No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionAccess Desktop Solution V100R006C20 Windows Desktop Management Guide 09 (FusionSphere V100R006C10 or Earlier)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting Access Control Policies

Setting Access Control Policies

Scenarios

In common mode, you do not need to set access control policies. In scenarios that have demanding security requirements, set access control policies to ensure information security.

Access control policies include the following:

  • Access Time Control: Multiple periods are set, and some objects are forbidden to log in to VMs during these periods.
  • Device and User Binding: After users and devices are bound, users can log in to VMs by using bound devices only, ensuring the security of sensitive information in VMs. The administrators can group users or devices for batch binding, simplifying the input operation by the administrators.
  • TC and Computer Binding: Configure TC and computer binding. After the binding relationship is configured, the bound computer can be logged in using only the bound TC.
    NOTE:

    A TC cannot be bound to a hosted machine.

Impact on the System

This operation has no adverse impact on the system.

Prerequisites

Data

For details about how to set the parameters involved in this task, see FusionAccess Online Help.

Procedure

Set the access time control policy.

  1. On the FusionAccess portal, choose Desktop > Service Configuration > Access Control Policy Management > Access Time Control.

    The Access Time Control page is displayed.

  2. Click Add.
  3. Enter the policy name and description based on Table 4-5, select time segments and click Add to add them to the time segment list.

    Table 4-5 Parameters

    Parameter

    Description

    Example Value

    Policy Name

    • Consists of letters, digits, and underscores.
    • An existing policy name cannot be reused.

    time_01

    Description

    A string of 0 to 255 characters.

    Specifies the time policy.

    Time Segments

    • The time segments cannot overlap.
    • A maximum of 10 time segments can be configured.

    01:00-02:00

  4. Click Next.

    The Edit Policy Target page is displayed.

  5. Search for objects by entering the Target Type or Target Name, select required objects in the available area, and click to add the selected objects to the Selected area.
  6. Click Save.
  7. If the name of the selected object contains the Desktop Group target type, the policy will be applied to all the VMs in the related desktop group.

    When The access time control policy is created successfully. is displayed, click OK & Return.

  8. Click Publish all policies to HDC to publish all policies to HDC as prompted.

Bind users and devices.

  1. On the FusionAccess portal, choose Desktop > Service Configuration > Access Control Policy Management > Device and User Binding.

    The Device and User Binding page is displayed.

  2. Click Set Device Binding.

    The Set Device Binding Switch page is displayed.

  3. Check whether the WI cluster is enabled with the Device binding function and Device binding security mode.

    The configuration of the Device binding function and Device binding security mode takes effect only for a single WI cluster.

  4. Click , and enable the Device binding function and Device binding security mode as prompted.

    NOTE:
    • Select Enable Automatic Binding Upon the First Login based on site requirements. If this function is enabled, skip Step 16 and Step 17. The system automatically binds a user to the fixed or mobile device to which the user logs in initially. A user can be bound to a maximum of one fixed device and one mobile device.
    • After the Device binding function and Device binding security mode are enabled, the Set Device Binding Switch page is automatically closed.
    • Only user passwords and dynamic passwords are supported for authentication in automatic binding upon the first login.

  5. Check whether you need to set the access mode for users who use unbound Devices in the WI cluster.

    The configuration of the user access mode takes effect for global WI clusters.

  6. Click Set Access Mode.

    The Set Access Mode page is displayed.

  7. Set the access mode as prompted, and click OK.

    NOTE:

    The Set Access Mode page is automatically closed. The access mode for users who use unbound devices is set.

  8. Click Manual Input.

    The Device and User Binding page is displayed.

  9. Select a TC Group , TC or Mobile device, and specify TC group name, MAC address, Mobile device id, User (group) name, Domain, and Description. Complete the binding following the instructions.

    NOTE:
    • If there are multiple physical NICs when you configure the binding relationships between MAC addresses and domain users, you need to enter at least one MAC address of these NICs.
    • If you select TC Group, enter TC group name; If you select TC, enter MAC address; If you select Mobile device, enter the MAC address of the Android device or UUID of the iOS device.

Bind TCs and computers.

  1. On the FusionAccess portal, choose Desktop > Service Configuration > Access Control Policy Management > TC and Computer Binding.

    The TC and Computer Binding page is displayed.

  2. Click Set Binding.

    The Set Binding page is displayed.

  3. Select Enable and click OK.
  4. Click Manual Input.

    The TC and Computer Binding page is displayed.

  5. Configure information and complete the binding following the instructions. For details, see Table 4-6.

    Table 4-6 Parameters

    Parameter

    Description

    Example Value

    MAC address

    Specifies the MAC address of the TC to be bound.

    12-34-56-78-9A-BC

    Computer name

    Specifies the computer name that exists in the desktop group associated with the selected Desktop.

    vdesktop\VM01

    Description

    Provides supplementary information.

    description

Translation
Download
Updated: 2019-04-25

Document ID: EDOC1000182394

Views: 24192

Downloads: 61

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next