You are on page 1of 34

Huawei FusionCloud Desktop Solution

Application Virtualization Main Slides

HUAWEI TECHNOLOGIES CO., LTD. www.huawei.com


Author/ID Ren Jianyun/00238981

Department Cloud Computing Marketing Operations Dept

Solution Name Huawei FusionCloud Desktop Solution

Version 5.3 (V100R005C30)

This slide describes the background, highlights, practices, and cases of the application virtualization
Slide Overview
solution provided in Huawei FusionCloud Desktop Solution 5.3.
Intended Used for preliminary communication with VIP customers who are interested in application
Purpose virtualization.

This slide is used for preliminary communication with customers and can be revised based on
Intended Usage
customers' concern.

Release Date 2015-05-28

Page 2 HUAWEI TECHNOLOGIES CO., LTD.


Background
Customer
Requirements

Page 3 HUAWEI TECHNOLOGIES CO., LTD.


Customer Pain Points and Requirements
Difficult Security Supervision Complex Application Deployment Mobility and Service Continuity

 Heavy pressure is put on IT control and  Complex distributed application  Popularity of smart phones
security supervision. deployment increases costs.
 Mobile office requirements
 Applications and data stored on user  IT personnel have to upgrade
 Service outsourcing and service
devices are facing security risks. applications running on hundreds of
continuity requirements
Applications installed on user devices devices from time to time.
may conflict with each other, resulting in
slow operation or even breakdown of
devices.
 Emerging IT systems are in an urgent
need of data security supervision.

Page 4 HUAWEI TECHNOLOGIES CO., LTD.


What Is Application Virtualization
Customer Benefits
APP

Simplified IT management
Application publishing in
Windows Server seconds
Centralized deployment
without data stored locally
Desktop Secure and controllable
transmission
protocol
Mobile office
Access anytime,
anywhere
Quick fault recovery
Shortened service
Application virtualization allows multiple users to share interruption time
applications and desktops centrally managed by the Window
Server. Users can access secure applications and desktops
from any terminal without the need of installing applications.

Page 5 HUAWEI TECHNOLOGIES CO., LTD.


Comparison Between Application Virtualization and
Desktop Virtualization
Application Desktop
virtualization virtualization
(SBC) (VDI) VDI provides dedicated desktops.
Terminals Provides independent Windows desktop resources
based on a virtualization platform.
Profile Supports good peripheral and application compatibility.
Desktop Applies to personalized desktops.
app app
management SBC VDI
management app management
OS

SBC provides shared desktops and shared


Windows Windows VM VM VM VM
Cloud platform server server
applications.
Provides applications or desktops using Remote
Cloud platform
Desktop Services (RDS) of the Windows Server.
Servers and Isolates applications based on sessions.
storage devices
Provides low costs.
SBC: Server-Based Computing Applies to certain task-based scenarios.
VDI: Virtual Desktop Infrastructure
Page 6 HUAWEI TECHNOLOGIES CO., LTD.
Two Forms of Application Virtualization
Shared desktops Shared applications

 Users can run multiple applications and switch between the


 Users can view the Windows 7 UI on the desktop.
applications.
 Users can run various applications on shared
 Operations (such as operations on the keyboard, mouse, and
desktops.
peripherals and audio- and video-related operations) of a user
 Users are not allowed to modify the OS. are isolated from operations of other users.

 Unauthorized users cannot view data of other  Users are not allowed to modify the OS.
users.
 Unauthorized users cannot view data of other users.

Page 7 HUAWEI TECHNOLOGIES CO., LTD.


Application Scenarios
Simple office Secure Internet Branch office Mobile office
access

Only applications PCs or laptops are Applications are Mobility


are published to retained for Internet deployed at the requirements are
task-based access, and headquarters, met, allowing
employees, such applications providing secure service handling
as network (Internet access or applications and onsite.
management and specific service saving bandwidth.
O&M personnel network access) are
centrally deployed
and published.

Page 8 HUAWEI TECHNOLOGIES CO., LTD.


Simple Office
Application Scenario
This solution applies to office scenarios with simple
Server Network Storage
peripherals and low personalized requirements, such
as hotel front desks, education, and network
management (light-load).
VM1 VM2 Solution Highlights
 Adoption of shared desktops reduces hardware
Multiple employees share a VM and are
assigned independent desktops based on resource consumption of virtual desktops as well
sessions.
as investment.
 Employees on the same post share a linked clone
VM. VM OSs or applications are centrally
upgraded on the desktop management platform.
 Applications and data are deployed on the cloud,
which provides higher data security than PCs.
Post A Post A Post B Post B

Page 9 HUAWEI TECHNOLOGIES CO., LTD.


Application Scenario
Secure Internet Access Employees access the Internet based on application

virtualization, which meets security control requirements of

the enterprise as well as Internet access requirements of

employees.
Secure office network of
an enterprise Internet Solution Highlights
 Employees access the Internet using browsers

published by application virtualization. Internet data

cannot be transmitted to the intranet, so that intranet

HDP over SSL security is ensured.

 Employees access the Internet using shared desktops

published by application virtualization and download


Security
data to the intranet using the file transmission function.
gateway
 In the secure Internet access solution, the existing
Application virtualization
servers office architecture does not need to be changed, and

the second PC does not need to be deployed for

Internet access, which greatly reduces investment.


Page 10 HUAWEI TECHNOLOGIES CO., LTD.
Branch Office Application Scenario

Applications are centrally deployed and managed at

the headquarters. Users in branch offices can

HDP stream access applications using terminals without the


Enterprise ERP system
OA
need of deploying applications.

Solution Highlights
VM VM
Virtual application
 Resources are allocated on a unified desktop cloud
publishing
platform platform to quickly deploy branch offices.

 Centralized O&M simplifies terminal management

Virtual application UI transmission and reduces O&M loads of branch offices.

 Compared with conventional SSL VPN, virtual


PC or laptop PC or laptop PC or laptop
applications can be accessed more quickly, and

data streams are reduced.

 No valid data is stored in branch offices, providing


Branch office 1 Branch office 2 Branch office 3
high security.
Page 11 HUAWEI TECHNOLOGIES CO., LTD.
Application Scenario

Mobile Office Users access remote applications or shared desktops using

smart terminals over various networks without the need of

installing applications locally.

Solution Highlights
 New clients do not need to be developed for mobile terminals,

which enables quick application deployment and reduces

costs.

HDP over SSL  All applications and data of service systems are stored on the
WEB Exchange cloud, and only image data is delivered to mobile terminals.

Security gateway No data is stored in mobile terminals, which ensures data

security.

Application CRM ERP  Applications are centrally upgraded and maintained on the
publishing servers
cloud, reducing maintenance workloads of applications.

 Security authentication is implemented when mobile

terminals connect to the Huawei application virtualization

system, and data is encrypted for transmission. This ensures

information security for enterprises.

Page 12 HUAWEI TECHNOLOGIES CO., LTD.


Solution

Page 13 HUAWEI TECHNOLOGIES CO., LTD.


Unified Uniform Unified Unified
Architecture Protocol Access Management

Huawei Application Virtualization Solution


Architecture Data center
Management
Virtual Virtual
component
Terminals Access network application desktop
resource pool resource pool
HDP
HDP
HDP Agent

AD DHCP DNS
TC Windows
LB/Gateway
server VM
HDP Agent
HDP

Windows
server
VM

Mobile terminal FusionAccess

Service stream
desktop cloud access
Control stream management system FusionAccess
FusionSphere management Portal
cloud OS
A FusionAccess system supports both VDI and
SBC, including:
Uniform Huawei Desktop Protocol (HDP)
Uniform management component

Page 14 HUAWEI TECHNOLOGIES CO., LTD.


Unified Uniform Unified Unified
Architecture Protocol Access Management

HDP
 Transmits only application images and keyboard and mouse information other than service  Transfers image changes and device support information.

data over the network.  Provides 32 virtual channels to transmit different information.

 Implements unified identity authentication and rights control on users, such as forbidding file  Transfers keyboard scanning codes and mouse events, and

uploading and downloading. prints data.

 Uses SSL to encrypt transmission when users access from the extranet.  Controls screens by obtaining information on the server.

 Provides user experience similar to that of PCs.  Displays


USB Tunnel image changes on clients.
Display Tunnel
 Requires 20 to 30 kbit/s bandwidth for each user. Audio Tunnel
HDP Media Tunnel
Mouse Client
Others...

[Client]
PC CRM
[Server]
Laptop
HDP Data center
Mobile
terminal SAP
Virtual
desktop

Page 15 HUAWEI TECHNOLOGIES CO., LTD.


Unified Uniform Unified Unified
Architecture Protocol Access Management

Unified Access to Virtual Desktops and Applications

Unified Shared desktop: The Windows 7


Virtual desktop: complete Windows
desktops
workspace UI is displayed, and only some
applications can be published
Virtual desktop Shared Shared desktop and viewed.
applications

Shared applications: Only some


applications can be published and viewed.

Page 16 HUAWEI TECHNOLOGIES CO., LTD.


Unified Unified Unified Unified
Architecture Protocol Access Management

Unified Management of Virtual Desktops


and Applications
Unified
Unified O&M portal upgrade tool
Unified service provisioning

Unified O&M
Unified alarm Unified report
monitoring management

A FusionAccess system can be used to


provision two types of services: virtual
desktops and application virtualization.

Page 17 HUAWEI TECHNOLOGIES CO., LTD.


Display Sound Video Login

Display Experience: HD Display Quality

HDP display quality VDI display quality


Key technology HDP@Display

 Lossless compression for non-nature pictures: Automatically identifies the non-nature pictures such as text, Windows figures, and lines
in pictures, and implements lossless compression for them. Nature pictures, such as photos and images, are compressed at an
appropriate rate.
 Does not repeatedly transmit same image data: Automatically identifies the unchanged data in an image, and transmits only the changed
image data, which greatly reduces the bandwidth consumption.
 Multiple image compression algorithms: Uses the optimal compression algorithm.

PSNR of non-nature pictures is higher than 50000 dB, and SSIM is 0.999955, which is nearly lossless

Page 18 HUAWEI TECHNOLOGIES CO., LTD.


Display Sound Video Login

Sound Experience: High-quality Sound


Key technology HDP@Media
High-fidelity music compression algorithm: Automatically identifies sound
scenarios; uses the high-fidelity music encoding and decoding algorithm to
HDP greatly improve the music playback quality.
Human voice optimization: Uses the telecommunication voice algorithm
VoIP Tunnel
Server Client and automatic noise reduction for human voice optimization in VoIP
(VM) (TC)
scenarios. This achieves the best voice quality even in noisy environments.
Music Tunnel
Low latency: Improves the VoIP voice processing priority to ensure real-
time voice.
High sampling rate: Uses the sampling rate of 44.1 kHz to prevent source
voice loss.

HDP protocol: Voice quality PESQ exceeds 3.4 and is the highest in the industry. Source voice is
accurately restored.
Page 19 HUAWEI TECHNOLOGIES CO., LTD.
Display Sound Video Login

Video Experience: Smooth Video Playback


 Key technology HDP@Media

 Intelligent identification of video data: Automatically identifies


video data or common GDI data. Video data is encoded using
H.264 or MPEG2 and decoded using TC hardware capabilities.

 Dynamic frame rate adjustment: Dynamically adjusts the video


playback frame rate (35 or higher) based on the network
quality to ensure smooth video playback.

 Dynamic video data auto-negotiation: Automatically adjusts


video data flows based on the monitor resolution and video
window size to reduce CPU consumption and improve user
experience.

 Multimedia redirection: Fully uses the TC hardware decoding


capabilities to support automatic reconnection for playback
upon network disconnection, dynamic flow adjustment, and
1080P video playback.

 Flash redirection: Downloads fragmented flash video files to


the client, and decodes videos on the client to improve flash
experience. •Highest frame rate in the industry
 Application sensitivity: Optimizes commonly-used playback •Highly efficient video encoding and decoding
software (such as Flash) and image processing software (such •Hisilicon TC chip video encoding and decoding
as Photoshop) based on customer demands. •More concurrent videos
Page 20 HUAWEI TECHNOLOGIES CO., LTD.
Display Sound Video Login

GUI Experience: User-friendly Login Page

Network status
indicator

Page 21 HUAWEI TECHNOLOGIES CO., LTD.


Security Availability Compatibility Mobility

HDP Improves System Security

Security access gateway


(software vAG or
hardware SVN)

HDP WAN HDP

Policy control on the desktop


transmission channel
Encryption transmission
Identity authentication
Any device (Two-factor authentication)
Cloud servers
centrally providing Centralized
computing and application
storage resources management

 Data transmission security is improved by encrypting data transmission and controlling the desktop transmission
channel (using HDP).
 Access gateways support user authentication. The adoption of software gateways reduces costs.
 Two-factor authentication is supported, including the smartcard, fingerprint, and dynamic password.
 Single sign-on (SSO) of applications is supported.
 In the application virtualization scenario, the HDP supports multi-session isolation. That is, one user's operations on
the keyboard, mouse, and peripherals and display- and audio-related operations are isolated from operations of other
Page 22 users based on sessions. HUAWEI TECHNOLOGIES CO., LTD.
Security Availability Compatibility Mobility

Global and Process-Level Availability


FusionAccess FusionAccess
User connection HA
Client Server Desktop
client Agent Agent management
LB/AG FusionSphere FusionSphere
APP APP
Windows Windows HA Cloud platform
Server Server
management

Users OS OS
Optimal resources are
selected based on loads: APS session VM VM
Lightest CPU loads servers Management
Lowest memory usage nodes
Least session connections

User connection reliability Management node reliability


Client network Server Desktop management Cloud platform management
APS server load balancing Key nodes do not depend on
Redundancy of management nodes
Automatic reconnection Fault isolation and scheduled Windows OSs and Huawei Desktop
Automatic VM fault recovery
upon network restart Controller (HDC) does not depend on
Automatic monitoring for memory,
intermittent Process-level monitoring and the domain controller.
CPU, and hard disk status of
disconnection service restart upon failures Service status detection, and
management nodes
Network status Clearing sessions that are automatic fault isolation and recovery
Management data backup
automatic detection disconnected for a long time are supported.

Page 23 HUAWEI TECHNOLOGIES CO., LTD.


Security Availability Compatibility Mobility

Quick Adaptation

Compatibility of application software


1. Prerequisites
Applications must be able to be deployed on the
Windows Server 2008/2012 R2.
Applications must support multi-instance running. That is,
multiple instances run concurrently.

2. For details about the compatibility list, visit


http://support.huawei.com/onlinetool/datums/fusioncloud/c
omptool/index.en.jsp.

Peripheral compatibility involves support for printers,


USB flash drive, disk drive, and other devices.

Page 24 HUAWEI TECHNOLOGIES CO., LTD.


Security Availability Compatibility Mobility

Mobile Terminal Access Providing Flexible Touchscreen and


Network Status Monitoring

Supports voice input (integrates iFlyVoice) and floating touch ball (network status
monitoring and software keyboard and mouse).
Page 25 HUAWEI TECHNOLOGIES CO., LTD.
Security Availability Compatibility Mobility

Integrating with Huawei AnyOffice Solution

Solution
 The application virtualization feature provides native Windows
applications.
 The application virtualization solution integrates with mobile device
management (MDM) software, such as Huawei AnyOffice, to support SSO
of applications and provide a unified workbench.
 AnyOffice provides a unique entry for users to access applications
(including desktops, Windows applications, native applications, and web
applications).
Virtual
desktop Native
applications
Customer Benefits
SaaS
 Enterprise applications are integrated so that employees can easily
Windows
access the applications and work efficiency is improved.
applications
 Mobile office improves office efficiency by 15% (collected from Huawei IT
department).

Page 26 HUAWEI TECHNOLOGIES CO., LTD.


Practice
Complete Forms
Scalability

Page 27 HUAWEI TECHNOLOGIES CO., LTD.


Construction Plan  FusionAccess is Huawei's desktop management and delivery software.
It consists of the following components:
Service network
 Web interface (WI): provides a portal for users to access the desktop
Management network Intranet cloud.
Storage network  HDC: a core component of FusionAccess, manages virtual desktops.
Firewalls  GaussDB: a database used to store data.
VRRP Core switches  IT adapter (ITA): provides interfaces and a portal for users to manage
virtual IT assets.
 License: controls the number of users accessing the desktop cloud
Access switches
system.
 Thin Client Manager (TCM): centrally manages TCs.
Service network
 AD/DNS/DHCP: The AD system is used to authenticate users. The
Management network DHCP is used to assign IP addresses in the domain. The DNS is used
to resolve computer names and desktop cloud domain names for login.
 Application virtualization resource pool
Virtualization management
 An APS server is provided based on Windows Server to publish
FusionSphere
Newly
added
applications.
vAG/vLB
 Multiple workers can be configured on an APS server to manage and
Desktop management
FusionAccess
Application
virtualization Office desktops publish applications.

AD/DHCP/ HDC/LI
/WI/DB
ITA vAG/
vLB
 User data storage
DNS

Application virtualization  User profile roaming: User profile data of shared desktops and remote
Management cluster cluster VDI cluster
applications is stored on a third-party shared file server using the roaming
Storage network user configuration and folder redirection functions of Windows OSs.
Cloud data center
Storage
resource pool
 User data storage: User personal data of shared desktops and remote
applications is stored on a third-party storage system, such as NAS.

Page 28 HUAWEI TECHNOLOGIES CO., LTD.


Software and Terminal Support
Desktop cloud software:
FusionAccess Enterprise Plus Edition (VDI+SBC), FusionAccess SBC Enterprise Edition (only SBC)

Windows Server RDS License

Supports Windows Server 2008 R2 Standard Edition, Enterprise Edition, Professional Edition, and Data Center
Edition.
Supports Windows Server 2012 R2 Standard Edition, Enterprise Edition, Professional Edition, and Data Center
Edition.
Clients:
PC: Windows XP/7/8.1 OS
Windows TCs: CT5000/5100/6000/6100, GI945
Linux TCs: CT3000/3100/5000/5100/6000/6100, GI945, Sunniwell TCs. Shared desktops do not support
windowed mode.
Mobile clients:
iOS mobile clients: later than iOS 7.0
Android mobile clients: Android 4.0 or later

Page 29 HUAWEI TECHNOLOGIES CO., LTD.


Reference Service Configuration

Windows Server APS Session


CPU Pressure Model Density
2012 Server
VSI heavy load 82

8 APS Server VSI medium load 110


2 x E5-2680 Standard
4U22G
VSI light load 155

VSI: universal LogicVSI test model


APS Server: user session server

Page 30 HUAWEI TECHNOLOGIES CO., LTD.


Reference Bandwidth
Application Virtualization Access SSL VPN Access
Item
Traffic
Total Data Traffic Rate Total Data Traffic Rate
Duration Duration Reduced By
(Downstream/Upstrea (Downstream/Up (Downstream/Upstrea (Downstream/Up
(s) (s)
m, KB) stream, kbit/s) m, KB) stream, kbit/s)
Displaying the home page of the
4 580/43 1500/70 17 1751/374 1000/100 30%
unified information platform

Opening a document 3 111/28 300/45 11 566/45 1200/200 23%

Opening a Word file (5.45 MB)


10 290/80 1000/100 60 6086/193 1200/30
attached to the email
31.2%
Continuously scrolling pages of a
Word file (5.45 MB) attached to the None 1374/216 150/40
email

Opening a PPT (6.77 MB)


11 265/45 500/46 80 7623/1898 1000/25
attached to the email
11.5%
Continuously scrolling pages of a
PPT (6.77 MB) attached to the None 740/48 1000/100
email
Accessing pictures in shared
10 300/56 1000/90 30 2766/151 1000/26 12.2%
information

Test results of a project: Application virtualization provides an access rate two to six times quicker

than SSL VPN and reduces 60% bandwidth than SSL VPN.
Page 31 HUAWEI TECHNOLOGIES CO., LTD.
4 Cases Help Customers in
Business Success

Page 32 HUAWEI TECHNOLOGIES CO., LTD.


Huawei Application Virtualization+AnyOffice Help Xinhua
News Agency Implement Mobile Editing
Mobile reporting system
Media·Mobile Office
Headquarters
Intranet service area Video backhaul Voice gateway Video conference

• Customer pain points:

Firewall Router
• Journalists cannot collect, edit, send, and publish news in real time using
Mobile terminal
Aggregation switch traditional devices that are heavy and difficult to carry.

• Leaders on business trips cannot connect to the intranet to approve news or


Mobile reporting join a conference.
Mobile terminal
• Solution:
Application
MDM/APP Store Secure access
virtualization
gateway • Huawei AnyOffice solution is deployed, which enables journalists to collect news
Mobile reporting using tablets or mobile phones. In an application virtualization environment,
Solution components: journalists can edit, send, and publish news, and leaders can approve news and
· AnyOffice mobile office platform
· FusionAccess application virtualization system join conferences remotely.

• A unified mobile office platform implements access authentication for terminals,


network transmission encryption, and data security protection to ensure information
Leaders of Xinhua News Agency were invited to attend Huawei security.
new technology demonstration and impressed by Huawei's
AnyOffice+Application virtualization+eSpaceUC solution. • Customer benefits:
"This is what we need."–Xinhua News Agency Laboratory • Huawei solution enables journalists to collect news anytime, anywhere and
(responsible for new technology verification and application improves news publishing efficiency by 30%.
research)
• The decision-making efficiency of leaders is improved by 40%.

Page 33 HUAWEI TECHNOLOGIES CO., LTD.


Thank you
www.huawei.com

Copyright©2015 Huawei Technologies Co., Ltd. All Rights Reserved.


The information in this document may contain predictive statements including, without limitation, statements regarding the
future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially from those expressed or implied in the predictive
statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an
acceptance. Huawei may change the information at any time without notice.

Page 34 HUAWEI TECHNOLOGIES CO., LTD.