Related Concepts
Desktops
A desktop is a virtual computer system that is installed with desktop agent software and can interact with desktop management components. Workspace hosts and manages all desktops in the data center in a unified manner. End users can log in to a desktop using software clients (SCs), mobile terminals, and thin clients (TCs) to obtain PC-like desktop experience.
You can purchase a dedicated desktop for each end user so that they can exclusively use their own desktops.
Desktop Pools
A desktop pool is a collection of image desktops of the same specifications. It provides administrators with unified management and O&M capabilities for the next batch of desktops in a project. Desktop pools are classified into dynamic pools and static pools.
- A dynamic pool is a desktop group of the M:N pool type. The binding relationship between a VM in the desktop pool and a VM user is not fixed. Each time a VM user logs in to the desktop pool through the client, Workspace randomly assigns an available VM to the user.
- A static pool is a desktop group of the 1:1 pool type. Originally, the binding relationship between VMs in the desktop pool and VM users is not fixed. However, the binding relationship between a VM and a VM user is fixed after the VM user logs in to the VM for the first time. After that, the VM user will be assigned the same VM each time the user logs in to the desktop pool, and the VM will not be assigned to other users.
Users
Users are classified into end users and administrators based on their permissions. An end user is a user who uses the desktop and has the permission for logging in to and using the desktop. An administrator is a tenant, that is, a user who assigns desktops to users who use desktops. The administrator has the permissions for purchasing desktops, deleting desktops, configuring policies, and managing users.
User Groups
A user group is a collection of users. By assigning users to different groups, you can easily manage and control resource access. A user group can also have its own permissions and settings to control the behavior of its users.
Policies
Policies are classified into protocol policies and access policies.
A protocol policy is a set of security rules configured for desktops, including USB redirection, file redirection read/write permission, clipboard read/write permission, watermark, client automatic reconnection interval, and image display. A policy is used to control data transmission between user terminals and desktops and peripheral access permission.
An access policy is a group of rules configured for determining whether desktops are accessed from an Internet access address or Direct Connect access address.
Priority
The priority is the basis for Workspace to determine the execution sequence or weight of desktop policies. The priority is represented by a positive integer. A smaller value indicates a higher priority.
Software Clients
A software client (SC) is a local PC where the Workspace client is installed. Users can access desktops from the PC.
Thin Clients
A thin client (TC) is a small-sized commercial PC that is designed based on the PC industry standard. It uses a professional embedded processor, small local flash memory, and simplified OS for desktop access. The TC sends the inputs of the mouse and keyboard to the background server for processing. Then the server returns the processing result to the monitor connected to the TC for display. The performance, peripheral interfaces, and operation GUIs of TCs vary depending on models, meeting requirements for common OA, security-sensitive OA, and high-performance graphics design.
Mobile Terminals
A mobile terminal is a mobile device where the Workspace client is installed. Users can access desktops from this mobile device. Currently, only Android smart devices are supported.
AD Management Server
The Active Directory (AD) management server is the infrastructure component where the AD service is deployed. It provides a series of directory service functions that allow users to manage and access network resources in a unified manner. You can interconnect Workspace with your own AD server to implement authentication and authorization of cloud desktops.
Regions and AZs
A region and availability zone (AZ) identify the location of a data center. You can purchase desktops in a specific region or AZ.
Regions are determined based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP, and Image Management Service (IMS), are shared within the same cloud region. Regions are classified as universal regions and dedicated regions. A universal region provides universal cloud services for common tenants. A dedicated region provides only services of the same type or provides services only for specific tenants.
An AZ contains one or more physical data centers. Each AZ has independent cooling, fire extinguishing, antimoisture, and electricity facilities. The computing, network, storage, and other resources in an AZ are logically divided into multiple clusters. AZs in a region are interconnected through high-speed optic fiber, so systems deployed across AZs can achieve higher availability.
Figure 1 shows the relationship between regions and AZs.
Huawei Cloud provides services in many regions around the world. Select a region and AZ as needed.
Projects
Projects group and isolate compute, storage, and networking resources across physical regions. A default project is provided for each region, and subprojects can be created under each default project. Users can be granted permissions to access all resources in a specific project. If you need more refined access control, you can create subprojects under a default project and purchase resources in subprojects. Then you can assign required permissions for users to access only resources in specific subprojects.
Multi-factor Authentication
Multi-factor authentication (MFA) provides an additional layer of protection on top of the username and password. If you enable MFA, users need to enter the username, password, and a verification code when logging in to a desktop.
Virtual MFA Devices
A virtual MFA device generates 6-digit verification codes in compliance with the Time-based One-time Password Algorithm (TOTP). Virtual MFA devices used by Workspace are software-based applications that can run on mobile devices such as smartphones. Virtual MFA is one of the MFA modes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
