Creating a Policy Group

Scenarios

A policy group is a set of security rules configured for Workspace Application Streaming, including file redirection read/write permission, clipboard read/write permission, session automatic reconnection interval, and image display. Policies are used to control data transmission between user terminals and Workspace Application Streaming.

You can plan and customize application policies to create the most efficient policy management solution for different scenarios.

Procedure

1. Log in to the Workspace Application Streaming console as an administrator.
2. In the navigation pane, click Policy Groups. The Policy Groups page is displayed.
3. In the upper right corner of the page, click Create Policy Group. The Create Policy Group page is displayed.
4. Configure Policy Name and Description.
   

   • The policy name can contain up to 55 characters in digits, letters, and underscores (_).
   • The description contains up to 255 characters.

5. Select a Creation Mode as required.
   • Create without template: Use the default blank template to create a policy group.
   • Create with template: Create a policy group using an existing policy group template, with the same configurations as those of the template by default.
     

     You can select an existing policy template or create a template by adding a user-defined template.

     The system provides four policy templates to help you quickly configure Workspace Application Streaming policies in four different scenarios.

     • In security scenarios, Huawei Delivery Protocol (HDP) prevents data in Workspace Application Streaming from being transferred to or even stored on personal storage devices and keeps data in an on-premises data center.
     • In (GPU-dependent) gaming scenarios, cursor follow-up and image display are optimized to ensure smoothness even in poor bandwidth conditions.
     • In (GPU-dependent) graphics processing scenarios, the display frame rate can be adjusted to improve the display quality and the cursor follow-up mode can be adjusted to narrow the gap between the cursor and the image and reduce the visual difference.
     • In (GPU-dependent) video editing scenarios, video acceleration is used to optimize video playback quality. The cursor closely follows user operations, improving user experience.
   • Import an existing policy: If a policy group has been created, you can import a policy from the existing policy group. The configurations are the same as those of the policy by default.

6. Click Next: Configure Policy.

   The policy configuration page is displayed.

7. On the displayed page, configure application policies for the computer as required.
   

   General policies are simplified from advanced policies and can meet common office work requirements. By default, policy parameters that meet common work requirements are enabled.

   • indicates that a policy is enabled.
   • indicates that a policy is disabled.
   For details about configuring a general policy, see Table 1.

   Table 1 Policy management

   Type	Parameter	Description
   File Redirection	Fixed driver	Read-only: Files in drivers and storage devices can only be pre-viewed. Read/write: Files in drivers and storage devices can be modified. Users can use drivers through file redirection in VMs on Workspace Application Streaming.
   	Removable driver
   	CD/DVD-ROM driver
   	Network driver
   Clipboard Redirection	Bidirectional	After this function is enabled, end users can copy data from Workspace Application Streaming and paste the data on local desktops, or vice versa.
   	Server to client	After this function is enabled, end users can only copy data on Workspace Application Streaming and paste the data on local desktops.
   	Client to server	After this function is enabled, end users can only copy data on local desktops and paste the data on Workspace Application Streaming. NOTE: Files can be copied only from a Windows client to a server, and file redirection and the corresponding driver must be enabled.
   Print Device Redirection	Server to client	Users can use print devices connected to TCs.
   Sessions	Auto Disconnection Without Keyboard/Mouse Device Operations	Enabled: If no keyboard or mouse device operation is performed on the client for a specified period of time, the client automatically disconnects from the server and the application is closed. Disabled: The automatic disconnection function is disabled.
   	Waiting Time (Min)	Sets the waiting time for automatic disconnection when no keyboard or mouse device operation is performed. Value range: 3–86,400.
   	Auto Logout	If Auto Disconnection Without Keyboard/Mouse Device Operations is enabled, you can configure the waiting time before the session is automatically logged out of.
   	Session Retention After Disconnection (Min)	If Auto Disconnection Without Keyboard/Mouse Device Operations is enabled, in the case of automatic disconnection, the session is automatically logged out of after the session retention period expires. Value range: 1–86,400.

8. Configure an advanced policy.
   General policies are simplified from advanced policies and can meet common office work requirements. For special requirements, configure an advanced policy.

   1. On the general policy configuration page, click Advanced Policies.

      The advanced policy configuration page is displayed.

      Figure 1 Advanced policy configuration page
      
   2. Configure an advanced policy, as shown in Figure 2. For details about the advanced policy parameters, see Configuring an Advanced Policy.
      Figure 2 Configuring an advanced policy
      

9. Click Next: Select Object.

   Select an Object Type as required and then select an object, as shown in Figure 3.

   • All Objects
   • Users
   • User Groups
   • Application Groups
   Figure 3 Selecting an object
   

10. Click Next: Finish.

    The policy has been created. The policy takes effect upon the user's next login to the Workspace Application Streaming client.