing the UNS Component.
Plan service IP addresses for UNS VMs. For example:
– Service IP address of the first UNS VM: 192.168.181.91
– Service IP address of the second UNS VM: 192.168.181.92
3. Install the vLB component. For details, see Installing the vLB Component.
Plan service IP addresses for vLB VMs. For example:
– Service IP address of the first vLB VM: 192.168.181.101
– Service IP address of the second vLB VM: 192.168.181.102
– vLB floating IP address: 192.168.181.100
4. Configure the UNS. For details, see Configuring the UNS.
5. On the DNS server, configure the mapping between the unified login domain name and
the vLB floating IP address. For details, see Configure the DNS forward and reverse
lookup functions in Configuring the Existing AD, DNS, and DHCP Components.

FusionCloud Desktop
Using GSLB to Perform Load Balancing for UNS VMs

Global Server Load Balancing (GSLB) can adjust the traffic between servers in different
locations on wide area networks (WANs), including the Internet, to ensure that each user can
enjoy the services provided by the nearest server and guarantee the best service quality. GSLB
can perform load balancing for UNS servers. It selects UNS servers by certain priority
algorithm. For example, the local UNS server is selected first; if the local UNS server is
faulty, a remote UNS server is selected.
You are advised to use GSLB to perform load balancing for UNS VMs if the number of users
is greater than 20000 and there are requirements for preferential access to local VMs. Figure
6-54 shows the recommended networking.
Figure 6-54 Networking when GSLB is used as the load balancer

Path from which a TC accesses the WI
Component communication path
Cross-regional communication path
Shenzhen Xi’an
TC GSLB TC GSLB
UNS_1 UNS_2 ... UNS_n UNS_1 UNS_2 ... UNS_n
vLB vLB vLB vLB
WI_11 WI_12 WI_21 WI_22 WI_11 WI_12 WI_21 WI_22

WI cluster 1 WI cluster 2 WI cluster 1 WI cluster 2
Table 6-23 describes the UNS deployment requirements when GSLB is used as the load
balancer.
Table 6-23 UNS deployment requirements
Item Requirement
Number of VMs l Deploy three UNS VMs for 20000 users.

l Add one UNS VM each time when the number of users
increases by 10000.
NOTE
When the vLB component is not used to perform load balancing for
the WI component, the number of WIs in a WI cluster cannot exceed
two.

FusionCloud Desktop
Item Requirement
Component UNS
Operating mode Load sharing
VM creation location Select VMs on different CNAs to deploy the UNS.
The installation and configuration procedure is as follows:

1. Create the VMs for installing the UNS component. For details, see Configuring Linux
Infrastructure VMs. Table 6-24 shows the VM specifications.

pone
nt
UNS l Location: l NIC Settings: Select the service

Each UNS VM must be created plane port group.
on different CNAs in the l Standard Desktop Disk Settings
management cluster. – Data store: Select NON-
l VM name: Virtualized data storage
User-defined. FA-UNS-01 and resources.
FA-UNS-02 are recommended. – Configuration mode:
l OS: Linux Common
l OS Version: – Capacity (GB): 30
Novell SUSE Linux Enterprise Desktop Appliance Disk Settings
Server 11 SP1 64-bit – Data store: Select
l Hardware: FusionStorage.
Four vCPUs/4 GB memory/One – Capacity (GB): 30
disk/One NIC
l QoS settings:
– CPU Resource Control-
Quota
parameter to the maximum
value 128000. This setting
guarantees CPU resources for
the management node VMs
on a CNA in resource
contention.
Reserved (MB)

FusionCloud Desktop
2. Install the UNS component. For details, see Installing the UNS Component.
Plan service IP addresses for UNS VMs. For example:
– Service IP address of the first UNS VM: 192.168.181.91
– Service IP address of the second UNS VM: 192.168.181.92
– Service IP address of the third UNS VM: 192.168.181.93
3. Configure the UNS. For details, see Configuring the UNS.
4. On the GSLB, configure the load balancing function for the UNS component. For
details, see the related GSLB documentation.
5. On the DNS server, configure the mapping between the unified login domain name and
the GSLB IP address. For details, see Configure the DNS forward and reverse lookup
functions in Configuring the Existing AD, DNS, and DHCP Components.
6.6.2 Installing the UNS Component
Scenarios
Perform this task when users need to use a unified domain name to access VMs that have
different WI domain names. For details about the deployment scheme, see UNS Deployment
Scheme.
NOTE
l The Unified Name Service (UNS) component does not support a multi-domain environment.
l The UNS component is deployed only when the customer provides AD/DNS/DHCP servers.
Prerequisites
Conditions
A Linux VM has been created and configured.
Data
Procedure
Install the UNS component.
1 Log in to the Linux VM as user root using VNC.
2 Enter startTools to go to the FusionAccess portal.
NOTE
– If this is the first time for user root to log in to the VM, the FusionAccess portal is displayed.
– Press ↑ and ↓ to move the cursor upwards and downwards.
3 Go to the Software directory, select UNS > Install UNS, and install the component as
prompted. The system displays the following information after the installation is
complete.
UNS installed successfully.

Install other UNS VMs.
4 Log in to other UNS VM as user root using VNC.

FusionCloud Desktop
5 Install the UNS component on other UNS VM in the same way.

----End
6.6.3 Installing the vLB Component
Scenarios
Either vLB or Global Server Load Balancing (GSLB) can be used to implement load
balancing of UNSs. Deploy the vLB component if the number of users is less than 20000 and
there is no requirements for preferential access to local VMs. For details about the
deployment solutions, see UNS Deployment Scheme.
NOTE
Do not deploy the vLB component on the same VM with WI and UNS components.
Prerequisites
Conditions
Data
Procedure
Install the vLB component.
1 Log in to the VM for deploying the vLB component using VNC as user root.
2 Move the cursor to Software > vLB[Option] in the navigation tree, and press Enter.
NOTE
3 On the Install or Uninstall or Configure vLB screen, select Install vLB and press
Enter.
4 On the confirmation screen, press Enter.
5 When "vLB installed successfully." is displayed. Press Enter.
Configure an IP address for the UNS server.
6 Choose vLB[Option] > Configure vLB > Configure WI/UNS.
7 On the displayed screen, press Enter.
8 On the displayed screen, enter the service plane IP address of the WI server.
– For enterprise internal user access, enter the WI server IP address for enterprise
internal user access.
– For Internet user access, enter the WI server IP address for Internet user access.
NOTE
If only one UNS server is planned, enter the service plane IP address of this UNS server.
9 When "WI IP address configured successfully." is displayed, press Enter.
Configure HA and the floating IP address.
10 In the navigation tree, choose vLB[Option] > Configure vLB > Configure HA and set

FusionCloud Desktop

displayed.
11 In the navigation tree, choose vLB[Option] > Configure vLB > Configure Float IP
Install the vLB component on the other VM.
12 Log in to the second VM using VNC as user root.
13 Install the vLB component in the same way.
----End
6.6.4 Configuring the UNS
Scenarios
Log in to the FusionAccess portal to configure the Unified Name Service (UNS).
Prerequisites
Conditions
You have unlocked the systemman account.
Data
Procedure
Configure the UNS.
NOTE
The default certification default use RSA 1024 bit algorithm between FusionAccess and UNS, If
connection to V100R005 version FusionAccess only, please replace the UNS certificates using
FusionAccess Certificate Replacement Tool.
1 In the address box of your web browser, enter http://service plane IP address of the
active IT adapter (ITA) server that manages the UNS:8081 to log in to related
FusionAccess. The address of FusionAccess is the IP address of the ITA configured in
Installing the UNS Component and Installing the vLB Component.
2 On the FusionAccess page, choose System. In the navigation tree on the left, choose
Initial > Desktop Components.
3 In the UNS Information area, click , and set the following parameters:
7

FusionCloud Desktop
– UNS Information
n UNS name: Specify the UNS name, for example, UNS01.
n UNS IP: Specify the service plane IP address of the UNS server. You can click
to add more UNS servers.
n SSH Account: The default value is gandalf.
n Password: The password of SSH, The default value is Huawei@123.
n port: Retain the default value 4477.
n Style: Specify a login page style to be presented to end users.
n Service access gateway: Specify whether to enable the service access
gateway. Select Open or Disable based on actual conditions.
n Auto run Self-help console: If you select Open, the self-service console is
automatically enabled when a user logs in to a VM in the shutdown or
abnormal state.
n Login retry Times: This parameter takes effect when Auto run Self-help
console is set to Open. It specifies the maximum retry times for establishing a
connection between the self-service console and the UNS server. The value is
a positive integer. The default value is 4.
n Authentication Type: Specify the authentication mode when the UNS
connects to the WI. User Authenticate is selected by default.
○ User Authenticate: The domain username and password entered on the
UNS are used for authentication.
○ System Authenticate: The username and password configured by the
system are used for authentication. Enable the NBI authentication account
on the WI before system authentication is implemented, and ensure that
the authentication accounts of all WIs connected to the UNS are the same.
○ Select System Authenticate when a mobile terminal is used to log in to
the UNS, a dynamic password is used to log in to the UNS, and a
customized UNS is used.
n Account: Specify the WI NBI account. The default value is WIRestUser.
n Password: Specify the WI NBI account password.
– Synchronization Info
Set Synchronization Time to the time for the data synchronization between the
UNS and the ITA. You can click to add multiple data synchronization time
points. However, it is recommended that the synchronization be performed once
every day in off-peak hours.
4 In the ITA List area, click to configure FusionAccess to be connected to
the UNS. To configure multiple sets of FusionAccess, click repeatedly.

– Set ITA Information to the ITA of a set of FusionAccess connected to the UNS.
n Set ITA Version to the version of FusionAccess.
n Set Main IP to the service plane IP address of the active ITA server.
n Retain the default value 8773 for Port.
n If ITA Version is set to V100R002, Port is 8773 by default; if ITA Version is
set to V100R005, Port is 7773 by default.

FusionCloud Desktop
n Set Backup IP to the service plane IP address of the standby ITA server.
n If ITA Version is set to V100R002, Port is 8773 by default; if ITA Version is
set to V100R005, Port is 7773 by default.
n Set ITA Account to the account for the ITA to communicate with the UNS.
The default account is systemman.
n Set Password when the activation of the FusionAccess ITA systemman user,
for details to see (Optional) Unlock NBI User and Reset the Password.
– S*et WI List to the WI of a set of FusionAccess connected to the UNS. You can
click to add more WIs.
n Set WI name to the name of a WI cluster that corresponds to a set of
FusionAccess interconnected with the UNS. The name must be the same as the
WI cluster name configured on the ITA of the set of FusionAccess.
NOTE
The name of each WI cluster interconnected with the UNS must be unique. In case of
duplicate cluster name, change the WI cluster name on the related ITA to ensure that the
name of the WI cluster interconnected with the UNS is unique.
n Set LB IP to the floating IP address of the LB if the LB is deployed in
FusionAccess connected to the UNS.
n Set WI IP to the service plane IP address of a WI server if the LB is not
deployed in FusionAccess connected to the UNS.
n Set Global to Yes if a WI cluster contains only dynamic pool desktop groups
and the desktop groups can be accessed by the users of the UNS cluster;
otherwise, set this parameter to No. If this parameter is set to Yes, any user can
access a VM through the UNS after passing the authentication on the WI and
the UNS does not need to synchronize the user data from the ITA. If this
parameter is set to No, only the users of the WI cluster can access VMs after
passing the authentication on the WI.
5 After setting the preceding parameters, click OK twice as prompted.
Copy the protocol client matching the version of FusionAccess connected to the UNS to a specified
directory on each UNS server.
NOTICE
For example, if the version of FusionAccess connected to the UNS is V100R002C01, copy
the protocol client matching FusionAccess V100R002C01.
6 Log in to the WI server as user gandalf using the WinSCP tool. Copy the Clients folder
in C:\inetpub\wwwroot\VDesktop on a WI server to /opt/WI/tomcat/WI/ROOT/
plugin on each UNS server.
7 Copy the protocol client of the correct version to other UNS servers in the same way.
----End

FusionCloud Desktop
6.7 (Optional) Enabling Internet User Access

6.7.1 Deployment Solutions for Internet User Access
Deployment Overview
The deployment solutions for Internet user access are based on deployment solutions II and
IV for intranet user access (see Deployment Schemes of Gateway and Loading Balancing
Components). The following two deployment solutions are available:
l VM deployment with HDP passing through the gateway
In addition to the components required in the deployment solution for intranet user
access, the following components need to be added:
– vAG+vLB: The vAG is used for self-service maintenance access and service
access, and the vLB is used for load balancing. The vAG and vLB are deployed on
the same VM.
– WI: provides a web interface for Internet user access.
l Physical server deployment with HDP passing through the gateway
In addition to the components required in the deployment solution for intranet user
access, the following components need to be added:
– SVN: used for load balancing and service access.
– WI: provides a web interface for Internet user access.
vAG/vLB Deployment with HDP Passing Through the Gateway

Two VMs are added to deploy the WI, and two VMs are added to deploy the vAG/vLB. They
share the HDC with the WIs and vAG/vLBs in the typical deployment. A firewall is
configured to ensure access security of Internet users. Figure 6-55 shows the networking.

FusionCloud Desktop
Figure 6-55 Networking for intranet and Internet access
Enterprise HTTPS HTTPS REST

internal users
vLB WI
VNC/HDP VNC/HDP
Internal network
access data stream
vAG
FireWall VM
vAG
HDC
External network
access data stream VNC/HDP
VNC/HDP
Internet users vLB
HTTPS REST
HTTPS
Table 6-25 describes the VMs to be added.

FusionCloud Desktop
Table 6-25 VMs to be added for Internet user access

De WI VMs vAG/vLB VMs and vAG VMs
pl
oy Less than 500 to 1000 Users 1000 to 2200 Users
me 500 Users
nt
Re
qu
ire
me
nts
Nu 2 VMs 2 VMs 5 VMs 8 VMs

mb Deploy the l Two VMs: Deploy the l Two VMs: Deploy the
er vAG and vAG and vLB on each vAG and vLB on each
of vLB on each VM. VM.
V VM.
Ms l Other three VM: Use l Other six VMs: Use
one CNA as the two CNA as the
gateway cluster, and gateway cluster, and
create 3 VM to deploy create 3 VM on each
the vAG. The vAG VM CNA gateway cluster
specifications are 4 nodes respectively to
vCPUs and 4 GB deploy vAGs. The
memory. vAG VM
specifications are 4
vCPUs and 4 GB
memory.
Op Load- The vLBs work in active/standby mode, and the vAGs work in load-
era sharing sharing mode.
tin mode
g
mo
de
V The WI The vAG VMs must be deployed on different CNAs.

M VMs
loc must be
ati deployed
on on
different
CNAs.
The installation and configuration process is as follows:

1. Create VMs for deploying the WI and vAG/vLB components. For details, see
Configuring Linux Infrastructure VMs. Table 6-26 shows the VM specifications.

FusionCloud Desktop

Compone Location and Properties VM Specifications
nt
vAG/vLB l Location l NIC Settings:

Active and standby VMs are created on Configure the first
different CNAs in the management cluster. NIC as the service
The active node is created on the first plane NIC, and
CNA, and the standby node is created on configure the
the second CNA. second NIC as the
management plane
l VM name: NIC.
User-defined. FA-vAGvLB-01 is l Disk Settings
recommended for the active node, and FA-
vAGvLB-02 is recommended for the – Data store:
standby node. Select
unvirtualized
l OS type: Linux data storage
l OS Version resources.
Novell SUSE Linux Enterprise Server 11 – Configuration
SP1 64-bit mode:
l Hardware Common
8 vCPUs/8 GB memory/1 disk/2 NICs – Capacity (GB):
30
l QoS Settings
NOTE
– CPU Resource Control To improve data
Quota: Select Customize from Quota reliability, select
data stores on
and set the quota to the maximum value different RAID
128000. This setting guarantees CPU groups for the VMs
resources for the management node working in active/
VMs on a CNA in resource contention. standby mode.
Reserved (MHz): Set it to the l Retain the default
maximum value. values for other
– Memory Resource Control parameters.
Reserved (MB): Set it to 4096.

l In Advanced Settings, set NIC type to
HW_V_NET.
l Retain the default values for other
parameters.

FusionCloud Desktop

nt
WI l Location l NIC Settings:

The active and standby VMs must be Select the port
deployed on different CNAs. group on the
service plane.
l OS Version
l Disk Settings
Novell SUSE Linux Enterprise Server 11
SP1 64-bit – Data store:
Select
l Hardware unvirtualized
2 vCPUs/4 GB memory/1 disk/1 NIC data storage
l QoS Settings resources.
– CPU Resource Control – Configuration
mode:
Quota: Select Customize from Quota Common
and set the quota to the maximum value
128000. This setting guarantees CPU – Capacity (GB):
resources for the management node 30
VMs on a CNA in resource contention. NOTE
To improve data
– Memory Resource Control reliability, select
Reserved (MB): Set it to 4096, which is data stores on
the same as the VM memory size. different RAID
groups for the VMs
working in active/
standby mode.
l Retain the default
values for other
parameters.

FusionCloud Desktop

nt
vAG l Location l NIC Settings:

The vAG VMs must be deployed on Configure the first
different CNAs. NIC as the service
plane NIC, and
l OS Version configure the
Novell SUSE Linux Enterprise Server 11 second NIC as the
SP1 64-bit management plane
l Hardware NIC.
4 vCPUs/4 GB memory/1 disk/2 NICs l Disk Settings
l QoS Settings – Data store:
Select
– CPU Resource Control unvirtualized
Quota: Select Customize from Quota data storage
and set the quota to the maximum value resources.
128000. This setting guarantees CPU – Configuration
resources for the management node mode:
VMs on a CNA in resource contention. Common
Reserved (MHz): Set it to the – Capacity (GB):
maximum value. 30
– Memory Resource Control NOTE
Reserved (MB): Set it to 8192. To improve data
reliability, select
l Retain the default values for other data stores on
parameters. different RAID
groups for the VMs
working in active/
standby mode.
l Retain the default
values for other
parameters.
2. Install the WI component on VMs. For details, see Installing the WI Component.
IP address planning example:
– Service IP address of the first WI server: 192.168.181.71
– Service IP address of the second WI server: 192.168.181.72
3. Install the vAG and vLB components on VMs. For details, see Installing the vAG and
vLB Components.
– Service IP address of the first VM (NIC 1): 192.168.181.81
– Management IP address of the first VM (NIC 2): 192.168.180.81
– Service IP address of the second VM (NIC 1): 192.168.181.82
– Management IP address of the second VM (NIC 2): 192.168.180.82
– vLB floating IP address: 192.168.181.80

FusionCloud Desktop
NOTE
To prevent access from Internet users to the management port of the vAG/vLB server, change the
IP address bound to port 22 of the vAG/vLB server. For details, see Changing the IP Address
Bound to Port 22 of the vAG/vLB Server.
4. Install the vAG server. For details, see Installing the vAG and vLB Components.
IP address planning example for one vAG VM:
– Service IP address (NIC 1): 192.168.181.93
– Management IP address (NIC 2): 192.168.180.93
NOTE
To prevent access from Internet users to the management port of the vAG server, change the IP
address bound to port 22 of the vAG server. For details, see Changing the IP Address Bound to
Port 22 of the vAG/vLB Server.
5. Configure the WI information on the ITA to enable Internet user access. For details, see
Configure the WI, Service Access Gateway config, and Self-help console gateway
config in Configuring Desktop Components.
Table 6-27 Configuring WI information

Parameter IP Addresses Port
Service Access Gateway Public IP address of the 8443

config vAGs
Self-help console gateway

config
6. Configure the firewall.

– If multiple public IP addresses exist, configure IP address mapping. Table 6-28
describes the configuration requirements.
Table 6-28 IP address mapping requirements

Before Mapping After Mapping
Destination IP Source IP Destination IP Source IP

Address and Address and Address and Address and
Port Port Port Port
Public IP Terminal IP vLB floating IP Service IP address

address_1:443 address:443 and port
(used to access
the WI)
Public IP Terminal IP Service IP address Service IP address

address_2:8443 of the active vAG and port
(used to access server:8443
the access
gateway)

FusionCloud Desktop

Port Port Port Port

address_3:8443 of the standby and port
(used to access vAG server:8443
the access
gateway)
– If only one public IP address exists, configure port mapping. Table 6-29 describes
the configuration requirements.
Table 6-29 Port mapping requirements


Port Port Port Port
Public IP Terminal IP vLB floating IP Service IP address

address_1:443 address:443 and port
(used to access
the WI)

address_1:port 1 of the active vAG and port
(used to access server:8443
the access
gateway)

address_1:port 2 of the standby and port
(used to access vAG server:8443
the access
gateway)
NOTE
You are advised to use continuous IP addresses so that the vLB can evenly distribute access
requests to WIs.
SVNr Deployment with HDP Passing Through the Gateway

Two WI servers are added, and a virtual gateway is added to the SVN. Figure 6-56 shows the
networking.

FusionCloud Desktop
Figure 6-56 Networking in which internal and external users are connected
Enterprise
internal users WI
HTTPS REST
VNC/HDP
Internal network access data stream
HTTPS/
VNC/HDP
VM
FireWall SVN
External network access data stream HDC
VNC/HDP
Internet users HTTPS

REST
WI
The installation and configuration process is as follows:

1. On the SVN, add a virtual gateway and configure a load balancing IP address and an
access gateway IP address for it.
2. Create Linux VMs for installing the WI component. For details, see Configuring Linux
Infrastructure VMs. Table 6-30 shows the deployment requirements.
Table 6-30 Deployment requirements

Indicator WI
Number of 2
VMs

FusionCloud Desktop
Indicator WI
VM l Location
specifications The active and standby VMs must be deployed on different CNAs.
l OS Version
Novell SUSE Linux Enterprise Server 11 SP1 64-bit
l Hardware
2 vCPUs/4 GB memory/1 disk/1 NIC
l QoS Settings
– CPU Resource Control
Quota: Select Customize from Quota and set the quota to the
maximum value 128000. This setting guarantees CPU
resources for the management node VMs on a CNA in
resource contention.
– Memory Resource Control
Reserved (MB): Set it to 4096, which is the same as the VM
memory size.
l NIC Settings: Select the port group on the service plane.
l Disk Settings
– Data store: Select unvirtualized data storage resources.
– Configuration mode: Common
NOTE
To improve data reliability, select data stores on different RAID groups for
the VMs working in active/standby mode.
l Retain the default values for other parameters.
Operating Load-sharing mode

mode
VM location The WI VMs must be deployed on different CNAs.
3. Install the WI component on VMs. For details, see Installing the WI Component.
– Service IP address of the first WI server: 192.168.181.71
– Service IP address of the second WI server: 192.168.181.72
4. Configure WI access information for Internet users on the ITA. For details, see
Configure the WI in Configuring Desktop Components.
Pay special attention to the following parameters:
– WI cluster name: Enter the name of an independent WI cluster exclusively used
for Internet users.
– Service Access Gateway config: Enter the public IP address of the access
gateway and port number 443.
– Self-help console gateway config: Enter the public IP address of the access
gateway and port number 443.

FusionCloud Desktop
5. Configure the firewall.

– If multiple public IP addresses exist, configure IP address mapping. Table 6-31
describes the configuration requirements.
Table 6-31 Firewall mapping requirements
Destination Source IP Destination IP Source IP Address

IP Address Address Address and Port and Port
and Port and Port
Public IP Terminal Load balancer IP:443 The source IP address

address_1:443 IP and port remain the
(used to same.
access the WI)
Public IP Terminal Access gateway IP:443 The source IP address

address_2:443 IP and port remain the
(used to same.
access the
access
gateway)
– If only one public IP address exists, configure port mapping. Table 6-32 describes
the configuration requirements.
Table 6-32 Port mapping requirements
Destination Source IP Destination IP Source IP Address

IP Address Address Address and Port and Port
and Port and Port
Public IP Terminal Load balancer IP:443 The source IP address

address_1:port IP and port remain the
1 (used to same.
access the WI)
Public IP Terminal Access gateway IP:443 The source IP address

address_1:port IP and port remain the
2 (used to same.
access the
access
gateway)
NOTE
l Port 1 and Port 2 are defined by users. Ensure that the ports are enabled.
l You are advised to use continuous IP addresses so that the SVN can evenly distribute access
requests to WIs.

FusionCloud Desktop
6.7.2 Installing the vAG Component
Scenarios
Install the vAG component. The vAG component serves as the desktop access gateway and
self-service console gateway. If a user cannot log in to the VM, the user can use the VNC self-
service console to log in to the VM.
If VM Deployment with HDP Passing Through the Gateway is used and the number of
users ranges from 500 to 2200, additional vAG VMs need to be deployed to ensure system
reliability.
l If the number of users ranges from 500 to 1000, use one CNA as the gateway cluster, and
create 3 VM to deploy the vAG. The vAG VM specifications are 4 vCPUs and 4 GB
memory.
l If the number of users ranges from 1000 to 2200, create 6 VM on 2 CNA gateway cluster
nodes respectively to deploy vAGs. The vAG VM specifications are 4 vCPUs and 4 GB
memory.
l 3 VMs for 500 to 1000 users
l E6 VMs for 1000 to 2200 users
Prerequisites
Conditions
Data
There are no special datas for this operation.
Procedure
Install the vAG component.
1 Log in to the first vAG/vLB server using VNC as user root.
2 Enter startTools.
NOTE
3 Choose Software > vAG[Option], and press Enter.
4 On the Select an Option screen, choose Install vAG and press Enter.
The system displays "Are you sure you want to install vAG?"
5 Press Enter.
The vAG component is successfully installed if "vAG installed successfully" is
displayed.
6 Press Enter.
vAG/vLB Configuration.
7 In the vAG/vLB Configuration area, click , and set the following

parameters:

FusionCloud Desktop
– Server IP: Enter the service IP address of the vAG server.

– Deploy Type: Specify whether vAGs and vLBs are independently deployed or
deployed together.
– Description: (Optional) Describe something about the vAG server.
8 Repeat 7 to add all the vAG servers.
----End
6.7.3 Installing the WI Component
Scenarios
Perform this operation only in Internet user access scenarios. For details about the deployment
solution, see Deployment Solutions for Internet User Access.
Prerequisites
Conditions
The Linux VM has been created and configured.
Data
Procedure
Install components.
1 Log in to a VM that is used to install the WI as the root user by using the Virtual
Network Computing (VNC) mode.
2 Enter startTools.
NOTE
– If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
– Press ↑ and ↓ to move the cursor upwards and downwards.
3 Go to the Software directory, select the component to be installed on the VM, and install
the component as prompted. The system displays the following information after the
installation is complete.
WI installed successfully.
Install the Second WI VM.
4 Log in to the Second WI VM as the root user by using the VNC mode.
5 Repeat the previous steps to install the standby WI VM.
----End

FusionCloud Desktop
Software Installation Guide 7 Appendixes
7 Appendixes
About This Chapter
7.1 Other Software Installation Solutions

7.2 Operations Related to Software Installation

FusionCloud Desktop
7.1 Other Software Installation Solutions

7.1.1 DB Independent Deployment
Scenarios
When the DB is separately deployed from other infrastructure components, such as HDC, you
need to manually configure related information, such as the ITA IP address, DNS, and NTP,
on the DB server.
Prerequisites
Conditions
The GaussDB has been installed.
Data
Procedure
1 Log in to the GaussDB infrastructure VM using VNC as user root.

2 Run the following command to configure the ITA information:
sh /opt/HA/configITA.sh config service IP address of active ITA service IP address of
standby ITA
Example: sh /opt/HA/configITA.sh config 192.168.131.62 192.168.131.64
3 Run the following command to configure the NTP information:
sh /opt/HA/ntpconfig.sh config FQDN
Example: sh /opt/HA/ntpconfig.sh config vdesktop.huawei.com
4 Run the following command to configure the DNS information:
sh /opt/InstallTools/ConfigDNS.sh service IP address of active DNS service IP address
of standby DNS
Example: sh /opt/InstallTools/ConfigDNS.sh 192.168.131.66 192.168.131.67
5 Run the following command to configure the Loggetter information:
sh /opt/BackupTools/backupCfg.sh config service IP address of the Loggetter ftp
username ftp password ftp port
Example: sh /opt/BackupTools/backupCfg.sh config 192.168.131.69 ConfBack_user
Huawei123# 989
6 Repeat the 1 to 5 to configure the standby GaussDB infrastructure VM.
----End
7.1.2 Clock Synchronization Schemes

Clock synchronization is a prerequisite for stable running of the FusionCloud desktop system.
If clocks are not synchronized, system management will be in chaos. Clock synchronization

FusionCloud Desktop
ensures time consistency between the FusionCloud desktop system and virtual machines
(VMs).
l If the customer does not provide the external clock source and Huawei provides the
active directory (AD) (the AD is a FusionAccess component), the scheme in which the
AD synchronizes time with the hosts of the active and standby VRMs of FusionCompute
over the management plane is recommended, that is, Scheme 1: AD Synchronizing
Time with hosts of the active and standby VRMs of FusionCompute.
l If the customer provides a stable clock source, no matter whether the AD is provided by
the customer or Huawei, the Scheme 2: Clock Synchronization Scheme When the
Customer Provides a Stable Clock Source clock synchronization scheme is used.
l In the case of desktops without a domain, if the customer provides a stable clock source,
the Scheme 3: Clock Synchronization Scheme When the Customer Provides a
Stable Clock Source in the Case of Desktops Without a domain clock
synchronization scheme is used.
l In the case of desktops without a domain, if the customer does not provide an external
clock source, the scheme in which the time is synchronized from the hosts of the active
and standby VRMs of FusionCompute is recommended, that is, Scheme 4: Time
Synchronized from the hosts of the active and standby VRMs of FusionCompute.
Scheme 1: AD Synchronizing Time with hosts of the active and standby VRMs
of FusionCompute
When the customer does not provide an external clock source and the AD is provided by
Huawei, the AD synchronizes time with the hosts of the active and standby VRMs of
FusionCompute over the management plane, and other components of FusionAccess
synchronize time with the AD, as shown in Figure 7-1.

FusionCloud Desktop
Figure 7-1 AD synchronizing time with hosts of the active and standby VRMs of
FusionCompute
FusionCompute
Stratum 1 clock
source
CNA of the VRM
VRM
FusionManager FusionAccess
Stratum 2 clock
Stratum 2 clock source
source
AD
IP SAN Stratum 3 clock

TCM
source
Switch
Server SVN Firewall User VM Infrastructure VM: TC

WI/HDC/ITA...
Management plane clock signal path
Service plane clock signal path
The clock synchronization scheme is as follows:

l Configure the VRM nodes of FusionCompute to synchronize time with the CNA where
the VRM of FusionCompute is deployed.
l Configure FusionManager to synchronize time with the CNA where the VRM of
FusionCompute is deployed.
l Configure the AD to synchronize time with the CNA where the VRM of FusionCompute
is deployed.
l Configure servers, firewalls, switches, Internet Protocol storage area network (IP SAN),
and Secure Sockets Layer virtual private network (SVN) to synchronize time with
FusionManager.
l Configure user VMs and infrastructure VMs, including the Thin Client Manager (TCM),
to synchronize time with the AD.
l Configure the TCM as a stratum 3 clock source so that TCs can synchronize time with
the TCM.

FusionCloud Desktop
NOTE
If the TCM is not deployed, the customer must provide a clock source for TCs to synchronize
time.
Scheme 2: Clock Synchronization Scheme When the Customer Provides a Stable

Clock Source
The customer provides a stable clock source under the following circumstances:
l If the AD is provided by the customer, it is recommended that the management plane and
service plane synchronize time with the AD, as shown in Figure 7-2.
l If the AD is provided by Huawei, it is recommended that the management plane and AD
synchronize time with the clock source provided by the customer and other components
of FusionAccess synchronize time with the AD, as shown in Figure 7-3.
Figure 7-2 Clock synchronization scheme When the customer provides the clock source and
AD
Customer' AD
FusionCompute
Stratum 2 clock
source
CNA of the VRM

VRM
Stratum 3 clock
source

TCM
source
Switch
Firewall User
Server SVN Infrastructure VM: TC
VM
WI/HDC/ITA...

FusionCloud Desktop
l Configure the VRM and CNA nodes of FusionCompute to synchronize time with the
customer's AD.
l Configure components of FusionAccess to synchronize time with the customer's AD.
l Configure servers, firewalls, switches, IP SAN, and SVN to synchronize time with
FusionManager.
l Configure user VMs and infrastructure VMs, including the TCM, to synchronize time
with the AD.
the TCM.
NOTE
time.

FusionCloud Desktop
Figure 7-3 Clock synchronization scheme when the customer provides the clock source and
Huawei provides the AD
Customer's clock source
FusionCompute
Stratum 2 clock
source
CNA of the VRM

VRM
Stratum 3 clock Stratum 2 clock
source source
AD

TCM
source
Switch
Server SVN Firewall User VM Infrastructure VM: TC

WI/HDC/ITA...

l Configure the VRM and CNA of FusionCompute to synchronize time with the
customer's clock source.
l Configure the AD of FusionAccess to synchronize time with the customer's clock source.
l Configure servers, firewalls, switches, IP SAN, and SVN to synchronize time with
FusionManager.
l Configure user VMs and infrastructure VMs, including the TCM, to synchronize time
with the AD.
the TCM.

FusionCloud Desktop
NOTE
time.
Scheme 3: Clock Synchronization Scheme When the Customer Provides a Stable

Clock Source in the Case of Desktops Without a domain
If no AD is deployed, that is, desktops without a domain are used, and the customer provides
a stable clock source, the clock synchronization scheme shown in Figure 7-4 is used.
Figure 7-4 Clock synchronization scheme when the customer provides a stable clock source
in the case of desktops without a domain
Customer's clock source
FusionCompute
Stratum 2
clock source
VRM CNA of the VRM
FusionAccess
Stratum 3
clock source
TCM
DB/WI/HDC/LIC/vAG/ User VM ITA/Loggetter
vLB infrastructure VM Infrastructure VM
TC

l Configure the VRM and CNA nodes of FusionCompute to synchronize time with the
customer's clock source.

FusionCloud Desktop
l Configure the database, Web interface (WI), Huawei Desktop Controller (HDC), license,
virtual access gateway (vAG), and virtual load balancer (vLB) Linux infrastructure VMs
to synchronize time with the customer's clock source.
l Configure user VMs and Windows infrastructure VMs, including the ITA and Loggetter,
to synchronize time with the CNA where the VRM of FusionCompute is deployed.
l Configure user VMs to automatically synchronize time the CNA where the VRM of
the TCM.
NOTE
time.
Scheme 4: Time Synchronized from the hosts of the active and standby VRMs of
FusionCompute
When no AD is deployed, that is, desktops without a domain are used, and the customer does
not provide an external clock source, the scheme in which components of FusionAccess
synchronize time with the hosts of the active and standby VRMs of FusionCompute is used,
as shown in Figure 7-5.
Figure 7-5 Time synchronized from the hosts of the active and standby VRMs of
FusionCompute
Stratum 1
FusionCompute
clock source
CNA of the VRM
VRM
FusionAccess Stratum 2
clock source
User VM Infrastructure VM TCM
TC

FusionCloud Desktop

l Configure the VRM of FusionCompute to synchronize time with the CNA where the
VRM of FusionCompute is deployed.
l Configure infrastructure VMs to synchronize time with the CNA where the VRM of
l Configure user VMs to automatically synchronize time with the CNA where the VRM of
the TCM.
NOTE
time.
7.1.3 GSLB Deployment Scheme
Scheme Overview
The Global Server Load Balancing (GSLB) can adjust the traffic between servers in different
locations on wide area networks (WANs), including the Internet, to ensure that each user can
enjoy the services provided by the nearest server and guarantee the best service quality.
Based on data loads such as the CPU usage and bandwidth usage, the GSLB can determine
the link between the user (visitor) and the server, and select the server with the best link.
Common GSLB policies include the DNS-based policy, redirection-based policy, and routing
protocol-based policy.
This section describes the DNS-based GSLB policy. Most applications using the load
balancing technology access the target host using domain names. After an application
connection request is sent, the DNS obtains the server IP address and then returns the service
IP address of the most appropriate server based on intelligent decision-marking, ensuring the
proper running of services.
The service processing capability is the concern of the GSLB service redundancy disaster
recovery (DR) solution, that is, the GSLB service redundancy DR solution ensures the
continuous service operation after a disaster occurs. In other words, a DR center equivalent to
the production center is constructed in a DR site (these two centers can work in the load
sharing mode) to ensure that services provided by the information system can run
continuously.
In the FusionCloud Desktop Solution, the GSLB selects the data center that distributes
desktop resources to users, ensuring that users can connect to their desktops. Based on the
running status of the data center and geographical positions of users, the GSLB selects
policies to implement automatic load balancing and DR switchover among data center
desktops.
GSLB Service Redundancy DR Solution

The GSLB service redundancy DR solution applies to scenarios where the data DR is not
required but key services must be available, for example, business halls, customer service
agents, and tenant call centers. In these scenarios, service resource properties of the active and
standby data centers must be configured based on the same specifications to ensure that
services will not be affected after DR switchover. For example, in the FusionCloud Desktop

FusionCloud Desktop
Solution, user VMs must be configured with the same performance and specifications to
ensure the continuous running of services after DR switchover.
Figure 7-6 describes the recommended networking of the GSLB service redundancy DR
solution.
TCs in physical site A can access VMs in data center A using GSLB_A. Data center B is the
service DR site of data center A.
TCs in physical site B can access VMs in data center B using GSLB_B. Data center A is the
service DR site of data center B.
Figure 7-6 GSLB service redundancy DR networking
Access to WI
Component communication
Cross-region communication
TC_A TC_B
GSLB_A GSLB_B
Site A Site B
LB_A LB_B
WI_A1 WI_A2 WI_B1 WI_B2

WI cluster A WI cluster B
Working principles:
1. On the TC, set the IP addresses of the active and standby DNS to the GSLB IP addresses
of the two data centers. The GSLB resolves the domain name.
2. The GSLB monitors the running status of data centers. The domain name is usually
resolved as the access IP address of the active data center where the user locates. This
allows the user access request to be routed to the active user desktop.
3. The GSLB is configured with the DNS resolution policy, which provides the intelligent
resolution based on the source IP address of TCs. For example, if the source IP address
of a user belongs to the IP address segment A, the data center whose IP address belongs
to segment A is the active data center for the user and the data center whose IP address
belongs to segment B is the standby data center for the user. Similarly, if the source IP
address of a user belongs to the IP address segment B, the data center whose IP address
belongs to segment B is the active data center for the user and the data center whose IP
address belongs to segment A is the standby data center for the user. This enables the
user to log in to the VM of the active data center as the preferred choice.

FusionCloud Desktop
4. The two data centers share the same VM username and password to ensure uninterrupted
services. Therefore, it is recommended that unified AD domain controllers be used.
When a user changes the password, the AD domain controllers synchronize the data. The
AD domain controller of site A is configured in data center A while the AD domain
controller of site B is configured in data center B to ensure that the AD domain controller
in data center B can take over services when the AD domain controller in data center A
is faulty.
5. Virtual desktops are distributed in pool mode to fully use VM resources. VMs are not
bound to users.
6. Maintenance operations, such as the upgrade and patch installation, must be performed
on the two data centers respectively. If the two data centers are in the same AD domain,
data can be synchronized using the data copying mechanism.
GSLB DR Solution
Working principles:
1. When the TC detects a fault on the GSLB providing active DNS services, the system
automatically sends the DNS request to the GSLB providing the standby DNS services.
The GSLB resolves the request to the access IP address of the standby virtual desktop of
the user. The user can use this IP address to access the virtual desktop of the standby data
center.
2. After the fault is rectified, the new DNS request is sent to the GSLB providing active
DNS services. The DNS resolves the request to the IP address of the active site so that
the user can use the original active virtual desktop.
3. When the LB is faulty or all WIs are faulty on the active site, the GSLB of the active site
sends the login request to the LB of the standby site. Then the user can log in to the VM
of the standby site to continue services. After the fault is rectified, the user can log in to
the VM of the active site as the preferred choice.
Deployment Requirements
Table 7-1 describes the component deployment requirements.
Table 7-1 GSLB service DR deployment requirements

Item Requirement
FusionAccess system Infrastructure VMs are deployed on two sites.
DHCP server The DHCP server is deployed and running properly.
Terminals The IP address segment of TCs is planned and the IP address

can be obtained using the DHCP server.
GSLB device The GSLB device provides the intelligent DNS function and
can select a site based on the source IP address of the TC.
Configuration Process
The following uses NetScaler as an example.

FusionCloud Desktop
1. Log in to the active NetScaler configuration management page, import the GSLB license
file, and start the GSLB service.
2. Add the GSLB IP address that is planned to the active NetScaler.
3. Create a local site and a remote site on the active NetScaler.
4. Configure a local GSLB service and a remote GSLB service on the active NetScaler.
5. Configure a local GSLB virtual server on the active NetScaler.
6. Create a DNS server on the active NetScaler, and set the DNS IP address to the GSLB IP
address.
7. Create a static table file based on the TC IP address segment that is planned, and import
the static table to NetScaler. This allows the user in the TC IP address segment of site A
to access site A as the preferred choice. Similarly, the user in the TC IP address of site B
can access site B as the preferred choice.
8. Configure the GSLB DR on site B in the same way.
NOTE
l For details about the NetScaler installation and configuration, see NetScaler GSLB Configuration
Guide.
l For the GSLB service DR deployment of F5 and Array, see the installation and configuration
process of NetScaler.
7.1.4 Deployment Schemes of Gateway and Loading Balancing

Components
Scheme Overview
The gateway and loading balancer functions are as follows:
l Load balancer
The load balancing function can be implemented by the vLB or SVN. Load balancers are
used to allocate users' HTTP(S) requests to different WIs. In addition, load balancer can
automatically perform health check for the WIs to ensure that user requests can be
allocated to available WIs.
l Gateway
The gateway function can be implemented by the vAG or SVN. The gateway is used for
service access over Huawei Desktop Protocol (HDP) and self-help maintenance access.
In addition, the gateway encrypts client access to enhance the system security.
NOTICE
The vAG and components are deployed on VMs, while the SVN component is deployed on a
specified hardware server. Select a deployment scheme based on user types:
l For the deployment scheme used when enterprise internal users are involved, see Table
7-2.
l For the deployment scheme used when Internet users are involved, see Deployment
Solutions for Internet User Access.

FusionCloud Desktop
Table 7-2 Deployment scheme of gateway and loading balancing components

Scenario Comp Number of Users Supported
onent
Scenario 1: VM deployment is vAG/v Two vAG/vLB VMs, supporting a maximum

adopted and HDP does not LB of 5000 users
pass through the gateway.
Scenario 2: VM deployment is vAG/v l When the number of users is less than 500,
adopted and HDP passes LB deploy two vAG/vLB VMs in the
through the gateway. vAG management cluster.
l When the number of users ranges from 500
to 1000, deploy a gateway cluster, add one
CNA to the gateway cluster, and create
three VMs to deploy the vAG components.
The vAG VM specifications are 4 vCPUs
and 4 GB memory.
l When the number of users ranges from
1000 to 2200, deploy a gateway cluster, add
two CNAs to the gateway cluster, create six
VMs to deploy the vAG components, and
create two vAG VMs in the management
cluster. The vAG VM specifications are 4
vCPUs and 4 GB memory.
l When the number of users is more than
2200, contact Huawei technical support to
provide a deployment scheme.
Scenario 3: SVN deployment SVN Two SVN supporting a maximum of 1000

is adopted and HDP does not users
pass through the gateway. Add two SVNs for each 1000 users increased.
Scenario 4: SVN deployment SVN
is adopted and HDP passes
through the gateway.
Scenario 1: VM deployment is adopted and HDP does not pass through the
gateway.
In this scenario, the vLB implements load balancing for WIs, the vAG functions as a self-help
maintenance gateway, HDP does not pass through the vAG, and clients directly communicate
with the VM desktop protocol service. Figure 7-7 shows the networking.

FusionCloud Desktop
Figure 7-7 Networking of scenario 1
HTTPS HTTPS REST
WI HDC
vLB
VNC VNC
FireWall vAG
HDP
VM
Table 7-3 describes the deployment requirements.

Indicator Requirement
Number of VMs 2
l First VM: deploys the vAG and vLB.
l Second VM: deploys the vAG and vLB.
VM specifications 4 vCPUs/4 GB memory/1 disk/2 NICs
Operating mode Two vLB VMs are in active/standby mode, and two vAG VMs are
in load balancing mode.
VM creation Create vAG/vLB VMs on the CNA nodes in the management

location cluster. The vAG VMs must run on different CNA nodes; the vLB
VMs must run on different CNA node.
Data planning For the vAG/vLB data planning requirements, see FusionAccess
Data.
Scenario 2: VM deployment is adopted and HDP passes through the gateway.

In this scenario, the vLB implements load balancing for WIs, the vAG functions as a self-help
maintenance gateway, and HDP passes through the vAG. Figure 7-8 shows the networking.

FusionCloud Desktop
HTTPS HTTPS REST
WI HDC
vLB
VNC/HDP
VNC/HDP
VM
FireWall vAG
Each vAG VM supports 500 users. To ensure reliability, deploy an independent vAG server
when the number of users exceeds 500. This independent vAG server is used to ensure that
users can access virtual desktops properly when a vAG is faulty. Table 7-4 describes the
deployment requirements.
Indicator Requirement (Less Requirement (500 to Requirement (1200

than 500 Users) 1000 Users) to 1500 Users)
Number of 2 5 8
VMs l First VM: deploys l First and second l First and second
the vAG and vLB. VMs: The vAG and VMs: The vAG and
l Second VM: vLB components vLB components
deploys the vAG are deployed on the are deployed on the
and vLB. same VM. The two same VM. The two
VMs must have the VMs must have the
same deployment. same deployment.
l Other three VM: l Other six VMs:
Only the vAG is vAGs are deployed
deployed. based on the same
deployment
requirements.
VM creation Create vAG/vLB l Create 2 vAG VMs l Create 2 vAG VMs

location VMs on the CNA in the management in the management
nodes in the cluster. cluster.
management cluster. l Use 1 CNAs to l Use 2 CNAs to
The vAG VMs must form a gateway form a gateway
run on different CNA cluster. 3 vAG is cluster. 3 vAG is
nodes; the vLB VMs deployed on the deployed on each
must run on different CNA. CNA.
CNA node.
VM 4 vCPUs/4 GB 4 vCPUs/4 GB 4 vCPUs/4 GB

specifications memory/1 disk/2 memory/1 disk/2 NICs memory/1 disk/2 NICs
NICs

FusionCloud Desktop
Indicator Requirement (Less Requirement (500 to Requirement (1200

than 500 Users) 1000 Users) to 1500 Users)
Operating Two vLB VMs are in active/standby mode, and vAG VMs are in load
mode balancing mode.
VM creation The vAG VMs must be created on different CNAs.

location
Data planning For the vAG/vLB data planning requirements, see FusionAccess Data.
vAG data planning requirements (use one vAG VM as an example):
l Service IP address (NIC 1): 192.168.181.91
l Management IP address (NIC 2): 192.168.180.91
Scenario 3: SVN deployment is adopted and HDP does not pass through the
gateway.
In this scenario, the SVN implements load balancing for WIs and functions as a self-help
maintenance gateway, HDP does not pass through the SVN, and clients directly communicate
with the VM desktop protocol service. Figure 7-9 shows the networking.
HTTPS REST
WI HDC
VNC\HTTPS VNC
FireWall SVN
HDP
VM
The SVN deployment requirements are as follows:

l Two SVNs are deployed in active/standby mode.
l The SVN uses single arm mode to mount to the core switch and connects to the core
switch through a trunk port. The trunk port allows service plane IP packets to pass.
l Create a virtual gateway and enable only the load balancing function. Configure the
actual WI addresses that correspond to VIPs.
For details about the SVN operations, see HUAWEI SVN2000&5000 V200R001C01 Web
Typical Configuration Examples 02. The document can be obtained from Product Support >
Enterprise Networking > Security > Firewall & VPN Gateway > SVN5000 > SVN5530-
C1.

FusionCloud Desktop
Scenario 4: SVN deployment is adopted and HDP passes through the gateway.
In this scenario, the SVN implements load balancing for WIs and functions as a self-help
maintenance gateway and service access gateway. Figure 7-10 shows the networking. The
SVN virtual gateway can be used for the access of terminals from the Internet.

WI
REST
PS
H TT
HTTPS/
VNC/HDP VNC HDC
SVN HD VM
FireWall P
VM
The SVN deployment requirements are as follows:

l Two SVNs are deployed in active/standby mode.
l The SVN uses single arm mode to mount to the core switch and connects to the core
switch through a trunk port. The trunk port allows data packets of VLANs configured for
the management plane and service plan on the core switch to pass.
l Select a service plane VLAN randomly to create a service sub-interface and select the
management plane VLAN to create a management sub-interface.
l Create a virtual gateway and enable the load balancing function and security cloud
gateway function. When functioning as a load balancing gateway, the SVN forwards any
IP access requests to WIs; when functioning as a service access gateway, the SVN
accesses the HDP server as an agent HDP client; when functioning as a self-maintenance
gateway, the SVN accesses the VNC server of the UVP on the CNA as an agent self-
service maintenance client. (If the management plane cannot communicate with the
service plane, configure the route from the service plane to the management plane to
ensures that self-service maintenance packets can reach the management network).
For details about the SVN operations, see HUAWEI SVN2000&5000 V200R001C01 Web
Typical Configuration Examples 02. The document can be obtained from Product Support >
Enterprise Networking > Security > Firewall & VPN Gateway > SVN5000 > SVN5530-
C1.
7.1.5 Configuring the Existing AD, DNS, and DHCP Components
Scenarios
If the existing AD, DNS, and DHCP components are used, perform the following operations:
l Set AD, DNS, and DHCP port policies on the firewall.
l Create domain accounts on the AD server and set account rights.

FusionCloud Desktop
l Configure the forward and reverse lookup functions on the DNS server.
Prerequisites
Conditions
The existing AD/DNS/DHCP server is running properly.
NOTE
l FusionAccess is compatible with AD servers that run only Windows Server 2003 and Windows
Server 2008 R2 and Windows Server 2012 R2.
l You need to configure clock synchronization on the AD server.
Data
Procedure
Set firewall ports.
1 If firewalls have been configured between infrastructure VMs and the AD, DNS, and
DHCP components, set AD, DNS, and DHCP port policies on the firewalls. For the port
setting requirements, see FusionAccess Communication Matrix.
Create domain accounts on the AD server and set account rights.
2 Log in to the active AD server as the administrator.
3 Create domain accounts and set account rights. For details, see Creating Domain
Accounts.
Configure the DNS forward and reverse lookup functions.
4 Log in to the active DNS server as the administrator.
5 Choose Start, enter DNS in the Search programs and files text box, and press Enter.
The DNS Manager window is displayed.
6 In the navigation tree, choose DNS > Computer name > Forward Lookup Zones.
Right-click the infrastructure domain, for example, vdesktop.huawei.com, and choose
New Host from the shortcut menu.
7 Enter the host information, select Create associated pointer (PTR) record, and click
Add Host, as shown in Figure 7-11.
Set the following parameters in the New Host dialog box:
– Name: Enter the HDC VM name. The value must be the same as the value of HDC
Name.
– IP address: Enter the HDC service plane IP address.
same time.

FusionCloud Desktop
Figure 7-11 Adding a host
8 If multiple HDCs are deployed in load-sharing mode, repeat 7 to configure forward and
reverse lookup data for each HDC.
9 Repeat 7 to configure the mapping between the vLB floating IP address and the user
login domain name.
– Name: Enter the prefix of the user login domain name. For example, if the
infrastructure domain name is vdesktop.huawei.com, enter fusionaccess in Name.
Fully qualified domain name (FQDN) changes to
fusionaccess.vdesktop.huawei.com.
– IP address: Enter the floating IP address of the VM where the vLB component is
installed.
same time.
10 (Optional) If (Optional) Deploying the UNS is performed, repeat 7 to configure the
mapping between the vLB floating IP address or GSLB load balancing IP address and
the unified login domain name of end users.
– Name: Enter the prefix of the unified login domain name of end users. For
example, if the infrastructure domain name is vdesktop.huawei.com, enter UNS in
Name. Fully qualified domain name (FQDN) changes to
UNS.vdesktop.huawei.com.
– IP address: Enter the vLB floating IP address or the GSLB IP address.
same time.
11 (Optional) In the navigation tree, choose DNS > Computer name > Forward Lookup
Zones. Right-click the infrastructure domain, for example, vdesktop.huawei.com, and
choose Properties from the shortcut menu. If Dynamic updates is None on the General
tab, as shown in Figure 7-12, repeat 7 to set the following parameters:

FusionCloud Desktop
– Forward and reverse lookup data of the active and standby ITA servers:
n Name: Enter the VM name of the active and standby ITA servers.
n IP address: Enter the service plane IP address of the active and standby ITA
servers.
n Select Create associated pointer (PTR) record to add reverse lookup data at
the same time.
– Forward and reverse lookup data of the active and standby AD servers:
n Name: Enter the VM name of the active and standby AD servers.
n IP address: Enter the service plane IP address of the active and standby AD
servers.
n Select Create associated pointer (PTR) record to add reverse lookup data at
the same time.
Figure 7-12 Dynamic update setting
12 Click Done to close the New Host window. In the navigation tree, expand Reverse
Lookup Zones, right-click Reverse IP address segment, and choose Refresh from the
shortcut menu. Check that the DNS reverse lookup information is automatically added.
Check the AD server status.

FusionCloud Desktop
13 Check the AD and DNS server status using the AD check tool in Huawei vTools. For the
check items that do not meet requirements, contact the customer for assistant.
You can obtain the tool from:
– For enterprise users, visit http://support.huawei.com/enterprise and choose
Software > IT > FusionCloud > FusionAccess > FusionAccess >
V100R005C30SPCxxx > V100R005C30SPCxxx
– For telecom carrier users, visit http://support.huawei.com and choose Software >
Carrier IT > FusionCloud > FusionAccess > FusionAccess > FusionAccess
----End
7.1.6 FusionAccess Account Planning in High Security Mode
Domain Account Data
Domain accounts Domain accounts for logging in to the In standard

for logging in to Windows infrastructure VMs (except the deployment, the
infrastructure AD/DNS/DHCP servers). following domain
servers The domain account must be added to the accounts must be
administrator group of the server. created:
l ITA server login
account: itauser
l Loggetter/TCM/
AntiVirus/Patch
server login
account: loguser
Domain The operation for creating the domain vdsadmin

administrator administrator account varies with the AD
account server to be used.
l If an AD server needs to be deployed,
add the domain administrator account to
the Domain Admins group.
l If the customer's AD server is used:
– The customer should provide a
domain administrator account
belonging to the Domain Admins
group.
– If the domain account provided by
the customer is not a domain
administrator account, configure the
rights of creating and deleting
computers for the infrastructure VM
OU. For details, see (Optional)
Configure rights.

FusionCloud Desktop
Tomcat service Account for starting the Tomcat service on ITAServiceUser

domain account an IT adapter (ITA) server.
l AD server:
– If an AD server needs to be
deployed, add the Tomcat server
domain account to the Domain
Admins group.
– If the customer's AD server is used
and the alarms generated by the AD
server need to be monitored by the
ITA, add the Tomcat server domain
account to the Domain Admins
group.
– Add the Tomcat service domain
account to the DHCP Users group
for monitoring DHCP service alarms.
l Other Windows infrastructure VMs:
Add the Tomcat service domain account
Log service Account for accessing the backup service LogServiceUser

domain account when the Loggetter server is deployed.
Creating Domain Accounts
Table 7-6 Creating Domain Accounts

Location Difference
Configure domain In high security mode such as account separation, you need
administrator in Creating to add Tomcat service domain account, for example,
Domain Accounts ITAServiceUser, to Domain Admins and DHCP Users.
Configuring Backup and Security
Table 7-7 Configuring Backup and Security

Location Difference
Install the backup tool in In high security mode such as account separation, you need
Installing the Backup to enter Log service domain account in Shared domain
Tool and Performing user, for example, vdesktop\LogServiceUser.
Security Hardening

FusionCloud Desktop
Installing the ITA Component
Table 7-8 Installing the ITA Component

Location Difference
Add the domain account In high security mode such as account separation, add the
to the administrator following accounts to the administrator group:
group in Installing the l Tomcat service domain account (for example, vdesktop
ITA Component \ITAServiceUser)
l ITADomain accounts for logging in to infrastructure
servers (for example, vdesktop\itauser)
Install the ITA service in In high security mode such as account separation, you need
Installing the ITA to enter Tomcat service domain account and the
Component corresponding password in Username on the Configuration
Page, for example, vdesktop\ITAServiceUser and
Huawei@123.
Install the backup tool in In high security mode such as account separation, you need
Installing the ITA to enter Log service domain account in Shared domain
Component user, for example, vdesktop\LogServiceUser.
Installing the Loggetter Component
Table 7-9 Installing the Loggetter Component

Location Difference
Add domain accounts to In high security mode such as account separation, add the
the administrator group following accounts to the administrator group:
in Install the Loggetter l Tomcat service domain account (for example, vdesktop
service. \ITAServiceUser)
l Domain accounts for logging in to infrastructure
servers(for example, vdesktop\loguser)
l Log service domain account (for example, vdesktop
\LogServiceUser)
Install the Loggetter In high security mode such as account separation, you need
service in Installing the to enter Log service domain account and the corresponding
Loggetter Component password in Username on the Configuration Page, for
example, vdesktop\LogServiceUser and Huawei@123.

FusionCloud Desktop
7.2 Operations Related to Software Installation

7.2.1 Upgrading the PV Driver
Scenarios
Upgrade the PV Driver after installing FusionCompute.
NOTE
Driver) after installing FusionSphere. Otherwise, the PV Driver may fail to be installed.
Prerequisites
Conditions
Data
Software
Table 7-10 lists software to be obtained before the PV Driver is upgraded.
Table 7-10 PV Driver upgrade

Software Description How to Obtain
FusionSphere SIA NOTICE For enterprise users, visit http://

patch. Select the Use the latest support.huawei.com/enterprise and choose
version V1.2.10.150.
software based on the Downloads > IT > FusionCloud >
FusionSphere version: FusionSphere > FusionSphere SIA.
l FusionSphere SIA For carriers, visit http://
V1.2.10.150_Gues support.huawei.com and choose Software
tOSDriver for > Carrier IT > FusionCloud >
FusionSphere FusionSphere > FusionSphere SIA.
V100R005C00.zip
l FusionSphere SIA
V1.2.10.150_Gues
tOSDriver for
FusionSphere
V100R003C10.zip

FusionCloud Desktop
Software Description How to Obtain
FusionTool Cloud platform For enterprise users, visit http://

V100R005C00SPC10 upgrade tool support.huawei.com/enterprise and choose
0 UpdateTool.zip Downloads > IT > FusionCloud >
FusionSphere > FusionTool.
For carriers, visit http://
support.huawei.com and choose Software
> Carrier IT > FusionCloud >
FusionSphere > FusionTool.
Procedure
1 Decompress the patch package and upgrade tool.

2 Double-click start.vbs in the upgrade tool directory UpdateTool.
The UpdateTool Web Client window is displayed, as shown in Figure 7-13.
Figure 7-13 UpdateTool Web Client
3 Click Create Upgrade Project.

The Select Node Type page is displayed.
4 Select PV Driver and click Next, as shown in Figure 7-14.
Figure 7-14 Select Node Type

FusionCloud Desktop
5 On the Configure Software Package Directory page, click Browse and select a
software package directory. See Figure 7-15.
NOTE
– Select the PV Driver compressed file of the latest version. The latest version is V1.2.10.150.
– The software package path must be an absolute path, for example, D:\pvdriver\UpdateTool
\pvdriver-patch-1.3.10.38-462.zip.
– If the path is incorrectly displayed, click Help and choose FAQ > Incorrect Drive Letter
Displayed for Software Package Path in the upper right corner of the upgrade tool.
NOTE
Select the PV Driver compressed file of the latest version. You need to manually enter the software
package directory.
Figure 7-15 Configuring the software package directory
6 Click Next.
The software packages is being verified.
7 On the Configure Node Information page, enter related information as prompted. Click
Verify Parameters to verify parameters, such as the username and password. Click
Create Project to create a project. See Figure 7-16.
NOTE
On the upgrade tool page, choose Help > Tool Introduction to obtain the configuration
information about nodes.
Figure 7-16 Configure Node Information

FusionCloud Desktop
8 In the node list, click PV Driver, select the CNA nodes to which the software package is
distributed, and click Distribute Software Package. In the Information dialog box that
is displayed, click OK.
The software package is being distributed. The distribution progress is displayed in the
right pane, as shown in Figure 7-17.
Figure 7-17 Distribute Software Package
9 Select the CNA nodes to be checked and click Upgrade Check. In the Information
dialog box that is displayed, click OK.
The upgrade check starts. A progress bar is displayed indicating the upgrade check
progress.
NOTE
If the upgrade check fails, click Details to view the prompt information. If Failed to query
information about the components. is displayed, ignore the error and go to the next step.
10 Select the CNA nodes to be upgraded and click Upgrade.
The Information dialog box is displayed.
11 Click OK.
The upgrade progress is displayed, as shown in Figure 7-18.
NOTE
You can ignore the upgrade status because it does not affect subsequent operations.
Figure 7-18 Upgrade result
12 On the toolbar, click Submit Project.

The Confirm Project dialog box is displayed.
13 Select Select this option if you determine to submit the project. and click Submit
Project.
14 Click Complete Project.

FusionCloud Desktop
The project is complete.
----End
7.2.2 Changing the IP Address Bound to Port 22 of the vAG/vLB

Server
Scenarios
Change the IP address bound to port 22 of the vAG/vLB server or the vAG server to the
management plane IP address of the vAG/vLB server or the vAG server, to prevent access
from Internet users to the management plane of the vAG/vLB server or the vAG server.
Prerequisites
Conditions
You have obtained the root account for logging in to the vAG/vLB server or the vAG server.
Data
None
Procedure
1 Log in to the vAG/vLB server or the vAG server as user root by using virtual network
computing (VNC).
2 Run the following command to disable logout on timeout:
TMOUT=0
3 Run the following command to open the file sshd_config.
vi /etc/ssh/sshd_config
The information similar to the following is displayed:

Port 22
Protocol 2
#AddressFamily any
ListenAddress 0.0.0.0
4 Press i to enter the editing mode.

5 Set ListenAddess to the management plane IP address of the vAG/vLB server or the
vAG server.
For example, if the management plane IP address of the vAG server is 192.168.130.169,
set ListenAddess as follows:
Port 22
Protocol 2
#AddressFamily any
ListenAddress 192.168.130.169
6 Press Esc, enter :wq, and press Enter.

Save configuration, and exit the vi editor.
7 Run the following command to restart the ssh service.
service sshd restart
----End

FusionCloud Desktop
7.2.3 Changing the Time Zone of Linux Infrastructure VMs
Scenarios
Change the time zone of Linux infrastructure VMs.
Prerequisites
Conditions
Linux infrastructure VMs have been created and configured.
Data
Procedure
1 Log in to the Linux infrastructure VMs using VNC as user root.

2 Enter startTools. The FusionAccess screen is displayed, as shown in Figure 7-19.
Figure 7-19 FusionAccess screen
NOTE
3 Select System > Set Timezone.
The Set Timezone screen is displayed, as shown in Figure 7-20.

FusionCloud Desktop
Figure 7-20 Set Timezone (1)
4 Check whether the required time zone exists.

– If no, go to 6.
5 Select the required time zone, and press Enter.
6 Move the cursor to Other and press Enter. Select the required time zone, as shown in
Figure 7-21, and press Enter.
Figure 7-21 Set Timezone (2)
7 Click OK.
8 Select Reboot Server and press Enter.
9 Press F8.

FusionCloud Desktop
The infrastructure VM is restarted to make the new time zone take effect.
----End
7.2.4 Changing Linux Infrastructure VM IP Address

Scenarios
How to change Linux infrastructure VM IP address.
NOTE
During the installation process, you can manually set IP addresses for newly added NICs or change the IP
addresses of existing NICs (Not the floating IP address).
Prerequisites
Conditions
Data
Procedure
1 Enter ifconfig to view VM network configurations.

2 Enter yast.
The YaST2 Control Center main screen is displayed.
3 Choose Network Devices > Network Settings. In the NIC list, select the NIC to be
configured and press F4.
4 Select Statically assigned IP Address and configure the following information:
– IP Address: Enter the IP address.
– Subnet Mask: Enter the Subnet mask.
5 Press F10 to continue loading.
6 Press Alt+U. In Default Gateway, enter the gateway information. Press F10 to save the
settings.
The YaST2 Control Center main screen is displayed.
7 Press F9 to exit.
----End
7.2.5 Configuring the Alarm Reporting Function for the

FusionCompute
Scenarios
After the installation of the FusionCompute and FusionManager, configure the
FusionCompute to report alarms to the FusionManager.
You can also configure the single sign-on (SSO) function when configuring alarm reporting.
After SSO is configured, if you open the login page of the FusionCompute, the system

FusionCloud Desktop
switches to the login page of the FusionManager. Log in to the FusionManager as user
geadmin, you can enter the FusionCompute and perform operations. However, multiple users
cannot log in to the FusionCompute using the same account.
NOTE
After the alarm reporting function configuration, you need to configure it again if either of the following
events occurs:
l When the FusionManager is deployed working in active and standby mode, the floating IP address
of the management plane is changed.
l When the FusionManager is deployed working in standalone mode, the management IP address is
changed.
Prerequisites
Conditions
l You have obtained the management IP addresses and floating IP address of the active
and standby VRMs when two VRMs are deployed on one site, or the management IP
address of the VRM when one VRM is deployed on one site.
l You have obtained the floating IP addresses of the FusionManager nodes
l A tool that can be used for remote access on various platforms, such as PuTTY, is
available.
Data
Procedure
1 On FusionCompute, choose System > Connect To > FusionManager.

The connect to FusionManager page is displayed.
2 Select Connect to FusionManager and configure the FusionManager IP address.
Enter the floating IP address of the management plane if two FusionManager nodes work
in active/standby mode, or enter the management IP address if only one FusionManager
node is deployed.
3 Determine whether to configure the single sign-on (SSO) function.
After SSO is configured, if you open the login page of the FusionCompute, the system
switches to the login page of the FusionManager. Log in to the FusionManager as user
geadmin, you can enter the FusionCompute and perform operations. However, multiple
users cannot log in to the FusionCompute using the same account.
NOTICE
Before you configure SSO, ensure that the rights management modes of FusionCompute
and FusionManager are the same.
If FusionCompute is set to rights separation mode, SSO can take effect only after
FusionManager is set to the same rights management mode.
If the rights management modes of the two systems are different, FusionCompute logins
may fail due to inconsistency between accounts and roles after SSO is enabled.

FusionCloud Desktop
– If no, go to 5.
4 Select Enable SSO on the right of SSO Configuration.
5 Click Save.
A dialog box is displayed.
6 Click OK.
7 Click OK.
FusionManager connection configuration is complete.
----End
7.2.6 Verifying Software Packages
Scenarios
Verify the software packages using OpenPGP.
Prerequisites
Conditions
You have obtained the software package to be verified and the verification file. The
verification file has the same file name as the software package, and the file name extension is
asc.
Data
Software
Table 7-11 Software Type

Type Name
OpenPGP VerificationTools.zip For enterprise users, visit http://

Signature support.huawei.com/enterprise and choose
Verification Tools > Tools software > Enterprises Common
Guide > Software digital signature (OpenPGP)
validation tool
support.huawei.com/carrier/digitalSignature-
Action
Download and decompress the following
software package OpenPGP Signature
Verification Guide.zip.

FusionCloud Desktop
Procedure
Step 1 Verify digital Signature files of software packages according to the OpenPGP Signature
Verification Guide.
----End
7.2.7 Changing the Password of the DB Administrator Account
Scenarios
Change the password of the GaussDB administrator account.
To enhance data security, you are advised to periodically change the password of the
GaussDB administrator account.
NOTE
l The GaussDB has three accounts: GaussDB administrator account, Huawei Desktop Controller
(HDC) database instance account, and IT adapter (ITA) database instance account. This topic
describes how to change the password of the GaussDB administrator account.
l The GaussDB administrator account is automatically created during database installation. The
usernames are gaussdba and fauser, and password is Huawei@123.
Impact on the System

The database services on the active and standby DB servers restart when the administrator
account password is being changed, so that the database system of the server cannot be
connected.
Prerequisites
Conditions
The username and password for logging in to the DB server have been obtained.
Data
Table 7-12 lists the data to be obtained.

New password The password must conform to the following rules: Huawei123!
l Contains at least one uppercase letter (A-Z), one
lowercase letter (a-z), one digit (0–9), and one
special character (such as ~!@#$%^&*()-_=+\|
{};:'",<.>/? and space).
l Contains 8 to 32 characters.
l Cannot be the same as the recent three passwords.
l Cannot contain the username or reversed
username.

FusionCloud Desktop
Procedure
Switch to the configuration page.
1 Log in to the VM where the active GaussDB server is located using Virtual Network
Computing (VNC) as user root.
NOTE
The server which the floating IP address is associated with is the active GaussDB server.
2 Run the sh /opt/InstallTools/startTools command.
The FusionAccess page is displayed.

3 Select Software > GaussDB > Configure GaussDB > Configure GaussDB Password.
The Configure GaussDB Password page is displayed.
Change the password of the database account.
4 In the displayed window, specify the DB Account, Old password, New password, and
repeat the new password again of the database administrator account.
As show as Figure 7-22.
Figure 7-22 Configure GaussDB Password
5 Press Enter.
When Password changed successfully is displayed, changing the login password is
complete.
6 Press Enter.
----End
7.2.8 Enabling the Firewalls for Windows Infrastructure VMs
Scenarios
Manually enable firewalls for Windows infrastructure virtual machines (VMs).
Firewalls need to be enabled only when the desktop cloud system is in a high risk
environment or to meet enterprise standard requirements on the desktop cloud system.
NOTE
This operation applies to the Windows infrastructure VMs of the IT adapter (ITA) and Loggetter in the
desktop cloud system.

FusionCloud Desktop

Enabling the firewalls for Windows infrastructure VMs is a high-risk operation, and the
services in the desktop cloud system may be interrupted. Exercise caution when performing
this operation.
Prerequisites
Conditions
The domain account and password for logging in to the Windows infrastructure VMs have
been obtained.
Data
Procedure
1 Log in to a Windows infrastructure VM over Virtual Network Computing (VNC) by

using the domain account. The following uses the ITA server as an example.
2 Choose Start > Run.
The Run window is displayed.
3 In the Open text box, enter services.msc, and press Enter.
4 On the right, double-click Windows Firewall.
The Windows Firewall Properties (Local Computer) window is displayed.
5 On the General tab page, set Service status to Automatic shown in Figure 7-23, and
click Apply. Then click Start to start the service.

FusionCloud Desktop
Figure 7-23 Windows Firewall Properties (Local Computer)
6 Click OK.
Close the dialog boxes and windows.
The Run window is displayed.
8 In the Open text box, enter gpedit.msc, and press Enter.
9 In the navigation tree, choose Computer Configuration > Windows Settings >
Security Settings > Windows Firewall with Advanced Security > Windows Firewall
with Advanced Security – Local Group Policy Object.
The Overview pane is displayed on the right.
10 Click Windows Firewall Properties.
The Windows Firewall with Advanced Security – Local Group Policy Object
Properties dialog box is displayed.
11 On the Domain Profile tab page, set Firewall state to Not configured, as shown in
Figure 7-24.

FusionCloud Desktop
Figure 7-24 Windows Firewall with Advanced Security – Local Group Policy Object
Properties
12 Click OK.
Close the dialog boxes and windows.

13 In the ITA installation directory, run addfirewallport.bat.
This command is used to add the firewall port used by the FusionAccess to the firewall
exception.
NOTE
– The default ITA installation directory is C:\ITA.

– The default Loggetter installation directory is C:\Loggetter.
– For the firewall port used by the FusionAccess to the firewall, see FusionAccess
Communication Matrix.
14 Choose Start > Control Panel.
The Control Panel window is displayed.

15 Click System and Security.
The System and Security page is displayed.

16 On the right, choose Check firewall status in the Windows Firewall area.
The windows Firewall page is displayed.

17 In the navigation tree, click Turn Windows Firewall on or off.

FusionCloud Desktop
The Customize settings page is displayed.

18 Click Turn on Windows Firewall under Domain network location settings, and click
OK.
Close all windows. The firewall is enabled for the Windows infrastructure VM of the
ITA server.
19 Repeat 1 to 18 to enable the firewall for the Windows infrastructure VM of the
Loggetter.
----End
7.2.9 Configuring Network Data
Logging In to a Server Using PuTTY Through a Serial Port
Scenarios
Log in to a server using PuTTY through a serial port.

This operation has no adverse impact on the system.
Prerequisites
Conditions
The PC is connected to the server by a serial cable.
Data
Table 7-13 lists the data required for performing this operation.
Table 7-13 Data required for performing this operation
IP Address Server IP Address Specifies the IP 10.85.32.23

address used to
connect to the server.
Logging Data Name Specifies the username serial

used for logging in to
the server.
Password Specifies the password abc

used for logging in to
the server.
Tools
The PuTTY 0.6 or later is available. You can obtain this tool from http://www.putty.org/.

FusionCloud Desktop
Procedure
Step 1 Double-click PuTTY.exe.
The PuTTY Configuration dialog box is displayed.
Step 2 In the navigation tree on the left, choose Connection > Serial.
Step 3 Set the following login parameters:

Example values are as follows:
l Serial Line to connect to: COM1
l Speed (baud): 9600 (The speed of the SMM board, IP SAN storage device, and XCUB
switch module is 115200.)
l Data bits: 8
l Stop bits: 1
l Parity: None
l Flow control: None
Step 4 In the navigation tree on the left, click Session.
Step 5 Select Serial from Connection type in the right pane, and click Open.
The PuTTY operation page is displayed. login as: is displayed for you to enter a username.
NOTE
The login as: message is not displayed for entering the username and password when you log in to a
switch. The switch name will be displayed on the left of the command prompt after you press Enter.
Step 6 Enter the username on the right of login as, and press Enter.
Step 7 Enter the password on the right of Password, and press Enter.
After you log in to the server, the host name of the server is displayed on the left of the
command prompt.
----End
Configuring Network Security Policies
Scenarios
Configure network security policies to isolate user VMs from the system management plane
network.
There are two types of network security policies:
l Aggregation switch security policy
S5752 switches in stacking mode are as an example. The operations on switches of other
models are similar.
l Firewall security policy
For details, see FusionCloud Desktop V100R005C30 Firewall Security Policies 01.
The document can be obtained from Support > Product Support > IT > FusionCloud
> FusionAccess > FusionAccess > V100R005C30 at http://support.huawei.com/
enterprise.

FusionCloud Desktop
Prerequisites
Conditions
A PC that has a remote access tool (such as PuTTY) installed is available.
Data
Table 7-14 and Table 7-15 list the data to be obtained before this operation.
Table 7-14 Address set

Name Example
FusionManager management IP address 192.168.139.170
Floating IP address of the Virtual Resource 192.168.139.160

Managers (VRMs)
Management plane IP addresses of the 192.168.139.161 and 192.168.139.162

active and standby VRMs
Management plane IP addresses of the 192.168.139.163 and 192.168.139.164

active and standby ITAs
Management plane network segment 192.168.139.x
Maintenance network segment 192.168.0.x
Table 7-15 Service set

Sourc Destin
Prot
Name e ation
ocol
Port Port
0 to
Health check tool (HTTP) TCP 8800
65535
0 to
Health check tool (HTTPS) TCP 8803
65535
0 to
Health check tool (AJP) TCP 8801
65535
0 to
UHM portal (HTTP) TCP 8088
65535
0 to
UHM portal (HTTPS) TCP 9443
65535
0 to
FusionManager HAMon web port (HTTP) TCP 5790
65535
0 to
FusionManager HAMon web port (AJP) TCP 5799
65535

FusionCloud Desktop
Sourc Destin
Prot
Name e ation
ocol
Port Port
0 to
VRM port (HTTP) TCP 7070
65535
0 to
VRM port (HTTPS) TCP 7443
65535
0 to
FusionManager/FusionCompute portal (HTTP) TCP 80
65535
0 to
FusionManager/FusionCompute portal (HTTPS) TCP 443
65535
0 to TCP
Security hardening port 2399
65535 UDP
0 to TCP
Port for remotely mounting the CD/DVD-ROM drive 25110
65535 UDP
0 to
ITAC (HTTP) TCP 8081
65535
0 to
ITAC (HTTPS) TCP 8448
65535
0 to
ITA alarm northbound interface TCP 8773
65535
0 to
ITA northbound interface (REST) TCP 7773
65535
0 to
ssh TCP 22
65535
0 to
telnet TCP 23
65535
0 to 5900 to
VNC TCP
65535 6155
NOTE
This topic uses the data in Table 7-14 and Table 7-15 as examples to describe how to configure network
security policies.
Procedure
Log in to the active switch through the CONSOLE port.
1 Run the PC terminal emulator to create a serial port connection between the PC and the
switch.
The key communication ports and parameters are as follows:

FusionCloud Desktop
– Port on the switch: CONSOLE port on the right of the front panel
– Serial Line to connect to: COM1 (example only)
– Speed (baud): 9600
– Connection type: Serial
NOTE
If "Info: There is no response because the system is in the slave state." is displayed, the current switch is
in standby mode. Connect to the active switch.
Configure network security policies.
2 Run the following command to switch to the system view:
<Quidway> system-view
3 Run the following commands to configure the active switch based on the data plan:
#Open the view of the advanced access control list (ACL) by name,
and name the ACL securityAcl.
acl name securityAcl advance
#Enable communication between the network segments of the management

plane.
rule permit tcp source 192.168.139.0 0.0.255.255 destination
192.168.139.0 0.0.255.255
rule permit udp source 192.168.139.0 0.0.255.255 destination
192.168.139.0 0.0.255.255
rule permit icmp source 192.168.139.0 0.0.255.255 destination
192.168.139.0 0.0.255.255
rule permit gre source 192.168.139.0 0.0.255.255 destination
192.168.139.0 0.0.255.255
rule permit igmp source 192.168.139.0 0.0.255.255 destination
192.168.139.0 0.0.255.255
rule permit ip source 192.168.139.0 0.0.255.255 destination
192.168.139.0 0.0.255.255
rule permit ipinip source 192.168.139.0 0.0.255.255 destination
192.168.139.0 0.0.255.255
rule permit ospf source 192.168.139.0 0.0.255.255 destination
192.168.139.0 0.0.255.255
#Enable maintenance network segments to access the IP addresses of

the management planes of FusionManager and UHM.
rule permit tcp source 192.168.0.0 0.0.255.255 destination-port eq
80 destination 192.168.139.170 0.0.0.0
443 destination 192.168.139.170 0.0.0.0
5790 destination 192.168.139.170 0.0.0.0
5799 destination 192.168.139.170 0.0.0.0
8800 destination 192.168.139.170 0.0.0.0
8801 destination 192.168.139.170 0.0.0.0
8803 destination 192.168.139.170 0.0.0.0
8088 destination 192.168.139.170 0.0.0.0
9443 destination 192.168.139.170 0.0.0.0
#Enable maintenance network segments to access the ITAs.


FusionCloud Desktop
8448 destination 192.168.139.163 0.0.0.0

8081 destination 192.168.139.163 0.0.0.0
8448 destination 192.168.139.164 0.0.0.0
8081 destination 192.168.139.164 0.0.0.0
#Enable maintenance network segments to access the floating IP

address of the VRMs.
7070 destination 192.168.139.160 0.0.0.0
7443 destination 192.168.139.160 0.0.0.0
80 destination 192.168.139.160 0.0.0.0
443 destination 192.168.139.160 0.0.0.0
2399 destination 192.168.139.160 0.0.0.0
25110 destination 192.168.139.160 0.0.0.0
#Enable maintenance network segments to access the management plane

IP address of the active VRM.
7070 destination 192.168.139.161 0.0.0.0
7443 destination 192.168.139.161 0.0.0.0
80 destination 192.168.139.161 0.0.0.0
443 destination 192.168.139.161 0.0.0.0
2399 destination 192.168.139.161 0.0.0.0
25110 destination 192.168.139.161 0.0.0.0
#Enable maintenance network segments to access the management plane

IP address of the standby VRM.
7070 destination 192.168.139.162 0.0.0.0
7443 destination 192.168.139.162 0.0.0.0
80 destination 192.168.139.162 0.0.0.0
443 destination 192.168.139.162 0.0.0.0
2399 destination 192.168.139.162 0.0.0.0
25110 destination 192.168.139.162 0.0.0.0
#Enable maintenance network segments to access management network

segments by using a remote tool.
22 destination 192.168.139.0 0.0.255.255
23 destination 192.168.139.0 0.0.255.255
rule permit tcp source 192.168.0.0 0.0.255.255 destination-port
range 5900 6155 destination 192.168.139.0 0.0.255.255

FusionCloud Desktop
#Deny access to management network segments through other network

segments.
rule deny tcp destination 192.168.139.0 0.0.255.255 source any
rule deny udp destination 192.168.139.0 0.0.255.255 source any
rule deny icmp destination 192.168.139.0 0.0.255.255 source any
rule deny gre destination 192.168.139.0 0.0.255.255 source any
rule deny igmp destination 192.168.139.0 0.0.255.255 source any
rule deny ip destination 192.168.139.0 0.0.255.255 source any
rule deny ipinip destination 192.168.139.0 0.0.0.255 source any
rule deny ospf destination 192.168.139.0 0.0.255.255 source any
quit
#Configure ACL-based traffic classifications.

traffic classifier tc_securityAcl
if-match acl securityAcl
quit
#Configure traffic behavior.

traffic behavior tb_securityAcl
permit
statistic enable
quit
#Configure traffic policies.

traffic policy tp_securityAcl
classifier tc_securityAcl behavior tb_securityAcl
quit
#Apply traffic policies to all switches.

traffic-policy tp_securityAcl global inbound
#Save the configuration.

quit
save
----End
Adding Routes for the Management Plane
Scenarios
When configuring desktop cloud addresses on the FusionManager portal, perform this
operation if the administrator's PC and the desktop cloud management plane do not belong to
the same network segment.
Prerequisites
Conditions
Data
Procedure
Step 1 Use an administrator account to log in to the active ITA infrastructure VM to which the local
administrator account belongs.

FusionCloud Desktop
Step 2 On the active ITA VM, click Start and enter cmd in the Search the Programmes and files,
and click Enter to enter the CMD interface.
Step 3 Query the network interface card (NIC) media access control (MAC) address of the
infrastructure VM based on the IP address segment of the management plane:
Run the following command:
ipconfig /all
For example, if the IP address segment of the system management plane is 192.168.1.XXX,
information similar to the following is displayed:
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Xen Net Device Driver #2
Physical Address. . . . . . . . . : 28-6E-D4-88-B2-BE
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4a1:c4d8:3ea4:a380%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.234(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 321416916
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-2D-40-FB-28-6E-D4-88-B2-BD
DNS Servers . . . . . . . . . . . : ::1

127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
According to the command output, the management NIC MAC address of the infrastructure
VM is 28-6E-D4-88-B2-BE.
Step 4 Query the management NIC interface index based on the management NIC MAC address.
route print
For example, if the management NIC MAC address of the infrastructure VM is 28-6E-D4-88-
B2-BE, information similar to the following is displayed:
===========================================================================
Interface List
14...28 6e d4 88 b2 be ......Xen Net Device Driver #2
12...28 6e d4 88 b2 bd ......Xen Net Device Driver
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================
According to the command output, the management NIC interface index is 14.
Step 5 Add routes between the network segment of the local computer and the network segment of
the desktop cloud management plane.
route -p add Network segment of the system administrator's PC mask Subnet mask of the
network segment for system administrator's PC Management plane gateway of the desktop
cloud if Management NIC interface index
As shown in Figure 7-25, the system administrator accesses FusionManager from the
network segment 192.168.5.0/24, the management plane gateway is 192.168.1.1, and the
management NIC interface index is 14. Run the following command:

FusionCloud Desktop
route -p add 192.168.5.0 mask 255.255.255.0 192.168.1.1 if 14
If "OK!" is displayed, the command is successfully executed.
Figure 7-25 Networking diagram

System administrator
192.168.5.0/24
Desktop cloud extranet
Desktop cloud intranet Desktop cloud management

plane network segment:
Aggregation
192.168.1.0/24
switch Stacking
Management plane gateway:
192.168.1.1
Access
Access
switch
switch
... ...
Host Host Host Host
Step 6 If the system administrator needs to access FusionManager from multiple network segments,
add routes for all the network segments.
For details, see Step 5.
Step 7 Repeat Step 2 to Step 6 to add route data on the standby AD, active ITA, and standby ITA in
sequence.
----End
7.2.10 Login-related Operations
Configuring a Browser for Accessing FusionAccess
Scenarios
Configure your browser to enable successful access to FusionAccess.
Prerequisites
Conditions
The FusionAccess home page cannot be displayed properly.
Data

FusionCloud Desktop
Procedure
Perform operations based on the browser type.
1 Enter the FusionAccess address in the address box of your browser and press Enter.
2 Determine the operations to be performed based on the browser type.
– If Internet Explorer is used, go to 3.
– If Mozilla Firefox is used, go to 16.
– If Google Chrome is used, go to 28.
NOTE
FusionAccess supports the following types of browsers:

– IE: Internet Explorer 8, 9 and 10
– Firefox: Mozilla Firefox 32
– Chrome: Chrome 37
If the browser you use is not supported by FusionAccess, buttons on the FusionAccess portal may
not work properly and display errors may occur.
Configure Internet Explorer.
3 Click Certificate Error on the address bar of Internet Explorer, and click View
certificates in the displayed dialog box.
5 Click Next.
8 Click Next.
9 Click Finish.
10 Click Yes.
11 Click OK.
12 In the Certificate dialog box, click OK.
13 On Internet Explorer, choose Tools > Internet Options.
14 Click the Advanced tab.
15 In the Settings area, deselect Warn about certificate address mismatch and click OK.
No further action is required.
Configure Mozilla Firefox.
16 Check whether "This Connection is Untrusted" is displayed.

FusionCloud Desktop
17 Record the IP address and port number displayed, as shown in the red box in Figure
7-26.
Figure 7-26 Page display
18 Choose Tools > Options.

The Options dialog box is displayed.
19 Click Advanced and select Encryption.
20 Click View Certificates.
The Certificate Manager dialog box is displayed.
21 Click the Servers tab.
22 Expand the certificate whose name is huawei, select ssoserver, and click Add
Exception.
The Add Security Exception dialog box is displayed.
23 In the address box, enter https://IP address recorded in 17:Port number recorded in 17,
for example, https://192.168.111.58:8448.
24 Click Get Certificate.
25 Click Confirm Security Exception.
The Add Security Exception dialog box is closed.
26 Click OK.
The Certificate Manager dialog box is closed.
27 Click OK.
The Options dialog box is closed, and the browser page is displayed.
Configure Google Chrome.
28 Check whether "The page cannot be displayed" is displayed.

FusionCloud Desktop
29 Copy the URL on the page.

30 Open a new page on the browser, paste the URL to the address box, and press Enter.
31 Click Continue Anyway.
The FusionAccess home page is displayed.
32 Close the page opened in 30.
33 Refresh the FusionAccess home page.
The FusionAccess home page is displayed.
----End
Setting Internet Explorer
Scenarios
Set Internet Explorer before logging in to the FusionManager the first time. After the setting,
you can use Internet Explorer to perform operations on the FusionManager.
This section uses Internet Explorer 9.0 as an example to describe how to configure Internet
Explorer settings.
Prerequisites
Conditions
l The version of Internet Explorer used for logging in to the FusionManager is 9.0 or 10.0.
l You have obtained the floating IP address of the FusionManager.
Data
Procedure
1 Open Internet Explorer.

2 Enter the network address of the FusionManager in the address box, and press Enter.
The address format is http://Floating IP address of the FusionManager.
For example, enter http://192.168.40.2 in the address box of the Internet Explorer.
3 Click Continue to this website (not recommended).
The FusionManager login page is displayed.
4 Check whether the system displays a message indicating that the browser version does
not meet requirements.
– If no, go to 12.
5 Choose Tools > Compatibility View Settings.
The Compatibility View Settings dialog box is displayed.
6 Deselect Include updated website lists from Microsoft, Display intranet sites in
Compatibility View, and Display all websites in Compatibility View, and click Close.
7 Close all the open pages on Internet Explorer.

FusionCloud Desktop
8 Open Internet Explorer again and repeat 2 to 3.

9 Check whether the system displays a message indicating that the browser version does
not meet requirements.
10 Press F12, and set Browser to Internet Explorer 9 in the menu bar of the Developer
Tools window.
Document Mode is automatically set to Internet Explorer 9 Standards(Page Default).
11 Close the Developer Tools window.
12 In the address box of Internet Explorer, click Certificate Error and then click View
14 Click Next.
15 Select Place all certificates in the following store, and click Browse.
16 Select Trusted Root Certification Authorities, and click OK.
17 Click Next.
18 Click Finish.
19 Click Yes.
The system displays "The import was successful."
20 Click OK.
21 Click OK in the Certificate dialog box.
The browser page is displayed.
22 On Internet Explorer, choose Tools > Internet Options.
23 Click Advanced.
24 Deselect Warn about certificate address mismatch and click Apply.
25 Click Security.
26 Click Custom level at the lower right corner of the page.
The Security Setting-Internet Zone dialog box is displayed.
27 Set Download > Automatic prompting for file downloads in the Setting area to
Enable.
28 Click OK.
The Warning dialog box is displayed.
29 Click Yes.

FusionCloud Desktop
30 Click OK.
You need to restart the browser to make the settings take effect.
31 Check whether the terminal used to log in to FusionManager run the Windows Server
2008 OS.
32 Click on the OS toolbar.

The Server Manager page is displayed.
33 Choose Server Summary > Security Information and select Configure IE ESC.
The Internet Explorer Enhanced Security Configuration dialog box is displayed.
34 Set Administrators and Users to Off and click OK.
The enhanced Internet Explorer security settings are configured.
----End
Setting Mozilla Firefox Browser
Scenarios
Set Mozilla Firefox browser before logging in to the the first time. After the setting, you can
use Firefox browser to perform operations on the .
Prerequisites
Conditions
l You have obtained the IP address of the .
Data
Procedure
1 Open Mozilla Firefox.

2 Expand I Understand the Risks and click Add Exception.
The Add Security Exception window is displayed.
3 Verify that Permanently store this exception is selected and click Confirm Security
Exception.
Mozilla Firefox setting is complete.
----End
Setting Internet Explorer Browser
Scenarios
Set Internet Explorer browser before logging in to FusionCompute the first time. After the
setting, you can use Internet Explorer to perform operations on FusionCompute.

FusionCloud Desktop
This section uses Internet Explorer 9.0 as an example to describe how to configure Internet
Explorer settings.
If you have configured Internet Explorer, do not configure Google Chrome, because Google
Chrome inherits all the Internet Explorer settings, such as certificate settings.
NOTE
If the security certificate has not been installed during Internet Explorer configuration, the browser may
prompt users with a web page display exception message when they log in to FusionCompute for the
first time or log in to VMs using Virtual Network Computing (VNC). In this case, press F5 to refresh the
web page.
Prerequisites
Conditions
l The Internet Explorer browser used for logging in to FusionCompute is an official
release from Internet Explorer 9.0 to Internet Explorer 11.0.
l You have obtained the IP address of the VRM node.
Data
Procedure
Enter the login page.
1 Open Internet Explorer.
2 Enter http://IP address of the VRM node and press Enter.
NOTE
– If the local PC uses the Windows Server 2003 or Windows XP operating system (OS),
connection to FusionCompute from the PC using the Hypertext Transfer Protocol Secure
(HTTPS) protocol may file. In such cases, if the connection is triggered through an Internet
Explorer browser, the PC prompts the user to choose a digital certificate. If the connection is
triggered through a Google Chrome browser, the PC displays a message indicating that the
server certificate is invalid. To address this issue, see http://support.microsoft.com/kb/
968730/zh-cn.
– The HTTPS protocol used by FusionCompute supports only TLS 1.0. If SSL 2.0, SSL 3.0,
TLS 1.1, or TLS 1.2 is used, the FusionCompute system cannot be accessed. You must open
the browser, choose Internet Options > Advanced > Security, and select only Use TLS 1.0
among the protocols.
– If Internet Explorer slows down after running for a period of time and no data is required to be
saved, press F6 on the current page to move the cursor to the address bar of the browser. Then,
press F5 to refresh the page and increase the browser running speed.
In common mode, the FusionCompute login page is displayed, as shown in Figure 7-27.
In single sign-on (SSO) mode, the FusionManager login page is displayed, as shown in
Figure 7-28.

FusionCloud Desktop
Figure 7-27 FusionCompute login page

FusionCloud Desktop
Figure 7-28 FusionManager login page
Install the security certificate.

4 In the address box of Internet Explorer, click Certificate Error and click View
6 Click Next.
9 Click Next.
10 Click Finish.
11 Click Yes.
The system displays "The import was successful."

FusionCloud Desktop
12 Click OK.
13 Click OK in the Certificate dialog box.
The browser page is displayed.
Delete historical data.
14 Press Ctrl+Shift+Delete.
The Delete Browsing History dialog box is displayed.
15 Select the following options:
– Preserve Favorites website data
– Temporary Internet files
– Cookies
– History
16 Click Delete.
Historical data is deleted.
Configure compatibility view settings.
17 Press Alt to show the menu bar and choose Tools > Compatibility View Settings on the
menu bar.
The Compatibility View Settings dialog box is displayed.
18 Click Add.
The address for logging in to the current system is added to the compatibility view.
19 Click Close.
20 Close Internet Explorer, open it again, and log in to the .
The settings take effect after the browser is restarted.
----End
Logging In to a VM Using VNC
Scenarios
When a VM is faulty, log in to the VM using virtual network computing (VNC) from the
FusionCompute to troubleshoot the VM. For details about the default VNC login mode
configuration, see Configuring the VNC Login Mode.
The VM must be in the Running, Migrating, Hibernating, or Stopping state and has no
attached.
NOTE
l If an administrator has logged in to a user VM using VNC, the VM user cannot log in to the VM.
l Declaration: This feature is a high-risk feature. Using this feature complies with industry
practices. However, end user data may be required for implementing the feature. Exercise caution
and obtain end user's consent when using this feature.
This operation involves VM user privacy issues. Ensure that your login complies with local laws.
l If operations have been performed to migrate or power cycle a VM after you log in to the VM
using noVNC, the noVNC window cannot be automatically reconnected after the VM migration or
power cycling. Therefore, you must close the noVNC window and log in to the VM using noVNC
again after the VM is successfully migrated or power cycled.
l If the login fails, see VNC Login Troubleshooting.

FusionCloud Desktop
Prerequisites
Conditions
l You have logged in to the FusionCompute.
Procedure
Search for a VM.
1 On the FusionCompute, choose VM and Template.
The VM and Template page is displayed.
2 Select VM in the navigation tree on the left, enter the search criteria on the VM page,
and click Search.
The query result is displayed.
ID, Name, Status, Type, IP Address, MAC Address, are optional.
DR VM and placeholder VM apply only to the host-based remote replica DR scenario.
For details about how to query a DR VM or placeholder VM, see the FusionSphere
Solution Documentation.
Log in to a VM using VNC.
3 Locate the row that contains the VM name and click Log in using VNC.
The VNC login page is displayed.
You can log in to a VM using noVNC or TightVNC. The TightVNC is dependent on the
Java (TM) plug-in, while the noVNC is independent from the Java (TM) plug-in.
Therefore, noVNC does not support operations related to the Java (TM) plug-in, such as
mounting a CD/DVD-ROM drive or ISO image to a VM or forcibly restarting or
stopping a VM in the VNC window.
Before you use Java (TM) plug-in, ensure that the bit version of the browser matches that
of the Java plug-in. For example, a 32-bit browser supports only a 32-bit Java plug-in.
The following browsers support noVNC:
– Internet Explorer 10 and 11
– Mozilla Firefox 26 and later
– Google Chrome 21 and later

FusionCloud Desktop
NOTE
To ensure security, disable SSL 3.0 for the browser if you log in to the VM using noVNC.
For example, if the browser is Internet Explorer, choose Internet Options > Advanced >
Security on the browser and deselect Use SSL 3.0.
During the first login using TightVNC:
– If a pop-up blocking message is displayed, click the message, select Always Allow Pop-ups
from This Site as prompted, and log in to the VM again using VNC.
– If the Warning-Security dialog box is displayed, select Always trust content from this
publisher, and click Run.
After you log in to a VM using VNC, the following operations cannot be performed:
– Lower the screen resolution and color quality settings on the VM.
– Press Ctrl or Alt on the keyboard.
You are advised to click Ctrl or Alt on the VNC toolbar.
– Press Ctrl+Alt+Del on the keyboard.
You are advised to click Send Ctrl-Alt-Del on the VNC toolbar to switch to the page for
entering the username and password.
----End
Configuring the VNC Login Mode
Scenarios
On FusionCompute, configure the virtual network computing (VNC) login mode. You can
select the default VNC login mode used by the browser. The configuration takes effect
immediately. After you clear the browser cache, the configuration is reset.
Prerequisites
Conditions
You have logged in to the FusionCompute.
Procedure
1 On FusionCompute, choose System > System Configuration > VNC Login.

The VNC Login page is displayed.
2 Select the VNC login mode.
– noVNC: The noVNC mode takes a short time in login, provides high security, but
requires Internet Explorer 10 or 11, Mozilla Firefox 21 or later, or Google Chrome
27 or later.
– TightVNC: The TightVNC mode allows VM stopping and restart operations,
requires a Java plug-in, but has security risks.When the browser does not support
noVNC, TightVNC is used by default.
3 Click Save.
A confirmation dialog box is displayed.
4 Click OK.

FusionCloud Desktop
The configuration for the VNC login mode is complete.

----End
VNC Login Troubleshooting
Java Plug-in Faults

Fault 1: The system displays "This function requires the Java (TM) plug-in. Please download
and install the Java plug-in."
Solution: Download the corresponding version of the Java plug-in as instructed.
Fault 2: The system displays "The version of the Java (TM) plug-in you have installed is
earlier than 1.7.0_65. Please download and install a later version to support this function."
Solution: Download the corresponding version of the Java plug-in as instructed. If the Virtual
Network Computing (VNC) login fails again after the Java plug-in is installed, uninstall all
the Java plug-ins and reinstall them.
Fault 3: A message is displayed indicating that the Java (TM) plug-in expired or is not safe.
Solution:
l Click Run and log in to a VM using VNC. The information will be displayed again upon
next login.
l Download and install the Java plug-in of the latest version.
Fault 4: The system displays "Your Java version is insecure."
Solution:
l (Recommended) Do not update the Java plug-in.
Click Later and select Do not ask again until the next update is available.
l Update the Java plug-in.
Click Update and download and install the latest Java plug-in as prompted. After the
installation, restart the browser and log in the system using VNC.
If Update is clicked, VNC is available only after the new Java plug-in is installed.
Login Faults
Fault 1: After Log in using VNC is clicked, a dialog box is blocked.
Solution:
l Disable the pop-up blocker of the browser.
l Configure the pop-up blocker settings to always see pop-ups for the site.
Fault 2: If "The web site certificate cannot be validated. Do you want to continue?" is
displayed, the VM login using VNC fails after No is clicked.
Solution:
1. Deregister the current user.
2. Close all the pages of the browser.
3. Log in to the FusionCompute again.

FusionCloud Desktop
4. Click Log in using VNC.

5. Click Always trust the issuer's content.
6. Click Yes.
Fault 3: The system displays "The VM attached with a cannot be logged in to using VNC
after the works. Detach the from the VM and try again or log in to the VM by running mstsc."
Solution:
l Detach the from the VM, close the VNC login page, and log in to the VM using VNC
again.
l Log in the VM in remote mode.
Fault 4: The VNC login is unavailable after the FusionCompute is upgraded or rolled back
after upgrade.
Solution:
1. In the Java installation directory (for example, C:\Program Files\Java\jre7\bin),
double-click javacpl.exe to open the Java Control Panel window.
2. Click Settings to open the Temporary Files Settings window.
3. Deselect Keep temporary files on my computer.
4. Click Delete Files, select all the files in the displayed dialog box, and click OK.
Fault 5: During the VNC login, a message is displayed indicating that the Java security
settings have blocked an application from running.
Solution:
2. Lower the security level on the Security.
NOTE
A Java version later than Java 8 Update 20 is not configured with security level Medium. Therefore,
only security levels High and Very High are available. To lower the security level, you can add the
application programs that are allowed by security level Medium in earlier versions to Exception Site
List one by one. Therefore, a Java version later than Java 8 Update 20 reduces the risks caused by a
lower security level.
Fault 6: During VNC login, a dialog box is displayed asking you to enter the password.
Solution:
2. Click Settings to open the Temporary Files Settings window.
3. Deselect Keep temporary files on my computer.
4. Click Delete Files, select all the files in the displayed dialog box, and click OK.
noVNC Login Faults

Fault 1: During login using noVNC, a page is displayed indicating that login failed.
Solution:
1. Log in to the VRM using PuTTY, run the following command to restart the noVNC
service:

FusionCloud Desktop
service vncd restart

2. Clear up browser cache files, reset the browser, and use noVNC to log in to the VM
again.
CD/DVD-ROM Drive or ISO File Mounting Faults

Fault 1: After logging in to a VM using VNC and mounting a CD/DVD-ROM drive or ISO
file to the VM, the user cannot install the Linux operating system (OS).
Solution: Click , and restart the VM as instructed.
Fault 2: During CD/DVD-ROM drive or ISO file mounting, the CD/DVD-ROM drive or ISO
file is disconnected.
Solution: Mount the CD/DVD-ROM drive or ISO file again. The following operations cause
CD/DVD-ROM drive or ISO file disconnection during mounting:
l The VNC login page is closed.
l The VNC login page is refreshed.
l Log in to the same VM using VNC for multiple times.
Input Delay
Fault 1: When a user inputs information using a keyboard, the VNC window responds
slowly.
Possible Causes:
l The network delay is high.
l The CPU or memory usage on the local PC is high.
l The Java plug-in cache is high.
l The host loads are high due to excessive VM VNC logins.
Solution: Typically, the VNC window responds to user inputs within 0.3 second. If the VNC
window takes more than 0.3 second to respond, check the system based on the preceding
possible causes, and troubleshoot the system.
Other Faults
Fault 1: The keyboard does not function in a VM.
Solution: Click Alt or Ctrl on the VNC toolbar to unlock the keyboard.
7.2.11 Installing the Antivirus and Patch Servers
Installation Overview
Installation Scenario
Install the antivirus and patch service software provided by Huawei.

FusionCloud Desktop
Installation Process
Figure 7-29 shows the process for installing the antivirus and patch service software.
Figure 7-29 Process for installing the antivirus and patch service software
Start
Install an antivirus server.
Install the antivirus client.
Install the patch service software.
End
Installing the Antivirus Server
Scenarios
To protect infrastructure VMs against virus attacks, deploy the antivirus server on the
infrastructure VM where the Antivirus server is deployed.
NOTE
Please update virus library after the antivirus server installation and daily use.
Prerequisites
Conditions
Data
Table 7-16 lists the data to be obtained before this operation.
Table 7-16 Data required for installing the antivirus server

Paramet Description Example Value
er
Activatio l Antivirus -
n code l Damage Cleanup Services
l Web Reputation and Anti-spyware

FusionCloud Desktop
Paramet Description Example Value

er
Web Specifies the password used to uninstall the Huawei12#$

console antivirus server and log in to the web console.
password It is recommended that the web console password
be different from the client uninstall password.
The password must conform to the following
rules:
l Contain at least one uppercase letter (A-Z),
one lowercase letter (a-z), one digit (0-9), and
one space character or special character (~!@#
$%^&*()-_=+\|{};:'",<.>/?).
l Contain 8 to 32 characters.
l Cannot be same as the recent three passwords.
l Cannot contain the username or the username
in reversed order.
Client Specifies the password used to uninstall the Huawei@123

uninstall antivirus client.
password It is recommended that the client uninstall
password be different from the web console
password.
The password must meet the same requirements as
that of the web console password.
Client Specifies the port used for the OfficeScan client to 29001: Defined when the
port access the OfficeScan web console. The port can OfficeScan server is
number also be used to update services to the OfficeScan installed.
client.
Software
Table 7-17 Software List

Type Name
Antivirus OSCE_11.0PLUS_ http://support.asiainfo-sec.com/Huawei/

Software GM_with_patch1_S OfficeScan/EN/11.0PLUS/
C.exe
Procedure
Close the Server Manager window.
1 Log in to the infrastructure VM on which the Antivirus server is installed using a domain
account.

FusionCloud Desktop

NOTE
– Stop the Server Manager program, which starts by default on the operating system (OS).
Otherwise, the antivirus server cannot be successfully installed.
– Stop the mmc.exe process if it exists in Task Manager.
Install the antivirus server software.
3 Copy the software package to the antivirus server.
4 Double-click OSCE_11.0PLUS_GM_with_patch1_SC.exe.
NOTE
It takes about 1 minute for the system to extract files. If the installation fails, reinstall the antivirus
server.
The Trend Micro OfficeScan window is displayed.

5 Click Start.
6 Click Next.
The License Agreement window is displayed.
7 Select I accept the terms of the license agreement and click Next.
The Installation Destination window is displayed.
8 Select On this endpoint and click Next.
The Endpoint Prescan window is displayed.
9 Select Do not scan the target endpoint and click Next.
The Installation path window is displayed.
10 Click Browse and select the installation path.
NOTE
To ensure sufficient space for the virus library, the disk where the installation program is located
must have more than 5 GB free space.
11 Click OK.
The Choose Folder dialog box closed.
12 Click Next.
The Proxy Server window is displayed.
13 Deselect Use proxy server and click Next.
The Web Server window is displayed.
14 Select Apache Web server 2.2 and enter 8080 in HTTP port.
15 Set SSL port to 4343, and click Next, as shown in Figure 7-30.

FusionCloud Desktop
Figure 7-30 Web Server
The Server Identification window is displayed.

16 Select IP address, choose the VM service plane IP address in the group box, and click
Next.
The Product Activation window is displayed.
17 Click Next.
Skipped the Regsiter online page, and the Type the Activation Code window is
displayed, as shown in Figure 7-31.

FusionCloud Desktop
Figure 7-31 Type the Activation Code
18 Enter the activation code obtained before installation in Antivirus and click Next.
NOTE
You can enable the Damage Cleanup Services and Web Reputation and Anti-spyware
functions as required.
19 Click Next.
20 Click Yes.
The Online License Verification window is displayed.
21 Click Next.
The OfficeScan Agent Deoloyment window is displayed.
22 Click Next.
The Install Integrated Smart Protection Server window is displayed.
23 Select Yes, install the integrated Smart Protection Server and click Next.
The Enable Web Reputation Service window is displayed.
24 Keep the default value and click Next.
The Install officeScan agent window is displayed.

FusionCloud Desktop
25 Click Next.
The Smart Protection Network window is displayed.
26 Deselect Enable Trend Micro Smart Feedback and click Next.
The Administrator Account Password window is displayed.
27 Set the following parameters:
– Web console password: Enter the password used for logging in to the web console.
– Client unload and uninstall password: Enter the password used for uninstalling
the client.
NOTE
You are advised to set different passwords for Web console password and Client unload and
uninstall password.
28 Click Next.
The OfficeScan Agent Installation window is displayed.
29 Keep the default value and click Next.
The OfficeScan Firwall window is displayed.
30 Deselect Enable firewall and click Next.
The Anti-spyware Feature window is displayed.
31 Select No, do not enable assessment mode and click Next.
The Web Reputation Feature window is displayed.
32 Deselect Enable web reputation policy and click Next.
The Server Authentication Certificate window is displayed.
33 Select Generate a new authentication certificate and input the Backup password and
Confirm password and click Next.
The OfficeScan Program Shortcuts window is displayed.
34 Click Next.
The Installation Information window is displayed.
35 仔细核对安装信息，确认无误后，单击Install。
大约10分钟后，软件安装完成。
36 Click Finish.
Close the Trend Micro OfficeScan window.
Check the antivirus services.

The Run dialog box is displayed.
38 In Open text box, enter services.msc, and press Enter.
39 Check whether the services shown in Figure 7-32 exist.
– If no, contact technical support.

FusionCloud Desktop
Figure 7-32 Antivirus services

Log in to the OfficeScan Web Console.
41 Choose Start > All Program > Trend Micro OfficeScan Server –Server name >
OfficeScan Web Console (HTML).
A certificate error is reported on Internet Explorer.
The Security Alert dialog box is displayed.
43 Select In the future, do not show this warning and click OK.
The Internet Explorer dialog box is displayed.
44 Click Add.
The Trusted sites dialog box is displayed, as shown in Figure 7-33.
NOTE
The IP address shown in Figure 7-33 is an example only.
Figure 7-33 Adding sites
45 Click Add.
The IP address of the antivirus server is set as a trusted address.

FusionCloud Desktop
46 Click Close.
The OfficeScan Web Console login page is displayed.
Load AtxEnc.cab.
47 Click the message displayed in the upper part of the page, and select Install This Add-
on for All Users on This Computer.
The Internet Explorer - Security Warning dialog box is displayed asking you to install
AtxEnc.cab.
48 Click Install.
The Internet Explorer - Security Warning dialog box is closed.
Load AtxPie.cab.
49 Enter root in User Name and the password for logging in to the web console in
Password, and click Log On.
The OfficeScan Web Console home page is displayed, and a message is displayed at the
top of the page.
50 Repeat 47 and 48 to load AtxPie.cab.
Check the settings of software installation parameters.
51 In the navigation tree of the OfficeScan Web Console, choose Administration >
Settings > Product License.
The Product License pane is displayed.
52 In the Additional Services area, check that the value of Firewall for endpoints is
Disabled.
Set antivirus policies.
53 In the navigation tree of the OfficeScan Web Console, choose Updates > Server >
Manual Update.
The Server Manual Update pane is displayed on the right.
54 Select all options and click Update.
The OfficeScan server starts to download antivirus definition files from the web upgrade
source and update the scan engine.
55 Choose Updates > Server > Scheduled Update.
56 Select Enable scheduled update of the OfficeScan server.
57 Set the Update Schedule.
NOTE
Set the scan cycle based on actual requirements.

58 In the navigation tree, choose Administration > Settings > Product License.
The Product License pane is displayed on the right.
59 In the License Information area, check whether the value of Antivirus for desktops is
Activated.
60 Click Antivirus for desktops.
The Product License Details page is displayed.
61 Click New Activation Code.

FusionCloud Desktop
The Product License New Activation Code page is displayed.

62 Enter the antivirus activation code in New Activation Code and click Save.
63 In the navigation tree, choose Administration > Product License.
64 In the License Information area, check whether the value of Antivirus for desktops is
Activated.
– If yes, no further action is required.
65 Click Antivirus for servers.
The Product License Details page is displayed.
66 Click New Activation Code.
The Product License New Activation Code page is displayed.
67 Enter the antivirus activation code in New Activation Code and click Save.
----End
Installing the Antivirus Client
Scenarios
If an antivirus server is deployed in the desktop cloud environment, install the antivirus client
software on all the Windows infrastructure VMs to protect the Windows infrastructure VMs
from virus attacks.
Prerequisites
Conditions
Basic configuration of the Windows infrastructure VMs is complete.
Data
Procedure
Install the antivirus client.
1 Log in to the infrastructure VM using a domain account.
2 Open Internet Explorer, enter https://Antivirus server IP address:4343/officescan in the
address box, and press Enter.
The Security Alert dialog box is displayed, showing "You are about to view pages over
a secure connection."
3 Click OK.
The system displays "There is a problem with this website's security certificate."
The Security Alert dialog box is displayed, showing "You are about to view pages over
a secure connection."
5 Click OK.
The Internet Explorer dialog box is displayed, prompting you to add the website to
trusted websites.

FusionCloud Desktop
6 Click Add.
The Trusted sites dialog box is displayed.
7 Click Add.
The antivirus server IP address is added to Websites.
8 Click Close.
The login page of the OfficeScan Web Console is displayed.
9 Click the message displayed in the upper part of the page, and select Install This Add-
on for All Users on This Computer.
The Internet Explorer - Security Warning dialog box is displayed asking you to install
AtxEnc.cab.
NOTE
If the installation fails, reinstall the antivirus client.
10 Click , select Always install software from Trend Micro,Inc., and click Install.
The Internet Explorer - Security Warning dialog box is closed.
11 In the lower part on the login page of the OfficeScan Web Console, click the hyperlink
for installing the client, for example, https://https://Antivirus server IP address:4343/
officescan/console/html/cgi/cgiWebUpdate.exe。
如Figure 7-34所示：
Figure 7-34 OfficeScan
12 根据客户端机器配置选择Download 32–bit Package Now或Download 64–bit

Package Now。

FusionCloud Desktop
13 按照提示安装软件包。
14 Close Internet Explorer.
Verify the installation of the antivirus agent client.
15 Choose Start > OfficeScan Client > OfficeScan.

16 单击窗口右上角的，选择About。
The About Trend Micro OfficeScan dialog box is displayed.
17 Check whether Agent version is 11.0.XXXX.
NOTE
The antivirus client software is provided by the antivirus server. If the antivirus client software
version is incorrect, reinstall the correct antivirus server.
18 Close the About Trend Micro OfficeScan dialog box.
19 Close the Trend Micro OfficeScan window.
21 Enter services.msc in the Open text box and press Enter.
22 Check whether services shown in Figure 7-35 are displayed in the right pane.
– If yes, the antivirus client is successfully installed.
– If no, uninstall the antivirus client, and reinstall it.
Figure 7-35 Antivirus client services

Scan the infrastructure VM.
24 Choose Start > OfficeScan Client.

25 Click the Manual Scan tab, select computer, and click Scan.
The Scanning dialog box displays the scanning progress.
26 Perform related operations based on the scanning results.
----End
Installing the Patch Service Software

FusionCloud Desktop
Scenarios
Install the WSUS SP2 patch service software on the infrastructure VM where the Loggetter
server is deployed.
Prerequisites
Conditions
The connection between the infrastructure VM and the Internet or upper-layer patch server is
normal. Otherwise, the patch service software cannot be installed.
NOTE
If the system does not support deployment of the patch server software, visit the Microsoft website to
download and manually install operating system patches periodically according to the security patch
bulletin published by Microsoft.
To view the patch release bulletin, visit http://support.huawei.com/enterprise and choose News >
Services News > software bulletin.
To download patches, visit http://www.microsoft.com/en-us and choose Downloads > Download
Center.
Data
Table 7-18 lists the data to be obtained before this operation.
Table 7-18 Data required for installing the patch server

Server name and port l If an upper-layer patch 192.131.10.13:80

number server is used to update
patches for the site, enter
the IP address and port
number of the upper-
layer patch server. The
patch server
communicates with the
upper-layer patch server
to download patches.
l If no upper-layer patch
server is used, leave this
parameter unspecified.

FusionCloud Desktop
Proxy server name and port l If a proxy server is used 192.168.10.100:80

number to access the Internet or
upper-layer patch server,
enter the IP address and
port number of the proxy
server. The patch server
communicates with the
Internet or upper-layer
patch server to download
patches through the
proxy server.
l If no proxy server is
used, leave this
parameter unspecified.
Username and password Specifies the username and -

password for accessing the
proxy server.
Domain Specifies the domain to vdesktop.huawei.com

which the proxy server user
belongs.
Domain account and Specifies the domain -

password of each server of account and password for
FusionAccess logging in to each server of
FusionAccess.
Software
Table 7-19 Patche Software List

Name Path Remark
WSUS30-KB972455- Official website: http:// -

x64.exe www.microsoft.com/en-us/
download/details.aspx?
id=5216
Procedure
Install IIS.
1 Log in to the Loggetter server using the domain account.
2 On the OS, open the Server Manager window.
3 In the navigation tree of the Server Manager window, right-click Roles, and choose
Add Roles.
The Add Roles Wizard window is displayed.

FusionCloud Desktop
4 In the navigation tree, select Server Roles.

The server roles are displayed in the right pane.
5 Select Web Server (IIS) and click Next.
The Web Server (IIS) window is displayed.
6 Click Next.
The Select Role Services window is displayed, as shown in Figure 7-36.
Figure 7-36 Select Role Services
7 Select Application Development, Windows Authentication in Security, and IIS 6

Metabase Compatibility in IIS 6 Management Compatibility, and click Next.
8 Click Install.
The Installation Progress window is displayed.
When the installation is complete, the system displays "Installation succeeded."
9 Click Close.
Install the WSUS3.0 SP2 software.
11 Double-click WSUS30-KB972455-x64.exe.
The Windows Server Update Services 3.0 SP2 Setup Wizard window is displayed.
12 Click Next.
The Installation Mode Selection window is displayed.
13 Select Full server installation including Administration Console and click Next.
The License Agreement window is displayed.

FusionCloud Desktop
14 Select I accept the terms of the license agreement and click Next.
The Select Update Source window is displayed.
15 Select Store updates locally, click Browse, and select the directory where the update
source is stored.
NOTE
The disk space of the update source must be at least 6 GB.
16 Click Next.
The Database Options window is displayed.
17 Click Next.
The Web Site Selection window is displayed.
18 Select Use the existing IIS Default Web site and click Next.
The Ready to Install Windows Server Update Services 3.0 SP2 window is displayed.
19 Click Next.
The Installing window is displayed.
After about 10 minutes, the Completing the Windows Server Update Services 3.0 SP2
Setup Wizard window is displayed.
20 Click Finish.
The Windows Server Update Services configuration wizard window is displayed, as
Figure 7-37 Windows Server Update Services configuration wizard

FusionCloud Desktop
Set network connections.

21 Click Next.
The Join the Microsoft Update Improvement Program window is displayed.
22 Click Next.
The Choose Upstream Server window is displayed.
23 Select the upper-layer server.
– To update patches from the Internet, select Synchronize from Microsoft Update.
– To update patches from an upper-layer patch server, select Synchronize from
another Windows Server Update Services server and set parameters as shown in
Figure 7-38.
n Server name: Enter the IP address of the upper-layer patch server.
n Port number: Retain the default value 80.
n Deselect other parameters.
Figure 7-38 Choose Upstream Server
24 Click Next.

FusionCloud Desktop
The Specify Proxy Server window is displayed.

25 Check whether a proxy server is used to access the Internet.
26 Select Use a proxy server when synchronizing and set the following parameters:
– Proxy server name: Enter the proxy server IP address.
– Port number: Retain the default value 80.
27 Select Use user credentials to connect to the proxy server and set the following
parameters:
– User name: Enter the username for logging in to the proxy server.
– Domain: Enter the domain to which the user belongs.
– Password: Enter the password for logging in to the proxy server.
28 Click Next.
The Connect to Upstream Server window is displayed.
29 Click Start Connecting.
It takes about 3 minutes to connect to the proxy server.
30 Click Next.
The Choose Languages window is displayed.
31 Select English and click Next.
The Choose Products window is displayed.
32 Select Windows server 2008 R2 and click Next.
The Choose classifications window is displayed.
33 Click Next.
The Configure Sync schedule window is displayed.
34 Select Synchronize automatically and set the following parameters:
– First synchronization: Set the first update time.
– Synchronizations per day: Set the number of update times each day.
35 Click Next.
The Finished window is displayed.
36 Click Finished.
The configuration is complete.
NOTE
The modification cannot be saved during the patch updating process.
Set Windows components patch update policies.
37 Log in to the ITA server using a domain account.
39 In Open text box, enter gpedit.msc, and press Enter.
40 In the navigation tree, choose Computer Configuration > Administrative Templates >
Windows components > Windows Update.
The Window Update pane is displayed on the right.

FusionCloud Desktop
41 In the right pane, double-click Configure Automatic Updates.

The Configure Automatic Updates dialog box is displayed, as shown in Figure 7-39.
Figure 7-39 Configure Automatic Updates
42 Select Enabled in Configure Automatic Updates, and set the following parameters:
– Configure automatic updating
– Scheduled install day
– Scheduled install time
NOTE
Do not set the same update time for the components. A one-day interval is recommended for one
patch update.
43 Click OK.
The Configure Automatic Updates dialog box is closed.
44 In the right pane, double-click Specify intranet Microsoft updates service location.
The Specify intranet Microsoft updates service location dialog box is displayed.
45 Select Enabled in the Specify intranet Microsoft updates service location area and set

FusionCloud Desktop
– Set the intranet update service for detecting updates: Enter the service IP
address of the patch server.
– Set the intranet statistics server: Enter the service IP address of the patch server.
46 Click OK.
The Specify intranet Microsoft updates service location dialog box is closed.
47 Close the Group Policy Management Editor window.
48 Repeat 38 to 47 to set patch update policies for the following servers.
– Active AD\DNS\DHCP
– Standby AD\DNS\DHCP
– Standby ITA
– Loggetter\TCM
Approve patches.
49 Log in to the patch server using the domain account.
50 Choose Start > Administrative Tools > Windows Server Update Services.
The Update Services window is displayed.
51 Choose Patch server name > Updates > All Updates, as shown in Figure 7-40.
Figure 7-40 All Updates
52 In the middle pane, select Unapproved from the Approval drop-down list, select Any
from the Status drop-down list, and click Refresh.
Information about the required and unapproved patches is displayed.
53 Right-click a patch and choose approve from the shortcut menu.

FusionCloud Desktop
The Approve Updates dialog box is displayed.

54 Right-click All Computers and choose Approved for Install from the shortcut menu.
55 Repeat 53 to 54 to approve all patches.
Check whether patches can be automatically updated from the patch server.
56 Log in to the ITA server using a domain account.
58 Enter cmd in the Open, and press Enter.
The CLI is displayed.
59 Run the following command to update the system:
wuauclt.exe /detectnow
NOTE
After the command is executed, a message is displayed in the lower right corner of the desktop,
reminding you of updating patches.
Check the patch update status.

60 In the Update Services window, choose Reports in the navigation tree.
The Reports window is displayed.
61 Click Update Status Summary in the middle pane.
The Updates Report window is displayed.
62 Specify the filter criteria, for example, select Include updates in these classifications,
and click Run Report on the toolbar.
63 Check the status of each patch in the Patch server name Update Report pane.
The update status information is displayed.
----End
7.2.12 Solution to SSLv3 Vulnerability CVE-2014-3566
Scenarios
To fix SSLv3 vulnerability CVE-2014-3566, modify the server.xml file on the active and
standby ITA, WI, and UNS servers.
NOTE
Browsers must support TLSv1, TLSv1.1, and TLSv1.2 security protocols. Configure your browser to support
the protocols.
Prerequisites
Conditions
Data
Table 7-20 lists the paths of the server.xml file

FusionCloud Desktop
Table 7-20 File Path

Server File Path
ITA C:\ita\tomcat\conf
WI /opt/WI/tomcat/conf
UNS /opt/WI/tomcat/conf
Procedure
Modify the configuration file on the ITA server.
1 Change the sslEnabledProtocols="SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2"
parameter under Connector port="8448" in the server.xml file to
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2".
Connector port="8448" protocol="com.huawei.EncryHttp11Protocol"

SSLEnabled="true" URIEncoding="UTF-8"
maxThreads="150" scheme="https" secure="true"
connectionTimeout="1200000"
clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
Restart the Tomcat service.

2 Choose Start > Administrative Tools > Services on the ITA server.
3 Right-click Apache Tomcat 7 in the right pane of the Services window, and choose
Restart from the shortcut menu.
Modify the configuration file on the WI and UNS servers.
4 Change the sslEnabledProtocols="SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2"
parameter under Connector port="9443" in the server.xml file to
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2".
Connector port="9443" protocol="com.huawei.EncryHttp11Protocol"

connectionTimeout="20000" maxPostSize="10240" SSLEnabled="true"
maxThreads="500" maxKeepAliveRequests="200" scheme="https"
allowTrace="false" secure="true"
clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
Restart the WI and UNS services.

5 Run the following command to restart the WI and UNS services:
service WIService restart
Modify the Internet Explorer settings on a client.
NOTE
If the Internet Explorer is used on the client from which you log in to the ITA, WI, and UNS servers, perform
the following configuration. The settings of other types of explorers do not need to be modified.
6 Open Internet Explorer and choose Tools > Internet Options.

7 On the Advanced tab page, select Use TSL 1.1 and Use TSL 1.2, as shown in Figure
7-41.

FusionCloud Desktop
Figure 7-41 Internet Options
8 Click OK.
----End

FusionCloud Desktop
Software Installation Guide 8 Glossary
8 Glossary
About This Chapter
8.1 A-E
8.2 F-J
8.3 K-O
8.4 P-T
8.5 U-Z

FusionCloud Desktop
8.1 A-E
A
alarm severity The extent of the impact of a fault on services.

Application Delivery A component that identifies applications allocated to users and delivers the
Controller applications to virtual desktops.
application VM A VM running dedicated server software to implement specific functions. For
example, a VM running SQL Server is an application VM.
bare VM A VM that is assigned an identifier but does not occupy any CPU, memory, storage, or
network resources.
baseboard A dedicated micro controller embedded in the main board of a computer (especially a
management controller server).
basic input/output Firmware installed on the computer main board that contains basic input/output
system control programs, power-on self test (POST) programs, bootstraps, and system setting
information. The BIOS provides the hardware setting function and control function for
the computer.
BMC See baseboard management controller.
BIOS See basic input/output system.
Charging Gateway The gateway between the cloud system and an external billing center.
cloud computing A scheme that provides computing resources for users over the Internet by using large
data centers or super computer clusters.
Cluster Monitor Node The cluster-level monitoring manager.
CMN See Cluster Monitor Node.
CNA See Computing Node Agent.
Computing Node A component that is deployed on a computing node and manages VMs and VM
Agent mounting on the computing node.
data center A system used by enterprises and organizations with deployed networks to store,
manage, and share information.
DC See data center.
DHCP See Dynamic Host Configuration Protocol.
dom0 See domain 0.

FusionCloud Desktop
domain Domains include domain 0 and domain U.

domain 0 A modified Linux kernel and the only VM that operates on the Xen Hypervisor.
Domain 0 can access physical I/O resources and interwork with other VMs operating
on the system. Domain 0 must be started before other domains.
domain U Paravirtualized VMs operating on the Xen Hypervisor are called Domain U PV
Guests, which support the operating system whose kernel has been modified, such as
Linux, Solaris, FreeBSD, and other UNIX operating systems. Fully virtualized VMs
are called Domain U HVM Guests, which support the operating system whose kernel
does not need to be modified, for example, Windows.
Dynamic Host A type of TCP/IP that enables a network to access the Internet and automatically
Configuration Protocol assign a temporary IP address to a host accessing the network.
E
EC See elastic computing.
elastic computing A cloud service that allocates computing resources to users as required.
equipment serial An unique ID for a set of equipment.
number
ESN See equipment serial number.
8.2 F-J
F
facility operating A system that intelligently controls facilities, such as air conditioners and
system uninterruptible power systems (UPSs), in an equipment room, and exposes and
manages the API.
fast Ethernet An extension and enhancement of the traditional Ethernet that is based on shared
media. The maximum data transmission rate is 100 Mbit/s. FE complies with the IEEE
802.3u standard.
FE See fast Ethernet.
File Transfer Protocol A type of TCP/IP used to copy files between computers over the Internet. In FTP
transmission, one computer must serve as the FTP client and the other as the FTP
server.
FOS See facility operating system.
FTP See File Transfer Protocol.
full clone A complete and independent copy of a VM. It shares nothing with the parent VM after
the cloning operation. A full clone can have independent system disks and different
software from the parent VM. Full clones apply to various scenarios, for example,
office automation (OA).
G
GE See Gigabit Ethernet.

FusionCloud Desktop
Gigabit Ethernet A collection of technologies for transmitting data at a rate of 1 Gbit/s in compliance
with IEEE 802.3 standards.
GPU See graphics processing unit.
graphics processing A microprocessor that performs image computing on PCs, workstations, or game
unit machines.
Guest OS The operating system on domain U.
H
HDC See Huawei Desktop Controller.
HDP See Huawei Desktop Protocol.
host A physical server that runs virtual software. VMs can be created on a host.
HTTP See Hypertext Transfer Protocol.
Hypertext Transfer A request-response protocol in the client-server computing model. In HTTP, a Web
Protocol browser submits an HTTP request message to the server, and the server returns a
response message to the client.
Hypervisor The software layer on a virtual server, which manages the VMs on the server and
helps VMs share the hardware resources of the virtual server. The Xen Hypervisor is a
software layer between the hardware and operating system, which performs CPU
scheduling and partitioning between VMs. The Xen Hypervisor controls VM
migration between hardware devices and other VM-related operations (because the
VMs share a processing environment). The Xen Hypervisor does not process
networks, storage devices, videos, or other I/O resources.
Huawei Desktop A unit that controls the desktop policy of a user VM.
Controller
Huawei Desktop A desktop protocol that controls user VMs.
Protocol
I
I/O input/output
ICP See information content provider.
IDC See Internet Data Center.
information content Any person or entity that creates or develops information provided over the Internet or
provider other interactive computer services.
Internet Data Center The data center that carries Internet services.
Internet Small A protocol that enables SCSI transmission on a TCP over IP network.
Computer Systems
Interface
iSCSI See Internet Small Computer Systems Interface.
ISO VM A VM that connects to an ISO image of a local disk. With the ISO image, users can
install and upgrade the OS and other software.
ISP Internet service provider

FusionCloud Desktop
IT Adapter An adapter for the interworking between the cloud platform and the IT system. With
IT adapters, the IT system can perform VM management, VM mirroring management,
VM allocation management, and system O&M management.
ITA See IT Adapter.
J
Java Runtime An environment that provides libraries, Java Virtual Machine, and other components
Environment to run applets and applications written in the Java programming language.
JRE See Java Runtime Environment.
8.3 K-O
L
linked clone A technology that allows VMs to be made from a snapshot of the parent.
linked clone VM A duplicate of a VM that uses the same base disk as the parent VM and a chain of
delta disks to keep track of the differences between the original and the clone. The
linked clone technology reduces the need for disk space and increases the maintenance
efficiency. Linked clones apply to scenarios in which the VMs use the same software,
for example, call centers. The differences between the parent VM and the linked
clones are stored on the delta disks for the linked clones.
live migration A method of migrating VMs without interrupting services.
LLA See Local Log Agent.
LMA See Local Monitor Agent.
Local Log Agent A component that collects log information from the local node.
Local Monitor Agent A component that is deployed on a physical node and monitors data of various
processes on the node.
Log A type of file that records the system events that occur while the system is operating.
The system events include the operation, input/output (I/O) operations, exceptions,
and security events. Engineers use logs to query information and perform maintenance
on the system.
log node Records system operation logs.
logical unit number An unique identifier of a LUN device. A RAID group can be divided into multiple
LUNs. Each LUN contains one or more physical disks.
LUN See logical unit number.
M
MAC See Media Access Control.
management module The management module of a server.

FusionCloud Desktop
Media Access Control A protocol at the media access control sublayer and the lower part of the data link
layer in the OSI model that is responsible for controlling and connecting the physical
media at the physical layer. When transmitting data, the MAC protocol checks
whether the data can be transmitted. If it can, certain control information is added to
the data, and then it is transmitted in a specific format to the physical layer. Upon
receiving the data, the MAC protocol checks whether the control information is
correct and the data was transmitted correctly. If both of these is true, the control
information is removed from the data, which is then transmitted to the logical link
control (LLC) layer.
MM See management module.
N
NC See Network Computer.
Network Computer A device that provides virtual desktop service.
network file server A distributed file system that allows remote file storage and access to the existing
server through the NFS protocol.
Network File System A method of executing file sharing between UNIX systems. Through the NFS and the
network, applications on the client can save and obtain data on the disk of a server.
The NFS was first developed by Sun in 1984, and designed to facilitate sharing
materials between PCs and operating systems through networks.
network interface card A device that is identified as pethN in the virtual system, where N indicates a certain
digit.
Network Resource A node for managing and allocating network resources.
Manager
Network Time An application-layer protocol which uses IP and UDP to synchronize the time
Protocol between the distributed time server and the client. NTP is evolved from Time Protocol
and ICMP Timestamp Message and features high protocol accuracy and good health.
NFS See network file server.
NFS See Network File System.
NIC See network interface card.
NP network processor
NRM See Network Resource Manager.
NTP See Network Time Protocol.
O
OM See operation and maintenance.
operation and The operations and maintenance performed on the system by maintenance engineers.
maintenance

FusionCloud Desktop
8.4 P-T
P
power-off The process of shutting down the physical servers.
preboot execution A technology that enables computers to boot from the network. This technology is the
environment successor of Remote Initial Program Load (RPL). The PXE works in client/server
mode. The PXE client resides in the ROM of a network card. When the computer
boots up, the BIOS invokes the PXE client to the memory. The PXE client obtains an
IP address from the DHCP server and downloads the operating system from the
remote server through TFTP.
PV driver paravirtualized driver
PXE See preboot execution environment.
R
RAID See redundant array of independent disks.
RDP See Remote Desktop Protocol.
Redhat Package A packeting and installation tool for packages downloaded from the Internet. The
Manager RPM is contained in certain Linux distribution versions and it generates .rpm files.
Redundant Array of A technology that provides a hard disk group (logical hard disk) consisting of multiple
Independent Disks physical hard disks combined in different modes. The hard disk group features higher
storage performance over a single hard disk and supports data redundancy. The
different combination modes for disk arrays are called RAID levels. At present, there
are seven basic RAID levels, RAID 0 to RAID 6. These basic RAID levels can be
further combined to form new RAID levels, such as RAID 10 (a combination of RAID
1 and RAID 0) and RAID 50 (a combination of RAID 5 and RAID 0).
Remote Desktop A Microsoft virtual desktop protocol.
Protocol
Remote Procedure Call A computer communication protocol that allows programs running on a computer to
invoke subprograms on another computer. The programmer does not need to program
for the interaction.
resource cluster A cloud service unit that contains resources of the same attributes. A cloud system
may contain one or more clusters. Clusters are categorized as management clusters
and virtual clusters.
resource pool A component that discovers physical resources and manages and schedules physical
and virtual resources.
RPC See Remote Procedure Call.
RPM See Redhat package manager.
RPOOL See Resource Pool.

FusionCloud Desktop
S
SAN See storage area network.
SC See software client.
SDRAM synchronous dynamic random access memory
serial over LAN An interface complying with the IPMI V2.0 standard that controls serial data
transmission over a LAN connection. SOL specifies the packet formats and protocols
for serial data transmission between a remote workstation and the computers it
manages. SOL is based on the IPMI-over-LAN specification.
server farm A group of network servers with the same location that streamlines internal processes
by distributing the workload to the individual components of the farm and expedites
computing processes by harnessing the power of multiple servers.
service level agreement A service contract between a customer and a service provider that specifies the
forwarding service a customer should receive and under what conditions. The
customer may be a user organization (source domain) or a differentiated services
domain (upstream domain). An SLA may consist wholly or partially of traffic
conditioning rules.
service private cloud Cloud infrastructure operated solely for a single organization.
Simple Network A network management protocol of TCP/IP that enables remote users to view and
Management Protocol modify the management information on a network element. This protocol ensures the
transmission of management information between any two points. The polling
mechanism is adopted to provide basic function sets. In accordance with SNMP, both
hardware and software agents can monitor the activities of various devices on the
network and report these activities to the network console workstation. Control
information about each device is maintained by a management information block.
SLA See service level agreement.
SNMP See Simple Network Management Protocol.
software client Software running on a common PC to process the virtual desktop protocol.
SOL See serial over LAN.
SPC See Service Private Cloud.
storage area network A network dedicated to transporting data for storage and retrieval.
storage node A storage server.
T
TC See thin client.
TFTP See Trivial File Transfer Protocol.
thin client A terminal with lower processing power than a Thick Client that processes the virtual
desktop protocol, serves as the client of the remote desktop, and provides an access
method for users.
Trivial File Transfer A type of FTP that does not require a user name and password and is used for
Protocol automatic downloading.

FusionCloud Desktop
8.5 U-Z
U
Unified Virtualization Virtual management software that divides each computing resource into multiple VM
Platform resources.
UVP See Unified Virtualization Platform.
UVP Black Box A component that collects and stores kernel logs and diagnosis information provided
by the diagnosis tool before the physical machine where the UVP (that is, domain 0) is
installed crashes. After the system crashes, the logs and information are exported for
analysis.
VBD virtual block device

VFS See virtual file system.
VIF See virtual interface (VM NIC).
virtual disk A file in the host file system. For a customer operating system, it functions as a
physical disk drive. The file can be configured on the host or a remote file system.
After configuring a VM with a virtual disk, you can install a new operating system to
the disk file without having to repartition a physical disk or restart the host. Virtual
disks on the VMware Workstation can be mapped to the partitions on the host.
virtual file system A system that provides a versatile object-oriented interface for all file systems in the
integrated file system.
virtual interface (VM An entity with an IP address that processes service data in a virtual device. In the
NIC) virtual system, it is identified as vif.
virtual local area An end-to-end logical network across different network segments and networks,
network constructed using the network management software based on the switching LAN.
Network resources and users are logically divided based on a certain principle and a
physical LAN is logically divided into multiple broadcasting domains (VLANs). The
hosts on a VLAN can directly communicate with each other whereas different VLANs
cannot. This efficiently suppresses broadcasting packets.
virtual machine One or multiple computer systems virtualized from a physical server.
VM IP address An IP address assigned to a VM, unlike the IP address assigned to a physical machine.
The VM can communicate with other devices on the network through the IP address.
virtual memory Virtualized memory for a VM allocated based on the physical memory. Even if the
memory is not physically contiguous, it is contiguous for the VM. The VM can
randomly save and obtain data in its virtual memory without affecting the memory
accessibility of other VMs on the same physical machine.
Virtual NIC An NIC for VMs, unlike an NIC for a physical machine. Multiple virtual network
cards can be created for a single VM. The virtual network card can connect to the
physical network card in bridge mode for data transmission.
Virtual Private Server The service for leasing servers to enterprises.

FusionCloud Desktop
virtual server A device on which the operating system and applications run based on various
virtualization technologies, unlike the original physical server. When using certain
resources of the physical server, the virtual server is the same as the physical server
for users. Both partitions and VMs are considered virtual servers.
Virtual Software A device that is deployed on a computing node and performs the virtual network
Switch switching function for the VMs on the node.
virtual storage A technology used to uniformly manage multiple storage devices to provide storage
systems featuring customized capacity, high reliability, and high I/O performance for
users.
virtual switch A software program created on a physical server to implement data switching between
VMs on the same or different servers.
virtualization A technology that enables a single physical server to operate multiple independent
technology virtual OSs.
VLAN See virtual local area network.
VM See virtual machine.
VM high availability A feature that enables the O&M system to continuously monitor all physical hosts and
automatically migrate all VMs off a faulty host.
VM migration A technology used to migrate VMs to another hardware resource for VM operations.
VM specifications A set of predefined VM attributes for creating VMs with unified specifications.
VM template A template used to create VMs that have the same specifications. A template is a VM
in essence. A VM and a VM template can convert to each other as required. After a
VM is converted to a template, only its isTemplate field is changed to true.
volume The logical storage volume of a VM, which can either be system volume or user
volume.
VPS See Virtual Private Server.
VSS See Virtual Software Switch.
VT See virtualization technology.
Y
Yast A central management and installation tool in SUSE Linux.


FusionCloud Desktop V100R005C30 Software Installation Guide 05

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FusionCloud Desktop V100R005C30 Software Installation Guide 05

Uploaded by

Copyright:

Available Formats

FusionCloud Desktop

Software Installation Guide

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 05 (2015-12-07) Huawei Proprietary and Confidential i

About This Document

l Installation and commissioning engineers

Alerts you to a high risk hazard that could, if not

Alerts you to a medium or low risk hazard that could, if

Alerts you to a potentially hazardous situation that could,

NOTE Provides additional information to emphasize or

Issue 05 (2015-12-07) Huawei Proprietary and Confidential ii

Issue 05 (2015-12-07) Huawei Proprietary and Confidential iii

Issue 05 (2015-12-07) Huawei Proprietary and Confidential iv

About This Document.....................................................................................................................ii

4 Cloud Platform Software Installation Guide (Standard Desktop)....................................36

5 Cloud Platform Software Installation Guide (Desktop Appliance)..................................43

6 FusionAccess Software Installation......................................................................................... 46

Issue 05 (2015-12-07) Huawei Proprietary and Confidential v

6.4.2 Creating Windows Infrastructure VMs......................................................................................................................72

Issue 05 (2015-12-07) Huawei Proprietary and Confidential vi

7.2.8 Enabling the Firewalls for Windows Infrastructure VMs....................................................................................... 204

Issue 05 (2015-12-07) Huawei Proprietary and Confidential vii

1 About This Document

l Installation and commissioning engineers

Alerts you to a high risk hazard that could, if not

Alerts you to a medium or low risk hazard that could, if

Alerts you to a potentially hazardous situation that could,

NOTE Provides additional information to emphasize or

Issue 05 (2015-12-07) Huawei Proprietary and Confidential 1

Issue 05 (2015-12-07) Huawei Proprietary and Confidential 2

Issue 05 (2015-12-07) Huawei Proprietary and Confidential 3

Figure 2-1 Process

Preparing for the Installation.

Install Platform Software.

Install FusionAccess Software.

Issue 05 (2015-12-07) Huawei Proprietary and Confidential 4

3 Preparing for the Installation

About This Chapter

Issue 05 (2015-12-07) Huawei Proprietary and Confidential 5

Table 3-1 Data to be obtained

Host Host This parameter is mandatory. CNA01

Managem This parameter is mandatory. 192.168.180.40

Managem This parameter is mandatory. 255.255.255.0

Managem This parameter is mandatory. 192.168.180.1

Virtual VRM This parameter is mandatory. Active: VRM01

Issue 05 (2015-12-07) Huawei Proprietary and Confidential 6

Category Paramete Description Example Value

Managem This parameter is mandatory. 255.255.255.0

Managem This parameter is mandatory. 192.168.180.1

Floating Specifies the VRM floating IP address. 192.168.180.10

Shared Storage Identifies a storage device. This IP 192.168.30.31

Storage This parameter is required only when 172.20.100.100

Storage Specifies the storage device type. NAS

Storage This parameter is required only when Huawei

Issue 05 (2015-12-07) Huawei Proprietary and Confidential 7

3.1.2 FusionManager Data

Table 3-2 Data to be obtained

Management IP address This parameter is Active FusionManager:

Floating IP address This parameter is 192.168.180.20

Gateway IP address of the This parameter is 192.168.180.1

3.1.3 FusionAccess Data

l Standard deployment (recommended)