No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionAccess V100R006C20 Cloud Classroom Solution Product Documentation 10 (Single-Classroom Scenarios)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Maintenance Instructions

Maintenance Instructions

Critical Operations

Avoid the operations listed in Table 3-24 during the FusionAccess maintenance. These operations may result in serious impact on the system.

Table 3-24 Forbidden operations

Category

Risks

Service operations

Delete virtual desktops on FusionManager or FusionCompute.

User virtual desktops will be unavailable.

Deploy the Dynamic Host Configuration Protocol (DHCP) servers or domain name servers (DNSs) in the desktop cloud.

The DHCP and DNS servers conflict with the DHCP and DNS services running on FusionAccess, resulting in service failures.

Forcibly restart or shut down a VM when the VM operating system (OS) restarts normally, for example, the VM OS restarts during patch installation.

The VM may be damaged.

Mount Windows 7 or Windows Server 2008 system disks to a Windows 7 or Windows Server 2008 VM as user disks.

The system boot file may be damaged, which causes a blank screen.

Table 3-25 lists the operations that may affect FusionAccess reliability and security if improperly performed.

Table 3-25 Critical operations

Operation

Risks

Risk Level

Workaround

Check Item

Replace an infrastructure server.

Improper operations may cause service interruption.

▲▲▲

Back up data and then replace the server.

Check whether there are uncleared alarms after the replacement.

Modify group policies on the active directory (AD).

Improper operations may cause service interruption.

▲▲

Record the original configuration of the group policies. If a fault occurs, restore the original configuration.

Check whether VMs are accessible.

Create and associate VMs in batches on the IT adapter (ITA).

If a large number of batch operations are performed during the day, the ITA performance deteriorates and other services may become unavailable.

▲▲▲

  1. Create and associate VMs in batches during low-traffic hours.
  2. Ensure that resources are sufficient before creating and associating VMs in batches.

Check whether VMs are accessible.

On System > Initial Configuration of FusionAccess, perform operations, such as configuring the virtualization environment, domain/OU, and desktop components.

Improper operations may cause service interruption.

▲▲

Record the original configuration information. If a fault occurs, restore the original configuration.

Check whether VMs can be created successfully.

Manually delete VMs.

If a VM is deleted by mistake, data will be lost and services will be interrupted.

▲▲

Confirm the VM information before deleting a VM.

-

Recompose System Disk

Improper operations may result in the loss of user data in the system disk of a linked clone or full-memory VM.

▲▲▲

Recompose System Disk only when data loss is allowed.

-

Restore System Disk

Improper operations may result in the loss of user data in the system disk of a linked clone or full-memory VM.

▲▲▲

Restore System Disk only when data loss is allowed.

-

Create scheduled tasks and select policies.

Improper operations may cause service interruption.

▲▲

Select policies based on service requirements.

Check whether scheduled tasks can be successfully performed.

Configure template types.

Service provisioning fails if the configured template type is not consistent with the required template type.

▲▲

Confirm the required template type and configure the template type correctly.

Check whether services can be provisioned properly.

Do not install Windows Server 2012 R2 SP1.

Security risks exist in infrastructure VMs if Windows Server 2012 R2 SP1 is not installed.

▲▲

Check whether Windows Server 2012 R2 SP1 has been installed on infrastructure VMs. If not, install it.

-

Adjust or change the clock source.

If the clock source is adjusted or changed, the time on VMs will change, which may cause service interruption.

▲▲

Adjust or change the clock source during low-traffic hours.

Observe the time difference after the clock source is adjusted or changed.

Update systems concurrently.

A large number of concurrent update operations exhaust CPU resources of servers and congest the storage and network, resulting in slow running of VMs, node restart, or storage faults.

▲▲▲

Update user VMs in different batches.

Check whether there are uncleared alarms.

Kill viruses concurrently.

A large number of concurrent antivirus operations exhaust CPU resources of servers and congest storage, resulting in slow running of VMs, node restart, or storage faults.

▲▲▲

Kill viruses during low-traffic hours.

Check whether there are uncleared alarms.

Concurrently start VMs at work.

If VMs are concurrently started at work, I/O storms are generated, and VMs run slowly.

▲▲

  1. Do not shut down VMs.
  2. Get VMs ready using scheduled tasks before employees come to the office.

Check whether there are uncleared alarms.

Play videos concurrently on office VMs.

Playing videos concurrently on office VMs exhausts CPU resources of servers and congests the network, resulting in slow running of VMs, disconnection from VMs, or VM connection failures.

▲▲

  1. Improve the specifications of VMs.
  2. Reduce the VM density on a server.

Check whether there are uncleared alarms.

Do not restart VMs for a long time.

Memory garbage exists after the OS runs for a long time, resulting in slow running of VMs.

Restart VMs every seven days at most.

-

Frequently switch over the active and standby GaussDBs.

The active and standby GaussDB databases may be damaged, and the data may be inconsistent or lost.

▲▲▲

  1. Reduce the active/standby GaussDB switchover frequency.
  2. During the switchover, do not perform operations such as creating or deleting VMs.

Check whether there are uncleared alarms.

DB exception alarms (1000029 Alarm About Two Active GaussDB Databases, 1001005 HDC Database Exception, and 1004001 Database Server Exception) exist during the GaussDB switchover.

The data in the active and standby GaussDB may be inconsistent and data may be lost.

▲▲▲

  1. DB exception alarms cannot exist during the GaussDB switchover.
  2. During the switchover, do not perform operations such as creating or deleting VMs.

Check whether there are uncleared alarms.

Terminal Management

Upgrading Clients

This section describes the software packages and reference documents to be obtained for upgrading TC clients and FusionAccess clients. For details about the version mapping, see the FusionAccess Desktop Solution V100R006C20SPC100 Version Mapping.

Upgrading Centerm TC Clients

Table 3-26 lists Centerm TCs supported by the HUAWEI CLOUD™ FusionAccess desktop solution and software required for upgrading the TC clients.

Table 3-26 Software to be obtained for upgrading Centerm TC clients

TC Type

Software

How to Obtain

CT3200/CT3200L Linux

AccessClient_armhf_x.x.xxxxx.x_xxxxxxxxxxxxxx.dat(in Client_for_armhf in Client_for_linux_dat_vx.x.xxxxx.zip)

For enterprise users, click here.

For telecom carrier users, click here.

CT5100/CT5200/CT6100/CT6200 Linux

AccessClient_x86_x.x.xxxxx.x_xxxxxxxxxxxxxx.dat(in Client_for_x86 in Client_for_linux_dat_vx.x.xxxxx.zip)

CT6200 WES7

AccessClient_Win.msi(in Client_for_windows_vx.x.xxxxx.zip)

CT5100/CT6100 WES7

AccessClient_Win.msi(in Client_for_windows_vx.x.xxxxx.zip)

CT5200/CT6200 Win10 IoT

AccessClient_Win.msi(in Client_for_windows_vx.x.xxxxx.zip)

Table 3-27 lists reference documents to be obtained for upgrading Centerm TC clients.

Table 3-27 Documents to be obtained for upgrading Centerm TC clients

Document Type

Document Name

How to Obtain

Centerm Cloud Client Manager User Guide

CCCM_UserManual_5.x.xxx.xxx_Vx.xxx.pdf

For enterprise users, click here.

For telecom carrier users, click here.

Download and decompress the FusionAccess TC V100R001C00SPCxxx product documentation (in the decompressed CT-TCM folder).

Upgrade the Linux TC client.

For details, see CCCM_UserManual > File Deployment Management > Linux File Deployment.

Upgrade the Windows TC client.

For details, see CCCM_UserManual > File Deployment Management > Windows Software Management.

Upgrading Sunniwell TC Clients

Table 3-28 lists Sunniwell TCs supported by the HUAWEI CLOUD™ FusionAccess Desktop Solution and software required for upgrading the TC clients.

Table 3-28 Software to be obtained for upgrading Sunniwell TC clients

TC Type

Software

How to Obtain

SWTMS Terminal Management Server S-Box8V40

AccessClient_arm3100.run(in Client_for_linux_armel_vx.x.xxxxx in Client_for_linux_armel_vx.x.xxxxx.zip)

For enterprise users, click here.

For telecom carrier users, click here.

Sunniwell Android TC ZT3200

Client_for_AndroidTC_ZT3200_vx.x.xxxxx.apk(in Client_for_AndroidTC_ZT3200_vx.x.xxxxx.zip in Client_for_AndroidTC_vx.x.xxxxx.zip)

Table 3-29 lists documents to be obtained for upgrading Sunniwell TC clients

Table 3-29 Documents to be obtained for upgrading Sunniwell TC clients

Document Type

Document Name

How to Obtain

SWTMS_Server_Administrator_Guide

SWTMS_Server_Administrator_Guide_Vx.x.x.pdf

http://www.sunniwell.com/download.html?page=en

Upgrading START TC Clients

Table 3-30 lists START TCs supported by the HUAWEI CLOUD™ FusionAccess Desktop Solution and software required for upgrading the TC clients.

Table 3-30 Software to be obtained for upgrading START TC clients

TC Type

Software

How to Obtain

ST5110/ST6110/ST6200 Linux

AccessClient_x86lnx.run(in Client_for_linux_x86_vx.x.xxxxx in Client_for_linux_x86_vx.x.xxxxx.zip)

For enterprise users, click here.

For telecom carrier users, click here.

ST5110/ST6110/ST6200 Windows

AccessClient_Win.msi(in Client_for_windows_vx.x.xxxxx in Client_for_windows_vx.x.xxxxx.zip)

Table 3-31 lists documents to be obtained for upgrading START TC clients.

Table 3-31 Documents to be obtained for upgrading START TC clients

Document Type

Document Name

How to Obtain

TCM User Manual

ST-TCM_UserManual_x.x.x_Vx.x.pdf

For enterprise users, click here.

For telecom carrier users, click here.

Download and decompress the FusionAccess TC V100R001C00SPCxxx product documentation (in the decompressed ST-TCM folder).

Upgrading HP TC Clients

Table 3-32 lists HP TCs supported by the HUAWEI CLOUD™ FusionAccess Desktop Solution and software required for upgrading the TC clients.

Table 3-32 Software to be obtained for upgrading HP TC clients

TC type

Software

How to Obtain

Windows OS TCs.

AccessClient_Win.msi(in Client_for_windows_vx.x.xxxxx in Client_for_windows_vx.x.xxxxx.zip)

For enterprise users, click here.

For telecom carrier users, click here.

Linux OS TCs.

AccessClient_x64lnx.run(in Client_for_linux_x64_vx.x.xxxxx in Client_for_linux_x64_vx.x.xxxxx.zip)

Table 3-33 lists documents to be obtained for upgrading START TC clients.

Table 3-33 Documents to be obtained for upgrading HP TC clients

Document Type

Document Name

How to Obtain

HP Device Manager Administrator Guide

HP Device Manager - Administrator Guide.pdf

https://support.hp.com/us-en/product/hp-device-manager/3646216/model/3646218/manuals

Upgrading HP TCs running Linux:

For details, see HP TC ThinPro 6.2 Batch Processing Task Execution Guide.

Upgrading HP TCs running Windows:

For details, see HP TC WES7 Batch Processing Task Execution Guide.

Upgrading FusionAccess Clients

Table 3-34 lists software package to be obtained for upgrading FusionAccess clients. The software package enables users to access the desktop cloud through clients.

Table 3-34 Software to be obtained for upgrading FusionAccess clients

TC/PC/Mobile Device Type

Software

How to Obtain

Android OS TCs.

Client_for_android_vx.x.xxxxx.zip

For enterprise users, click here.

For telecom carrier users, click here.

Linux OS TCs or PCs.

Linux OS PCs:

  • Client_for_linux_x86_vx.x.xxxxx.zip
  • Client_for_linux_x64_vx.x.xxxxx.zip
  • Client_for_linux_armel_vx.x.xxxxx.zip
  • Client_for_linux_armhf_vx.x.xxxxx.zip

Linux OS TCs:

Client_for_linux_dat_vx.x.xxxxx.zip

NOTE:
  • All software in the Client_for_arm folder applies to ARM-based Linux TCs, such as CT3200 Linux.
  • All software in the Client_for_x86 folder applies to x86-based Linux TCs, such as CT6000 Linux, and CT5100/CT6100 Linux.

Windows OS TCs or PCs.

NOTE:

X86-based Windows TCs, such as CT6000 WES7, and CT5100/CT6100 WES7, and all x86-based Windows PCs.

Client_for_windows_vx.x.xxxxx.zip

MAC OS PCs.

Client_for_mac_vx.x.xxxxx.zip

iOS mobile devices.

Search for fusionaccess in Apple App Store, download and install the fusionaccess application software.

Android mobile devices.

Open a browser, and enter app.vmall.com in the address box to go to Huawei HiSpace Store, search fusionaccess, download and install the fusionaccess application software.

User VM Maintenance

It is recommended that Kingsoft V8+ terminal security system software be installed on Windows user VMs. This software can be used to perform operations such as clearing viruses, optimizing operating systems, clearing junk files, repairing vulnerabilities, and managing software. For details about the operation procedure, see the Kingsoft V8+ terminal security system software GUI.

For Windows 10 VMs, only LTSB and CBB are supported. You are advised to update the VM patch using Windows Server Update Services (WSUS). For details about patch version mapping, see Huawei FusionCloud Compatibility Check Assistant.

You are advised to obtain applications according to Huawei FusionAccess Preferred Applications.

Configuring WI Addresses in Batches
Scenarios

This section describe how to configure WI addresses in batches by creating and pushing patch files.

Prerequisites
  • A Windows OS TC (or PC) is available.
  • The username and password for logging in to the TCM server have been obtained.
Data

Data preparation is not required for this operation.

Documents
Table 3-35 Document list

Document Name

File Name

How to Obtain

Centerm Cloud Client Manager User Manual

CCCM_UserManual_5.x.xxx.xxx_Vx.xxx.pdf

For enterprise users, click here.

For telecom carrier users, click here.

Download and decompress the FusionAccess TC V100R001C00SPCxxx product documentation (in the decompressed CT-TCM folder).

SWTMS_Server_Administrator_Guide

SWTMS_Server_Administrator_Guide_Vx.x.x.pdf

http://www.sunniwell.com/download.html?page=en

PackTool_UserManual

PackTool_UserManual_x.xx_Vx.xx.pdf

For enterprise users, click here.

For telecom carrier users, click here.

Download and decompress FusionAccess TC V100R001C00SPCxxx Product Documents.

TCM User Manual

ST-TCM_UserManual_x.x.x_Vx.x.pdf

For enterprise users, click here.

For telecom carrier users, click here.

Download and decompress the FusionAccess TC V100R001C00SPCxxx product documentation (in the decompressed ST-TCM folder).

HP Device Manager Administrator Guide

HP Device Manager - Administrator Guide.pdf

https://support.hp.com/us-en/product/hp-device-manager/3646216/model/3646218/manuals

Software

Table 3-36 lists the software required for this operation.

Table 3-36 Required software

Software Name

Description

How to Obtain

AccessClient_Win.msi

Cloud desktop client

For enterprise users, click here.

For telecom carrier users, click here.

Download and decompress Client_for_windows_v1.6.xxxx.zip.

PackToolSetup

Patch creation software of Linux TCs

For enterprise users, click here.

For telecom carrier users, click here.

Download and decompress PackTool_Version_Vx.xx-xxxx.zip.

Procedure

Generate configuration files.

  1. Log in to the TC (or PC), run AccessClient_Win.msi, and install the AccessClient client as prompted.
  2. Click Start, and choose AccessClient > CloudClient.
  3. Configure server information on the displayed page, as shown in Figure 3-58.

    If you need to configure a disaster recovery (DR) address or enable the server compatible mode, click Advanced.

    Figure 3-58 Address management
    • Server Name: user-defined
    • Server Address: FQDN or service plane IP address of the WI server
    • DR Address: backup FQDN or service plane IP address of the WI server
    • Enable server compatible mode: Select this option when the WI server is a third-party WI server.

  4. Click OK.
  5. Click Add to add server information based on actual requirements.
  6. In the C:\PermanenceDataPath\cloudclient directory, servers.xml is the generated configuration file.

Create a patch file.

  1. Perform the following operations based on TC types.

    Table 3-37 Creating a patch file

    TC Type

    Procedure

    Centerm Linux TC

    1. Create a folder on the TC (or PC) and copy the servers.xml file in the C:\PermanenceDataPath\cloudclient directory to the new folder.
    2. Create a patch file for a Centerm Linux TC. For details, see Building Patch > Building HDPTool Software Patch in PackTool_UserManual.

      Set key parameters as follows:

      • Select XOS Platform Linux System for an x86 platform-based TC.
      • Select AOS Platform Linux System for an ARM platform-based TC.
      • Type: HDPConfigure
      • Patch Content:

        File Name: Path of the new folder created on the TC (or PC), for example, C:\PermanenceDataPath\patch.

        Install Path: /root/.local/share/data/Huawei/cloudclient

      • Patch Output: Select any path except the default path.

    Centerm Windows TC

    No patch file needs to be created.

    Sunniwell Linux TC

    Make a patch file as instructed by SWTMS Operation Guide > System Management > File Management in the SWTMS_Server_Administrator_Guide.

    Main parameter settings are as follows:

    • Patch Type: HDP Configure File
    • Select File: Select the patch file that you want to upload, that is, the servers.xml file in the C:\PermanenceDataPath\cloudclient directory on the TC (or PC).

    Sunniwell Android TC

    Make a patch file as instructed by SWTMS Operation Guide > System Management > File Management in the SWTMS_Server_Administrator_Guide.

    Main parameter settings are as follows:

    • Patch Type: Xterm
    • Select File: Select the file that you want to upload, that is, the servers.xml file in the C:\PermanenceDataPath\cloudclient directory on the TC (or PC).
    • Patch Install Path: /sdcard/HdpClient/config/

    HP Windows TC

    See section "Tasks and task templates > Task templates > Creating a task template" in the

    HP Device Manager - Administrator Guide provided by the HP company.

    Main parameter settings are as follows:

    • Select File: Select the file that you want to upload, that is, the servers.xml file in the C:\PermanenceDataPath\cloudclient directory on the TC (or PC).
    • Patch Install Path:

      C:\PermanenceDataPath\cloudclient

    HP Linux TC

    See section "Tasks and task templates > Task templates > Creating a task template" in the HP Device Manager - Administrator Guide provided by the HP company.

    Main parameter settings are as follows:

    • Select File: Select the file that you want to upload, that is, the servers.xml file in the C:\PermanenceDataPath\cloudclient directory on the TC (or PC).
    • Patch Install Path:

      /home/user/.local/share/data/Huawei/cloudclient

    START Linux TC

    You do not need to make a patch file.

    START Windows TC

    You do not need to make a patch file.

Push the patch or configuration file.

  1. Perform the following operations based on TC types.

    Table 3-38 Pushing a patch or configuration file

    TC Type

    Procedure

    Centerm Linux TC

    Push the patch file to Centerm Linux TCs as instructed by File Deployment Management > Linux File Deployment in the CCCM_UserManual.

    Centerm Windows TC

    1. Upload the servers.xml file in the C:\PermanenceDataPath\cloudclient directory to the TCM as instructed by File Deployment Management > Windows Software Management in the CCCM_UserManual.
    2. Push the patch file to Centerm Windows TCs as instructed by File Deployment Management > Windows Software Management in the CCCM_UserManual.
    NOTE:

    Select Copy to Windows Clients for the push mode.

    Sunniwell Linux TC

    Push the patch file to Sunniwell Linux TCs as instructed by SWTMS Operation Guide > Device Management > Device Management in the SWTMS_Server_Administrator_Guide.

    Sunniwell Android TC

    Push the patch file to Sunniwell Android TCs as instructed by SWTMS Operation Guide > Device Management > Device Management in the SWTMS_Server_Administrator_Guide.

    HP Windows TC

    Push the patch file to the Windows TC. For details, see asks and Tasks and task templates > Task > Performing a task in the HP Device Manager - Administrator Guide.

    HP Linux TC

    Push the patch file to the Linux TC. For details, see asks and Tasks and task templates > Task > Performing a task in the HP Device Manager - Administrator Guide.

    START Linux TC

    1. Upload the servers.xml file in the C:\PermanenceDataPath\cloudclient directory to the TCM as instructed by Terminal Management System Detail Operating Instruction > Deployment > File Maintenance in the STCMS_operation manual_universial version.

      Main parameter settings are as follows:

      • Upload type: Upload files
      • File type: Ordinary file
      • Upload attachments: Enter the path of the configuration file to be uploaded.
    2. Push the configuration file to START Linux TCs as instructed by Terminal Management System Detail Operating Instruction > Operating Area > Remote Management > File Deployment in the STCMS_operation manual_universial version.

    START Windows TC

    1. Upload the servers.xml file in the C:\PermanenceDataPath\cloudclient directory to the TCM as instructed by Terminal Management System Detail Operating Instruction > Deployment > File Maintenance in the STCMS_operation manual_universial version.

      Main parameter settings are as follows:

      • Upload type: Upload files
      • File type: Ordinary file
      • Upload attachments: Enter the path of the configuration file to be uploaded.
    2. Push the configuration file to START Windows TCs as instructed by Terminal Management System Detail Operating Instruction > Operating Area > Remote Management > File Deployment in the STCMS_operation manual_universial version.

Uploading the Client Software Packages
Scenarios

This section describes how to perform self-service client upgrade on the WI for FusionAccess V100R006C10 or later.

Procedure

Upload the Android client software package to WI.

  1. Use WinSCP to log in to the WI server as user gandalf.
  2. Use the WinSCP to upload the Android mobile client to the /opt/WI/tomcat/WI/ROOT/plugin directory on the WI server, as shown in Figure 3-59.

    Figure 3-59 Uploading the client

  1. In the /opt/WI/tomcat/WI/ROOT/WEB-INF/conf file, modify the values of androidClientVersion and iosClientVersion to the version of the current mobile client, as shown in Figure 3-60.

    Figure 3-60 Modifying the version number

  1. Save the modification and exit.
  2. Use PuTTY to log in to WI as user root.
  3. Run the following command to restart the WI server:

    service WIService restart

  4. In the CloudClient, enter the IP address of WI to log in to the WI server.
  5. Enter the username and password for login. Download the mobile client as prompted, as shown in Figure 3-61.

    Figure 3-61 Downloading the mobile client

Upload the BS client software package to WI.

  1. Use WinSCP to log in to the WI server as user gandalf.
  2. Extract BSMode_Setup.msi from revert_AccessClient_Win.zip, and upload it to the /opt/WI/tomcat/WI/ROOT/plugin directory of the WI server using WinSCP.
  3. In the /opt/WI/tomcat/WI/ROOT/WEB-INF/conf/login.properties file, modify the value of windowsClientDownloadUrl to /plugin/BSMode_Setup.msi, as shown in Figure 3-62.

    Figure 3-62 Modifying the path

  1. Save the modification and exit.
  2. Use PuTTY to log in to WI as user root.
  3. Run the following command to restart the WI server:

    service WIService restart

  4. Use CloudClient to log in to WI.
  5. Enter the username and password for login, and download the BS client as prompted.

Upload the armhf client software package to WI.

  1. Use WinSCP to log in to the WI server as user gandalf.
  2. Extract AccessClient_armhf.run, and upload it to the /opt/WI/tomcat/WI/ROOT/plugin directory of the WI server using WinSCP.
  3. In the /opt/WI/tomcat/WI/ROOT/WEB-INF/conf/login.properties file, modify the value of downloadFileNames to AccessClient_armhf.run
  1. Use CloudClient to log in to WI.
  2. Enter the username and password for login, and download the armhf client as prompted.
Customizing Clients
About This Chapter

The FusionAccess desktop solution provides users with multiple types of clients, satisfying different requirements in different scenarios and enabling users to log in to their desktops anytime and anywhere.

Additionally, the FusionAccess desktop solution provides a customization function for clients of version v1.6.10002 and later. Users can customize clients based on actual requirements.

NOTE:

Work experience and capabilities in the IT industry are required for users to customize clients.

Customizing a Windows Client
Scenarios

This section describes how to customize a Windows client.

Client v1.6.10002 or earlier cannot be customized.

Prerequisites
  • You have prepared a Window 7 PC with 2.0 GHz CPU or higher, more than 2 GB memory, and 10 GB or more available disk space.
  • WiX Toolset v3.8 or later has been installed. The %WIX% system environment variable is set to the installation path of the WiX tool.
    NOTE:

    Copy the %WIX% environment variable to the file browser dialog box, and press Enter to check whether the environment variable is successfully configured.

  • The operation depends on the signtool.exe signature tool. For details about how to obtain the tool, see Table 3-39.
  • You have installed QT (qt-opensource-windows-x86-vs2010-4.8.6.exe). Obtain the tool from Table 3-39.
Data

The required data is described in the procedure.

Software

Table 3-39 lists software to be prepared.

Table 3-39 Software to be prepared

Name

Description

How to Obtain

AccessClient_Win.msi

Installation package of the Windows cloud client. Client v1.6.10002 or later must be obtained.

For enterprise users, click here.

For telecom carrier users, click here.

signtool.exe

Signature tool

http://revolution.screenstepslive.com/s/revolution/m/10695/l/112948-installing-signtool-exe

WiX Toolset v3.8 or later

Windows installation package creation tool

You need to close all opened folders and CLI windows after initial installation, and check whether the environment variable of WiX is successfully configured.

http://wixtoolset.org/

QT

qt-opensource-windows-x86-vs2010-4.8.6.exe

https://download.qt.io/archive/qt/4.8/4.8.6/

Client_for_Customize_vxxx.zip

Client customization toolkit. Select files in the corresponding directory based on the client type.

-

sigcheck.exe

The software is applicable to 32-bit OSs.

https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx

sigcheck64.exe

The software is applicable to 64-bit OSs.

https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx

Procedure

Preparing customized files

  1. Prepare customized files listed in Customizable Resources of Windows Clients.

    NOTE:

    The HdpClient icon on the taskbar cannot be customized.

Decompressing the client installation package

  1. Decompress Client_for_Customize_vxxx.zip. Select the corresponding folder based on the client type. Copy files in the folder and AccessClient_Win.msi you have prepared in Table 3-39 to the same directory.

    NOTE:

    Ensure that the path where the directory resides does not contain special characters, such as spaces.

  2. Copy signtool.exe to the \Package\AccessClient_Win\Sources\Common directory.
  3. Double-click unpackage.bat to decompress the client installation package.

    The FuisonAccess folder is generated in the directory, as shown in Figure 3-63.

    Figure 3-63 Generated file

Replacing the customized files

  1. Replace the prepared customized figures. For details, see 1.
  2. Use the linguist.exe tool to open the .ts language file to be modified in C:\Qt\4.8.6\bin (default path).
  3. Customize text such as Huawei, CloudClient, and Huawei Technologies Co. to the required text.
  4. In linguist.exe, choose File > Publish to publish the modified .ts file as the corresponding .qm file.

Generating a new client

  1. Based on the OS type, copy sigcheck.exe or sigcheck64.exe that you have prepared to the \Package\AccessClient_Win\Tools directory.
  2. Double-click sigcheck.exe or sigcheck64.exe and click Agree in the window that is prompted, as shown in Figure 3-64.

    NOTE:

    This step is mandatory only when you use this software for the first time.

    Figure 3-64 sigcheck License Agreement

  3. After the customized files are replaced, double-click package.bat to pack the folder.

    The Out folder containing the new customized client installation package is generated in the directory.

Customizing a Linux Client
Scenarios

This section describes how to customize a Linux client.

Linux clients that support customization include Linux armel client, Linux armhf client, Linux x64 client, Linux x86 client.

Client v1.6.10002 or earlier cannot be customized.

Prerequisites
  • You have prepared a PC running the Ubuntu OS (10.04 or later) with 2.0 GHz CPU or higher and more than 2 GB memory.
  • You have prepared a Window 7 PC with 2.0 GHz CPU or higher and more than 2 GB memory. You have installed QT (qt-opensource-windows-x86-vs2010-4.8.6.exe). Obtain the tool from Table 3-40.
  • The sha256sum software has been installed (the software is installed by default).
  • The password of user root has been obtained.
Data

The required data is described in the procedure.

Software

Table 3-40 lists software to be prepared.

Table 3-40 Software to be prepared

Name

Description

How to Obtain

AccessClient_xx.run

Installation package of the Linux cloud client. Client v1.6.10002 or later must be obtained.

For enterprise users, click here.

For telecom carrier users, click here.

linguist.exe

Language resource processing tool. A complete Qt library must be installed.

https://www.qt.io/

lrelease.exe

Language resource processing tool. A complete Qt library must be installed.

https://www.qt.io/

Client_for_Customize_vxxx.zip

Client customization toolkit. Select files in the corresponding directory based on the client type.

-

QT

qt-opensource-windows-x86-vs2010-4.8.6.exe

https://download.qt.io/archive/qt/4.8/4.8.6/

Table 3-41 lists version description to be prepared.

Table 3-41 Version Description

Name

Zip software name

run name

Customize script

Usage

Linux armel client

Client_for_linux_armel_vxxx.zip

AccessClient_arm.run

ARM3000

CT3200

AccessClient_arm3100.run

ARM3100

CT3100, SBox 8V40D

Linux armhf client

Client_for_linux_armhf_vxxx.zip

AccessClient_armhf.run

ARMHF

CT3200/3200L

Linux x64 client

Client_for_linux_x64_vxxx.zip

AccessClient_x64lnx.run

X64LNX

Ubuntu x64,

CentOS x64,

Fedora 25,

HP t630/t730 ThinPro 6.2

Linux x86 client

Client_for_linux_x86_vxxx.zip

AccessClient_x86lnx.run

X86LNX

CT5000/CT6000/CT5100/CT6100/CT5200/CT6200 Linux,

ST5110/ST6110/ST6200 Linux,

C92

Procedure

Prepare customized files.

  1. Prepare customized files listed in Customizable Resources of Linux Clients.
Unpack the client package.
NOTE:

The following uses the x86lnx client as an example. Operations vary with clients.

  1. Log in to the PC running the Ubuntu OS as user root.
  2. Decompress Client_for_Customize_vxxx.zip. Select a file folder based on the client type and copy files in the folder and AccessClient_x86lnx.run prepared in Table 3-40 to the same directory.
  3. Click and select Terminal.
  4. Run the following command to go to the directory where unpackage_x86linux.sh is located:

    cd Directory where unpackage_x86linux.sh is located

    For example, if unpackage_x86linux.sh is stored in /root/fa, run the following command:

    cd /root/fa

  5. Run the following command repeatedly to change the execution permission of the files in the folder:

    chmod a+x File name

    For example, run the following command to change the execution permission of unpackage_x86linux.sh:

    chmod a+x unpackage_x86linux.sh

  6. Run the following command to unpack the client package:

    ./unpackage_x86linux.sh

    After the client package is unpacked, the FusionAccess_Client folder is created in the directory, as shown in Figure 3-65.

    Figure 3-65 FusionAccess_Client

Replace existing files with customized ones.

  1. Copy the FusionAccess_Client folder to the PC running the Windows OS.
  2. Replace the image with the one prepared before based on the image path.
  3. Copy linguist.exe of the Qt library to the directory where the language file to be modified is located.
  4. Use the linguist.exe tool to open the .ts language file to be modified in C:\Qt\4.8.6\bin (default path). For details, see Customizable Resources of Linux Clients.

    NOTE:

    Characters that can be customized include Huawei and contents of About in Settings of the client.

  5. In linguist.exe, choose File > Publish to publish the modified .ts file as the corresponding .qm file.
  6. Copy the modified FusionAccess_Client folder to the PC running the Ubuntu OS.

Create a new client.

  1. On the PC running the Ubuntu OS, run the following command to go to the directory where package_x86linux.sh is located.

    cd Directory where package_x86linux.sh is located

    For example, if package_x86linux.sh is stored in /root/fa, run the following command:

    cd /root/fa

  2. Run the following command to pack the folder:

    ./package_x86linux.sh

    The Out folder is created in the directory. The customized client installation package is contained in the folder.

Customizing a Mac Client
Scenarios

This section describes how to customize a Mac client.

Client v1.6.10002 or earlier cannot be customized.

Prerequisites

You have prepared a PC running the Mac OS X10.9 or later.

Data

The required data is described in the procedure.

Tools

The following required tools have been installed before client customization:

Name

Description

How to Obtain

Xcode

Integrated development tool

https://developer.apple.com/xcode

Path Finder

File browser

http://www.cocoatech.com/pathfinder

appdmg

dmg file creation tool

-

Qt Creator

Light-weight integrated development environment

https://www.qt.io

Software

Table 3-42 lists software to be prepared.

Table 3-42 Software to be prepared

Name

Description

How to Obtain

Client_for_mac_xx.dmg

Installation package of the Mac cloud client. Client v1.6.10002 or later must be obtained.

For enterprise users, click here.

For telecom carrier users, click here.

p7zip_xxx.tar.bz2

Compressed package of the p7zip source code

-

background.png

Background image of the installation program

-

Client_for_Customize_vxxx.zip

Client customization toolkit. Select files in the corresponding directory based on the client type.

-

book_mac.sh

Script file

Obtain the file by decompressing Client_for_Customize_vxxx.zip.

Procedure

Prepare customized files.

  1. Prepare customized files listed in Customizable Resources of Mac Clients.

Unpack the client package.

  1. Rename Client_for_mac_xx.dmg as fusionaccess.dmg.
  2. Copy fusionaccess.dmg and the files prepared in Table 3-42 to the same directory.
  3. Modify the p7zip version number in book_mac.sh based on the actual version number of the p7zip source code package.

    For example, if the actual version number is 16.02, modify the version number as follows:

    P7ZIP_VERSION=16.02

  4. Access the directory on the terminal and run the following command to unpack the client package:

    sh book_mac.sh unpackage

    The fuisonaccess_mac folder is created in the directory.

Replace existing files with customized ones.

  1. Go to fusionaccess_mac/Install.mpkg/Contents/Packages/FusionAccessInstallPro_new.unpkg/Applications/FusionAccess.app/Contents/ and replace files with those prepared before.

    Folder

    Description

    Resources

    hdp_osx_icon.icns: indicates the application icon.

    resource/Picture

    Indicates image resources.

    NOTE:

    Ensure that the name, size, and format of the customized files are the same as those of the original one.

  2. Use Qt Linguist to open hdpclient_zh_CN.ts and hdpclient_en.ts in fusionaccess_mac/Install.mpkg/Contents/Packages/FusionAccessInstallPro_new.unpkg/Applications/FusionAccess.app/Contents/resource/language. Change the English or Chinese setting as you like that you want to change and create .qm files.
  3. Modify other language files by referring to Step 7.

Create a new client.

  1. After the replacement, run the following command on the terminal to pack the folder:

    sh book_mac.sh repackage Application name

    For example, if the customized application name is New_Client_for_Mac, the New_Client_for_Mac.dmg file will be created in the directory, which is the customized client installation file.

Customizing an Android Client
Scenarios

This section describes how to customize an Android client.

Client v1.6.10002 or earlier cannot be customized.

Prerequisites

You have prepared a Window 7 PC with 2.0 GHz CPU or higher and more than 2 GB memory.

Data

The required data is described in the procedure.

Software

Table 3-43 lists software to be prepared.

Table 3-43 Software to be prepared

Name

Description

How to Obtain

Client_for_Android_xxx.apk

Installation package of the Android cloud client. Client v1.6.10002 or later must be obtained.

For enterprise users, click here.

For telecom carrier users, click here.

JDK1.7.0 or later

Java software development toolkit.

http://www.oracle.com

apktool_2.3.3.jar

APK anti-compilation tool

https://ibotpeaches.github.io/Apktool/

Client_for_Customize_vxxx.zip

Client customization toolkit. Select files in the corresponding directory based on the client type.

-

Procedure

Preparing customized files.

  1. Prepare customized files listed in Customizable Resources of Android Clients.

Configure the Java environment.

  1. Copy the files prepared in Table 3-43 to the same directory.
  2. Install JDK as prompted.
  3. On the desktop, right-click Computer and choose Properties > Advanced system settings > Environment Variables.
  4. Create user variable JAVA_HOME and set it to the installation path of JDK, for example, C:\Program Files\Java\jdk1.8.0_12.

    NOTE:

    Set the parameter value to the actual installation path.

  1. If this is the first time to customize client?

    • If yes, go to 7.
    • If no, go to 8.

  2. Run the following command to creat Android client certificate keystore:

    "%JAVA_HOME%\bin\keytool" -genkey -alias androiddebugkey -keyalg RSA -validity 20000 -keystore debug.keystore

    NOTE:

    Please input the key and organization information as required.

Unpack the client package.

  1. Decompress Client_for_Customize_vxxx.zip to obtain unpackage.bat and package.bat in the folder of the corresponding client type.
  2. Use Notepad to open unpackage.bat and package.bat, replace ** in the scripts with APK file name Client_for_Android_xxx, and save the modification.
  3. Double-click unpackage.bat to unpack the client package.

    The Client_for_Android_xxx folder is generated in the directory, as shown in Figure 3-66.

    Figure 3-66 File generation

Replace existing files with customized ones.

  1. Go to Client_for_Android_xxx\res and replace files with those prepared in Step 1.
  2. Customize language resource files of the client. For details, see Customizable Resources of Android Clients.
  3. Delete XXX Copyright Notice.txt files in Client_for_Android_xxx\assets.
  4. Modify other parameters by referring to Customizable Resources of Android Clients, and save the modification.

Create a new client.

  1. After the replacement, double-click package.bat and enter the signature key to pack the folder.

    The signed.apk file, which is the customized client installation package, is created in the directory.

Customizing an Android TC Client
Scenarios

This section describes how to customize an Android TC client.

Client v1.6.10002 or earlier cannot be customized.

Prerequisites

You have prepared a Window 7 PC with 2.0 GHz CPU or higher and more than 2 GB memory.

Data

The required data is described in the procedure.

Software

Table 3-44 lists software to be prepared.

Table 3-44 Software to be prepared

Name

Description

How to Obtain

Client_for_AndroidTC_xxx.apk

Installation package of the Android TC cloud client. Client v1.6.10002 or later must be obtained.

For enterprise users, click here.

For telecom carrier users, click here.

JDK1.6.0 or later

Java software development toolkit.

http://www.oracle.com

apktool_2.2.0.jar

APK anti-compilation tool

-

signapk.jar

-

-

platform.pk8

-

-

platform.x509.pem

-

-

debug.keystore

APK signature file

-

Client_for_Customize_vxxx.zip

Client customization toolkit. Select files in the corresponding directory based on the client type.

-

Procedure

Prepare customized files.

  1. Prepare customized files listed in Customizable Resources of Android Clients.

Configure the Java environment.

  1. Copy the files prepared in Table 3-44 to the same directory.
  2. Install JDK as prompted.
  3. On the desktop, right-click Computer and choose Properties > Advanced system settings > Environment Variables.
  4. Create user variable PATH and set it to the installation path of JDK, for example, C:\Program Files\Java\jdk1.7.0_17\bin.

    NOTE:

    Set the parameter value to the actual installation path.

Unpack the client package.

  1. Decompress Client_for_Customize_vxxx.zip to obtain unpackage.bat and package.bat in the folder of the corresponding client type.
  2. Use Notepad to open unpackage.bat and package.bat, replace ** in the scripts with APK file name Client_for_AndroidTC_xxx, and save the modification.
  3. Double-click unpackage.bat to unpack the client package.

    The Client_for_AndroidTC_xxx folder is generated in the directory, as shown in Figure 3-67.

    Figure 3-67 File generation

Replace existing files with customized ones.

  1. Go to Client_for_AndroidTC_xxx\res and replace files with those prepared in Step 1.
  2. Customize language resource files of the client. For details, see Customizable Resources of Android Clients.
  3. Delete .docx files in Client_for_AndroidTC_xxx\assets.

Create a new client.

  1. After the replacement, double-click packageTC.bat to pack the folder.

    The signedTC.apk file, which is the customized client installation package, is created in the directory.

Customizing an iOS Client
Scenarios

This section describes how to customize an iOS client.

Only clients of V1.6.20010 and later versions can be customized and used inside enterprises. A custom version cannot be rolled out in App Store.

Prerequisites

You have prepared a PC running Mac OS X10.9 or later.

Data

The required data is described in the procedure.

Tools

The following required tools have been installed before client customization:

Name

Description

How to Obtain

Xcode

Integrated development tool

https://developer.apple.com/xcode

Path Finder

File browser

http://www.cocoatech.com/pathfinder

Software

Table 3-45 lists software to be prepared.

Table 3-45 Software to be prepared

Name

Description

How to Obtain

Client_for_ios_xx.ipa

Installation package of the iOS cloud client. Client v1.6.10002 or later must be obtained.

For enterprise users, click here.

For telecom carrier users, click here.

Client_for_Customize_vxxx.zip

Client customization toolkit. Select files in the corresponding directory based on the client type.

book_iOS.sh

iOS script file

Obtain the file by decompressing Client_for_Customize_vxxx.zip.

entitlements.plist

Switch file of the file signature

Contact Huawei technical support.

Images.xcassets

Picture resources

Contact Huawei technical support.

***.p12

Certificate file

Log in to Apple official website https://developer.apple.com/ to apply for certificate files.

***.cer

***.mobileprovision

Procedure

Apply for certificate files.

  1. Log in to Apple official website https://developer.apple.com/ to apply for enterprise certificate files.

    NOTE:
    • Currently, a custom version cannot be rolled out in App Store. Therefore, you can only apply for enterprise certificate files to customize a client for internal use.
    • Record the Bundle ID configured when you register the App ID and password configured when you register a certificate.

Modify certificate files.

  1. After get the certificate, modify the following value listed in Table 3-46.

    Table 3-46 Modified certificate files

    value

    Description

    Example

    GROUP_ID

    Group ID of the certificate

    8G4FFPSWB7

    BUNDLE_ID

    Bundle ID configured when you register the App ID on Apple official website

    com.huawei.accessclient

    RESIGN_PROVISION

    Name of the .mobileprovision file

    FusionAccessProfile.mobileprovision

    RESIGN_CERT

    Common name of the certificate file. You can view the name in the key string.

    iPhone Developer: Wang Shundi (64TDJG4LTE)

Prepare customized files.

  1. Prepare customized files listed in Customizable Resources of iOS Clients.

Import certificate files.

  1. Double-click iOSFusionAccess.p12 and FusionAccessProfile.mobileprovision to import certificate files.

    NOTE:

    If the system prompts you to enter the password, enter huawei.

Unpack the client package.

  1. Rename Client_for_ios_xx.ipa as fusionaccess.ipa.
  2. Create a folder, for example, UI_BOOK_iOS.
  3. Copy fusionaccess.ipa and the files prepared in Table 3-45 to UI_BOOK_iOS.
  4. Open the Terminal app on a Mac OS, open the UI_BOOK_iOS folder, and run the following command to unpack the client package:

    sh book_iOS.sh unpackage

    The Payload, Resources, and Texts folder are created in the directory.

Replace existing files with customized ones.

  1. Get the directory Images.xcassets, Put in the directory UI_BOOK_iOS.
  2. Put the picture resources which need to customize to the directory Resources.

    NOTE:

    Ensure that the name, size, and format of the customized files are the same as those of the original one.

  3. Find picture set of application icon AppIcon.appiconset and picture set of start screen LaunchImage.launchimag, replace the icons.

    NOTE:

    Ensure that the name, size, and format of the customized files are the same as those of the original one.

  4. Regenerate the Assets.car, and replace the corresponding picture resources in Images.xcassets directory.

    NOTE:

    Ensure that the name, size, and format of the customized files are the same as those of the original one.

  5. Create a directory named build in the directory UI_BOOK_iOS.
  6. Run the following command, then generate a new Assets.car in build directory:

    /Applications/Xcode.app/Contents/Developer/usr/bin/actool --compile build Images.xcassets --platform iphoneos --minimum-deployment-target 8.0 --app-icon AppIcon --output-partial-info-plist build/info.plist

  7. Then copy the new Assets.car to the directory /Payload/FusionAccess.app.
  8. In the Path Finder preview window, copy the key value pairs of /Payload/FusionAccess.app/zh-Hans.lproj to zh-Hans.lproj in Texts.
  9. In the Path Finder preview window, copy the key value pairs of /Payload/FusionAccess.app/en.lproj to en.lproj in Texts.
  10. Use Xcode to open zh-Hans.lproj or en.lproj in Texts and change the values as required.
  11. Repeat Step 13 to Step 18 to replace existing files in other languages.
  12. Copy the Setting.plist file in the /Payload/FusionAccess.app path to the Resources folder.
  13. Modify configurations in the preceding file by referring to Customizable Resources of iOS Clients, and save the modification.
  14. Change the value of CFBundleIdentitier in the Info.plist which is in the directory /Payload/FusionAccess.app/ to the value of Bundle ID.

    NOTE:

    The value of CFBundleShortVersionString in Info.plist is the version number. Change it to 99.0.*****. Enter this version number when you fill in information before uploading an application.

Create a new client.

  1. After the replacement, run the following command on the terminal to pack the folder:

    sh book_iOS.sh repackage Application name

    For example, if the customized application name is New_Client_for_iOS, the New_Client_for_iOS.ipa file will be created in the directory, which is the customized client installation file.

Account Management

LiteAD Account Information Overview

Table 3-47 lists the common accounts of LiteAD. For other accounts of FusionAccess, see Account Management > FusionAccess Account Information Overview in the FusionAccessDesktop Solution V100R006C20 System Management Guide.

Table 3-47 LiteAD common accounts

Category

Account Description

Default Account

Account Rights

Domain administrator account

  • It is the domain administrator account. The account is created on the LiteAD server and configured on the FusionAccess Portal.
  • The account is used to monitor alarms for the LiteAD.

Username: set when this account is created, for example, vdesktop\vdsadmin.

Password: set when this account is created.

  • The account has all rights of the domain administrator.
  • The account is used to monitor alarms for the LiteAD.

Domain account

Account generated by the system automatically

  • Username: Administrator

    Account generated by the system automatically, which is disabled

  • Username: Guest

    Account generated by the system automatically, which is disabled

-

Service process account

Account used by a service process

  • Username: krbtgt

    This account is the one used when the Kerberos communication service is running. No password is set by default. Interaction login mode is not supported.

  • Username: dhcpd

    This account is the one used when the DHCP service is running. No password is set by default. Interaction login mode is not supported.

  • The krbtgt account has the permission of running the Kerberos communication service.
  • The dhcpd account has the permission of running the DHCP service.
Domain Users Management
Creating a Domain User
Scenarios

Create a domain user on the FusionAccess.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Table 3-48 lists the data required for performing this operation.

Table 3-48 Data to be prepared

Category

Parameter

Description

Example Value

Domain user information

Domain user account and password

The account consists of digits, letters, hyphens (-), and underscores (_), and contains a maximum of 20 characters.

The password must conform to the following rules:

  • Contain at least one uppercase letter (A-Z), one lowercase letter (a-z), one digit (0-9), and one space character or special character (~!@#$%^&*()-_=+\|{};:'",<.>/?).
  • Follow principles in the password policy.

Username: testuser01

Password: Huawei123#

Procedure
  1. Log in to FusionAccess.
  2. Choose System > Domain Controller Management > Domain User Management.
  3. Click Create User. The domain user creation page is displayed, as shown in Figure 3-68.

    Figure 3-68 Creating a user

  4. Set information about the domain user to be created.

    Table 3-49 User information

    Category

    Description

    Username

    Enter the name of the domain user.

    Password

    Enter the password of the domain user.

    Confirm

    Enter the password of the domain user again.

    Account Options

    • User must change password at next logon: If this option is selected, User cannot change password and Password never expires cannot be selected.
    • User cannot change password: If this option is selected, User must change password at next logon cannot be selected.
    • Password never expires: If this option is selected, User must change password at next logon cannot be selected.
    • Account is disabled: If this option is selected, the user is locked and no account expiration time can be set.

    Account Expires

    • Never: If this option is selected, no account expiration time can be set.
    • End of: If this option is selected, Never cannot be selected. The configured time must be greater than or equal to the current time.

    User Group

    Set the group to which a user belongs.

    NOTE:

    By default, domain users are added to group Domain Users of the AD. This domain user group cannot be removed.

    Mailbox

    Set an email address. Only one email address is supported.

    Description

    Set domain user description.

  5. Click OK.
Adding a Domain User to a Domain User Group
Scenarios

Add a domain user to a domain user group on the FusionAccess.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Data preparation is not required for this operation.

Procedure
  1. Log in to FusionAccess.
  2. Choose System > Domain Controller Management > Domain Controller Management.
  3. Click the domain user group to which you want to add a domain user.
  4. Click Add User.
  5. Select the domain user that you want to add to the domain user group and click OK.

    Figure 3-69 Add User

Importing Domain Users in Batches
Scenarios

System administrators can create a large number of domain users on FusionAccess by importing them in batches, avoiding repeat operations.

This section describes how to create domain users by batch import.

A maximum number of 300 domain users can be imported in a batch. If more domain users need to be imported, import them in different batches.

Impact on the System

This operation has no adverse impact on the system.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • You have logged in to FusionAccess.
Data

Table 3-50 lists data to be prepared for performing this operation.

Table 3-50 Data to be prepared

Parameter

Description

Example Value

User Name

This parameter is mandatory.

Username can contain 1 to 20 characters consisting of letters, digits, hyphens (-), and underscores (_) in DBC case.

user01

Password

This parameter is mandatory.

Follow principles in the password policy.

Huawei@123

Whether to change password at next logon

This parameter is mandatory.

If yes, select Y. If no, select N.

Y

Account Expires

This parameter is optional.

The date format is yyyy-MM-dd, must be later than or equal to today. No input is never expired.

2017-12-31

User Group

This parameter is optional.

Use semicolons (;) to separate multiple user groups. By default, the domain user is added to the Domain Users group by AD.

Group01

Mailbox

This parameter is optional.

The value must be a valid email address that can receive system alarm notifications.

abc@huawei.com

Description

This parameter is optional.

Provides supplementary information about a user.

-

Procedure

Exporting the template.

  1. Log in to FusionAccess.
  2. On FusionAccess, choose System > Domain Controller Management > Domain User Management.

    The Domain User Management page is displayed.

  3. Click Export Template to download the template to the local PC.
  4. Enter information about users to be imported and save it. For details, see Table 3-50.

    Importing users in batches

  5. On the Domain User Management page, click Batch Import.
  6. In the Batch Import dialog box, select the template in Step 4 and click OK, as shown in Figure 3-70.

    Figure 3-70 Batch Import

    After users are imported, check the task progress in Task.

Querying Domain User Information
Scenarios

Check whether a domain user exists and the domain user status on FusionAccess.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Data preparation is not required for this operation.

Procedure
  1. Log in to FusionAccess.
  2. Choose System > Domain Controller Management > Domain User Management.

    The domain user management page is displayed. You can view the list of domain users and query specified domain users, as shown in Figure 3-71.

    Figure 3-71 Query result

Deleting a Domain User
Scenarios

Delete a domain user on FusionAccess.

  • Domain administrators cannot be deleted.
  • The default domain user cannot be deleted.
Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Data preparation is not required for this operation.

Procedure
  1. Log in to FusionAccess.
  2. Choose System > Domain Controller Management > Domain User Management.

    The list of domain users is displayed.

  3. Query and select the desired domain user and click Delete User, as shown in Figure 3-72.

    Figure 3-72 Deleting a user

  4. Click Confirm.
Enabling a Domain User
Scenarios

This section describes how to enable a domain user on FusionAccess.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Data preparation is not required for this operation.

Procedure
  1. Log in to FusionAccess.
  2. Choose System > Domain Controller Management > Domain User Management.
  3. Select the domain user that you want to enable.
  4. Click Enable User, as shown in Figure 3-73.

    Figure 3-73 Enable User

  5. Click Confirm twice.
Disabling a Domain User
Scenarios

This section describes how to disable a domain user on FusionAccess.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Data preparation is not required for this operation.

Procedure
  1. Log in to FusionAccess.
  2. Choose System > Domain Controller Management > Domain User Management.
  3. Select the domain user that you want to disable.
  4. Click Disable User, as shown in Figure 3-74.

    Figure 3-74 Disable User

  5. Click Confirm twice.
Changing the Domain Administrator Account
Scenarios

During the system installation, the default domain administrator account vdsadmin is created. If you do not want to use the default domain administrator account, you can manually change the domain administrator account.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Table 3-51 lists the data required for performing this operation.

Table 3-51 Data to be prepared

Category

Parameter

Description

Example Value

Domain administrator information

Domain administrator account and password

The account consists of digits, letters, hyphens (-), and underscores (_), and contains a maximum of 20 characters.

The password must conform to the following rules:

  • Contain at least one uppercase letter (A-Z), one lowercase letter (a-z), one digit (0-9), and one space character or special character (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/).
  • Follow principles in the password policy.

Username: domainadmin

Password: Huawei@123

Procedure

Create a domain administrator.

  1. Create a domain administrator account. For details, see Creating a Domain User.
  2. Add the account into domain administrator group Domain Admins. For details, see Adding a Domain User to a Domain User Group.

    On FusionAccess, configure a domain administrator account.

  3. Log in to FusionAccess.
  4. On FusionAccess, choose System > Initial Configuration > Domain/OU.

    The Domain/OU page is displayed.

  5. In the row that contains the target domain, click .

    A page for modifying domain information is displayed.

  6. Set Account and Password based on the domain user information in Step 1, as shown in Figure 3-75.

    Figure 3-75 Domain user information

  7. Click OK.
Resetting a Password
Scenarios

Reset the password if you forget your password. The system allows users to change passwords on Windows or WI.

NOTE:

The password of the domain administrator cannot be reset. For details about how to reset the password of the domain administrator, see Resetting a Password.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Table 3-52 lists the data required for performing this operation.

Table 3-52 Data to be prepared

Category

Parameter

Description

Example Value

Domain user information

Domain user password

The password must conform to the following rules:

  • Contain at least one uppercase letter (A-Z), one lowercase letter (a-z), one digit (0-9), and one space character or special character (~!@#$%^&*()-_=+\|{};:'",<.>/?).
  • Follow principles in the password policy.

Huawei123#

Procedure
  1. Log in to FusionAccess.
  2. Choose System > Domain Controller Management > Domain User Management.
  3. In the row that contains the user whose password needs to be reset, click.
  4. Configure Domain Administrator Password, New password, and Confirm in sequence, as shown in Figure 3-76.

    Figure 3-76 Resetting a password
    NOTE:

    Enter the correct domain administrator password. If the times of failed attempts reaches the upper limit, the user will be locked.

  5. Click OK.
Unlocking a Domain User
Scenarios

Unlock a domain user on FusionAccess.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Data preparation is not required for this operation.

Procedure
  1. Log in to FusionAccess.
  2. Choose System > Domain Controller Management > Domain User Management.
  3. On the domain user management page, query and select the domain user to be unlocked, as shown in Figure 3-77.

    Figure 3-77 Unlocking a user

  4. Click Unlock User.
  5. Click Confirm.
Modifying Domain User Information
Scenarios

Modify domain user information on FusionAccess.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Data preparation is not required for this operation.

Procedure
  1. Log in to FusionAccess.
  2. Choose System > Domain Controller Management > Domain User Management.
  3. Select the mode for modifying domain user information as required:

    • To modify information about a single domain user, go to Step 7.
    • To modify information about multiple domain users, go to Step 4.

Modifying Domain User Information in Batches

  1. Select the usernames of the domain users to be modified and click Batch Edit, as shown in Figure 3-78.

    Figure 3-78 Modifying domain user information in batches

  2. Modify domain user information based on site requirements.

    Table 3-53 User information

    Category

    Description

    Account Options

    Select modify. Modify the following parameters as required:
    • User must change password at next logon: If this option is selected, User cannot change password and Password never expires cannot be selected.
    • User cannot change password: If this option is selected, User must change password at next logon cannot be selected.
    • Password never expires: If this option is selected, User must change password at next logon cannot be selected.
    • Account is disabled: If this option is selected, the user is locked and no account expiration time can be set.

    Account Expires

    Select modify. Modify the following parameters as required:
    • Never: If this option is selected, no account expiration time can be set.
    • End of: If this option is selected, Never cannot be selected. The expiration time must be equal to or later than the current time.

    User Group

    Select modify. Change the domain user group to which the selected domain users belong.
    NOTE:

    By default, domain users are added to domain user group Domain Users of the AD. The domain user group cannot be deleted.

  3. Click OK.

    The modification is complete.

Modifying Information About a Single Domain User

  1. In the row that contains the domain user whose information you want to modify and click , as shown in Figure 3-79.

    Figure 3-79 Setting a validity period for an account

  2. Modify domain user information based on site requirements.

    Table 3-54 User information

    Category

    Description

    Account Options

    • User must change password at next logon: If this option is selected, User cannot change password and Password never expires cannot be selected.
    • User cannot change password: If this option is selected, User must change password at next logon cannot be selected.
    • Password never expires: If this option is selected, User must change password at next logon cannot be selected.
    • Account is disabled: If this option is selected, the user is locked and no account expiration time can be set.

    Account Expires

    • Never: If this option is selected, no account expiration time can be set.
    • End of: If this option is selected, Never cannot be selected. The expiration time must be equal to or later than the current time.

    User Group

    Set the domain user group to which a domain user belongs.

    NOTE:

    By default, domain users are added to domain user group Domain Users of the AD. The domain user group cannot be deleted.

    Mailbox

    Set an email address. Only one email address is supported.

    Description

    Set domain user description.

  3. Click OK.

    The modification is complete.

Configuring a Domain Password Policy
Scenarios

Configure a domain password policy on FusionAccess.

Prerequisites
  • The Domain/OU has been set to the LiteAD domain.
  • The system administrator has the permission of Domain Controller Management.
  • The username and password for logging in to FusionAccess have been obtained.
Data

Data preparation is not required for this operation.

Procedure
  1. Log in to FusionAccess.
  2. Choose System > Domain Controller Management > Domain Password Policy, as shown in Figure 3-80.

    Figure 3-80 Domain password policy

  3. Configure a domain password policy based on site requirements.

    Table 3-55 Policy description

    Policy Name

    Description

    Example Value

    Password must meet complexity requirements

    This security setting determines whether passwords must meet complexity requirements.

    If this policy is enabled, passwords must meet the following minimum requirements:

    • Not contain the user's account name or parts of the user's full name that exceed two consecutive characters.
    • Be at least six characters in length.
    • Contain characters from three of the following four categories:
      • English uppercase characters (A through Z)
      • English lowercase characters (a through z)
      • Base 10 digits (0 through 9)
      • Non-alphabetic characters (for example, !, $, #, %)

    Complexity requirements are enforced when a password is reset or a user is created.

    Enable

    Enforce password history

    This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords. If the password history is set to 0, the user does not have to choose a new password.

    This policy enables administrators to enhance security by ensuring that old passwords are not reused continually.

    24

    Minimum password age (days)

    This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0.

    The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.

    Configure the minimum password age to be more than 0 if you want Enforce password history to be effective.

    2

    Maximum password age (days)

    This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 2 and 999, or you can specify that passwords never expire by setting the number of days to 0. If the maximum password age is between 2 and 999 days, the Minimum password age must be less than the maximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days.

    42

    Minimum password length

    This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters.

    8

    Account lockout threshold (attempts)

    This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out.

    10

    Account lockout duration (minutes)

    This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it.

    If an account lockout threshold and an account lockout duration are not 0, the account lockout duration must be greater than or equal to the reset time.

    If the account lockout threshold is 0, the account lockout duration setting does not take effect and can be any value in the range.

    15

    Reset account lockout counter after (minutes)

    This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99999 minutes.

    If the account lockout threshold is 0, the reset account lockout counter setting does not take effect and can be any value in the range.

    If the account lockout threshold is not 0 and the account lockout duration is 0, the reset account lockout counter setting takes effect and can be any value in the range.

    If the account lockout threshold and the account lockout duration are not 0, this reset time must be less than or equal to the account lockout duration.

    15

  4. Click OK.

Certificate Management

Replacing the LiteAD Certificate
Scenarios

Replace the LiteAD certificate to improve system O&M security.

Prerequisites
  • A Windows maintenance server is available and can access port number 22 of an infrastructure VM.
  • The username and password for logging in to the LiteAD server have been obtained.
  • PuTTY is available. You can obtain this tool from https://www.putty.org/.
  • WinSCP is available. You can obtain this tool from https://winscp.net/.
Data

Table 3-56 lists the required data.

Table 3-56 Data

Name

Description

Example Value

SSH account

Maintenance account of a Linux server.

gandalf

SSH password

Maintenance password of a Linux server.

Cloud12#$

Root password

Specifies the password of user root for logging in to a Linux server.

Password set during the installation, for example, Huawei@123

KeyStore file password

Specifies the password for the certificate file (containing the private key) to be updated.

Password set during the certification generation, for example, Huawei@123

Procedure

Generate a LiteAD certificate.

  1. Use PuTTY to log in to the active LiteAD server as user gandalf.
  2. Run the following command to switch to user root and enter the root user password set during the installation as prompted.

    su - root

  3. Run the following command to disable logout on timeout:

    TMOUT=0

  4. Run the cd /var/lib/samba/private/tls command to go to the directory where the certificate file is located.
  5. Run the ls command to view the file in the directory, as shown in Figure 3-81.

    Figure 3-81 Viewing the certificate file

  6. Run the vi cert.sh command to open the cert.sh file.
  7. Press i to enter editing mode.
  8. Modify host (host name) and realm (domain name) as required, as shown in Figure 3-82.

    Figure 3-82 Editing cert.sh

  9. Press Esc to exit the editing mode, enter :wq, and press Enter.

    The system saves the configuration and exits the vi editor.

  10. Run the following command to generate a certificate and restart the service:

    sh cert.sh && rcsamba-ad restart

  11. Run the cp * /tmp command to generate a new certificate file and copy it to a temporary directory.
  12. Run the cd /tmp command to go to the /tmp directory and run the chmod 777 * command to modify the directory permission.

Replace the certificate on the standby LiteAD server.

  1. Use WinSCP to log in to the active LiteAD server as user gandalf and copy the certificate file in /tmp to a local directory, as shown in Figure 3-83.

    Figure 3-83 Copying the certificate file

  2. Use WinSCP to log in to the standby LiteAD server as user gandalf and upload the certificate file copied in the previous step to /tmp on the standby LiteAD server.
  3. Use PuTTY to log in to the standby LiteAD server as user gandalf.
  4. Run the following command to switch to user root and enter the root user password set during the installation as prompted.

    su - root

  5. Run the cd /tmp command to go to the /tmp directory.
  6. Run the following commands to copy the new certificate file to a specified directory:

    cp cert.* /var/lib/samba/private/tls/

    cp key.* /var/lib/samba/private/tls/

    cp ca.* /var/lib/samba/private/tls/

  7. Run the rm –r cert.* ca. *key.* command to clear temporary files.
  8. Run the cd /var/lib/samba/private/tls/ command to go to the directory.
  9. Run the chmod 600 * command to modify the file permission.
  10. Run the rcsamba-ad restart command to restart the service.

Configure the ITA certificate.

  1. Use PuTTY to log in to the active ITA server as user gandalf.
  2. Run the cd /var/lib/samba/private/tls command to go to the directory where the certificate file is located.
  3. Run the cp ca.pem /opt/ITA/jre/bin command to copy the ca.pem file to a specified directory.
  4. Run the cd /opt/ITA/jre/bin command to go to the directory.
  5. Run the following command to generate a keystore file and enter the password of the keystore file as prompted:

    ./keytool -import -file ca.pem -keystore litead.keystore 
    Enter keystore password: 
    Re-enter new password:

  6. Enter Y to import the certificate file.
  7. Run the following command to copy the keystore file to the engineering directory on the ITA server:

    cp litead.keystore /opt/ITA/tomcat/ita/WEB-INF/conf/security

  8. Run the cd /opt/ITA/tomcat/ita/WEB-INF/conf/security command to go to the directory.
  9. Run the chown -R gandalf:FusionAccess litead.keystore command to modify the owner of the file.
  10. Run the service ITAService restart command to restart the ITA service.
  11. Repeat Step 23 to Step 32 to configure the certificate on the standby ITA server.

Patch Management

Performing Automatic Patch Update on Windows Infrastructure Servers
Scenarios

Use the Windows Server Update Services (WSUS) to implement automatic patch updates on Windows infrastructure servers. You only need to define patch update policies and approve patches. The system automatically installs the patches.

Impact on the System

This operation has no adverse impact on the system.

Prerequisites
  • The Patch Service software has been installed. For details, see Installing the Patch Service Software.
  • Communication between the Windows infrastructure VMs and the Internet or upper-layer patch server is normal.
  • You have obtained the domain accounts and passwords for logging in to the Windows infrastructure servers.
Data

Data preparation is not required for this operation.

Procedure

Check whether the group policy needs to be modified for patch updates.

  1. Check the existing group policy for patch updates and determine whether the group policy needs to be modified.

  2. Log in to the AD server using the domain account.
  3. Click on the taskbar.
  4. Choose Administrative Tools > Group Policy Management > Forest: Domain name > Domains > Domain name > First OU > First GPO.

    NOTE:
    • When Group Policy Management is expanded, the system automatically loads the policy information, which takes about two minutes.
    • First OU indicates the first OU created during software installation, and First GPO indicates the first GPO added to the first OU. For details, see Installing the Patch Service Software.

  5. Right-click the first GPO and choose Edit from the shortcut menu.

    The Group Policy Management Editor window is displayed.

  6. In the navigation tree, choose Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update.

    Information about the Windows update is displayed in the right pane.

    NOTE:

    When Policies in the navigation tree is expanded, the system automatically loads the policy information, which takes about two minutes.

  7. Double-click Configure Automatic Updates in the right pane.

    The Configure Automatic Updates dialog box is displayed, as shown in Figure 3-84.

    Figure 3-84 Configure Automatic Updates

  8. Select Enabled in the Configure Automatic Updates area and set the following parameters based on actual situation:

    • Configure automatic updating
    • Scheduled install day
    • Scheduled install time

  9. Click OK.

    The Configure Automatic Updates dialog box is closed.

  10. In the right pane, double-click Specify intranet Microsoft updates service location.

    The Specify intranet Microsoft updates service location dialog box is displayed.

  11. In Specify intranet Microsoft updates service location, select Enabled, and set the following parameters:

    • Set the intranet update service for detecting updates: Enter the service IP address of the patch server.
    • Set the intranet statistics server: Enter the service IP address of the patch server.

  12. Click OK.

    The Specify intranet Microsoft update service location dialog box is closed.

    • When setting update policies, set different patch update time for OUs. You are advised to set a one-day interval for the patch update time of the three OUs.
    • Avoid setting the same patch update time for the OUs.

    Repeat Step 2 to Step 12 to set patch update policies for OUs 2 and 3.

  13. Close the Server Manager window.

Approve patches.

  1. Log in to the patch server using the domain account.
  2. Click on the taskbar.
  3. Choose Administrative Tools > Windows Server Update Services.

    The Update Services window is displayed.

  4. Choose Patch server name > Updates > All Updates, as shown in Figure 3-85.

    Figure 3-85 All Updates

  5. Select Unapproved from Approval in the middle pane, select Needed from Status, and click Refresh.

    The system displays information about all the patches that are required but are not approved.

  6. Right-click a patch and choose Approve from the shortcut menu.

    The Approve Updates dialog box is displayed.

  7. Right-click All Computers and choose Approved for Install.
  8. Repeat Step 20 to Step 21 to approve all patches.
  9. Right-click on the taskbar, choose Run.

    The Run dialog box is displayed.

  10. In the Open text box, enter gpedit.msc, and press Enter.

    The Local group policy editor window is displayed.

  11. In the navigation tree, choose Computer Configuration > Administrative Templates > Windows Components > Windows Update.

    The Window Update pane is displayed on the right.

  12. Repeat Step 2 to Step 12 to set update policies of the patch server.
  13. Double-click Automatic Updates detection frequency.

    The Automatic Updates detection frequency Properties dialog box is displayed.

  14. Select Enabled and click OK.

    The dialog box is closed.

Check whether component patches can be automatically updated from the patch server.

  1. Log in to the patch server using the domain account.
  2. Right-click on the taskbar, choose Run.

    The Run dialog box is displayed.

  3. Enter cmd in the Open text box and press Enter.

    The DOS command line interface is displayed.

  4. Run the following command to update the system:

    wuauclt.exe /detectnow
    NOTE:

    When the command is executed, a message is displayed in the lower right corner of the desktop, reminding you of updating patches.

Check the patch update status.

  1. In the Update Services window, choose Reports in the navigation tree.

    The Reports dialog box is displayed.

  2. Click Update Status Summary.

    The Patch server name Updates Report dialog box is displayed.

  3. Specify the filter criteria, for example, select Include updates in these classifications, and click Run Report on the toolbar.
  4. Check the status of each patch in the Patch server name Update Report pane.

    The update status information is displayed.

Manually Installing Windows Patches on Infrastructure Servers
Scenarios

When Windows infrastructure servers are deployed offline, you can copy operating system (OS) patches to a shared directory and install the patches.

Skip over this operation if the infrastructure server updates the OS patches online by using the Windows Server Update Services (WSUS).

Impact on the System

This operation has no adverse impact on the system.

Prerequisites

You have obtained the domain accounts and passwords for logging in to the Windows infrastructure servers.

Data

Data preparation is not required for this operation.

Procedure
  1. Log in to the patch server using the domain account.
  2. Share an empty folder on the patch server with the administrator.
  3. Visit https://www.microsoft.com/en-us/safety/default.aspx to view patch information and download the required patch.

    NOTE:

    Use the Nessus tool to find the patches required for the system. Ensure that the Nessus tool of the latest version is used. Install the Nessus tool on a PC networked with the system.

  4. Copy the patch to the shared folder on the patch server.
  5. Double-click the patch to install the patch.
  6. Restart the server.

    For the components deployed in active/standby mode, install patches on all standby servers and then install patches on the active servers.

  7. Log in to other Windows infrastructure servers using domain accounts, obtain the patch from the patch server, and repeat Step 5 to Step 6 to install the patch on the infrastructure servers.

Backup and Restoration

Backing Up Data

Manually back up data before performing an important operation on the system, such as system upgrade or critical data modification. If the operation fails, the backup data can be used to restore the system, minimizing the impact on services.

FusionAccess automatically backs up data so that services can be restored when a fault occurs.

The system provides two backup modes, local backup and remote backup. In local backup mode, a backup operation is performed at 03:00 a.m. every day and the storage directory is /var/vdesktop/backup/. In remote backup mode, a backup operation is performed at 01:00 a.m. every day and the backup files are uploaded to the storage directory /var/ftpsite/ITA name/folder of a component on the backup server (Backup Server or third-party FTP backup server).

The backup server (including Backup Server and the third-party FTP backup server) reserves backup data in 10 days. However, when there is insufficient backup space, the system automatically deletes the earliest backup file.

Table 3-57 Backup mechanism

Backup Item

Backup Data

Backup Policy

Backup File Name and File Saving Path

Backup Server data

FusionAccess component data

  • Backup files on FusionAccess components are automatically uploaded to the Backup Server by using the FTPS at 01:00:00 every day.
  • The Backup Server stores the backup files of the last 10 days.

Saving path: /var/ftpsite/ITA name/folder of a component on the Backup Server

The backup server (including Backup Server and the third-party FTP backup server) reserves backup data in 10 days. However, when there is insufficient backup space, the system automatically deletes the earliest backup file.

LiteAD data

  • AD database
  • DNS configuration data
  • DHCP configuration data

Data is automatically backed up at 03:00:00 every day.

  • Backup file name: LiteAD_backup time.tar.gz
  • Saving path: /var/vdesktop/backup/ by default

HDC data

HDC configuration file

Data is automatically backed up at 03:00:00 every day.

  • Backup file name: HDC_backup time.tar.gz
  • Saving path: /var/vdesktop/backup/ by default

ITA data

ITA configuration file

Data is automatically backed up at 03:00:00 every day.

  • Backup file name: ITA_backup time.zip
  • Saving path: /var/vdesktop/backup/ by default

WI data

WI configuration file

Data is automatically backed up at 03:00:00 every day.

  • Backup file name: WI_backup time.tar.gz
  • Saving path: /var/vdesktop/backup/ by default

License data

License file

Data is automatically backed up at 03:00:00 every day.

  • Backup file name: LIC_backup time.tar.gz
  • Saving path: /var/vdesktop/backup/ by default

DB data

DB

Data is automatically backed up at 03:00:00 every day.

  • Backup file name: DB_backup time.tar.gz
  • Saving path: /var/vdesktop/backup/ by default

vAG data

vAG configuration file

Data is automatically backed up at 03:00:00 every day.

  • Backup file name: vag_backup time.tar.gz
  • Saving path: /var/vdesktop/backup/ by default
Restoration Policy

To restore data of a faulty component, you need to check the time when the fault alarm is generated, and use the latest backup file of the component before the fault on the backup server to restore data.

Recovery policies vary according to fault scenarios:

  • Recovery by software reinstallation: If the fault is some or all of the software programs on an infrastructure server, you need to reinstall the software and use the backup data on the backup server to restore data.
  • Recovery by OS reinstallation: An OS fault occurs on an infrastructure server. You need to create a server, reinstall the software, and use the backup data on the backup server to restore data.
Software Reinstallation and Restoration
Restoring the Data of a Single LiteAD Node
Scenarios

If an alarm is generated for a LiteAD server and the alarm cannot be cleared by restarting the LiteAD server. After the LiteAD server is shut down, the other LiteAD server can provide services correctly.

This section describes how to restore the data of the faulty LiteAD server.

NOTE:

In a scenario where a single LiteAD server is faulty, you are advised to use this method to restore the server.

Impact on the System

This operation has no adverse impact on the system.

Prerequisites

The root account and password for logging in to the LiteAD server have been obtained.

Data

Data preparation is not required for this operation.

Procedure

Checking whether the faulty LiteAD server is active or standby.

  1. Log in to the LiteAD server as user root.
  2. Run the following command to check whether the LiteAD server is active or standby:

    cat /etc/samba/ad.conf

    NOTE:

    If ispdc = Yes is displayed, the LiteAD server is active. Otherwise, the LiteAD server is standby.

    Restoring the LiteAD server

  3. Restore the faulty LiteAD server as follows:

    Restoration operations

    Status

    Procedure

    Active LiteAD server

    1. Log in to the active LiteAD server as user root.
    2. Run the following command to copy the script to the /home directory:

      cp -rf /opt/LiteAD/malfunctionRecover /home

    3. Run the following command to uninstall the LiteAD server:

      sh /home/malfunctionRecover/pre-firstDC.sh IP address of the standby LiteAD serverlocal IP address

      For example, if the IP address of the standby LiteAD server is 192.168.100.12 and the local IP address is 192.168.100.11, run the following command:

      sh /home/malfunctionRecover/pre-firstDC.sh 192.168.100.12 192.168.100.11

    4. Log in to the standby LiteAD server as user root.
    5. Run the following command and enter the password of the domain administrator account as prompted to upgrade the standby LiteAD server to the active one:

      python /opt/LiteAD/malfunctionRecover/exLiteADrole.py --DChostname=name of the active LiteAD server --adminname=domain administrator account --peerIp=IP address of the active LiteAD server --localIp=local IP address

      For example, if the name of the active LiteAD server is litead01, the domain administrator account is vdsadmin, the IP address of the active LiteAD server is 192.168.100.11, and the local IP address is 192.168.100.12, run the following command:

      python /opt/LiteAD/malfunctionRecover/exLiteADrole.py --DChostname=litead01 --adminname=vdsadmin --peerIp=192.168.100.11 --localIp=192.168.100.12

      Wait 10 minutes and run the following command to restore the DNS record.

      samba_dnsupdate --verbose

      If the following information is displayed in the return message, continue with the next steps; if the message prompts that DNS failed to be updated, wait 5 minutes and try again.

      Record added successfully

      or

      No DNS updates needed
      NOTE:

      The following describes the active and standby LiteAD servers after the switchover.

    6. Log in to the standby LiteAD server as user root.
    7. Run the following command and enter the password of the domain administrator account as prompted to reinstall LiteAD:

      python /home/malfunctionRecover/post-DC.py --realm=domain name --adminname=domain administrator account --bindaddress=local IP address

      For example, if the domain name is test.abc.com, the domain administrator account is vdsadmin, and the local IP address is 192.168.100.11, run the following command:

      python /home/malfunctionRecover/post-DC.py --realm=test.abc.com --adminname=vdsadmin --bindaddress=192.168.100.11

    8. Run the following command and enter the password of the domain administrator account as prompted to add relevant DNS records:

      python /opt/LiteAD/malfunctionRecover/dnsrecord.py --realm=domain name --adminname=domain administrator account --mainIp=IP address of the active LiteAD server --localIp=local IP address --DChostname=name of the standby LiteAD server

      For example, if the domain name is test.abc.com, the name of the active LiteAD server is litead02, the domain administrator account is vdsadmin, the IP address of the active LiteAD server is 192.168.100.12, and the local IP address is 192.168.100.11, run the following command:

      python /opt/LiteAD/malfunctionRecover/dnsrecord.py --realm=test.abc.com --adminname=vdsadmin --mainIp=192.168.100.12 --localIp=192.168.100.11 --DChostname=litead01

    9. Run the following command to restore the DB status:

      samba-tool dbcheck --fix

      If any prompt appears, enter all and press Enter.

    Standby LiteAD server

    1. Log in to the standby LiteAD server as user root.
    2. Run the following command to copy the script to the /home directory:

      cp -rf /opt/LiteAD/malfunctionRecover /home

    3. Run the following command to uninstall the LiteAD server:

      sh /home/malfunctionRecover/pre-secondDC.sh

    4. Log in to the active LiteAD server as user root.
    5. Run the following command and enter the password of the domain administrator account as prompted to delete the domain controller server information about the standby LiteAD server:

      python /opt/LiteAD/malfunctionRecover/removeDeadDC.py --DChostname=name of the standby LiteAD server --adminname=domain administrator account

      For example, if the name of the standby LiteAD server is litead02, and the domain administrator account is vdsadmin, run the following command:

      python /opt/LiteAD/malfunctionRecover/removeDeadDC.py --DChostname=litead02 --adminname=vdsadmin

    6. Log in to the LiteAD server as user root.
    7. Run the following command and enter the password of the domain administrator account as prompted to reinstall LiteAD:

      python /home/malfunctionRecover/post-DC.py --realm=domain name --adminname=domain administrator account --bindaddress=local IP address

      For example, if the domain name is test.abc.com, the domain administrator account is vdsadmin, and the local IP address is 192.168.100.12, run the following command:

      python /home/malfunctionRecover/post-DC.py --realm=test.abc.com --adminname=vdsadmin --bindaddress=192.168.100.12

    8. Run the following command and enter the password of the domain administrator account as prompted to add relevant DNS records:

      python /opt/LiteAD/malfunctionRecover/dnsrecord.py --realm=domain name --adminname=domain administrator account --mainIp=IP address of the active LiteAD server --localIp=local IP address --DChostname=name of the standby LiteAD server

      For example, if the domain name is test.abc.com, the name of the standby LiteAD server is litead02, the domain administrator account is vdsadmin, the IP address of the active LiteAD server is 192.168.100.11, and the local IP address is 192.168.100.12, run the following command:

      python /opt/LiteAD/malfunctionRecover/dnsrecord.py --realm=test.abc.com --adminname=vdsadmin --mainIp=192.168.100.11 --localIp=192.168.100.12 --DChostname=litead02

    9. Run the following command to restore the DB status:

      samba-tool dbcheck --fix

      If any prompt appears, enter all and press Enter.

    NOTE:

    Perform the verification operation after about 10 minutes for data synchronization between the active and standby LiteAD servers is complete.

Verification

Verification

Category

Verification

Service status verification

  1. Log in to the active and standby LiteAD server as user root.
  2. Run the cd /opt/LiteAD command to go to the LiteAD directory.
  3. Run the sh ad-check.sh -p command to check the LiteAD service status. If any check item fails, the check will be paused. Press Enter to continue the check.
  4. If the checks are successful in 1 to 3, the LiteAD service is recovered successfully.

Client verification

  • Verifying the AD service restoration:
    1. Log in to the WI from CloudClient.
    2. Check whether you can log in to the user VMs using the test account.
    3. Create a domain user and provision a VM for the user. Check whether you can log in to the VM as the domain user.
  • Verifying the DNS service restoration:
    1. Log in to a user VM with a signal network interface card (NIC). In Local Area Connection window, set the IP address of DNS server to the IP address of the only DNS server in local connection.
    2. In the CLI, run the ipconfig /flushdns command to update the DNS cache.
    3. Ping the domain name. If the ping operation is successful, the DNS server is successfully restored.
  • Verifying the DHCP service restoration:
    1. One DHCP server involved:

      Log in to the user VM that has only one NIC in VNC mode. Disable the NIC and enable it to check whether an IP address can be obtained. If yes, the DHCP server is successfully restored.

    2. Two DHCP servers involved:
    3. Verifying the active DHCP server restoration:

      Log in to the user VM that has only one NIC in VNC mode. Disable the NIC and enable it. In the Network Connection Details window, check whether the DHCP server is the active DHCP. If yes, the active DHCP server is successfully restored.

    4. Verifying the standby DHCP server restoration:

      Disable the DHCP service on the active DHCP server. Log in to the user VM that has only one NIC in VNC mode. Disable the NIC and enable it. In the Network Connection Details window, check whether the DHCP server is the standby DHCP. If yes, the standby DHCP server is successfully restored.

      The DHCP service restoration test has high risks. You are advised to perform this test at night.

Alarm verification

  1. Log in to the FusionAccess system.
  2. Check whether the alarm about the LiteAD server is cleared.
  3. If the alarm is cleared, the data of the LiteAD server is restored.

Group policy restoration check

  1. Log in to the RSAT management server as a domain administrator.
  2. On the menu bar, click and choose Administrative Tools > Group Policy Management.
    NOTE:

    The RSAT management server running Windows 7 is used as an example.

  3. Check whether group policies and other data are successfully restored.
Restoring the Data of Dual LiteAD Nodes
Scenarios
  • Data restoration is a critical operation. Perform this operation only when necessary to avoid user data loss. During the operation, if you have any questions, contact Huawei technical support.
  • This section applies to the scenario where both the active and standby LiteADs are faulty, in a scenario where a single LiteAD server is faulty, you are advised to restore the server based on Restoring the Data of a Single LiteAD Node.
Impact on the System

After data restoration, the data produced between the backup time and restoration time is lost.

Prerequisites
  • The required backup file is available on the backup servers (including Backup Server and third-party FTP backup server) and the name of the backup file has been obtained.
  • The FTPS service is available on the backup servers.
  • The remote copy software WinSCP has been obtained.
  • The username and password for logging in to the LiteAD server have been obtained.
Data

Table 3-58 lists the data to be obtained.

Table 3-58 Data to be obtained

Name

Description

Example Value

FTP account

Account for the FTP service on the backup server to upload backup data.

ConfBack_user

FTP password

Password of the account for the FTP service on the backup server to upload backup data.

Huawei@123

Procedure

Back up the LiteAD data.

  1. Log in to the LiteAD server as user root and run the cd /opt/LiteAD command to go to the LiteAD directory.
  2. Run the sh litead_backup.sh command to start backup.
  3. Run the mkdir ~/backup command to create a backup directory.
  4. Run the cp /var/vdesktop/backup/LiteAD_backup time.gz ~/backup to copy the backup file to the newly created directory.
  5. Back up the data of the other LiteAD server. For details, see Step 1 to 4.

Uninstall the LiteAD.

  1. Log in to the LiteAD server as user root.
  2. Enter cd to go to the root directory of the LiteAD server.
  3. Enter startTools.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  4. In Software, run Custom Install. Select LiteAD > Uninstall LiteAD(Software & Data) as prompted. The uninstallation is successful if the following message is displayed.

    LiteAD uninstalled successfully.

  1. Uninstall the other LiteAD. For details, see Step 6 to 9.

Restore the faulty LiteAD server.

  1. Log in to a faulty LiteAD server as the root user.
  2. Enter startTools.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install > LiteAD > Install LiteAD. Perform operations as prompted. The installation is successful if the following message is displayed.

    LiteAD installed successfully.

  4. Use WinSCP to log in to the backup server. If the Backup Server is used, set parameters according to Figure 3-86. If the third-party FTP backup server is used, set parameters based on the actual situation. After login, copy the LiteAD_backup time.tar.gz backup file from the backup server to a local directory.

    Figure 3-86 Login parameter settings
    NOTE:

    The default password of ConfBack_user is Cloud12#$. You must use the backup data that corresponds to the IP address of the local server for restoration.The backup files of each component are stored in /var/ftpsite/ITA name/folder of a component on the Backup Server.

  5. Use WinSCP to log in to the LiteAD server as user gandalf. Copy backup file LiteAD_backup time.tar.gz from the local directory to the /home/FusionAccess directory on the LiteAD server.
  6. Log in to the LiteAD server as user root and run the following command to move LiteAD_backup time.tar.gz under the /home/FusionAccess directory to the /opt/LiteAD/recover directory of the LiteAD server:

    mv /home/FusionAccess/LiteAD_backup time.tar.gz /opt/LiteAD/recover

  7. Run the following command to restore the LiteAD data:

    sh /opt/LiteAD/litead_recover.sh

  8. Restore the other faulty LiteAD server data. For details, see Step 11 to Step 17.

Configure time synchronization.

  1. On the FusionAccess portal, choose System > Time Management to configure and send time synchronization information.
Verification
Table 3-59 Verification

Category

Verification

Service status verification

  1. Log in to the active and standby LiteAD server as user root.
  2. Run the cd /opt/LiteAD command to go to the LiteAD directory.
  3. Run the sh ad-check.sh -p command to check the LiteAD service status. If any check item fails, the check will be paused. Press Enter to continue the check.
  4. If the checks are successful in 1 to 3, the LiteAD service is recovered successfully.

Client verification

  • Verifying the AD service restoration:
    1. Log in to the WI from CloudClient.
    2. Check whether you can log in to the user VMs using the test account.
    3. Create a domain user and provision a VM for the VM. Check whether you can log in to the VM as the domain user.
  • Verifying the DNS service restoration:
    1. Log in to a user VM with a signal network interface card (NIC). In Local Area Connection window, set the IP address of DNS server to the IP address of the only DNS server in local connection.
    2. In the CLI, run the ipconfig /flushdns command to update the DNS cache.
    3. Ping the domain name. If the ping operation is successful, the DNS server is successfully restored.
  • Verifying the DHCP service restoration:
    1. One DHCP server involved:

      Log in to the user VM that has only one NIC in VNC mode. Disable the NIC and enable it to check whether an IP address can be obtained. If yes, the DHCP server is successfully restored.

    2. Two DHCP servers involved:
    3. Verifying the active DHCP server restoration:

      Log in to the user VM that has only one NIC in VNC mode. Disable the NIC and enable it. In the Network Connection Details window, check whether the DHCP server is the active DHCP. If yes, the active DHCP server is successfully restored.

    4. Verifying the standby DHCP server restoration:

      Disable the DHCP service on the active DHCP server. Log in to the user VM that has only one NIC in VNC mode. Disable the NIC and enable it. In the Network Connection Details window, check whether the DHCP server is the standby DHCP. If yes, the standby DHCP server is successfully restored.

      The DHCP service restoration test has high risks. You are advised to perform this test at night.

Alarm verification

  1. Log in to the FusionAccess system.
  2. Check whether the alarm about the LiteAD server is cleared.
  3. If the alarm is cleared, the data of the LiteAD server is restored.

Group policy restoration check

  1. Log in to the RSAT management server as a domain administrator.
  2. On the menu bar, click and choose Administrative Tools > Group Policy Management.
    NOTE:

    The RSAT management server running Windows 7 is used as an example.

  3. Check whether group policies and other data are successfully restored.
Restoring the Backup Server Software
Scenarios

Restore the Backup Server software in FusionAccess.

Impact on the System

After server recovery, the backup data generated before recovery will be lost.

Prerequisites

The username and password for logging in to the Backup Server have been obtained.

Data

Data preparation is not required for this operation.

Procedure

Uninstall the Backup Server.

  1. Log in to the Backup Server as user root.
  2. Enter startTools to go to the FusionAccess Portal.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed33
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install. Select Backup Server > Uninstall Backup Server as prompted. The uninstallation is successful if the following message is displayed.

    BackupServer uninstalled successfully.

Reinstall the Backup Server.

  1. In Software, run Custom Install. Select Backup Server > Install Backup Server as prompted. The installation is successful if the following message is displayed.

    Backup Server installed successfully.

Verification

Service verification for the Backup Server software recovery:

  1. Log in to the FusionAccess system.
  2. Check whether the alarm about the Backup Server is cleared.
  3. On the FusionAccess Portal, choose System > Backup Server and click Back Up Now. In Task, view the task execution progress and wait until the execution is complete.
  4. If the checks are successful in 2 to Step 3, the Backup Server is recovered successfully.
Restoring the Data of the ITA Server
Scenarios

Restore the data of the ITA server on FusionAccess.

After an important operation, such as system upgrade or critical data modification, is performed for the system, roll back the system if an exception occurs or the operation has not achieved the expected result. During the rollback, data restoration is required.

Impact on the System

After data restoration, the data produced between the backup time and restoration time is lost.

Prerequisites
  • The required backup file is available on the backup servers (including Backup Server and third-party FTP backup server) and the name of the backup file has been obtained.
  • The FTPS service is available on the backup servers.
  • The remote copy software WinSCP has been obtained.
  • The username and password for logging in to the ITA server have been obtained.
Data

Data preparation is not required for this operation.

Procedure

Uninstall the ITA.

  1. Log in to the ITA server as user root.
  2. Enter startTools.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install. Select ITA > Uninstall ITA as prompted. The uninstallation is successful if the following message is displayed.

    ITA uninstalled successfully.

    Reinstall the ITA.

  4. In Software, run Custom Install > ITA > Install ITA. Perform operations as prompted. The installation is successful if the following message is displayed.

    ITA installed successfully.

    Restore services.

  5. Use WinSCP to log in to the backup server. If the Backup Server is used, set parameters according to Figure 3-87. If the third-party FTP backup server is used, set parameters based on the actual situation. After login, copy the ITA_backup time.tar.gz backup file from the backup server to a local directory.

    Figure 3-87 Login parameter settings
    NOTE:

    The default password of ConfBack_user is Cloud12#$. The component backup files are stored in /var/ftpsite/ITA name/folder of a component on the Backup Server.

  6. Use WinSCP to log in to the ITA server as user gandalf. Copy backup file ITA_backup time.tar.gz from the local directory to the /home/FussionAccess directory on the ITA server.
  7. Log in to the ITA server as user root and run the following command to move the backup file to /opt:

    mv /home/FussionAccess/ITA backup file name /opt/

    For example, run the following command:

    mv /home/FussionAccess/ITA_16-11-10_16-10-08.tar.gz /opt/

  8. Run the following command to replace the original ITA configuration file with the newly installed ITA configuration file:

    sh /opt/ITA/script/recovery.sh -r /opt/ITA backup file name

    For example, run the following command:

    sh /opt/ITA/script/recovery.sh -r /opt/ITA_16-11-10_16-10-08.tar.gz

  9. Run the following command to restart the HA service:

    service ha restart

  10. Run the following commands to restart the ITAService service:

    service ITAService restart

    NOTE:

    The services will be restored three minutes after the service is restarted.

Verification

Verifying the ITA data restoration:

  1. Log in to the FusionAccess system..
  2. Check whether the alarm about the ITA server is cleared.
  3. Provision VMs successfully.
  4. If 1 to 3 are successful, the ITA component is recovered.
Restoring the Data of the WI Server
Scenarios

Restore the data of the WI server on FusionAccess.

After an important operation, such as system upgrade or critical data modification, is performed for the system, roll back the system if an exception occurs or the operation has not achieved the expected result. During the rollback, data restoration is required.

Impact on the System

After data restoration, the data produced between the backup time and restoration time is lost.

Prerequisites
  • The required backup file is available on the backup servers (including Backup Server and third-party FTP backup server) and the name of the backup file has been obtained.
  • The FTPS service is available on the backup servers.
  • The remote copy software WinSCP has been obtained.
  • The username and password for logging in to the WI server have been obtained.
Data

Data preparation is not required for this operation.

Procedure

Uninstall the WI.

  1. Log in to the WI server as user root
  2. Enter startTools.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install. Select WI > Uninstall WI as prompted. The uninstallation is successful if the following message is displayed.

    WI uninstalled successfully.

    Reinstall the WI.

  4. In Software, run Custom Install > WI > Install WI. Perform operations as prompted. The installation is successful if the following message is displayed.

    WI installed successfully.

    Restore services.

  5. Use WinSCP to log in to the backup server. If the Backup Server is used, set parameters according to Figure 3-88. If the third-party FTP backup server is used, set parameters based on the actual situation. After login, copy the WI_backup time.tar.gz backup file from the backup server to a local directory.

    Figure 3-88 Login parameter settings
    NOTE:

    The default password of ConfBack_user is Cloud12#$. The component backup files are stored in /var/ftpsite/ITA name/folder of a component on the Backup Server.

  6. Use WinSCP to log in to the WI server as user gandalf. Copy backup file WI_backup time.tar.gz from the local directory to the /home/FussionAccess directory on the WI server.
  7. Log in to the WI server as user root and run the following command to move the backup file to /opt:

    mv /home/FussionAccess/WI backup file name /opt/

    For example, run the following command:

    mv /home/FussionAccess/WI_16-11-10_16-10-08.tar.gz /opt/

  8. Run the following command to replace the original WI configuration file with the newly installed WI configuration file:

    sh /opt/WI/script/recovery.sh -r /opt/WI backup file name

    For example, run the following command:

    sh /opt/WI/script/recovery.sh -r /opt/WI_16-11-10_16-10-08.tar.gz

  9. Run the following command to restart the HA service:

    service ha restart

  10. Run the following commands to restart the WIService service:

    service WIService restart

    NOTE:

    The services will be restored three minutes after the service is restarted.

Verification

Verifying the WI data restoration:

  1. Log in to the FusionAccess system.
  2. Check whether the alarm about the WI server is cleared.
  3. If the alarm is cleared, the data of the WI server is restored.
Restoring the Data of the UNS Server
Scenarios

Restore the data of the UNS server on FusionAccess.

After an important operation, such as system upgrade or critical data modification, is performed for the system, roll back the system if an exception occurs or the operation has not achieved the expected result. During the rollback, data restoration is required.

Impact on the System

After data restoration, the data produced between the backup time and restoration time is lost.

Prerequisites
  • The required backup file is available on the backup servers (including Backup Server and third-party FTP backup server) and the name of the backup file has been obtained.
  • The FTPS service is available on the backup servers.
  • The remote copy software WinSCP has been obtained.
  • The username and password for logging in to the UNS server have been obtained.
Data

Data preparation is not required for this operation.

Procedure

Uninstall the UNS.

  1. Log in to the UNS server as user root
  2. Enter startTools.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install. Select UNS > Uninstall UNS as prompted. The uninstallation is successful if the following message is displayed.

    UNS uninstalled successfully.

Reinstall the UNS.

  1. In Software, run Custom Install > UNS > Install UNS. Perform operations as prompted. The installation is successful if the following message is displayed.

    UNS installed successfully.

Restore services.

  1. Use WinSCP to log in to the backup server. If the Backup Server is used, set parameters according to Figure 3-89. If the third-party FTP backup server is used, set parameters based on the actual situation. After login, copy the UNS_backup time.tar.gz backup file from the backup server to a local directory.

    Figure 3-89 Login parameter settings
    NOTE:

    The default password of ConfBack_user is Cloud12#$. The component backup files are stored in /var/ftpsite/ITA name/folder of a component on the Backup Server.

  2. Use WinSCP to log in to the UNS server as user gandalf. Copy backup file UNS_backup time.tar.gz from the local directory to the /home/FussionAccess directory on the UNS server.
  3. Log in to the UNS server as user root and run the following command to move the backup file to /opt:

    mv /home/FussionAccess/UNS backup file name /opt/

    For example, run the following command:

    mv /home/FussionAccess/UNS_16-11-10_16-10-08.tar.gz /opt/

  4. Run the following command to replace the original UNS configuration file with the newly installed UNS configuration file:

    sh /opt/WI/script/recovery.sh -r /opt/UNS backup file name

    For example, run the following command:

    sh /opt/WI/script/recovery.sh -r /opt/UNS_16-11-10_16-10-08.tar.gz

  5. Run the following command to restart the HA service:

    service ha restart

  6. Run the following commands to restart the WIService service:

    service WIService restart

    NOTE:

    The services will be restored three minutes after the service is restarted.

Verification

Verifying the UNS data restoration:

  1. Log in to the FusionAccess system.
  2. Check whether the alarm about the UNS server is cleared.
  3. If the alarm is cleared, the data of the UNS server is restored.
Restoring the Data of the HDC Server
Scenarios

Restore the data of the HDC server on FusionAccess.

After an important operation, such as system upgrade or critical data modification, is performed for the system, roll back the system if an exception occurs or the operation has not achieved the expected result. During the rollback, data restoration is required.

Impact on the System
  • After data restoration, the data produced between the backup time and restoration time is lost.
  • After the HDC is restored, data on the desktop may be lost or invalid. You need to reconfigure and save data.
Prerequisites
  • The required backup file is available on the backup servers (including Backup Server and third-party FTP backup server) and the name of the backup file has been obtained.
  • The FTPS service is available on the backup servers.
  • The remote copy software WinSCP has been obtained.
  • The username and password for logging in to the HDC server have been obtained.
Data

Record desktop configurations as follows:

Log in to FusionAccess and choose System > Initial Configuration > Desktop Components. In the Desktop Information area, obtain all desktop information.

Procedure

Uninstall the HDC.

  1. Log in to the HDC server as user root.
  2. Enter startTools.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install. Select HDC > Uninstall HDC as prompted. The uninstallation is successful if the following message is displayed.

    HDC uninstalled successfully.

    Reinstall the HDC.

  4. In Software, run Custom Install > HDC > Install HDC. Perform operations as prompted. The installation is successful if the following message is displayed.

    HDC installed successfully.

    Restore services.

  5. Use WinSCP to log in to the backup server. If the Backup Server is used, set parameters according to Figure 3-90. If the third-party FTP backup server is used, set parameters based on the actual situation. After login, copy the HDC_backup time.tar.gz backup file from the backup server to a local directory.

    Figure 3-90 Login parameter settings
    NOTE:

    The default password of ConfBack_user is Cloud12#$. The component backup files are stored in /var/ftpsite/ITA name/folder of a component on the Backup Server.

  6. Use WinSCP to log in to the HDC server as user gandalf. Copy backup file HDC_backup time.tar.gz from the local directory to the /home/FussionAccess directory on the HDC server.
  7. Log in to the HDC server as user root and run the following command to move the backup file to /opt:

    mv /home/FussionAccess/HDC backup file name /opt/

    For example, run the following command:

    mv /home/FussionAccess/HDC_16-11-10_16-10-08.tar.gz /opt/

  8. Run the following command to replace the original HDC configuration file with the newly installed HDC configuration file.

    sh /opt/HDC/script/recovery.sh -r /opt/HDC backup file name.

    For example, run the following command:

    sh /opt/HDC/script/recovery.sh -r /opt/HDC_16-11-10_16-10-08.tar.gz

  9. Run the following command to restart the HA service:

    service ha restart

  10. Run the following command to restart the HDCService service:

    service HDCService restart

    NOTE:

    The services will be restored three minutes after the service is restarted.

Configure desktop data again.

  1. Log in to FusionAccess and choose System > Initial Configuration > Desktop Components.
  2. In the Desktop Information area, reconfigure the desktop information.
  3. Click OK.
Verification

Verifying the HDC data restoration:

  1. Log in to the FusionAccess system.
  2. Check whether the HDC alarm is cleared.
  3. If the alarm is cleared, the data of the HDC server is restored.
Restoring the Data of the vAG Server
Scenarios

Restore the data of the vAG server on FusionAccess.

After a critical operation, such as system upgrade or critical data modification, is performed for the system, roll back the system if an exception occurs or the operation has not achieved the expected result. During the rollback, data restoration is required.

Impact on the System

After data restoration, the data produced between the backup time and restoration time is lost.

Prerequisites
  • The required backup file is available on the backup servers (including Backup Server and third-party FTP backup server) and the name of the backup file has been obtained.
  • The FTPS service is available on the backup servers.
  • The remote copy software WinSCP has been obtained.
  • The username and password for logging in to the vAG server have been obtained.
Data

Data preparation is not required for this operation.

Procedure

Uninstall the vAG.

  1. Log in to the vAG server as user root.
  2. Enter startTools.

    The FusionAccess page is displayed.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess page is displayed.
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install. Select vAG > Uninstall vAG as prompted. The uninstallation is successful if the following message is displayed.

    vAG uninstalled successfully.

    Reinstall the vAG.

  4. In Software, run Custom Install > vAG > Install vAG. Perform operations as prompted. The installation is successful if the following message is displayed.

    vAG installed successfully.

    Restore services.

  5. Use WinSCP to log in to the backup server. If the Backup Server is used, set parameters according to Figure 3-91. If the third-party FTP backup server is used, set parameters based on the actual situation. After login, copy the vag_backup time.tar.gz backup file from the backup server to a local directory.

    Figure 3-91 Login parameter settings
    NOTE:

    The default password of ConfBack_user is Cloud12#$. The component backup files are stored in /var/ftpsite/ITA name/folder of a component on the Backup Server.

  6. Use WinSCP to log in to the vAG server as user gandalf. Copy backup file vag_backup time.tar.gz from the local directory to the /home/FussionAccess directory on the vAG server.
  7. Log in to the vAG server as user root and run the following command to move the backup file to /opt:

    mv /home/FussionAccess/vAG backup file name /opt/

    For example:

    mv /home/FussionAccess/vag_16-11-10_16-10-08.tar.gz /opt/

  8. Run the following command to replace the newly installed vAG configuration file:

    sh /opt/VNCGate/recovery.sh -r /opt/vAG backup file name

    For example:

    sh /opt/VNCGate/recovery.sh -r /opt/vag_16-11-10_16-10-08.tar.gz

  9. Run the following command to restart the HA service:

    service ha restart

    NOTE:

    The services will be restored 3 minutes after the services are restarted.

Verification

Verifying the vAG data restoration:

  1. Log in to the FusionAccess system.
  2. Check whether the vAG alarm is cleared.
  3. If the alarm is cleared, the data of the vAG server is restored.
Restoring the vLB
Scenarios

Restore the vLB on FusionAccess.

If both the WI and vLB are faulty, install the WI before the vLB.

Impact on the System

This operation has no adverse impact on the system.

Prerequisites

The username and password for logging in to the ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server have been obtained.

Data

Data preparation is not required for this operation.

Procedure

Uninstall the vLB.

  1. Log in to the ITA server as user root.
  2. Enter startTools, the FusionAccess screen is displayed.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install, select vLB > Uninstall vLB. The uninstallation is successful if the following message is displayed.

    vLB uninstalled successfully.

    Reinstall the vLB.

  4. In Software, run Custom Install > vLB > Install vLB. Perform operations as prompted. The installation is successful if the following message is displayed.

    vLB installed successfully.

    Configure IP addresses for the WI servers.

  5. In the navigation tree, choose vLB > Configure vLB > Configure WI/UNS.
  6. On the displayed screen, enter the service plane IP address of the WI/UNS server.

    • For enterprise internal user access, enter the WI server IP address for enterprise internal user access.
    • For external/public network user access, enter the WI server IP address for external/public network user access.

  7. Press Enter. If the message WI/UNS IP address configured Successfully is displayed, the IP address is configured successfully.
Verification

Service verification for the vLB recovery:

  1. Log in to the FusionAccess system.
  2. Check whether the alarm about the vLB is cleared.
  3. If the alarm is cleared, the vLB is restored.
Restoring the Data of the License Server
Scenarios

Restore the data of the License server in the FusionAccess.

After an important operation, such as system upgrade or critical data modification, is performed for the system, roll back the system if an exception occurs or the operation has not achieved the expected result. During the rollback, data restoration is required.

Impact on the System

After data restoration, the data produced between the backup time and restoration time is lost.

Prerequisites
  • The required backup file is available on the backup servers (including Backup Server and third-party FTP backup server) and the name of the backup file has been obtained.
  • The FTPS service is available on the backup servers.
  • The remote copy software WinSCP has been obtained.
  • The user name and password for logging in to the License server have been obtained.
Data

Data preparation is not required for this operation.

Procedure

Uninstall the License.

  1. Log in to the License server as user root.
  2. Enter startTools.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install. Select LICENSE > Uninstall LICENSE as prompted. The uninstallation is successful if the following message is displayed.

    License uninstalled successfully.

Reinstall the License.

  1. In Software, run Custom Install > LICENSE > Install LICENSE. Perform operations as prompted. The installation is successful if the following message is displayed.

    License installed successfully.

Restore services.

  1. Use WinSCP to log in to the backup server. If the Backup Server is used, set parameters according to Figure 3-92. If the third-party FTP backup server is used, set parameters based on the actual situation. After login, copy the LIC_backup time.tar.gz backup file from the backup server to a local directory.

    Figure 3-92 Login parameter settings
    NOTE:

    The default password of ConfBack_user is Cloud12#$. The component backup files are stored in /var/ftpsite/ITA name/folder of a component on the Backup Server.

  2. Use WinSCP to log in to the License server as user gandalf. Copy backup file LIC_backup time.tar.gz from the local directory to the /home/FussionAccess directory on the License server.
  3. Log in to the License server as user root and run the following command to move the backup file to /opt:

    mv /home/FussionAccess/License backup file name /opt/

    For example, run the following command:

    mv /home/FussionAccess/LIC_16-11-10_16-10-08.tar.gz /opt/

  4. Run the following command to replace the original License configuration file with the newly installed License configuration file:

    sh /opt/License/script/recovery.sh -r /opt/License backup file name.

    For example, run the following command:

    sh /opt/License/script/recovery.sh -r /opt/LIC_16-11-10_16-10-08.tar.gz

  5. Run the following command to restart the HA service:

    service ha restart

  6. Run the following commands to restart the LICService service:

    service LICService restart

    NOTE:

    The services will be restored three minutes after the service is restarted.

Verification

Verifying the License data restoration:

  1. Log in to the FusionAccess system.
  2. Check whether the alarm about the License server is cleared.
  3. If the alarm is cleared, the data of the License server is restored.
Restoring the Data of the GaussDB Server
Scenarios

Restore the data of the GaussDB server on FusionAccess.

Contact Huawei technical support if the active and standby GaussDB nodes are faulty.

After an important operation, such as system upgrade or critical data modification, is performed for the system, roll back the system if an exception occurs or the operation has not achieved the expected result. During the rollback, data restoration is required.

Impact on the System

The data produced between the backup time and restoration time is lost after data restoration.

Prerequisites

The username and password for logging in to the GaussDB server have been obtained.

Data

Data preparation is not required for this operation.

Procedure

Uninstall the GaussDB.

  1. Log in to the faulty GaussDB server as user root.
  2. Enter startTools.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install. Select GaussDB > Uninstall GaussDB as prompted. The uninstallation is successful if the following message is displayed.

    GaussDB uninstalled successfully.

    NOTE:

    When the active GaussDB server is uninstalled, the standby GaussDB server becomes the new active GaussDB server.

  4. Log in to another GaussDB server that is running properly as user root.
  5. Run the following command to check whether the current GaussDB server is the active server:

    su - gaussdba -c "gs_ctl query"

    NOTE:
    • If LOCAL_ROLE is Primary, the current server is the active GaussDB server.
    • Ensure that the current server is the active GaussDB server before performing any further operation.

Reinstall the GaussDB.

  1. Log in to the faulty GaussDB server as user root.
  2. In Software, choose Custom Install > GaussDB > Install GaussDB. Perform operations as prompted. The installation is successful if the following message is displayed.

    GaussDB installed successfully.

  3. In Software, choose Custom Install > GaussDB > Configure GaussDB > Configure HA to configure the HA.

    Restore GaussDB data.

  4. Run the following command to perform data synchronization:

    su - gaussdba -c "gs_ctl build"

    If information similar to the following is displayed, the data is successfully synchronized.

    waiting for server to shut down.... done 
    server stopped 
    gs_ctl: connect to server, build started. 
    xlog start point: 0/2C000020 
    gs_ctl: starting background WAL receiver 
    53097/53097 kB (100%), 1/1 tablespace 
    xlog end point: 0/2C0123B8 
    gs_ctl: waiting for background process to finish streaming... 
    gs_ctl: build completed. 
    server starting.... done 
    server started     

  5. Run the following command to copy the history file:

    su - gaussdba -c "cp -f /opt/GaussDB/data/pg_xlog/*.history /opt/GaussDB/app/archive/"

    NOTE:

    If no history file exists, skip this step.

  6. Log in to the GaussDB server that is running properly as user root, and run the following command to synchronize the password files:

    /opt/HA/module/hacom/tools/ha_client_tool --ip=127.0.0.1 --port=61806 --syncallfile

    If the following information is displayed, the password files are successfully synchronized.

    execute command syncallfile successfully.

Verification

Verifying the restoration of one GaussDB server: Log in to the FusionAccess system and check whether the GaussDB alarm is cleared. If yes, the GaussDB server is restored.

System Restoration
Restoring the ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD Server
Scenarios

Data restoration is a critical operation. Perform this operation only when necessary to avoid user data loss. During the operation, if you have any questions, contact Huawei technical support.

Service interruption will occur during the active node restoration. Exercise caution when performing this operation.

Copy backup data of the ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD servers to a new server and restore the faulty ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server.

After a critical operation, such as system upgrade or critical data modification, is performed for the system, roll back the system if an exception occurs or the operation has not achieved the expected result. During the rollback, data restoration is required.

Impact on the System
  • The data produced between the backup time and restoration time is lost after data restoration.
  • After the system is reinstalled, the equipment serial number (ESN) of the license server is changed and the original license file becomes unavailable. You need to apply for a new license and configure it.
Prerequisites
  • The required backup file is available on the backup servers (including Backup Server and third-party FTP backup server) and the name of the backup file has been obtained.
  • The FTPS service is available on the backup servers.
  • The remote copy software WinSCP has been obtained.
  • The username and password for logging in to the ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server have been obtained.
Software

Table 3-60 lists the required software.

Table 3-60 Software

Software Type

Software

Description

Upgrade file

FusionAccess_Patch_V100R00xCxxSPCxxx.zip

You must obtain the file if you use an OS ISO file whose version is different from the component version of the faulty ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server to create the server.

How to obtain:

For enterprise users, click here.

For telecom carrier users, click here.

Select V100R006C20SP103.

Data

Table 3-61 lists the data to be obtained.

Table 3-61 Data to be obtained

Parameter

Description

Example Value

Service plane IP address of the ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server

The same as the service plane IP address of the faulty ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server.

192.168.191.21

Computer name of the ITA/GaussDB/HDC/WI/License server

The same as the computer name of the faulty ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server.

FA-LiteAD-01

FTP account

Account for the FTP service on the backup server to upload backup data.

ConfBack_user

FTP password

Password of the account for the FTP service on the backup server to upload backup data.

Huawei@123

Procedure

Back up the LiteAD data.

  1. Log in to the LiteAD server that runs properly as user root and run the cd /opt/LiteAD command to go to the LiteAD directory.
  2. Run the sh litead_backup.sh command to start backup.
  3. Run the mkdir ~/backup command to create a backup directory.
  4. Run the cp /var/vdesktop/backup/LiteAD_backup time.tar.gz ~/backup to copy the backup file to the newly created directory.

Create a ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server.

  1. Create a ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server of the same specifications.

    NOTE:
    • If you do not have the OS ISO file whose version is the same as the component version of the faulty ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server, use another ISO file whose version is the closest to the component version of the faulty server.
    • Ensure that the password of user gandalf of the new server is the same as that of the faulty ITA/GaussDB/HDC/WI/License server.

  2. Shut down the faulty ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server in the FusionCompute system.
  3. See Creating Linux Infrastructure VMs and Configuring Linux Infrastructure VMs to create a ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server and change the IP address, computer name, password of user gandalf and password of user root to those of the faulty ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server and install Driver Tools.
  4. Check whether the component version of the new ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server is the same as that of the faulty server.

  5. Obtain the upgrade file whose version maps the component version of the faulty ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server.
  6. Use WinSCP to log in to the new ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server as user gandalf. Copy the installation file in the upgrade file to the /home/FusionAccess directory.
  7. Exit WinSCP.
  8. Use PuTTY to log in to the new ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server as user gandalf.
  9. Run the following command and enter the password of user root as prompted to switch to user root:

    su - root

  10. Run the following command to disable user logout upon system timeout:

    TMOUT=0

  11. Run the following command to delete the related component installation files from the /usr/custom/rpm/ directory:

    rm -f /usr/custom/rpm/Component name-*.rpm

    For example, run the following command to delete the GaussDB installation file from the /usr/custom/rpm/ directory:

    rm -f /usr/custom/rpm/GaussDB-V100R006C20SPC100-1.x86_64.rpm

  12. Run the following commands to copy the component installation files from the /home/FusionAccess directory to the /usr/custom/rpm/ directory and modify the permission of the files:

    mv /home/FusionAccess/Component name-*.rpm /usr/custom/rpm/

    chown root:root /usr/custom/rpm/Component name-*.rpm

    chmod 644 /usr/custom/rpm/Component name-*.rpm

    For example, run the following commands to copy the GaussDB installation file from the /home/FusionAccess directory to the /usr/custom/rpm/ directory and modify the permission of the file:

    mv /home/FusionAccess/GaussDB-V100R006C20SPC100-1.x86_64.rpm /usr/custom/rpm/

    chown root:root /usr/custom/rpm/GaussDB-V100R006C20SPC100-1.x86_64.rpm

    chmod 644 /usr/custom/rpm/GaussDB-V100R006C20SPC100-1.x86_64.rpm

  13. Install the ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD components.

    NOTE:

    To check whether a node is an active node or a standby node, log in to the LiteAD server that is running properly as user root and run the samba-tool fsmo show command. The computer name in the command output is the computer name of the active node.

  14. In Software, run Custom Install > GaussDB > Configure GaussDB > Configure HA to configure the HA.

Uninstall and reinstall the LiteAD component.

  1. Log in to the newly createdLiteAD server as user root
  2. Enter startTools and the FusionAccess screen is displayed.

    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  3. In Software, run Custom Install. Select LiteAD > Uninstall LiteAD(Software & Data) as prompted. The uninstallation is successful if the following message is displayed.

    LiteAD uninstalled successfully.

  4. In Software, run Custom Install > LiteAD > Install LiteAD. Perform operations as prompted. The installation is successful if the following message is displayed.

    LiteAD installed successfully.

  5. Go to Software and choose Custom Install > LiteAD > Configure LiteAD > Configure DHCP Scope to manually configure the DHCP address pool.
  6. In Software, run Custom Install > GaussDB > Configure GaussDB > Configure HA to configure the HA.

Copy backup files.

  1. Use WinSCP to copy the component backup files in Table 3-61 from the backup server to the local computer. If the Backup Server is used, set parameters according to Figure 3-93. If the third-party FTP backup server is used, set parameters based on the actual situation.

    The recovery of the standby LiteAD server involves only the copying and recovery of the ITA/GaussDB/HDC/WI/License/vAG/vLB component. The data restoration is not required for the LiteAD component.

    Figure 3-93 Login parameter settings
    NOTE:

    The default password of ConfBack_user is Cloud12#$. The component backup files are stored in /var/ftpsite/ITA name/folder of a component on the Backup Server.

    Table 3-62 Backup files

    Component Name

    Backup File Name

    ITA

    ITA_backup time.tar.gz

    HDC

    HDC_backup time.tar.gz

    WI

    WI_backup time.tar.gz

    License

    LIC_backup time.tar.gz

    vAG

    vag_backup time.tar.gz

    LiteAD

    LiteAD_backup time.tar.gz

    NOTE:

    This backup file is required only for recovering active LiteAD server.

  2. Use WinSCP to log in to the ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server as user root and copy the component backup files to the related path. Copy backup files of ITA/HDC/WI/vAG/License/LiteAD from the local directory to the /home/FussionAccess.
  3. Log in to the ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server as user root and run the following command to move the backup files of ITA/HDC/WI/vAG/License from Table 3-62 to /opt. Move the LiteAD backup file listed in Table 3-62 to the /opt/LiteAD/recover directory.

    mv /home/FussionAccess/backup file name /opt/

    mv /home/FussionAccess/Service IP address of the LiteAD server.tar.gz /opt/LiteAD/recover

Restore data.

  1. See Table 3-63 to restore the data for each component.

    Table 3-63 Restoring data

    Component Name

    Procedure

    License

    Run sh /opt/License/script/recovery.sh -r /opt/License backup file name to replace the original License configuration file with the newly installed License configuration file.

    GaussDB

    1. Run su - gaussdba -c "gs_ctl build" to perform data synchronization.
    2. Run su - gaussdba -c "cp -f /opt/GaussDB/data/pg_xlog/*.history /opt/GaussDB/app/archive/" to copy the history file.
      NOTE:

      If an error message indicating that the file cannot be found is displayed, ignore it.

    3. Log in to the GaussDB server that is running properly as user root, and run /opt/HA/module/hacom/tools/ha_client_tool --ip=127.0.0.1 --port=61806 --syncallfile to synchronize the password files.

    HDC

    Run sh /opt/HDC/script/recovery.sh -r /opt/HDC backup file name to replace the original HDC configuration file with the newly installed HDC configuration file.

    WI

    Run sh /opt/WI/script/recovery.sh -r /opt/WI backup file name to replace the original WI configuration file with the newly installed WI configuration file.

    ITA

    Run sh /opt/ITA/script/recovery.sh -r /opt/ITA backup file name to replace the original ITA configuration file with the newly installed ITA configuration file.

    vAG

    Run sh /opt/VNCGate/recovery.sh -r /opt/vAG backup file name to replace the original vAG configuration file with the newly installed vAG configuration file.

    LiteAD

    Run sh /opt/LiteAD/litead_recover.sh to replace the original LiteAD configuration file with the newly installed LiteAD configuration file.

    NOTE:

    Perform this operation only when recovery the active LiteAD server.

  2. Run the following command to restart the HA service:

    service ha restart

  3. See Table 3-64 to restart the service on each component.

    Table 3-64 Restarting services

    Component Name

    Service Name

    Service Restart Command

    ITA

    ITAService

    service ITAService restart

    HDC

    HDCService

    service HDCService restart

    WI

    WIService

    service WIService restart

    License

    LICService

    service LICService restart

    NOTE:

    A service can be recovered 3 minutes after the service is restarted. To restart multiple services at the same time, you can freely combine and use the following commands:

    Restart Command 1 && Restart Command 2

    For example, to restart ITAService/HDCService/WIService at the same time, run the following command:

    service ITAService restart && service HDCService restart && service WIService restart

  4. Log in to the other normal ITA/GaussDB/HDC/WI/License/vAG/vLB/LiteAD server as user root and reinstall the LiteAD component and restore its data. For details, see Restoring the Data of Dual LiteAD Nodes.

    Perform this operation only when recovery the active LiteAD server. You need to restore the data of only LiteAD component using the LiteAD backup file that was generated at the same time as the backup files in 16; otherwise, data is inconsistent.

Configure data again on the FusionAccess portal.

  1. Log in to FusionAccess and choose System > Initial Configuration > Desktop Components.
  2. In the Desktop Information area, configure the Desktop information.
  3. In the ITA Information area, configure the ITA database information.
  4. In the License Information area,record the equipment serial number (ESN) and apply for a new license. For details about how to apply for a license, see ESN Change in FusionAccess Desktop Solution V100R006C20SPC100 License Usage Guide.
  5. In the License Information area, configure the license again. For details about how to configure a license, see FusionAccess Initial Configuration > Configuring a License in FusionAccessDesktop Solution V100R006C20 Software Installation Guide.
  6. In the vAG/vLB Information area, configure the vAG/vLB information.
  7. In the WI Information area, configure the WI information.
  8. On the FusionAccess portal, choose System > Time Management to configure and send time synchronization information.

Set the vdsadmin account validity.

  1. On the LiteAD server, set the vdsadmin account validity. For details, see Setting User Account Validity Period.

    NOTE:

    vdsadmin is a domain administrator account. You are advised to set it permanently valid.

Delete the faulty server.

  1. After all services are running properly, delete the faulty ITA/GaussDB/HDC/WI/License server from the FusionCompute system.
Verification

Check the component recovery status, as shown in Table 3-65.

Table 3-65 Verification Method

Component Name

Verification Method

GaussDB

Log in to the FusionManager system to check whether the GaussDB alarm is cleared. If yes, the GaussDB server is restored.

HDC

Log in to the FusionManager system to check whether the HDC alarm is cleared. If yes, the HDC server is restored.

ITA

  1. Log in to the ITA from a browser.
  2. Check whether you can log in to user VMs.
  3. Check whether the VMs can be restarted.
  4. If 1 to 3 are successful, the ITA component is recovered.

WI

  1. Log in to the WI from CloudClient.
  2. Check whether you can log in to user VMs.
  3. Check whether the VMs can be restarted.
  4. If 1 to 3 are successful, the WI component is recovered.

License

  1. Log in to the FusionAccess system.
  2. Manually clear the reported alarms about the License server.
  3. Check whether any alarm about the License server is still reported.
  4. If no such alarm is reported, the License service is restored.

vAG

  1. Log in to the FusionAccess system.
  2. Check whether the vAG alarm is cleared.
  3. Log in to the VNC self-maintenance console through the WI.
  4. If 1 to 3 are successful, the vAG component is recovered.

LiteAD

Service status verification

  1. Log in to the active and standby LiteAD server as user root.
  2. Run the cd /opt/LiteAD command to go to the LiteAD directory.
  3. Run the sh ad-check.sh -p command to check the LiteAD service status. If any check item fails, the check will be paused. Press Enter to continue the check.
  4. If the checks are successful in 1 to 3, the LiteAD service is recovered successfully.

Alarm verification

  1. Log in to the FusionAccess system.
  2. Check whether the alarm about the LiteAD server is cleared.
  3. If the alarm is cleared, the data of the LiteAD server is restored.

Client verification

  • Verifying the AD service restoration:
    1. Log in to the WI from CloudClient.
    2. Check whether you can log in to the user VMs using the test account.
    3. Create a VM on the FusionAccess system. Check whether service provisioning is processed.
  • Verifying the DNS service restoration:
    1. Log in to a user VM with a signal network interface card (NIC). In Local Area Connection window, set the IP address of DNS server to the IP address of the only DNS server in local connection.
    2. In the CLI, run the ipconfig /flushdns command to update the DNS cache.
    3. Ping the domain name. If the ping operation is successful, the DNS server is successfully restored.
  • Verifying the DHCP service restoration:
    1. One DHCP server involved:

      Log in to the user VM that has only one NIC in VNC mode. Disable the NIC and enable it to check whether an IP address can be obtained. If yes, the DHCP server is successfully restored.

    2. Two DHCP servers involved:
    3. Verifying the active DHCP server restoration:

      Log in to the user VM that has only one NIC in VNC mode. Disable the NIC and enable it. In the Network Connection Details window, check whether the DHCP server is the active DHCP. If yes, the active DHCP server is successfully restored.

    4. Verifying the standby DHCP server restoration:

      Disable the DHCP service on the active DHCP server. Log in to the user VM that has only one NIC in VNC mode. Disable the NIC and enable it. In the Network Connection Details window, check whether the DHCP server is the standby DHCP. If yes, the standby DHCP server is successfully restored.

      The DHCP service restoration test has high risks. You are advised to perform this test at night.

  • Verifying the group policy restoration:
    1. Log in to the RSAT management server as a domain administrator.
    2. On the menu bar, click and choose Administrative Tools > Group Policy Management.
      NOTE:

      The RSAT management server running Windows 7 is used as an example.

    3. Check whether group policies and other data are successfully restored.
Recovering the Backup Server
Scenarios

Recover the Backup Server in FusionAccess.

Impact on the System

This operation has no adverse impact on the system.

Prerequisites

The username and password for logging in to the Backup Server have been obtained.

Data

Table 3-66 lists the data to be obtained.

Table 3-66 Data to be obtained

Parameter

Description

Example Value

Service plane IP address of the Backup Server

Used for logging in to the Backup Server.

192.168.191.100

Computer name of the Backup Server

The same as the computer name of the faulty Backup Server.

FA-Backup

Port

Backup server port number. The default port number is 21.

-

Username

Account for uploading backup data to the FTP server.

ConfBack_user

Password

Password of the account for uploading backup data to the FTP server.

Cloud12#$

Server type

Type of the backup server.

  • The default protocol type of the backup server is FTPS.
  • You need to manually select the protocol type for the third-party backup server.

Backup server

SSH account

SSH account of the backup server.

gandalf

SSH password

SSH password of the backup server.

Cloud12#$

Backup start time

Time at which the ITA performs periodical data backup. The default value is 01:00 a.m..

-

Procedure

Create a Backup Server.

  1. Create a Backup Server of the same specifications.
  2. Shut down the faulty Backup Server in the FusionCompute system.
  3. Change the service plane IP address and computer name of the new Backup Server to those of the faulty Backup Server and install the Driver Tools.
  4. Enter startTools to go to the FusionAccess Portal, as shown in Figure 3-94.

    Figure 3-94 FusionAccess screen
    NOTE:
    • If this is the first time for the root user to log in to the VM, the FusionAccess screen is displayed.
    • Press and to move the cursor upwards and downwards.

  5. In Software > Custom Install > Backup Server, run Install Backup Server as prompted. The installation is successful if the following message is displayed.

    Backup Server installed successfully.

Delete the faulty Backup Server.

  1. After the services are running properly, delete the faulty Backup Server from the FusionCompute system.

    Configure the backup server again.

  2. On FusionAccess, choose System > Other Configurations > Backup Server.

    The Backup Server page is displayed.

  3. Set the following parameters:

    • IP: Backup server IP address.
    • Port: Backup server port number.
    • Username: Account for uploading backup data to the FTP server.
    • Password: Password of the account for uploading backup data to the FTP server.
    • Server type: Type of the backup server.
    • SSH account: SSH account of the backup server.
    • SSH password: SSH password of the backup server.
    • Directory: Directory that stores backup data. This directory cannot be changed.
    • Backup start time: Time at which the ITA performs periodical data backup.

  4. Click OK.

    A message is displayed indicating that the configuration is successful.

Verification

Service verification for the Backup Server recovery:

  1. Log in to the FusionAccess system.
  2. Check whether the alarm about the Backup Server is cleared.
  3. On the FusionAccess Portal, choose System > Backup Server and click Back Up Now. In Task, view the task execution progress and wait until the execution is complete.
  4. If the checks are successful in Step 2 to Step 3, the Backup Server is recovered successfully.
Restoring the UNS Server
Scenarios

Copy backup data of the UNS servers to a new server and restore the faulty UNS server

Contact Huawei technical support if all the UNS nodes are faulty.

After a critical operation, such as system upgrade or critical data modification, is performed for the system, roll back the system if an exception occurs or the operation has not achieved the expected result. During the rollback, data restoration is required.

Impact on the System

The data produced between the backup time and restoration time is lost after data restoration.

Prerequisites
  • One UNS server of the same specifications has been created and is added with the mutually exclusive VM rule.
  • The required backup file is available on the backup servers (including Backup Server and third-party FTP backup server) and the name of the backup file has been obtained.
  • The FTPS service is available on the backup servers.
  • The remote copy software WinSCP has been obtained.
  • The username and password for logging in to the UNS server have been obtained.
Data

Table 3-67 lists the data to be obtained.

Table 3-67 Data to be obtained

Parameter

Description

Example Value

Service plane IP address of the UNS server

Used for logging in to the UNS server.

192.168.147.16

Computer name of the UNS server

The same as the computer name of the faulty UNS server.

UNS01

Procedure

Create a UNS server.

  1. Shut down the faulty UNS server in the FusionCompute system.
  2. Change the service plane IP address, computer name, password of user gandalf and password of user root of the new UNS server to those of the faulty UNS server and install the Driver Tools.
  3. Reinstall the UNS software and configure UNS information.

Restore services.

  1. Use WinSCP to log in to the backup server. If the Backup Server is used, set parameters according to Figure 3-95. If the third-party FTP backup server is used, set parameters based on the actual situation. After login, copy the UNS_backup time.tar.gz backup file from the backup server to a local directory.

    Figure 3-95 Login parameter settings
    NOTE:

    The default password of ConfBack_user is Cloud12#$. The component backup files are stored in /var/ftpsite/ITA name/folder of a component on the Backup Server.

  2. Use WinSCP to log in to the UNS server as user gandalf. Copy backup file UNS_backup time.tar.gz from the local directory to the /home/FussionAccess directory on the UNS server.
  3. Log in to the UNS server as user root and run the following command to move the backup file to /opt:

    mv /home/FussionAccess/UNS backup file name /opt/

    For example, run the following command:

    mv /home/FussionAccess/UNS_16-11-10_16-10-08.tar.gz /opt/

  4. Run the following command to replace the original UNS configuration file with the newly installed UNS configuration file:

    sh /opt/WI/script/recovery.sh -r /opt/UNS backup file name

    For example, run the following command:

    sh /opt/WI/script/recovery.sh -r /opt/UNS_16-11-10_16-10-08.tar.gz

  5. Run the following command to restart the HA service:

    service ha restart

  6. Run the following commands to restart the WIService service:

    service WIService restart

    NOTE:

    The services will be restored three minutes after the service is restarted.

Delete the faulty UNS server.

  1. After the services are running properly, delete the faulty UNS server from the FusionCompute system.
Verification

Verify the UNS service restoration:

  1. Log in to the UNS from a browser.
  2. Check whether you can log in to user VMs.
  3. Check whether the VMs can be restarted.
  4. If the user VMs can be logged in to and the VMs can be restarted, the UNS server is restored.

Collecting Logs

Log Collection Solution
Solution Overview

Collect logs of FusionAccess components in a centralized manner, which gives convenience for system O&M personnel to obtain logs and send logs to log analyst, in case of system faults.

Log Collection Methods

The FusionAccess contains three types of components. Table 3-68 describes the log collection methods for the three types of components.

Table 3-68 Log collection methods

Component Type

Component Name

Log Collection Method

Auxiliary Tool

Linux infrastructure VM

ITA/HDC/WI/License/GaussDB/vAG/vLB/HA/InstallTools/AUS/Backup Server/LiteAD

  • FusionCare
  • WinSCP

User VM

User VM/GPU Render Server

Huawei vDesk

User terminal

TC/SC

TCM

Collecting Logs by Using Tools
Collecting Infrastructure VM Logs Using FusionCare
Scenarios

The FusionCare health check tool is intended for technical support engineers and maintenance engineers.

  • Log Collection:

    The FusionCare can collect the logs of all nodes in the FusionSphere and the infrastructure VMs of FusionAccess, and pack the logs. This helps the technical support engineers, maintenance engineers, R&D engineers to locate problems.

  • Health Check:

    The FusionCare can check all nodes of the FusionSphere and the infrastructure VMs of FusionAccess, and generate the health check report. This enables the technical support engineers and maintenance engineers to know the system health status quickly.

The following table describes the logs collected for each component of the FusionAccess system.

NOTE:

For the log description of the other system nodes, see the related troubleshooting documents.

Log Object

Log Directory

Log Description

LiteAD

/var/FusionAccess/LiteAD

Run logs of the LiteAD component.

WI

/var/FusionAccess/WI

Run logs of the WI component.

License

/var/FusionAccess/License

Run logs of the License component.

HDC

/var/FusionAccess/HDC

Run logs of the HDC component.

DB

/var/FusionAccess/GaussDB

Run logs of the DB component.

ITA

/var/FusionAccess/ITA

Run logs of the ITA component.

Prerequisites
  • The FusionCare has been installed.
  • The system supports the following browsers:
    • Internet Explorer 9 to Internet Explorer 11
    • Mozilla Firefox 21 to Mozilla Firefox 33
    • Google Chrome 21 to Google Chrome 39
  • Nodes have been configured.
Data
  • The IP address of the FusionCare installed node.
  • The username and password for logging in to the FusionCare.
Procedure

Log in to the FusionCare.

  1. In the address bar of the browser, enter http://the IP address of the FusionCare installed node:8803 and click Enter.

    The login page of the FusionCare is displayed.

    For example: http://192.168.100.60:8803.

  2. Enter Username and Password and click Login.

    The page of the FusionCare is displayed.

    Collect Info.

  3. On the page of FusionCare, click Info Collection.

    The page of the Info Collection is displayed.

  4. Click Create Task.

    The page of the Set Collection Duration is displayed.

  5. Set the following parameters:

    • Task Name
    • Start Time
    • End Time

  6. Click Next.

    The page of the Select Nodes is displayed.

  7. Select the nodes whose logs you want to collect and click Next.

    The page of the View Node Status is displayed.

  8. Select the node whose Node Status is set to Reachable, and click Next.

    The page of the Select Collection Items is displayed.

  9. Select the items need to be collected, and click Finish.
  10. In the displayed dialog box, click Yes.
  11. In the displayed dialog box, click OK.

    The page of the Info Collection is displayed.

  12. When Status displays 100%, click Download in the Operation column to download logs.
Manually Collecting Infrastructure VM Logs Using WinSCP

This section describes how to manually collect the Linux infrastructure VM logs using WinSCP. For details about how to collect the Windows infrastructure VM logs, see Collecting Infrastructure VM Logs Using FusionCare.

NOTE:

File names listed in and Table 3-69 are examples. You need to collect all logs in the file directory of each component.

Table 3-69 Logs of infrastructure components

Component

Directory

File Name

Log Content

How to View

HDC

/var/FusionAccess/HDC

ha.log

Records the high availability (HA) status of the HDC.

  1. Use PuTTY to log in to the infrastructure VM as user gandalf.
  2. Run the following command to disable PuTTY logout on timeout:

    TMOUT=0

  3. Run the following command to switch to user root:

    su root

  4. Run the following command to create a directory for storing copied log files:

    mkdir directory for storing copied log files

    For example, run the following command to create the /var/FusionAccess/logdownload directory:

    mkdir /var/FusionAccess/logdownload

  5. Run the following command to copy log files to the directory created in 4:

    cp log file directory/log file nametarget directory of log files

    For example, run the following command to copy the xferlog under the /var/log directory to /var/FusionAccess/logdownload:

    cp /var/log/xferlog/var/FusionAccess/logdownload

    NOTE:

    If you want to copy all log files under a directory, change the log file name in the command to *.

  6. Run the following command to change the permission for the directory for storing log files:

    chmod -R 755 directory for storing copied log files

    If the directory for storing log files is /var/FusionAccess/logdownload, run the following command:

    chmod -R 755 /var/FusionAccess/logdownload

  7. Use WinSCP to log in to the infrastructure VM and copy the log files to a local computer.
  8. After the copy is complete, go back to the PuTTY page and run the following command to delete the directory for storing copied log files.

    rm -rf directory for storing copied log files

    If the directory for storing log files is /var/FusionAccess/logdownload, run the following command:

    rm -rf /var/FusionAccess/logdownload

/var/FusionAccess/HDC/hdc/HDC

hdc.log

Includes all module logs of the HDC.

/var/FusionAccess/HDC/tomcat

catalina.out, Catalina.Timestamp.log, host-manager.Timestamp.log, localhost.Timestamp.log, manager.Timestamp.log

Includes the information recorded by Tomcat.

/var/FusionAccess/HDC/backup

*.zip

Backs up the logs of HDC service modules.

WI

/var/FusionAccess/WI

ha.log

Records the HA status of the WI.

/var/FusionAccess/WI/wi/logs/log/VDESKTOP

webui.log

Records all the information related with WI services.

/var/FusionAccess/WI/wi/logs/backup

*.zip

Backs up the logs of WI service modules.

ITA

/var/FusionAccess/ITA

ha.log

Records the HA status of the ITA.

Install.log

Records the ITA installation process.

run.log

Includes the run logs of the ITA.

/var/FusionAccess/ITA/log/ALARM

alarm.log

Records alarm monitoring information.

/var/FusionAccess/ITA/log/AUDIT

audit.log

Functions as an audit log.

/var/FusionAccess/ITA/log/ITAC

itac.log

Functions as an ITAC log.

/var/FusionAccess/ITA/log/MONITOR

monitor.log

Records ITA monitoring and alarm information.

/var/FusionAccess/ITA/log/VDESKTOP

vDesktop.log

Records the core information about the ITA service process.

/var/FusionAccess/ITA/tomcat

*.log

Generated by Tomcat. Assists other logs.

/var/FusionAccess/ITA/backup

*.zip

Backs up log files.

License

/var/FusionAccess/License/log

license.log

Records the information about license service modules.