Import Substitution Part 1. Or as I studied Huawei FusionCloud Desktop
Many of you, one way or another, have already come across the now popular word "import substitution." And, for obvious reasons for many reasons, vendors with “Chinese roots” are the only source of IT products and solutions in this situation.
Starting out with Huawei's Enterprise Department, I just couldn't get past their virtualization solutions. In the previous article, I already mentioned one of them - Huawei FusionCompute .
I want to share this experience with you.
This solution is a means of virtualization of workplaces. In essence, based on virtualization technology, it allows you to create many virtual machines from a user OS based on a virtual cluster and provides convenient graphical tools for managing them.
1. The ability to access your desktop from anywhere (if you have a stable Internet connection);
2. Saving all user data and settings (including personalization of the desktop) when accessing from remote workstations.
1. Rapid deployment of virtual workplaces from one-click templates;
2. The ability to plan and "joke" routine processes;
3. Management and monitoring "from one window";
4. Flexible system of user policies;
5. Transparent security management tools;
6. The ability to integrate with existing infrastructure (including AD).
Based on the FusionCompute hypervisor, this solution has a modular structure consisting of various components (services).
All components are divided into 3 levels:
1. Access control
2. Management of virtual stations
3. Logging and storage of logs
Each level consists of several virtual machines on which these services are spinning. For fault tolerance and availability of the solution, it is recommended to duplicate all services according to the Active \ Passive scheme (create 2 * virtual machines).
* In the case of a large volume (according to best practice), Huawei recommends increasing the number of VMs with WI and vLB components .
The first level is implemented using vAG and vLB
vAG services(Virtual Access Gateway) - is responsible for external access control
vLB (virtual Load Balancer) - is responsible for load balancing between WI-machines.
The second level, which is responsible for the direct management of the virtual workstation system, is represented by the following services: HDC, ITA, DB, WI and License
HDC - the core of the VDI solution. Responsible for matching created VMs or their templates with specified policies, creating \ modifying Desktop Groups, and much more.
ITA (IT Adapter) is the service responsible for providing virtual workstations to the user, as well as for the connection between the HDC and the FusionCompute hypervisor (creating / deleting VMs).
DB(GaussDataBase) - a database that stores all the data about users, templates, VMs, policies, etc.
License - a service responsible for licensing a solution (activation, validity, etc.)
The last level is represented by the Loggetter service.
Loggetter - saves the logs of all connections and user settings changes (and backups them)
The entire process of deploying a Huawei FusionAccess solution can be divided into 4 stages:
1. Preparing infrastructure VMs based on Winows OS
2. Preparing infrastructure VMs based on Linux OS
3. Installing services
4. Configuring services
As you can already see, there is no single VM image for deploying a solution . You will need to download the Windows Server 2008 R2 distribution kit from the Huawei support site, and the service utility distributions FusionAccess_Installer_Linux / Windows_V ***. Iso The
utility distribution kit for Linux is also a distribution of the OS itself.
According to the recommendations, it is necessary to duplicate all deployable infrastructure VMs, however, as an experiment and because of the limitations of the demo stand, I refused reservation. In total, the minimum number of virtual machines is 4:
• ITA
• Loggetter
• vAG + vLB
• HDC + WI + DB + License
The first 2 are running under Windows Server 2008 R2, and the second are Novell SUSE Linux Enterprise Server 11 SP1 64-bit.
Installing Linux OS has a standard wizard:
Service distributions have graphical interfaces and fairly clear navigation.
On Linux machines, the installation is started with the startTools console script :
Windows can be deployed both from your distribution and from the distribution downloaded from the Huawei support site.
There are two scenarios for deploying the solution - with and without DNS. As an experiment, I installed using the AD / DNS / DHCP services available in our demo lab.
In the case of using an existing AD, it is recommended to create a separate User Group for VDI (including service users) and configure access rights on the created machines.
In order to reduce time costs at the first stage, it is proposed to create a VM template with encapsulated WinServ2008R2 (previously entered into the domain), which will subsequently be deployed the required number of times (twice in my case).
After you deploy the required number of virtual machines, you need to install ITA and Loggetter services on them. This is done using the setup wizard, which has a fairly clear interface.
After installing all the necessary components, you must configure them by specifying the pre-allocated IP addresses from the planned subnet.
In general, the web-based interface is not satisfactory.
Everything is made in one design with the solutions of the FusionSphere group.
Primary authorization takes place according to standard access data from the manual, in the future, a password change is required. Also, by default, an increased level of complexity is included when choosing a password (it is necessary to use a special character) and captcha protection in case of incorrect input. All this can be disabled / configured in the appropriate settings section in the future.
The language selection is standard for all Huawei Enterprise products - English and Chinese.
It should be noted right away that FusionAccess has a strict compatibility list with different versions of browsers. And in case of non-compliance, the probability of incorrect operation of the web interface is extremely high. For example, the latest version of IE is currently not supported. Huawei is actively working on updating the compatibility list, but you need to be careful about this nuance.
In general, the FusionAccess interface is fairly standard and understandable, and is not fundamentally different from other VDI solutions.
The entire web interface is divided into 7 sections:
1. Home - the starting dashboard with the main load indicators and notifications:
2. Quick Provisioning - a form of quick selection of virtual workstations from existing templates. Basic entities (VM Group, VM template, Site) must be created and configured in advance.
3. Desktop - an interface for creating and configuring the main entities:
• VM Template
• VM Group
• Desktop Group
• VM Naming Rule
This is the main work tool for setting up policies and virtual workstations. Having made all the necessary settings, you can create and select tens and hundreds of virtual stations through the quick selection section with a few clicks of the mouse.
4. Alarm - a section that displays and allows you to manage all notifications and error messages in detail.
All notifications are interactive, and provide you with help if necessary: You
can also test all components here:
5. Task - a section for tracking the progress of tasks and their planning:
6. Statistics - a section that displays detailed statistics on your VDI infrastructure and allows unload it in the * .xls or * .txt formats:
7. System - a single section for various settings and configurations. Here, integration with the hypervisor occurs, licenses are activated, users and their groups, their policies are created, logs are uploaded, etc., etc.:
If after working with the Huawei FusionCompute hypervisor I had a feeling of a certain “dampness” of the product due to complaints about the interface and emerging bugs, then the FusionAccess VDI solution seemed to me quite finished and efficient.
The introduction of this solution in our test environment, in addition to interesting and useful experience, has given us a number of advantages in organizing the access of our partners to demo equipment.
Prior to this, to provide remote access for our partners to demo equipment, VPN tunnel technology based on L2TP puncture was used. Partners needed to download the Huawei VPN client and the config-file with the access details set individually for them.
This approach had several disadvantages:
1. We had to manually generate the configuration file directly for each partner
2. The partner had to download the VPN client distribution kit and configuration file, and install all this on their own. Even with the presence of detailed instructions, some people had difficulties
3. Due to the peculiarities of corporate connection standards and internal security policies, some customers could not use L2TP connections
4. To work with various Huawei solutions, users had to install various utilities and software on their systems (for example, JRE, various browsers of the preceding versions, etc.), which in the future, after the end of the tests, were often unclaimed by them.
5. There were a number of complaints about providing partners with access to our test environment at the L3 level.
The introduction of a VDI solution in turn allowed us to solve all these problems. For our part, we opened the FusionAccess web interface “out”.
This allowed partners to access the test environment through a virtual workstation.
After agreeing on organizational issues, the partner receives a letter from us with a direct link to the web-interface and authorization data. We can create user accounts both in the FusionAccess database and in our AD.
At the same time, to work with the demo stand, you just need to install a browser plug-in that allows you to work with virtual tables.
In addition to the convenience of connecting partners, this increases the flexibility in organizing test sites. Depending on the type of equipment under test, I can pre-create virtual station templates.
For example, to test the storage of Huawei OceanStor ver 1, I provide my partners with a virtual station with pre-installed JRE ver 6.0, ISM (software for managing 1st generation Huawei storage), the “correct” browser versions, Iometer, etc.
This makes it easier for the partner to test, eliminating unnecessary routine and negativity.
As a result, as a test environment operator, I have a convenient tool for managing remote access, easy tracking of connection statistics and terms of access.
To terminate access, you do not need to contact colleagues responsible for network security. It is enough to move the user from the FusionAccess user group, or to "pause" stop \ delete his workstation on the desired date.
In the end, everyone won - both our partners and us.
I understand that this topic was not fully disclosed, and you still have questions about the VDI solution from Huawei. You can ask them in the comments.
The topics that caused the hottest response among readers, I am ready to cover in an additional review.
Starting out with Huawei's Enterprise Department, I just couldn't get past their virtualization solutions. In the previous article, I already mentioned one of them - Huawei FusionCompute .
I want to share this experience with you.
Benefits of VDI
This solution is a means of virtualization of workplaces. In essence, based on virtualization technology, it allows you to create many virtual machines from a user OS based on a virtual cluster and provides convenient graphical tools for managing them.
For the user:
1. The ability to access your desktop from anywhere (if you have a stable Internet connection);
2. Saving all user data and settings (including personalization of the desktop) when accessing from remote workstations.
For IT department:
1. Rapid deployment of virtual workplaces from one-click templates;
2. The ability to plan and "joke" routine processes;
3. Management and monitoring "from one window";
4. Flexible system of user policies;
5. Transparent security management tools;
6. The ability to integrate with existing infrastructure (including AD).
Architecture
Based on the FusionCompute hypervisor, this solution has a modular structure consisting of various components (services).
All components are divided into 3 levels:
1. Access control
2. Management of virtual stations
3. Logging and storage of logs
Each level consists of several virtual machines on which these services are spinning. For fault tolerance and availability of the solution, it is recommended to duplicate all services according to the Active \ Passive scheme (create 2 * virtual machines).
* In the case of a large volume (according to best practice), Huawei recommends increasing the number of VMs with WI and vLB components .
The first level is implemented using vAG and vLB
vAG services(Virtual Access Gateway) - is responsible for external access control
vLB (virtual Load Balancer) - is responsible for load balancing between WI-machines.
The second level, which is responsible for the direct management of the virtual workstation system, is represented by the following services: HDC, ITA, DB, WI and License
HDC - the core of the VDI solution. Responsible for matching created VMs or their templates with specified policies, creating \ modifying Desktop Groups, and much more.
ITA (IT Adapter) is the service responsible for providing virtual workstations to the user, as well as for the connection between the HDC and the FusionCompute hypervisor (creating / deleting VMs).
DB(GaussDataBase) - a database that stores all the data about users, templates, VMs, policies, etc.
License - a service responsible for licensing a solution (activation, validity, etc.)
The last level is represented by the Loggetter service.
Loggetter - saves the logs of all connections and user settings changes (and backups them)
Installation
The entire process of deploying a Huawei FusionAccess solution can be divided into 4 stages:
1. Preparing infrastructure VMs based on Winows OS
2. Preparing infrastructure VMs based on Linux OS
3. Installing services
4. Configuring services
As you can already see, there is no single VM image for deploying a solution . You will need to download the Windows Server 2008 R2 distribution kit from the Huawei support site, and the service utility distributions FusionAccess_Installer_Linux / Windows_V ***. Iso The
utility distribution kit for Linux is also a distribution of the OS itself.
According to the recommendations, it is necessary to duplicate all deployable infrastructure VMs, however, as an experiment and because of the limitations of the demo stand, I refused reservation. In total, the minimum number of virtual machines is 4:
• ITA
• Loggetter
• vAG + vLB
• HDC + WI + DB + License
The first 2 are running under Windows Server 2008 R2, and the second are Novell SUSE Linux Enterprise Server 11 SP1 64-bit.
Installing Linux OS has a standard wizard:
Service distributions have graphical interfaces and fairly clear navigation.
On Linux machines, the installation is started with the startTools console script :
Windows can be deployed both from your distribution and from the distribution downloaded from the Huawei support site.
There are two scenarios for deploying the solution - with and without DNS. As an experiment, I installed using the AD / DNS / DHCP services available in our demo lab.
In the case of using an existing AD, it is recommended to create a separate User Group for VDI (including service users) and configure access rights on the created machines.
In order to reduce time costs at the first stage, it is proposed to create a VM template with encapsulated WinServ2008R2 (previously entered into the domain), which will subsequently be deployed the required number of times (twice in my case).
After you deploy the required number of virtual machines, you need to install ITA and Loggetter services on them. This is done using the setup wizard, which has a fairly clear interface.
After installing all the necessary components, you must configure them by specifying the pre-allocated IP addresses from the planned subnet.
Interface
In general, the web-based interface is not satisfactory.
Everything is made in one design with the solutions of the FusionSphere group.
Primary authorization takes place according to standard access data from the manual, in the future, a password change is required. Also, by default, an increased level of complexity is included when choosing a password (it is necessary to use a special character) and captcha protection in case of incorrect input. All this can be disabled / configured in the appropriate settings section in the future.
The language selection is standard for all Huawei Enterprise products - English and Chinese.
It should be noted right away that FusionAccess has a strict compatibility list with different versions of browsers. And in case of non-compliance, the probability of incorrect operation of the web interface is extremely high. For example, the latest version of IE is currently not supported. Huawei is actively working on updating the compatibility list, but you need to be careful about this nuance.
In general, the FusionAccess interface is fairly standard and understandable, and is not fundamentally different from other VDI solutions.
The entire web interface is divided into 7 sections:
1. Home - the starting dashboard with the main load indicators and notifications:
2. Quick Provisioning - a form of quick selection of virtual workstations from existing templates. Basic entities (VM Group, VM template, Site) must be created and configured in advance.
3. Desktop - an interface for creating and configuring the main entities:
• VM Template
• VM Group
• Desktop Group
• VM Naming Rule
This is the main work tool for setting up policies and virtual workstations. Having made all the necessary settings, you can create and select tens and hundreds of virtual stations through the quick selection section with a few clicks of the mouse.
4. Alarm - a section that displays and allows you to manage all notifications and error messages in detail.
All notifications are interactive, and provide you with help if necessary: You
can also test all components here:
5. Task - a section for tracking the progress of tasks and their planning:
6. Statistics - a section that displays detailed statistics on your VDI infrastructure and allows unload it in the * .xls or * .txt formats:
7. System - a single section for various settings and configurations. Here, integration with the hypervisor occurs, licenses are activated, users and their groups, their policies are created, logs are uploaded, etc., etc.:
Conclusion
If after working with the Huawei FusionCompute hypervisor I had a feeling of a certain “dampness” of the product due to complaints about the interface and emerging bugs, then the FusionAccess VDI solution seemed to me quite finished and efficient.
The introduction of this solution in our test environment, in addition to interesting and useful experience, has given us a number of advantages in organizing the access of our partners to demo equipment.
Prior to this, to provide remote access for our partners to demo equipment, VPN tunnel technology based on L2TP puncture was used. Partners needed to download the Huawei VPN client and the config-file with the access details set individually for them.
This approach had several disadvantages:
1. We had to manually generate the configuration file directly for each partner
2. The partner had to download the VPN client distribution kit and configuration file, and install all this on their own. Even with the presence of detailed instructions, some people had difficulties
3. Due to the peculiarities of corporate connection standards and internal security policies, some customers could not use L2TP connections
4. To work with various Huawei solutions, users had to install various utilities and software on their systems (for example, JRE, various browsers of the preceding versions, etc.), which in the future, after the end of the tests, were often unclaimed by them.
5. There were a number of complaints about providing partners with access to our test environment at the L3 level.
The introduction of a VDI solution in turn allowed us to solve all these problems. For our part, we opened the FusionAccess web interface “out”.
This allowed partners to access the test environment through a virtual workstation.
After agreeing on organizational issues, the partner receives a letter from us with a direct link to the web-interface and authorization data. We can create user accounts both in the FusionAccess database and in our AD.
At the same time, to work with the demo stand, you just need to install a browser plug-in that allows you to work with virtual tables.
In addition to the convenience of connecting partners, this increases the flexibility in organizing test sites. Depending on the type of equipment under test, I can pre-create virtual station templates.
For example, to test the storage of Huawei OceanStor ver 1, I provide my partners with a virtual station with pre-installed JRE ver 6.0, ISM (software for managing 1st generation Huawei storage), the “correct” browser versions, Iometer, etc.
This makes it easier for the partner to test, eliminating unnecessary routine and negativity.
As a result, as a test environment operator, I have a convenient tool for managing remote access, easy tracking of connection statistics and terms of access.
To terminate access, you do not need to contact colleagues responsible for network security. It is enough to move the user from the FusionAccess user group, or to "pause" stop \ delete his workstation on the desired date.
In the end, everyone won - both our partners and us.
PS
I understand that this topic was not fully disclosed, and you still have questions about the VDI solution from Huawei. You can ask them in the comments.
The topics that caused the hottest response among readers, I am ready to cover in an additional review.