Related Concepts
Desktop
A desktop is a virtual computer system that is installed with desktop agent software and can interact with desktop management components. Workspace hosts and manages all desktops in the data center in a unified manner. End users can log in to a desktop using soft clients (SCs), mobile terminals, and thin clients (TCs) to obtain PC-like desktop experience.
You can purchase a dedicated desktop for each end user so that they can exclusively use their own desktops.
Desktop Pool
A desktop pool is a collection of image desktops of the same specifications. It provides administrators with unified management and O&M capabilities for the next batch of desktops in a project. Desktop pools are classified into dynamic pools and static pools.
- A dynamic pool is a desktop group of the M:N pool type. The binding relationship between a VM in the desktop pool and a VM user is not fixed. Each time a VM user logs in to the desktop pool through the client, Workspace randomly assigns an available VM to the user.
- A static pool is a desktop group of the 1:1 pool type. Originally, the binding relationship between VMs in the desktop pool and VM users is not fixed. However, the binding relationship between a VM and a VM user is fixed after the VM user logs in to the VM for the first time. After that, the VM user will be assigned the same VM each time the user logs in to the desktop pool, and the VM will not be assigned to other users.
User
Users are classified into end users and administrators based on their permissions. An end user is a user who uses the desktop and has the permission for logging in to and using the desktop. An administrator is a tenant, that is, a user who assigns desktops to users who use desktops. The administrator has the permissions for purchasing desktops, deleting desktops, configuring policies, and managing users.
User Group
A user group is a collection of users. By assigning users to different groups, you can easily manage and control resource access. A user group can also have its own permissions and settings to control the behavior of its users.
Policy
Policies are classified into protocol policies and access policies.
A protocol policy is a set of security rules configured for desktops, including USB redirection, file redirection read/write permission, clipboard read/write permission, watermark, client automatic reconnection interval, and image display. A policy is used to control data transmission between user terminals and desktops and peripheral access permission.
An access policy is a group of rules configured for determining whether desktops are accessed from an Internet access address or Direct Connect access address.
Priority
The priority is the basis for Workspace to determine the execution sequence or weight of desktop policies. The priority is represented by a positive integer. A smaller value indicates a higher priority.
Software Client
A software client (SC) is a Workspace client installed on a local PC so that users can access desktops from the PC.
Thin Client
A thin client (TC) is a small-sized commercial PC that is designed based on the PC industry standard. It uses a professional embedded processor, small local flash memory, and simplified OS for desktop access. The TC sends the inputs of the mouse and keyboard to the background server for processing. Then the server returns the processing result to the monitor connected to the TC for display. The performance, peripheral interfaces, and operation GUIs of TCs vary depending on models, meeting requirements for common OA, security-sensitive OA, and high-performance graphics design.
Mobile Terminal
A mobile terminal is a Workspace client installed on a mobile device so that users can access the desktop through the mobile device. The mobile device is called a mobile terminal. Currently, only Android smart devices are supported.
AD Management Server
The Active Directory (AD) management server is the infrastructure component where the AD service is deployed. It provides a series of directory service functions that allow users to manage and access network resources in a unified manner. Workspace can connect to your own AD server to implement authentication and authorization of Workspace.
Region and AZ
A region and availability zone (AZ) identify the location of a data center. You can purchase desktops in a specific region or AZ.
Regions are determined based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP, and Image Management Service (IMS), are shared within the same cloud region. Regions are classified as universal regions and dedicated regions. A universal region provides universal cloud services for common tenants. A dedicated region provides only services of the same type or provides services only for specific tenants.
An AZ contains one or more physical data centers. Each AZ has independent cooling, fire extinguishing, antimoisture, and electricity facilities. The computing, network, storage, and other resources in an AZ are logically divided into multiple clusters. AZs in a region are interconnected through high-speed optic fiber, so systems deployed across AZs can achieve higher availability.
Figure 1 shows the relationship between regions and AZs.
Huawei Cloud provides services in many regions around the world. Select a region and AZ as needed.
Project
Projects group and isolates resources (including compute, storage, and network resources) across physical regions. A default project is provided for each region, and subprojects can be created under each default project. Users can be granted permissions for accessing all resources in a specific project. If you need more refined access control, you can create subprojects under a default project and purchase resources in subprojects. Then you can assign required permissions for users to access only resources in specific subprojects.
Multi-factor Authentication
Multi-factor authentication (MFA) provides an additional layer of protection on top of the username and password. If you enable MFA, users need to enter the username and password as well as a verification code when logging in to a desktop.
Virtual MFA Device
A virtual MFA device generates 6-digit verification codes in compliance with the Time-based One-time Password Algorithm (TOTP). Virtual MFA devices used by Workspace are software-based applications that can run on mobile devices such as smartphones. Virtual MFA is one of the MFA modes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.