Import Substitution Part 1. Or as I studied Huawei FusionCloud Desktop
Many of you have somehow come across the now popular word "import substitution." And, for obvious reasons, the only source of IT products and solutions in this situation are vendors with “Chinese roots”.
Having begun to become familiar with the Enterprise Department of Huawei, I just could not get past their virtualization solutions. In the previous article, I mentioned one of them - Huawei FusionCompute .
This experience I want to share with you.
This solution is a means of virtualization of workplaces. In essence, based on virtualization technology, it allows you to create multiple virtual machines with a custom OS based on a virtual cluster and provides convenient graphical tools for managing them.
')
1. The ability to access your desktop from any location (if you have a stable Internet connection);
2. Saving all user data and settings (including personalization of the desktop) when accessing from remote workstations.
1. Rapid deployment of virtual jobs from one-click templates;
2. The ability to plan and "sheduled" routine processes;
3. Management and monitoring "from one window";
4. Flexible user policy system;
5. Transparent security management tools;
6. Ability to integrate with existing infrastructure (including AD).
Based on the FusionCompute hypervisor, this solution has a modular structure consisting of various components (services).
All components are divided into 3 levels:
1. Access control
2. Virtual Station Management
3. Accounting and storage of logs
Each level consists of several virtual machines on which these services run. For fault tolerance and availability of the solution, all services are recommended to be duplicated according to the Active \ Passive scheme (create 2 * virtual machines).
* In case of large volume (according to best practice), Huawei recommends increasing the number of VMs with WI and vLB components .
The first level is implemented using the services of vAG and vLB
vAG (virtual Access Gateway) - responsible for controlling access from outside
vLB (virtual Load Balancer) - is responsible for load distribution between WI-machines.
The second level, which is responsible for the direct management of the virtual workstation system, is represented by the following services: HDC, ITA, DB, WI and License
HDC is the core of the VDI solution. Responsible for matching created VMs or their templates with specified policies, creating / modifying Desktop Groups, and more.
ITA (IT Adapter) is a service responsible for providing virtual workstations to the user, as well as for communication between the HDC and the FusionCompute hypervisor (creating / deleting VM).
DB (GaussDataBase) - a database in which all data about users, templates, VMs, policies, etc. are stored
License - the service responsible for licensing the solution (activation, monitoring the expiration date, etc.)
The last level is represented by the Loggetter service.
Loggetter - saves the logs of all connections and user settings changes (and backs up them)
The entire process of deploying the Huawei FusionAccess solution can be divided into 4 stages:
1. Preparation of infrastructure VM based on Winows OS
2. Preparing infrastructure VMs based on Linux OS
3. Installation of services
4. Setting up services
As it is already clear, there is no single VM image for deploying the solution. You will need to download the Windows Server 2008 R2 distribution kit from the Huawei support site, and the FusionAccess_Installer_Linux / Windows_V service utilities distributions. ***. Iso
At the same time, the distribution kit of utilities for Linux is also the distribution kit of the OS itself.
According to the recommendations, it is necessary to duplicate all deployed infrastructure VMs, however, I, as an experiment and because of limitations of the demo stand, refused to reserve. Total, the minimum number of virtual machines - 4:
• ITA
• Loggetter
• vAG + vLB
• HDC + WI + DB + License
In this case, the first 2 work under Windows Server 2008 R2, and the second - Novell SUSE Linux Enterprise Server 11 SP1 64-bit.
The Linux OS installation has a standard wizard:
Service distributions have graphical interfaces and fairly intuitive navigation.
On Linux machines, the installation is started by the startTools console script:
Windows can be deployed from both your distribution and the distribution downloaded from the Huawei support site.
In this case, there are two scenarios for deploying a solution — using and without DNS service. As an experiment, I made an installation using the AD / DNS / DHCP services available in our laboratories.
In the case of using an existing AD, it is recommended to create a separate User Group under VDI (including service users) and configure access rights on the created machines.
In order to reduce the time costs in the first stage, it is proposed to create a VM template with encapsulated WinServ2008R2 (previously entered into the domain), which will be deployed the necessary number of times (in my case - twice).
After deploying the required number of virtual machines, it is necessary to install the ITA and Loggetter services on them. This is done using the installation wizard, which has a fairly intuitive interface.
After installing all the necessary components, you need to configure them by specifying the pre-allocated IP addresses from the planned subnet.
In general, the web-interface is not satisfactory.
Everything is done in the same design with the solutions of the FusionSphere group.
The initial authorization takes place according to the standard access data from the manual, later a password change is required. Also, by default, an increased level of difficulty is included when choosing a password (it is necessary to use a special character) and protection with a captcha in case of incorrect input. All this in the future, you can disable \ configure in the appropriate section of settings.
Language selection is standard for all Huawei Enterprise products - English and Chinese.
Immediately it should be noted that FusionAccess has a strict compatibility list with different versions of browsers. And in case of non-compliance, the probability of incorrect operation of the web interface is extremely high. For example, the latest version of IE is not currently supported. Huawei is actively working on updating the compatibility list, but you need to be attentive to this nuance.
In general, the FusionAccess interface is fairly standard and understandable, and does not fundamentally differ from other VDI solutions.
The whole web-interface is divided into 7 sections:
1. Home - starting dashboard with main load indicators and notifications:
2. Quick Provisioning is a form of quick allocation of virtual workplaces from existing templates. Basic entities (VM Group, VM template, Site) must be created and configured in advance.
3. Desktop - an interface for creating and configuring basic entities:
• VM Template
• VM Group
• Desktop Group
• VM Naming Rule
This is the main working tool for configuring policies and virtual desktops. After making all the necessary settings, you can create and select tens and hundreds of virtual stations through the quick selection section with a few mouse clicks.
4. Alarm - a section that displays in detail and allows you to manage all notifications and error messages.
All notifications are online, and provide you with help if necessary:
Here you can test all components:
5. Task - a section on tracking the progress of tasks and their planning:
6. Statistics - a section that displays detailed statistics on your VDI infrastructure and allows you to upload it in * .xls or * .txt formats:
7. System - a single section for all kinds of settings and configurations. Here there is integration with the hypervisor, activation of licenses, creation of users and their groups, their policies, uploading logs, etc., and so on:
If after working with the Huawei FusionCompute hypervisor, I had a feeling of some “dampness” of the product due to complaints about the interface and emerging bugs, then the FusionAccess VDI solution seemed to me completely complete and workable.
The introduction of this solution into our test environment, in addition to an interesting and useful experience, has given us a number of advantages in organizing our partners' access to demo equipment.
Prior to this, to provide remote access for our partners to demo equipment, the technology used was VPN tunnels based on L2TP puncture. Partners needed to download the Huawei VPN client and a config-file with access details specified individually for them.
This approach had several disadvantages:
1. We had to manually generate a configuration file for each partner.
2. The partner had to download the distribution package of the VPN client and the configuration file and install it all by itself. Even with the presence of detailed instructions, some people had difficulty
3. Due to the nature of corporate connection standards and internal security policies, some clients could not use L2TP connections.
4. To work with various Huawei solutions, users needed to install various utilities and software on their systems (for example, JRE, various browsers of specific versions, etc.), which later, after the tests were finished, were often unclaimed by them.
5. There remained a number of complaints about providing partners with access to our test environment at the L3 level.
The introduction of the VDI solution in turn allowed us to solve all these problems. For our part, we opened the "out" web-interface FusionAccess.
This allowed partners to access the test environment through a virtual workstation.
After agreeing on organizational issues, the partner receives a letter from us with a direct link to the web interface and authorization data. We can create accounts for users both in the FusionAccess database and in our AD.
At the same time, to work with a demo stand, you only need to install a browser plugin that allows you to work with virtual tables.
In addition to convenience when connecting partners, this increases the flexibility in the organization of test sites. Depending on the type of equipment being tested, I can pre-configure virtual station templates.
For example, to test Huawei OceanStor ver 1 storage systems, I provide partners with a virtual station with preinstalled JRE ver 6.0, ISM (software for managing Huawei 1st generation storage systems), “correct” browser versions, Iometer, etc.
This makes it easier for the partner to test, eliminating him from unnecessary routine and negativity.
As a result, as a test environment operator, I have a handy tool for managing remote access, easy tracking of connection statistics and timing of access.
To stop access, you do not need to contact colleagues responsible for network security. It is enough to move the user from the FusionAccess user group, or “stop” stopping / deleting his workstation on the desired date.
In the end, everybody won - both our partners and we.
I understand that this topic was not fully disclosed, and you still have questions about Huawei’s VDI solution. You can ask them in the comments.
The topics that caused the hottest response among readers, I am ready to highlight in an additional review.
Having begun to become familiar with the Enterprise Department of Huawei, I just could not get past their virtualization solutions. In the previous article, I mentioned one of them - Huawei FusionCompute .
This experience I want to share with you.
VDI benefits
This solution is a means of virtualization of workplaces. In essence, based on virtualization technology, it allows you to create multiple virtual machines with a custom OS based on a virtual cluster and provides convenient graphical tools for managing them.
')
For the user:
1. The ability to access your desktop from any location (if you have a stable Internet connection);
2. Saving all user data and settings (including personalization of the desktop) when accessing from remote workstations.
For the IT department:
1. Rapid deployment of virtual jobs from one-click templates;
2. The ability to plan and "sheduled" routine processes;
3. Management and monitoring "from one window";
4. Flexible user policy system;
5. Transparent security management tools;
6. Ability to integrate with existing infrastructure (including AD).
Architecture
Based on the FusionCompute hypervisor, this solution has a modular structure consisting of various components (services).
All components are divided into 3 levels:
1. Access control
2. Virtual Station Management
3. Accounting and storage of logs
Each level consists of several virtual machines on which these services run. For fault tolerance and availability of the solution, all services are recommended to be duplicated according to the Active \ Passive scheme (create 2 * virtual machines).
* In case of large volume (according to best practice), Huawei recommends increasing the number of VMs with WI and vLB components .
The first level is implemented using the services of vAG and vLB
vAG (virtual Access Gateway) - responsible for controlling access from outside
vLB (virtual Load Balancer) - is responsible for load distribution between WI-machines.
The second level, which is responsible for the direct management of the virtual workstation system, is represented by the following services: HDC, ITA, DB, WI and License
HDC is the core of the VDI solution. Responsible for matching created VMs or their templates with specified policies, creating / modifying Desktop Groups, and more.
ITA (IT Adapter) is a service responsible for providing virtual workstations to the user, as well as for communication between the HDC and the FusionCompute hypervisor (creating / deleting VM).
DB (GaussDataBase) - a database in which all data about users, templates, VMs, policies, etc. are stored
License - the service responsible for licensing the solution (activation, monitoring the expiration date, etc.)
The last level is represented by the Loggetter service.
Loggetter - saves the logs of all connections and user settings changes (and backs up them)
Installation
The entire process of deploying the Huawei FusionAccess solution can be divided into 4 stages:
1. Preparation of infrastructure VM based on Winows OS
2. Preparing infrastructure VMs based on Linux OS
3. Installation of services
4. Setting up services
As it is already clear, there is no single VM image for deploying the solution. You will need to download the Windows Server 2008 R2 distribution kit from the Huawei support site, and the FusionAccess_Installer_Linux / Windows_V service utilities distributions. ***. Iso
At the same time, the distribution kit of utilities for Linux is also the distribution kit of the OS itself.
According to the recommendations, it is necessary to duplicate all deployed infrastructure VMs, however, I, as an experiment and because of limitations of the demo stand, refused to reserve. Total, the minimum number of virtual machines - 4:
• ITA
• Loggetter
• vAG + vLB
• HDC + WI + DB + License
In this case, the first 2 work under Windows Server 2008 R2, and the second - Novell SUSE Linux Enterprise Server 11 SP1 64-bit.
The Linux OS installation has a standard wizard:
Service distributions have graphical interfaces and fairly intuitive navigation.
On Linux machines, the installation is started by the startTools console script:
Windows can be deployed from both your distribution and the distribution downloaded from the Huawei support site.
In this case, there are two scenarios for deploying a solution — using and without DNS service. As an experiment, I made an installation using the AD / DNS / DHCP services available in our laboratories.
In the case of using an existing AD, it is recommended to create a separate User Group under VDI (including service users) and configure access rights on the created machines.
In order to reduce the time costs in the first stage, it is proposed to create a VM template with encapsulated WinServ2008R2 (previously entered into the domain), which will be deployed the necessary number of times (in my case - twice).
After deploying the required number of virtual machines, it is necessary to install the ITA and Loggetter services on them. This is done using the installation wizard, which has a fairly intuitive interface.
After installing all the necessary components, you need to configure them by specifying the pre-allocated IP addresses from the planned subnet.
Interface
In general, the web-interface is not satisfactory.
Everything is done in the same design with the solutions of the FusionSphere group.
The initial authorization takes place according to the standard access data from the manual, later a password change is required. Also, by default, an increased level of difficulty is included when choosing a password (it is necessary to use a special character) and protection with a captcha in case of incorrect input. All this in the future, you can disable \ configure in the appropriate section of settings.
Language selection is standard for all Huawei Enterprise products - English and Chinese.
Immediately it should be noted that FusionAccess has a strict compatibility list with different versions of browsers. And in case of non-compliance, the probability of incorrect operation of the web interface is extremely high. For example, the latest version of IE is not currently supported. Huawei is actively working on updating the compatibility list, but you need to be attentive to this nuance.
In general, the FusionAccess interface is fairly standard and understandable, and does not fundamentally differ from other VDI solutions.
The whole web-interface is divided into 7 sections:
1. Home - starting dashboard with main load indicators and notifications:
2. Quick Provisioning is a form of quick allocation of virtual workplaces from existing templates. Basic entities (VM Group, VM template, Site) must be created and configured in advance.
3. Desktop - an interface for creating and configuring basic entities:
• VM Template
• VM Group
• Desktop Group
• VM Naming Rule
This is the main working tool for configuring policies and virtual desktops. After making all the necessary settings, you can create and select tens and hundreds of virtual stations through the quick selection section with a few mouse clicks.
4. Alarm - a section that displays in detail and allows you to manage all notifications and error messages.
All notifications are online, and provide you with help if necessary:
Here you can test all components:
5. Task - a section on tracking the progress of tasks and their planning:
6. Statistics - a section that displays detailed statistics on your VDI infrastructure and allows you to upload it in * .xls or * .txt formats:
7. System - a single section for all kinds of settings and configurations. Here there is integration with the hypervisor, activation of licenses, creation of users and their groups, their policies, uploading logs, etc., and so on:
Conclusion
If after working with the Huawei FusionCompute hypervisor, I had a feeling of some “dampness” of the product due to complaints about the interface and emerging bugs, then the FusionAccess VDI solution seemed to me completely complete and workable.
The introduction of this solution into our test environment, in addition to an interesting and useful experience, has given us a number of advantages in organizing our partners' access to demo equipment.
Prior to this, to provide remote access for our partners to demo equipment, the technology used was VPN tunnels based on L2TP puncture. Partners needed to download the Huawei VPN client and a config-file with access details specified individually for them.
This approach had several disadvantages:
1. We had to manually generate a configuration file for each partner.
2. The partner had to download the distribution package of the VPN client and the configuration file and install it all by itself. Even with the presence of detailed instructions, some people had difficulty
3. Due to the nature of corporate connection standards and internal security policies, some clients could not use L2TP connections.
4. To work with various Huawei solutions, users needed to install various utilities and software on their systems (for example, JRE, various browsers of specific versions, etc.), which later, after the tests were finished, were often unclaimed by them.
5. There remained a number of complaints about providing partners with access to our test environment at the L3 level.
The introduction of the VDI solution in turn allowed us to solve all these problems. For our part, we opened the "out" web-interface FusionAccess.
This allowed partners to access the test environment through a virtual workstation.
After agreeing on organizational issues, the partner receives a letter from us with a direct link to the web interface and authorization data. We can create accounts for users both in the FusionAccess database and in our AD.
At the same time, to work with a demo stand, you only need to install a browser plugin that allows you to work with virtual tables.
In addition to convenience when connecting partners, this increases the flexibility in the organization of test sites. Depending on the type of equipment being tested, I can pre-configure virtual station templates.
For example, to test Huawei OceanStor ver 1 storage systems, I provide partners with a virtual station with preinstalled JRE ver 6.0, ISM (software for managing Huawei 1st generation storage systems), “correct” browser versions, Iometer, etc.
This makes it easier for the partner to test, eliminating him from unnecessary routine and negativity.
As a result, as a test environment operator, I have a handy tool for managing remote access, easy tracking of connection statistics and timing of access.
To stop access, you do not need to contact colleagues responsible for network security. It is enough to move the user from the FusionAccess user group, or “stop” stopping / deleting his workstation on the desired date.
In the end, everybody won - both our partners and we.
PS
I understand that this topic was not fully disclosed, and you still have questions about Huawei’s VDI solution. You can ask them in the comments.
The topics that caused the hottest response among readers, I am ready to highlight in an additional review.
Source: https://habr.com/ru/post/250705/
All Articles