No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionAccess V100R006C20 on FusionCloud V100R006C10 Software Installation Guide 11 (Microsoft AD)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Provisioning Applications

Provisioning Applications

Scenarios

This section describes how to provision applications.

Prerequisites

  • You have logged in to FusionAccess.
  • You have created users (or user groups) on AD infrastructure VMs.
  • You have activated the OSs of all APS servers.

    Security risks caused by unauthorized access may exist when the following applications are provisioned. Provision the applications with caution.

    • Applications that support the resource manager function
    • Applications that support the VM system management function
    • System-level applications provided by VM OSs
  • You have installed the required applications on the VM.
  • You have created an application group and added the VM to the application group on FusionAccess.
  • You have logged in to the AD server using a domain administrator account.
  • You have prepared a secure and reliable file system, for example, a NAS server. You have created a file path for storing roaming profiles in the file system, for example, 192.168.1.11\profile.
  • You have prepared a secure and reliable file system, for example, a NAS server. You have created a file path for storing file folder redirection data in the file system, for example, 192.168.1.11\FolderRedirection.
  • You have prepared a secure and reliable file system, for example, a NAS server. You have created a file path for storing network disk data in the file system, for example, 192.168.1.11\NetworkDisk\.
  • The server on which the file system resides can communicate with the user network and the network where the AD domain server resides.

Data

Table 8-7 describes the data required for performing this operation.

Table 8-7 Data required for performing this operation

Type

Parameter

Description

Example Value

Application publishing parameters when Select an installed application is selected

Domain name

Enter the value of Domain configured in System > Initial Configuration > Domain/OU.

vdesktop.huawei.com

User(Group) name

Identifies a user or user group. The user or user group name has been created on the domain server.

UserGroup01

Application publishing parameters when Manual add application is selected

Application name

Identifies an application. The application name is a string of 1 to 55 characters consisting of digits, letters, spaces, and special characters ~!@%^_+-. It cannot start with any of the following characters: !@%^.

NOTE:

The application name cannot consist of only digits. You are advised to set the application name to a combination of digits and letters.

Huawei vDesk

Executable

Specifies the file path of the application to be published on the server. This parameter is mandatory.

C:\Program Files\Huawei\Huawei vDesk\Huawei vDesk.exe

(Optional) Version

Specifies the version of the application to be published.

1.0.0.3

(Optional) Publish by

Specifies the person who publishes the application.

admin

(Optional) Command Parameter

If the application to be published supports command lines, enter the command line parameters.

-

(Optional) Work Directory

Specifies the user directory on the OS. Users can access files using relative file names in this directory.

-

(Optional) Application Category

Specifies the category of an application.

Web browser

(Optional) Description

Provides supplementary information about the application.

SBC

Roaming profile data

Roaming profile path

Specifies the path for storing roaming profiles in the file system.

192.168.1.11\profile

File folder redirection data

File system shared path

Specifies the shared path set in the file system.

\\192.168.1.11\FolderRedirection

Network disk data

Network disk shared path

Specified the planned shared path of the network disk.

Input format: \\File system path\%username%

\\192.168.1.11\NetworkDisk\

Procedure

Creating users

  1. (Optional) Create a user OU.

    A small- and medium-sized enterprise (SME) has a few employees and departments. You can directly manage end users in infrastructure VM OUs without the need of creating independent VM OUs.

    A large enterprise has a large number of employees and hierarchical departments. Different departments have different security requirements and management modes. In this case, you can create independent VM OUs to manage user VMs.

    For details about how to create a VM OU, see Creating Desktop Users .

  2. Create a user group.

    A large enterprise has a large number of employees. To simplify IT system management, employees that have the same rights in the same department or of the same type are put in to the same group.

    For details about how to create a user group, see Creating Desktop Users .

  3. Create a domain user.

    For details about how to create a domain user, see Creating Desktop Users .

Publishing applications

  1. On the FusionAccess portal, choose Desktop > Application Group.
  2. In the navigation pane, unfold Application Group, and select an application group to be published.

    The Published application list page is displayed.

  3. Click .

    The Select Application page is displayed.

  4. Select a method to publish applications:

    • If you select Select an installed application, select one or multiple applications and click Next.
    • If you select Manual add application, set the following parameters and click Next.
      • Application name
      • Executable
      • (Optional) Version
      • (Optional) Publish by
      • (Optional) Command Parameter
      • (Optional) Work Directory
      • (Optional) Application Category
      • (Optional) Description
    NOTE:
    • When Select an installed application is selected, applications deployed on VMs can be automatically detected by FusionAccess, and application parameters are automatically synchronized to the FusionAccess portal.
    • When Manual add application is selected, applications deployed on VMs cannot be automatically detected by FusionAccess, and application parameters must be manually set.
    • Shared desktops are directly published to end users as applications.
    • If only one connection is allowed for each IP address on the server when the application to be published communicates with the server, you need to access the server in IP virtualization mode. To enable IP virtualization, perform the following operations:
      • On the active AD domain server, run gpmc.msc to go to the Group Policy Management window, select the group policy of the APS server, and edit.
      • In the navigation pane, choose Computer Configuration > Policy > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Application Compatibility.
      • Set Turn on Remote Desktop IP Virtualization to Enabled.
      • Set Select the network adapter to be used for Remote Desktop IP Virtualization to Enabled, and enter the corresponding IP address and mask.

  5. Select the name of the domain to which the user to be authorized belongs.
  6. Enter the user or user group name and click Add.

    NOTE:

    The entered user or user group name must have been created in the AD domain.

    The newly added user is displayed in the List.

  7. Click Submit.

    A message is displayed indicating that the application is published successfully.

(Optional) Configuring custom data

Configuring roaming profile data

NOTE:

In SBC scenarios, roaming profile data is stored in file systems. Profile roaming data enables users to access data they stored in the shared directory from anywhere.

  1. On the active AD domain server, choose Start, and enter gpmc.msc to go to the Group Policy Management window.
  2. Create an APS server group policy by following instructions provided in Creating the APS server group policies, right-click the newly created APS server group policy, for example, SBCGRP, and choose Edit from the shortcut menu.

    The Group Policy Management Editor window is displayed.

  3. In the navigation pane, choose Computer Configuration > Policy > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Profiles.
  4. In the right pane, right-click Set path for Remote Desktop Services Roaming User Profile in the Profiles area, and choose Edit from the shortcut menu.

    The Set path for Remote Desktop Services Roaming User Profile dialog box is displayed.

  5. Configure the configuration file path, for example, 192.168.1.11\profile, and click OK, as shown in Figure 8-11.

    Figure 8-11 Set path for Remote Desktop Services Roaming User Profile
    NOTE:

    The configuration file path must be planned in the file system, and sharing rights have been set for the file path to ensure that users have read and write permission on the file path.

(Optional) Configuring custom user data

Configuring file foler redirection

  1. On the active AD domain server, choose Start, and enter gpmc.msc to go to the Group Policy Management window.
  2. Select the name of the APS server group policy by following instructions provided in Creating the APS server group policies, for example, SBCGRP. Right-click and choose Edit from the shortcut menu.

    The Group Policy Management Editor window is displayed.

  3. In the navigation pane on the left, choose Computer Configuration > Policies > Administrative Templates > System > Group Policy. In the right pane, double-click User Group Policy loopback processing mode in the Group Policy area, as shown in Figure 8-12.

    Figure 8-12 User Group Policy loopback processing mode policy

    The User Group Policy loopback processing mode dialog box is displayed.

  4. Set the mode as shown in Figure 8-13, and click OK.

    Figure 8-13 User Group Policy loopback processing mode

  5. In the navigation pane on the left, choose User Configuration > Policies > Windows Settings > Folder Redirection, and perform the following steps to configure the file folder redirection function based on application scenarios and requirements.
  6. Configure file folder redirection for the AppData(Roaming), Desktop, Start Menu, Documents, Favorites, Contacts, Downloads, Links, Searches, and Saved Games folders. The following uses the AppData(Roaming) folder as an example. Perform the following steps for each file folder.

    1. Right-click the AppData(Roaming) folder and choose Properties from the shortcut menu.

      The AppData(Roaming) Properties dialog box is displayed.

    2. On the Target tab page, set parameters as shown in Figure 8-14, and click OK.
      NOTE:

      \\192.168.1.11\FolderRedirection indicates the shared folder in the file system, on which users must have read and write permission.

      Figure 8-14 AppData(Roaming) Properties

    3. On the Settings tab page, select Grant the user exclusive rights to AppData(Roaming), and click OK.
    4. In the displayed dialog box, click Yes.

  7. Configure file folder redirection for the Pictures, Music, and Videos folders. The following uses the Pictures folder as an example. Perform the following steps for each folder.

    NOTE:

    You have configured file folder redirection for the Documents folder in Step 6 before configuring file folder redirection for the Pictures, Music, and Videos folders.

    1. Right-click the Pictures folder and choose Properties from the shortcut menu.

      The Pictures Properties dialog box is displayed.

    2. On the Target tab page, set parameters and click OK, as shown in Figure 8-15.
      Figure 8-15 Pictures Properties
    3. In the displayed dialog box, click Yes.

(Optional) Configuring a network disk

The following uses the AD domain server running Windows Server 2012 R2 as an example.

  1. On the active AD server, choose Start > Administrative Tools > Active Directory Users and Computers.
  2. In the navigation pane on the left, choose an OU, select the user for whom a network disk is configured in the right pane, and click Properties.
  3. In the dialog box that is displayed, click the Profile tab.
  4. Set the network disk path and click OK, as shown in Figure 8-16.

    NOTE:
    • The web disk path format is \\File system path\%username%, for example, \\192.168.1.11\NetworkDisk\%username%. \\192.168.1.11\NetworkDisk\ indicates the sharing path of a network disk, and %username% is automatically set based on the username.
    • Ensure that users have read and write permission on the file system path.
    • After a network disk is configured, only authorized users can access the network disk. Other users, including the administrator, cannot access the network disk. In consideration of security, you must control rights on the network disk.
    Figure 8-16 Configuring a network disk

Translation
Download
Updated: 2019-07-01

Document ID: EDOC1100021785

Views: 47811

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next