No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionAccess Desktop Solution V100R006C20 Windows Desktop Management Guide 09 (FusionSphere V100R006C10 or Earlier)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Planning and Creating Policies

Planning and Creating Policies

Scenarios

Based on the actual environments and requirements of end users, plan and customize application policies for all the VMs in a desktop group, a VM, or VMs of a user in the following aspects:

  • Peripherals
  • Audio
  • Flash
  • Multimedia
  • Client
  • Display
  • File & Clipboard
  • Access control
  • Session
  • Bandwidth
  • Virtual Channel
  • Watermark
  • Keyboard & Mouse
  • Audio and Video Bypass
  • Personalized Data Mgmt
  • Custom

Prerequisites

You have logged in to FusionAccess. For details, see Logging In to FusionAccess.

NOTE:

The policy takes effect after the user logs in to the VM next time.

Data

For details about how to set the parameters involved in this task, see the FusionAccess Online Help.

Procedure

  1. On FusionAccess, choose Desktop > Policy Management, and click Create Policy Group in the right pane.
  2. On the Create Template page, set Policy Group Name and Description, select New Policy Group for Edit Mode, and click Next, as shown in Figure 3-13.

    Figure 3-13 Creating a policy group

  3. On the Specify Policies page, set application policies and click Next.

    1. Create peripheral policies.

      Table 3-20 describes the typical scenarios of peripheral policy configuration.

      Table 3-20 Typical scenarios

      Peripheral

      Mode

      Procedure

      Description

      USB devices

      • USB Port Redirection
      • Device Redirection
      1. USB Port Redirection
        1. Enable Main Switch.
        2. Enable the device redirection under USB Port Redirection.
        3. Enable Other USB Devices.
        NOTE:

        For example, if the device is a printer, ensure that Print Device and Other USB Devices under USB Port Redirection are set to Enabled.

      2. If the device is still unavailable, enable redirection of this device under Device Redirection:
        1. Enable the device redirection under Device Redirection.
        2. Enter basic information about the device in Customization Policy, and set isShare to 0.
      • If the peripheral is a USB device, USB Port Redirection takes precedence over Device Redirection.

        Exceptions include:

        • Enable TWAIN Redirection for high-speed document scanners.
        • Enable Camera Redirection for cameras.
      NOTE:

      The maximum resolution supported by CT3200 is 640 x 480 and that supported by CT3200 is 1920 x 1080.

      • If both TCs and VMs use a smartcard, enable PC/SC Smart Card Redirection.
      • To enable Device Redirection, you must enter basic device information in Customization Policy and set isShare to 0.
      NOTE:

      For details about the device information format and parameters, see FusionAccess Online Help.

      Serial port devices

      Serial Port Redirection

      1. Enable Main Switch of Serial Port Redirection.
      2. If the device is still unavailable, use a serial-to-USB cable to connect the serial port device to the client.
      3. If the device is a printer, you can enable Printer Redirection in Device Redirection.
      • Serial Port Redirection is preferred.
      • If Serial Port Redirection cannot meet the redirection requirements of a serial port device, use a serial-to-USB cable to connect the device to the client, and enable USB Port Redirection.
      • Enable Printer Redirection for serial port printers.

      Parallel port devices

      LPT Redirection

      1. Use a parallel-to-USB cable to connect the parallel port device to the client.
      2. Repeat the steps for setting USB devices.

      After connecting to the client using a parallel-to-USB cable, the parallel port device is equivalent to a USB device. The settings are the same as those for USB devices.

      Examples:
      • HP LaserJet 3015dn USB printer (VID:03F0 PID:8D17)
        1. Enable Main Switch, Print Device, and Other USB Devices in USB Port Redirection, as shown in in Figure 3-14.
        2. If the printer is still unavailable, configure a policy with the ID ID:03F0:8D17:0:0 in USB Port Redirection and enable Printer Redirection in Device Redirection, as shown in in Figure 3-14.
          Figure 3-14 USB printer
      • Enable serial port redirection for serial port printers.

        Enable Main Switch in Serial Port Redirection, as shown in Figure 3-15.

        Figure 3-15 Serial port printer
      • USB camera

        Enable Camera Redirection, as shown in Figure 3-16.

        Figure 3-16 USB camera
      • High-speed document scanner: Liangtian S300L (VID:1B17 PID:0310)
        1. Configure a policy with the ID ID:1B17:0310:0:0 in USB Port Redirection.
        2. Enable TWAIN Redirection, as shown in Figure 3-17.
          Figure 3-17 High-speed document scanner
      • The CT3200 TC of user A is connected with an HP LaserJet 3015dn USB printer, an HP1606dn USB printer (VID:03F0 PID:0A2A), and a USB flash driver (read-only for security).
      • HP LaserJet 3015dn USB printer: In USB Port Redirection, select Enabled for Print Device, as shown in in Figure 3-18.
      • HP1606dn USB printer: In USB Port Redirection, create a policy with the ID ID:03F0:0A2A:0:0. In Device Redirection, select Enabled for Printer Redirection, as shown in in Figure 3-18.
        Figure 3-18 Multiple devices
      • USB flash drive read-only permission: Set File Redirection to Read-only and enable Client Removable Driver, as shown in Figure 3-19.
        Figure 3-19 Read-only USB flash drive
      • The user can only use the smartcard EPASS 3000 (VID:96E PID:401) to ensure security.

        Configure a policy with the ID ID:96E:0401:1:0, and select Enabled only for Main Switch in USB Port Redirection, as shown in Figure 3-20.

        Figure 3-20 Using only EPASS 3000
      • The smartcard EPASS 3000 needs to be used on a user's TC and VM.
      • In USB Port Redirection, select Disabled for Smart Card.
      • Configure a policy with the ID ID:96E:0401:0:0 and enable PC/SC Smart Card Redirection, as shown in Figure 3-21.
        Figure 3-21 Using EPASS 3000 on a user's TC and VM
    2. Create audio policies.

      Create audio policies based on actual requirements. Retain the default settings if there are no special requirements.

      Typical configuration scenarios:
      • For daily work or conferences where audio recording and playback and entertainment applications need to be prohibited, select Disabled for Audio Redirection.
      • Set Play Volume only in special scenarios, such as electronic classrooms.
      • In voice calls, if the called party cannot hear the calling party's voice even if the volume is adjusted to the maximum, increase the value of Play Volume Ratio for the calling party or the value of Record Volume Ratio for the called party. There are three levels – high, medium, and low – for Play Volume Ratio and Record Volume Ratio. The ratio is usually set to Low or Medium.
    3. Create flash, multimedia, and client polices.

      Create flash, multimedia, and client policies based on actual requirements. Retain the default settings if there are no special requirements.

    4. Create display policies.

      Set the following parameters:

      • Display Policy Grade, which can be any of the following:
        • Grade 1: provides the poorest display quality but has minimum requirements on the bandwidth, and therefore is applicable to a network with a bandwidth lower than 512 Kbps.
        • Grade 2: provides poorer display quality but has minimum requirements on the bandwidth, and therefore is applicable to a network with a bandwidth lower than 1 Mbit/s.
        • Grade 3: provides poor display quality but has minimum requirements on the bandwidth, and therefore is applicable to a network with a bandwidth lower than 4 Mbit/s.
        • Grade 4 (recommended): balances display quality and bandwidth requirements, and is applicable to a network with a bandwidth lower than 20 Mbit/s.
        • Grade 5: provides best display quality but requires highest bandwidth, and therefore is applicable to a network with a bandwidth lower than 25 Mbit/s.
        • Show Advanced Settings: Refers to the FusionAccess Online Help to set related parameters based on actual requirements.
      • Display Frame Rate (fps): indicates the image refresh frame rate in non-video scenarios. The higher the frame rate, the faster the data sending frequency, the smoother the desktop operations, and the more efficient CPU usage, but the higher the bandwidth required. The value ranges from 1 to 60. The recommended value ranges from 15 to 25.
      • Video Frame Rate (fps): indicates the video refresh frame rate. The higher the frame rate, the faster the data sending speed, the smoother the video playback, and the more efficient CPU usage, but the higher bandwidth required. This value does not take effect when HDP Plus is enabled. The value ranges from 1 to 60. The recommended value ranges from 25 to 30.
      • HDP Plus
        • Enable: enables the HDP Plus GPU pass-through solution.
        • Disable: disables the HDP Plus GPU pass-through solution.
        • Show Advanced Settings: Refer to the FusionAccess Online Help to set related parameters based on actual requirements.
      • Adaptive Bitrate Control
        • Enable: enables Adaptive Bitrate Control.
        • Disable: disables Adaptive Bitrate Control.
        • Show Advanced Settings: Refer to the FusionAccess Online Help to set related parameters based on actual requirements.
      • Other Parameters: Refer to the FusionAccess Online Help to set related parameters based on actual requirements.
        Table 3-21 describes typical configuration scenarios.
        Table 3-21 Typical scenarios

        Scenario

        Procedure

        Limitation

        Smooth video playback is required.

        Solution 1: Enable video streams to be decoded on servers for both local and network video playback.

        1. Configure four vCPUs and 4 GB memory for each user VM. Use Intel Xeon E5-2680 CPU or higher processors and CT6200 WES or CT3200 TCs.
        2. Set Display Policy Grade to Grade 5. If Grade 5 cannot meet requirements, click Show Advanced Settings to set related parameters by referring to the FusionAccess Online Help and based on actual requirements.

        This solution is recommended.

        Solution 2: Enable multimedia redirection for local video playback.

        Select MultiMedia and enable multimedia redirection.

        The multimedia redirection supports only Windows Media Player and CT6200 WES, or CT3200 TCs.

        Solution 3: Enable flash redirection for network video playback.

        Select Flash and enable flash redirection.

        The flash redirection supports only Internet Explorer and CT6200 WES TCs.

        If the videos on a website need to be played using flash redirection, add the website to Whitelist of supported website. For example, to add http://video.sina.com.cn, enter video.sina.com.cn*; to add http://www.youku.com, enter *youku.com*. Use semicolons (;) to separate multiple websites.

        High definition (HD) desktops are required by individual users for daily office tasks.

        Modify the parameters in Display > Display Policy Grade > Show Advanced Settings:

        • Bandwidth (Kbps): a value from 20000 to 25000.
        • Lossy Compression Recognition Threshold: a value from 50 to 60.
        • Lossy Compression Quality: a value from 85 to 95.

        -

        Requirement of a single user: HD desktop graphics processing and media environment

        Modify the policy items in Display:

        1. A single user is advised to use 4U4G VMs, CPUs with frequency equal to or greater than 2.8 GHz, GPUs higher than the entry-level configurations, and CT6100/CT6200 TCs.
        2. Preferentially set Display Policy Grade to Grade 5 If the media environment is involved,enable the HDP Plus function. If Grade 5 cannot meet the requirements, modify parameters in Display > Display Policy Grade > Show Advanced Settings:
        NOTE:

        Only the advanced FusionAccess desktop solution edition can use the HDP Plus function.

        • Bandwidth (Kbps): a value from 25000 to 35000.
        • Video Frame Rate (fps): a value from 35 to 45.
        • Lossy Compression Recognition Threshold: a value from 20 to 60.
        • Lossy Compression Quality: a value from 90 to 100.
        • Quality/Bandwidth First: Quality First.
        • Average Video Bit Rate (Kbps): a value from 25000 to 30000.
        • Peak Video Bit Rate (Kbps): a value from 28000 to 35000.

        CT6100/CT6200 TCs are recommended.

        Using desktop cloud in a low bandwidth environment

        Set Display Policy Grade to Grade 1, Grade 2, or Grade 3. If any of these grades cannot meet requirements, set the basic and advanced display properties as follows:

        • Bandwidth (Kbps): enter the actual bandwidth allocated for each user.
        • Video Frame Rate (fps): a value from 15 to 23
        • Lossy Compression Recognition Threshold: a value from 80 to 250
        • Lossless Compression Mode: 1
        • Deep Compression Level: a value from 3 to 9
        • Lossy Compression Quality: a value from 50 to 70
        • Quality/Bandwidth First: Bandwidth First
        • Average Video Bit Rate (Kbps): a value from 500 to 2000
        • Peak Video Bit Rate (Kbps): a value from 500 to 2000. The value must be greater than or equal to the value of Average Video Bit Rate (Kbps).

        -

      • Duplicate Display
        • Enable: After duplicate display is enabled, you can use Huawei duplicate display application tray or invoke Huawei duplicate display interface to initiate duplicate display on the VM.
        • Disable: After duplicate display is disabled, you cannot initiate duplicate display on the VM.
        • Show Advanced Settings: Refer to the FusionAccess Online Help to set related parameters based on actual requirements.
        • For details about how to use the duplicate display function, see Configuration Management > Configuring Duplicate Display in FusionAccess Desktop Solution V100R006C20 System Management Guide.
    5. Create a file and clipboard policy.

      Create a file and clipboard policy based on the actual situation and parameters. If there is no special requirement, retain the default settings.

    6. Create an access control policy.

      Customize IP access control policies based on the actual situation to control user access rights.

      Set the policies by using the following methods:

      • Leave the client IP address segment empty, which indicates that users can access VMs from any IP address segment.
      • Specify a client IP address segment, which indicates that users can access VMs from only the specified IP address segment.
      NOTE:

      The access control policy is implemented by the vAG based on client IP addresses. Therefore, this function has the following restrictions:

      • Users must access the network through the vAG server.
      • If uses access the network using NAT and the source IP addresses are replaced, the vAG cannot obtain the real client IP addresses. In this case, the function cannot be used.
    7. Create a session policy.

      If a VM is not used for a long time after being connected, resources are wasted. After the session automatic disconnection policy is set, the system will automatically disconnect the VM when the VM is locked for a certain period. Resources of the VM are allocated to other users, which improves resource utilization.

      The session automatic disconnection policy is disabled by default. If there is no special requirement, retain the default settings.

    8. Create a bandwidth policy.

      Refer to the FusionAccess Online Help to set related parameters based on actual requirements.

    9. Create a virtual channel policy.
      • Virtual Channel Control: enables or disables the policy. The default value is Disable.
      • Custom Virtual Channel Registered Name: when custom virtual channel registered name and ITA-defined channel name(also known as an authorized channel name) is the same, this virtual channel will take effect. Naming rules: for example vchello1, vchello2, can be separated by commas. If all control is fully open, you can fill in All.
      • Third-Party Plug-in Name: specifies the third-party plug-ins that are loaded on demand to only Windows clients, for example, LyncVdiPluginLib. Multiple plug-in names can be entered and must be separated by spaces or commas (,).
    10. Create a watermark policy.

      Refer to the FusionAccess Online Help to set related parameters based on actual requirements.

    11. Create a keyboard and mouse policy.

      Refer to the FusionAccess Online Help to set related parameters based on actual requirements.

    12. Create an audio and video bypass policy.
      • Common Audio and Video Switch: enables or disables the policy. The default value is Disable.
      • Software Path: used to configure the path and start parameters for software that uses common audio and video policies. Use semicolons (;) to separate multiple software paths. If a path includes spaces, use double quotation marks ("") to quote the path.
    13. Create personalized data mgmt policies.
      NOTE:
      • Folder redirection does not support multiple NAS disk redirections.
      • When accessing the personalized data management path and network drive mapping path, users must have the read and write permission on the paths.
      • When personalized data management and network drive mapping are configured, the configured path and the user VM must reside in the same domain.
      • Path for Managing Personalized Data: specifies the network location for storing roamed files. If User Data Roaming Switch or User Folder Redirection Switch is enabled, this value cannot be empty.
      • User Data Roaming
        • Enable: roams the user's personalized data and configured files (folders) to the configured network location. The network location for storing the roamed files is required for enabling this function.
        • Disable: The function of user data roaming policy is disabled.
        • Local Path of Roamed Files (Folders): specifies the path of the files or folders to be roamed in the user configuration files. Only the files and folders under the Roaming directory are supported. Wildcard characters are supported. If you want to add multiple paths, separate them from each other using semicolons (;).
        • Excluded Files: configure the file path to be excluded in the user configuration file. Only the files to be excluded in the Roaming directory can be configured. Wildcard characters are supported. If you want to add multiple paths, separate them from each other using semicolons (;).
      • User Folder Redirection
        • Enable: enables this function stores user data to a directory on the network instead of a local host. A separate directory needs to be configured for redirection.
        • Disable: The function of user file redirection policy is disabled.
        • If roaming and redirection are configured for the same directory, file redirection is implemented preferentially.
      • Configuration File Processing
        • Enable: The locally stored user configuration file is automatically deleted upon user logout.
        • Disable: The locally stored user configuration file is not deleted upon user logout.
      • Network Drive Mapping
        • Enable or disable the network drive mapping function.
        • Network Drive Mapping Path: configures a valid network drive path, and use it to automatically mount to the user's VM. Both public and private network drives can be mapped. If a private network drive is mapped, a user's directory is generated in the shared path and the user is granted the exclusive rights of the directory. For example, Public Network Drive: \\192.168.1.10\NasDisk, Private Network Drive: \\192.168.1.10\NasDisk\%username%.
        • Drive Letter: By default, this parameter is left blank. The available drive letter is automatically selected when the default value of drive letter is empty.
    14. Create a custom policy
      • Enable or disable the Configuration 1 policy. The default value is Enable.
      • Configuration 1 rule (Provided by Huawei engineers): The input value must be a JSON format string.

  4. On the Specify Target page, select objects to which the policy applies.

    • Add policy application objects: In the left area, query policy application objects based on search criteria, select application object names in the query result list, and click > to add them to the right area.
    • Remove policy application objects: In the right area, select existing application object names and click <.

    Click Save for the policy configuration to take effect.

    NOTE:

    If the name of the selected application object contains the Desktop Group object type, the policy will be applied to all the VMs in the related desktop group.

  5. Click OK & Return when "The policy group has been created successfully" is displayed.
Translation
Download
Updated: 2019-04-25

Document ID: EDOC1000182394

Views: 24006

Downloads: 60

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next