Configuring an ECS

Scenario

This section describes how to install application software, configure patch update, and install system patches on an ECS.

Prerequisites

• You have obtained the username and password for logging in to the ECS.
• You have created an ECS.
• You have obtained the files listed in Required Software and decompressed Workspace_HDP_WindowsDesktop_Installer_x.x.x.iso to obtain the folder Workspace_HDP_WindowsDesktop_Installer_x.x.x.

Procedure

The operations vary depending on the OS. Follow the instructions on the GUI.

Installing a Windows OS and the VMTools Driver

1. Log in to the console.
2. Choose Service List > Computing > Elastic Cloud Server.
3. Locate the row that contains the ECS created in Creating an ECS, and click Remote Login to log in to the Windows VM.
4. For details, see Installing a Windows OS and the VMTools Driver.
   

   When selecting the OS installation location, ensure that the driver version of Windows Server 2019 is the same as that of Windows Server 2016. That is, set $OS_Version in vmtools-windows/upgrade/$OS_Version/drivers/viostor to Windows 2016.

Manage Your Server page not displayed upon login

5. Click Start > Run.

   The Run dialog box is displayed.

6. Enter gpedit.msc in the Open text box and press Enter.

   The Local Group Policy Editor window is displayed.

7. In the navigation pane, choose Computer Configuration > Policy > Administrative Templates > System > Server Manager, as shown in Figure 1.
   Figure 1 Manage Your Server page not displayed upon login
   

8. In the right pane, double-click Do not display Server Manager automatically at logon.

   The Do not display Server Manager automatically at logon dialog box is displayed.

9. Select Enabled.
10. Click OK.

Enabling the group policy that allows the standard user group to shut down Windows

Perform this operation for Windows Server 2016 and Windows Server 2019.

11. In the Local Group Policy Editor navigation pane, choose Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment, as shown in Figure 2.
    Figure 2 User rights assignment
    

12. In the right pane, double-click Shut down the system.

    The Shut down the system properties dialog box is displayed.

13. Click Add User or Group. The Select Users or Groups dialog box is displayed.
14. Click Object Types, select Groups, and click OK.
15. In the Enter the object names to select area, enter Users to query and add the Users group to the policy.
16. Click OK.
17. Click OK.

Disabling the firewall

18. In the navigation pane of the Local Group Policy Editor, choose Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile.
    The Domain Profile page is displayed, as shown in Figure 3.

    Figure 3 Domain profiles
    

19. In the right pane, double-click Windows Firewall: Protect all network connections.

    The Windows Firewall: Protect all network connections dialog box is displayed.

20. Select Disabled.
21. Click OK.
22. In the navigation pane, choose Standard Profile.

    The Standard Profile page is displayed, as shown in Figure 4.

    Figure 4 Standard profiles
    

23. In the right pane, double-click Windows Firewall: Protect all network connections.

    The Windows Firewall: Protect all network connections dialog box is displayed.

24. Select Disabled.
25. Click OK.
26. Close the Local Group Policy Editor window.
27. Click Start > Run.

    The Run dialog box is displayed.

28. Enter services.msc in the Open text box and press Enter.

    The Services window is displayed.

29. In the right pane, double-click Application Layer Gateway Service.

    The Application Layer Gateway Service Properties (Local Computer) page is displayed.

30. On the General tab, set Startup Type to Disabled, as shown in Figure 5.
    Figure 5 Configuring the startup type
    

31. Click OK.
32. Set the Startup Type of Internet Connection Sharing (ICS) and Windows Firewall to Disabled by referring to 29 to 31.
    

    You do not need to configure Windows Defender Firewall for Windows Server 2019.

33. Close the Services window.

Disabling Windows update

34. Click Start > Run.

    The Run dialog box is displayed.

35. Enter compmgmt.msc in the Open text box and press Enter.

    The Computer Management window is displayed.

36. In the navigation pane, choose Services and Applications > Services.

    The Services page is displayed, as shown in Figure 6.

    Figure 6 Services
    

37. In the right pane, double-click Windows Update.

    The Windows Update Properties page is displayed.

38. On the General tab, set Startup Type to Disabled.
39. Go to Recovery. Set First failure to Take No Action.
40. Click OK.

Creating a temporary local user admin

• After Cloudbase-Init is installed, it will randomize the password of the Administrator account if application software that takes effect only after a restart is installed. To prevent login failure after randomization, create a temporary account and reset the password of Administrator.
• If your login using the default password of Administrator fails after the restart, log in as the admin user and reset the password of Administrator. Then use the Administrator account to log in again.

41. On the ECS, click , enter compmgmt.msc, and press Enter.

    The Computer Management window is displayed.

42. In the navigation pane, choose Local Users and Groups > Users.
43. Right-click and choose New User from the shortcut menu.
44. In the New User dialog box, enter the username and password, confirm the password, and click Create.
45. In the navigation pane, choose Local Users and Groups > Groups.
46. Right-click Administrators and choose Add to Group from the shortcut menu.
    

    If you need to add administrators to other groups, select an option as required.

47. In the Administrators Properties dialog box, click Add to add the user to the group.
48. Click OK and close the Administrators Properties dialog box.
49. Close the Server Manager window.

Configuring a private DNS

You can configure a private DNS server address for OBS so that Windows ECSs on Huawei Cloud can directly access OBS through the private network.

50. On the ECS, click in the lower left corner, enter cmd, and press Enter.
51. Run the ipconfig /all command to check whether the DNS server is at the private DNS address in the region where the ECS resides.
    

    Huawei Cloud provides different private DNS server addresses for different regions. For details, see What Are the Private DNS Server Addresses Provided by Huawei Cloud?

52. Change the DNS server address of the VPC subnet.

    Locate the VPC where the ECS resides and change the DNS server address of the VPC subnet to the private DNS address. In this manner, ECSs in the VPC can use the private DNS for resolution and thereby you can access OBS on Huawei Cloud intranet. For details, see Modifying a Subnet.

    

    The private DNS server address must be selected based on the region where the ECS is. For details, see What Are Huawei Cloud Private DNS Server Addresses?

Enabling applications to access the microphone of the OS

53. Choose Start > Settings. The OS setting page is displayed.
54. Click Privacy. The privacy setting page is displayed.
55. In the list on the left, click Microphone. The page for setting microphone permissions is displayed.
56. Set Microphone access to On.

Obtaining required installation packages

57. Upload the packages obtained in Required Software, except the OS ISO file, to the OBS bucket used in Registering a Private Image Using an ISO File.
    

    Set the object permission to public-read.

58. Record the link of each package in the OBS bucket.
    

    On OBS Browser+, right-click the package, choose Share from the shortcut menu, and click Copy Link to obtain the download link of the package. You need to download the package within the sharing validity period.

59. In the root directory of drive C on the ECS, create a folder, for example, software, for storing the package to be installed.
60. Open the browser on the ECS, copy the package link recorded in 58 to the address box, and press Enter to download the package.
    

    • Switch the input mode of the ECS to English.
    • Download the required packages in sequence.

61. Copy the obtained packages to C:\software.

Installing the 7-Zip

62. Go to C:\software to find and decompress the 7-Zip installation package.

Installing the Visual Studio 2017 runtime library

63. Go to C:\software to find the vc_redist.x64.exe package, and double-click vc_redist.x64.exe to install the Visual Studio 2017 runtime library.
64. Restart the ECS.

(Optional) Deleting the Microsoft language package

To ensure that users can successfully purchase Workspace desktops, you need to delete the Microsoft language package when creating only Windows 10 2004 images.

65. Search for Windows PowerShell in the Start menu and click Run as administrator. The Windows PowerShell running page is displayed.
66. Run the following command to delete the Microsoft language package:

    Get-Appxpackage -allusers *Microsoft.LanguageExperiencePackzh-CN* | remove-appxpackage

(Optional) Installing the OS patch

67. Go to C:\software where the package is stored and install the OS patch.
    

    OS patches are updated by Microsoft on an irregular basis. Pay attention to Microsoft announcements and update the OS in a timely manner.

(Optional) Installing applications

68. Go to C:\software where the package is stored and install the application.
    

    Some security software (antivirus software, safeguards, and firewalls) may conflict with the Microsoft encapsulation tool. As a result, desktop creation may fail, and the blue screen of death (BSOD) or black screen may occur on the created desktop. Therefore, install security software only after desktops are provisioned.

(Optional) Installing peripheral drivers

69. Go to C:\software where the package is stored and install the peripheral driver.

Installing the Cloudbase-Init software

70. Go to C:\software where the package is stored, open the Cloudbase-Init installation package, and install Cloudbase-Init as prompted.
71. On the Configuration options page, configure parameters by referring to Figure 7.
    Figure 7 Configuration options
    
    

    The version number in the figure is for reference only. Use the actual version number.

72. After the configuration is complete, deselect the options shown in Figure 8.
    Figure 8 Finish
    

73. Click Finish.

Configuring Cloudbase-Init

74. Edit the configuration file C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf in the Cloudbase-Init installation path.
    1. Add the netbios_host_name_compatibility=false configuration item to the last line of the configuration file so that the host name of the Windows OS can contain a maximum of 63 characters.
       

       NetBIOS supports up to 15 characters due to the constraint of Windows OS.

    2. Add the configuration item metadata_services=cloudbaseinit.metadata.services.httpservice.HttpService to enable the agent to access the OpenStack data source.
    3. Add the following configuration item to disable Cloudbase-Init restart:

       plugins=cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin,cloudbaseinit.plugins.windows.createuser.CreateUserPlugin,cloudbaseinit.plugins.common.sshpublickeys.SetUserSSHPublicKeysPlugin,cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin,cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin,cloudbaseinit.plugins.common.userdata.UserDataPlugin

75. In C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init-unattend.conf, check whether cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin, exists.
    • If yes, delete it and perform subsequent operations.
    • If no, perform subsequent operations.
    • Add cloudbaseinit.plugins.common.userdata.UserDataPlugin at the end of plugins=. Add a comma (,) in front of the added configuration item.

76. If you use a Windows ECS to create an image, change the SAN policy of the ECS to OnlineAll. Otherwise, when you use the image to create ECSs, the disks may be offline.

    Windows has three types of SAN policies: OnlineAll, OfflineShared, and OfflineInternal.

    Table 1 SAN policies of Windows

    Type	Description
    OnlineAll	All newly detected disks are online.
    OfflineShared	All disks on sharable buses, such as iSCSI and FC, are left offline by default, while disks on non-sharable buses are online.
    OfflineInternal	All newly detected disks are offline.

    1. Execute cmd.exe and run the following command to query the current SAN policy of the ECS using DiskPart:

       diskpart

    2. Run the following command to view the SAN policy of the ECS:

       san

       • If the SAN policy is OnlineAll, run the exit command to exit DiskPart and close cmd.exe.
       • If no, go to 76.c.
    3. Run the following command to change the SAN policy to OnlineAll:

       san policy=onlineall

    4. Run the exit command to exit DiskPart and close cmd.exe.

Installing SysAgent and SysPrep

77. Open Control Panel on the computer and uninstall HW.SysAgent and HW.SysPrep.
78. Double-click HW.SysAgent.Installer_64.msi and HW.SysPrep.Installer_64.msi in C:\software.

Installing AppCenterAgent and AppCenter

79. Open Control Panel on the computer and uninstall WKSAppCenterAgent.
80. Double-click WKSAppCenterAgent.msi and WKSAppCenter.msi in C:\software.

Encapsulating the image

• To create an encapsulated image, perform 81 to 84.
• To create an image that is not encapsulated, perform 81 to 83, and 85.
  

  1. If images are not encapsulated, problems may occur on some applications, such as Windows Server Update Services (WSUS).

  2. In Windows 8 or Windows Server 2012, you may encounter problems where push notifications do not work.

  3. Images that are not encapsulated can be provisioned more quickly.

81. On the ECS, find the Windows image creation tool in C:\software and decompress it to obtain the Workspace_HDP_WindowsDesktop_XXX folder.
82. Right-click in the lower left corner, enter cmd, and press Enter.
83. Run the following command to switch to the directory containing the template tool:

    cd C:\software\Workspace_HDP_WindowsDesktop_Installer_x.x.x

84. In the displayed CLI, run the following command to encapsulate the image:

    run_silent.bat --passive --environment_type 2 --nocheck --noshutdown

    

    During image encapsulation, the ECS automatically restarts. Do not exit or stop the ECS. After the ECS is restarted, enter the ECS password to proceed with image encapsulation.

85. (Optional) In the displayed CLI, run the following command to encapsulate the image:

    run_silent.bat --passive --environment_type 2 --nocheck –noshutdown --nosysprep

Enabling hibernation

86. Click Start > Run.

    The Run dialog box is displayed.

    Run the powercfg -h on command to enable hibernation.

    

    

    Configure this parameter only for Windows Server 2016 and 2019.

Deleting the temporary admin user

87. Click Start > Run.

    The Run dialog box is displayed.

88. Enter sysdm.cpl in the Open text box and press Enter.

    The System Properties window is displayed.

89. On the Advanced tab, click Settings under User Profiles.

    

90. On the User Profiles page, select the profiles of the user to be deleted and click Delete.
91. Click OK.
92. Close the System Properties window.
93. Click Start > Run.

    The Run dialog box is displayed.

94. Enter compmgmt.msc in the Open text box and press Enter.

    The Computer Management window is displayed.

95. In the navigation pane on the left, choose System Tools > Local Users and Groups > Users.
96. In the right pane, right-click the username to be deleted and choose Delete.
97. Click Yes.
98. Click OK.
99. Close the Computer Management window.

Stopping the ECS

100. On the ECS list page of the console, locate the row that contains the ECS created in Creating an ECS, and choose More > Stop to stop the ECS.