Updated on 2023-12-04 GMT+08:00

Constraints

This section describes constraints on using Workspace.

Table 1 Constraints on using Workspace

Scenario

Constraint

Description

Purchasing a desktop

Account

You can purchase a desktop only after logging in to the Workspace console using an account.

Connection to the AD

  • After purchasing a desktop, you cannot change the status of connection to the AD.
  • To connect to the AD, ensure that the Workspace network can communicate with the Microsoft AD network.

Region

Desktops in different regions cannot communicate with each other over the intranet, and desktops need to be managed by region.

CPU architecture

x86 computing is supported.

Desktop OS

Currently, Workspace supports Windows Server 2016/2019 and will support more OSs in the future.

System Disk

Due to resource restrictions in the selected region, the system disk size must range from 80 GB to 1020 GB.

Data Disk

Due to resource restrictions in the selected region, a maximum of 10 data disks can be added, and the size of each data disk must be an integer multiple of 10 between 10 GB to 1,020 GB.

Network

The 172 network segment is reserved for running internal services. Therefore, do not select a VPC network starting with 172. Otherwise, desktops cannot be purchased.

Desktop user

Each desktop belongs to only one user.

Logging in to a desktop

Mobile device

Mobile terminals running Android 6.0 or later are supported.

TCs and PC SCs

You can log in to a desktop from TCs (running UOS and Android) that are compatible with Workspace and PC SCs running Windows 10 and 64-bit macOS 10.14–12.4.

Configuring a desktop

Policy

  • The desktop policy will take effect upon your next login to the desktop.
  • Unidirectional or bidirectional copy from the client to the server or from the server to the client is supported.
    • Rich text copy and file copy are supported only when both the client (TC/SC) and desktop run Windows. A maximum of 500 files can be copied at a time.
    • If the OS of a client (TC/SC or mobile client) or desktop is not Windows, only text can be copied.
  • Rendering acceleration only applies to multimedia video editing.
  • The default policy is a preset common policy and its priority cannot be changed.
  • When you create multiple policies, the default policy has the lowest priority.
  • By default, a maximum of 50 policies can be configured in a region.

Network access

  • Workspace supports Internet access and Direct Connect access at the same time. At least one access mode must be enabled.
  • Workspace uses the 10.10.0.0/20 or 192.168.240.0/20 network segment as the reserved network segment of the desktop management NIC. When using Direct Connect to communicate with PCs on the enterprise intranet, do not use this network segment on the enterprise intranet to prevent access failures caused by route conflicts.
  • To use Direct Connect, you need to create a VPC endpoint.

Allowing Workspace to access the enterprise intranet

If a firewall is used, ensure that ports 8443 and 443 in the outbound direction of the firewall are enabled.

Modifying specifications

  • Do not perform other operations on the desktop when modifying specifications.

Recomposing the system disk

  • Before the system disk is recomposed, the login status of the desktop cannot be Disconnected, and the running status is Running or Stopped.
  • After recomposing the system disk, the data (such as the desktop and favorites) on the system disk will be lost. If the data is needed after the system disk is recomposed, notify the user to back up the data in advance.
  • When recomposing the system disk, if the cloud desktop uses a private image, ensure that the private image still exists.

Managing desktops

Resending a notification email

You can resend a notification email only when the user is bound to a desktop.

Deleting a user

You can delete a user only when the user is not bound to a desktop.

Resetting a password

If the Windows AD domain has been connected, the password of a desktop user cannot be reset.

Unlocking a user

If the Windows AD domain has been connected, desktop users cannot be unlocked.

Forbidden operations on Windows desktops

Processes and services

  • Change the default services and startup options in the system configuration.
  • Stop the LOCAL SERVICE, NETWORK SERVICE, and SYSTEM processes in the Task Manager.
  • Disable HDP services.
  • Uninstall the following programs:
    • Access Agent
    • Microsoft .NET Framework x Client Profile
    • Microsoft .NET Framework x Extended
    • Microsoft Visual C++ xxx Redistributable - xxx

Network

  • Disable the VM NIC, and disable or modify the network configurations.
  • Execute the script or command, for example, route DELETE *, to modify route data.
  • Delete ports 28511, 28512, 28521, and 28522 from the Windows firewall exception options.
  • Enable software or tools that can restrict network traffic, such as Internet Protocol Security (IPsec).

Other

  • Delete files or folders in C:\Program Files\Huawei.
  • Enable hibernation on VMs. VM hibernation is disabled by default.
  • Modify the configuration file of the HDP client (AccessAgent).
  • Run Rabbit Magic or Wopti Utilities to clean or optimize the registry.
  • Installing a changeable screensaver is resource-consuming. As a result, users will suffer from latency when logging in to the desktop again. Exercise caution when performing this operation.

Using Workspace

Connecting Workspace to the Internet

Workspace is connected to the Internet using the IP address of the data center. Some entertainment websites restrict the access of the IP address of the data center for their operations needs. As a result, Workspace cannot access those websites, such as Youku and Taobao.