🖥️ IT Basics

What is IT?
Encompasses software, hardware, communications, and related services for
information processing.
Examples: taxi‑hailing apps (Uber, DiDi), online hotels (Airbnb), messaging
(WeChat, Viber), e‑retail (Taobao, Amazon).
Challenges to Traditional IT
Slow service rollout – long procurement cycles.
High total cost of ownership (TCO) – low device utilization.
Limited scalability – centralized architecture cannot easily expand.
Latency & reliability issues – I/O lifecycle bottlenecks, heterogeneous devices
hard to manage.

“IT enterprises overcome these challenges through infrastructure transformation,

resource integration, and continuous business optimization.”

☁️ About Cloud Computing

Definition

NIST definition:
*“Cloud computing is a model for enabling ubiquitous, convenient, on‑demand network
access to a shared pool of configurable computing resources … that can be rapidly
provisioned and released with minimal management effort or interaction with service
providers.”

Wikipedia:
“On‑demand availability of computer system resources, especially data storage
and computing power, without direct active management by the user.”

Core Features
Feature Description
 On‑demand self‑service Users provision compute, storage,
network resources automatically.
Broad network access Services reachable via Internet from
laptops, mobiles, tablets.
Resource pooling Multi‑tenant model; physical/virtual
resources allocated dynamically.
Rapid elasticity Resources scale up/down instantly;
pay‑as‑you‑go.
Measured service Usage metered (CPU hrs, GB storage,
bandwidth) for billing.

Service Models
Model What is provided User responsibility
IaaS (Infrastructure as a Virtual servers, storage, OS, middleware,
Service) networking applications
PaaS (Platform as a Compute + OS + Applications & data
Service) middleware + runtime
SaaS (Software as a Full applications None (just use the app)
Service)

Deployment Models
Model Ownership Access
Public cloud Third‑party provider, Internet
shared
Private cloud Single organization, Internal network
exclusive
Hybrid cloud Combination of public & Both
private, appears as a single
cloud

📈 Evolution of Computing & Virtualization

Timeline of Computer History (selected milestones)
Year Milestone
1946 First electronic computer (ENIAC)
1954 IBM’s first transistorized computer
1970 IBM System/370 introduces virtual
memory
1975 MITS creates the first microcomputer
1999 Pentium III popularizes 64 MB RAM,
6.4 GB HDD
2001 DDR replaces SDRAM as standard
memory

Timeline of Virtualization History

The timeline shows key events: IBM’s 1964 mainframe experiments, 1999 VMware launch,
2002 Xen open‑source, 2006 KVM introduction, 2013 Docker, 2014 Rocket, etc. These
milestones illustrate how virtualization matured into a core cloud technology.
What Is Virtualization?

“Virtualization creates a logical (virtual) representation of resources, decoupling them

from the physical hardware.”

Virtual Machine (VM): Isolated guest OS running on a shared physical server.

Hypervisor (VMM): Software layer that abstracts CPU, memory, I/O.
Types of Virtualization
Type Description Pros Cons
Full virtualization CPU, memory, I/O Excellent Higher CPU
fully simulated; compatibility. overhead.
guest OS
unmodified.
Paravirtualization Guest OS modified High performance. Poor compatibility
to cooperate with (requires OS
VMM for I/O. changes).
Hardware‑assisted Uses CPU Good compatibility, Requires supported
extensions (Intel low overhead. hardware.
VT‑x, AMD‑V) to
run guest OS at
native privilege
levels.

Virtualization Characteristics
Partitioning: Multiple VMs share a physical server’s resources.
Isolation: Faults in one VM do not affect others.
Encapsulation: VM state stored in files → easy migration.
Hardware independence: VMs run on any compatible server.

🖧 CPU, Memory & I/O Virtualization

CPU Virtualization
Sensitive vs. privileged instructions: Sensitive instructions affect key system
resources; privileged ones require kernel‑mode (Ring 0).
 Timer‑interrupt mechanism enables the VMM to pre‑empt guest VMs and
schedule CPU time.
Hardware‑assisted virtualization (Intel VT‑x, AMD‑V) introduces root and
non‑root modes, allowing guest OS to run at Ring 0 without modification.
Memory Virtualization
Traditional OS expects contiguous physical memory starting at address 0 →
unsuitable for multi‑tenant clouds.
Shadow page tables or Extended Page Tables (EPT) translate Guest Virtual →
Guest Physical → Host Physical addresses, enabling efficient memory sharing.

I/O Virtualization
Approach How it works Advantages Disadvantages
Full emulation Device fully No host driver Poor performance
simulated in needed. (many VM‑Exits).
software (e.g.,
QEMU).
Virtio (paravirtual) Front‑end driver in High throughput, Requires guest
guest ↔ back‑end low CPU usage. driver support.
driver in host via
shared memory.
PCI device Physical PCI(e) Near‑bare‑metal Limited number of
assignment (VT‑d device passed performance. devices; hardware
/ IOMMU) through to guest. cost.

🛠️ Virtualization Platforms & Tools

Major Hypervisors
Hypervisor Year Introduced Architecture Notable Traits
Xen 1999 (open‑source Paravirtual + HVM Small codebase
2002) (<150k LOC), no
built‑in device
drivers.
 KVM 2006 (kernel Kernel‑module + Leverages Linux
integrated 2007) QEMU for I/O kernel, minimal
code (~10k LOC).
VMware ESX 1999 Bare‑metal Mature ecosystem,
hypervisor commercial focus.
Hyper‑V 2008 Windows Server Tight integration
hypervisor with Microsoft
stack.

Supporting Tools
QEMU: User‑space emulator for CPU, memory, and full I/O devices. Works with
KVM for accelerated performance.
Libvirt: C‑based API/daemon providing a unified management layer for KVM,
Xen, VMware, Hyper‑V, etc. Enables commands like virsh, virt-manager.

🌐 Mainstream Cloud Vendors & Representative

Technologies
Vendor Core Services Representative
Technologies
Huawei Cloud Compute, storage, ECS, OBS, EVS, CCE,
containers, AI FusionCompute
Amazon AWS EC2, S3, RDS, Lambda Elastic Compute, Object
Storage
Microsoft Azure VMs, Blob storage, SQL Virtual Machines, Azure
Database, AI Blob, Azure SQL
Google Cloud Compute Engine, Cloud GCE, GCS, AI Platform
Storage, BigQuery
Alibaba Cloud Elastic Compute, OSS, ECS, OSS, PolarDB
ApsaraDB
IBM Cloud Virtual Servers, Object IBM Cloud VMs, Cloud
Storage, Watson AI Object Storage
 VMware Cloud Private/public hybrid cloud vSphere, NSX, vSAN
Foundation stack

Comparison: FusionCompute, HUAWEI CLOUD Stack, HUAWEI CLOUD

Aspect FusionCompute HUAWEI CLOUD HUAWEI CLOUD
Stack
Definition Virtualization Hybrid‑cloud Full
solution platform SaaS/IaaS/PaaS
(OpenStack‑based) cloud service
Deployment On‑premises Data‑center Public cloud (no
servers integration (private) hardware purchase)
Service Model IaaS (VMs, IaaS + PaaS IaaS, PaaS, SaaS
containers) services
Typical Use Enterprise Large‑scale Global cloud
data‑center private/public customers,
virtualization hybrid developers

📚 Quiz Review (Key Points)

1. Traditional IT challenges – all of the following are true: slow rollout, poor
scalability, low reliability, high TCO.
2. Deployment models – public, private, and hybrid clouds are valid categories.

📖 Acronyms & Abbreviations

Acronym Meaning
IaaS Infrastructure as a Service
PaaS Platform as a Service
SaaS Software as a Service
VM Virtual Machine
VMM Virtual Machine Monitor (Hypervisor)
 KVM Kernel‑based Virtual Machine
VT‑x / AMD‑V Hardware‑assisted virtualization
extensions
EPT Extended Page Tables
PCI‑e Peripheral Component Interconnect
Express
VT‑d Intel Virtualization Technology for
Directed I/O
API Application Programming Interface
GPU Graphics Processing Unit (not covered but
common in cloud AI)

🖼️ Architecture Diagram (I/O Virtualization)

The diagram shows three layers: a “Device Model” with IRQ emulation, a “Native Driver”
handling real I/O and IRQ, and the physical “Device.” Arrows illustrate VM‑Exit events,
virtual interrupts, and the flow of data between the guest VM, hypervisor, and hardware,
highlighting how virtualization isolates and mediates I/O operations.##📦
FusionCompute Virtualization Suite
Purpose: Industry‑leading solution that virtualizes hardware resources on
physical servers, allowing one server to host multiple virtual machines (VMs).
Key Benefits
↑ Infrastructure resource utilization
⚡ Accelerated service rollout
🔋 Reduced power consumption
High availability (HA) and rapid fault recovery

Definition – Virtualization: The creation of logical (virtual) resources—CPU, memory,

storage, network—from physical hardware, enabling multiple isolated VMs to run on a
 single host.

🏗️ FusionCompute Architecture & Positioning

FusionCompute is a cloud OS that centralizes management of compute,
storage, and network resources.
Supports high‑security, energy‑saving data centers for carriers and
enterprises.
Component Deployment Primary Role
CNA (Compute Node On each physical server to Manages VM lifecycle,
Agent) be virtualized compute, storage, and
network resources on the
host
VRM (Virtual Resource Deployed as a VM or on a Web UI for unified
Management) physical server management, monitoring,
and O&M
FusionCompute WebUI Hosted by VRM Provides administrators a
single pane of glass

Architecture Reliability Diagram

The diagram shows the central “Architecture Reliability” hub linked to six reliability
aspects (Management Node HA, Traffic Control, Data Backup, Data Restoration, Data
Consistency Check, Fault Detection), illustrating how each component contributes to
overall system resilience.

🛠️ FusionCompute Modules & Core Functions

Module Description Core Functions
CNA Agent on compute nodes VM lifecycle, resource
(CPU/memory/Disk/VLAN/I
management
VRM Management node Centralized web UI,
(VM/physical) resource monitoring,
statistics, elastic service
provisioning
Virtual Computing KVM‑based hypervisor CPU, memory, I/O
virtualization;
hardware‑assisted
acceleration
Virtualized Storage SAN, Distributed Block Virtual volume
Storage, local disks provisioning, thin
provisioning, QoS,
snapshots
Virtual Network Distributed Virtual Switch VLAN isolation, QoS,
(DVS) uplink aggregation, VM NIC
management
High Availability (HA) Active/standby Automatic failover, fault
management nodes, VM detection, rapid recovery
HA, live migration
Security Network access control, VM isolation, data
role‑based permissions, protection, access policies
antivirus integration

📊 Main Functions & Features

1. Compute Virtualization
KVM is the underlying hypervisor (hardware‑assisted).
Resources are pooled into virtual CPUs (vCPU) and virtual memory (vRAM).
Online adjustment of vCPU/vRAM is supported (no VM reboot required for
memory; CPU changes require a restart).

2. Storage Virtualization
Abstracts physical storage into datastores (logical containers).
Supports SAN, NAS, Huawei Distributed Block Storage, and local disks.
Features: thin provisioning, incremental snapshots, live/cold migration, linked
clone, volume expansion.

Definition – Datastore: A logical storage pool that hides underlying device details,
presenting a unified file‑system‑like view for VM disks.

3. Network Virtualization
Implements Distributed Virtual Switch (DVS) with VLAN isolation.
Each Virtual NIC (VNIC) has its own MAC and IP, behaving like a physical NIC.
QoS policies allow bandwidth shaping, priority control, and uplink
aggregation.

4. Availability & Disaster Recovery

VM HA: Automatic recreation of a failed VM on another compute node.
Live Migration: Moves VMs between hosts without service interruption (uses
memory compression).
Snapshot: Point‑in‑time VM state capture for rapid restore.
Fault Isolation: Independent VM operation on the same host; a fault in one VM
does not affect others.

5. Security
Network Access Control: VLAN‑based segmentation, dynamic port‑group
changes.
Platform Security: Role‑based access, log management, host hardening, patch
management.

🌐 Network Plane Design

FusionCompute separates traffic into four logical planes, each isolated by VLANs:
Plane Purpose Typical IPs / VLAN
Management Plane System monitoring, O&M, Private IPs, VLAN 2
VM management (default)
BMC Plane Baseboard Management Same or separate NICs;
Controller access same VLAN as
management for simplicity
Storage Plane SAN/NAS traffic for VM Dedicated VLANs, multiple
disks NICs for multipathing
Service Plane VM NIC traffic to external Public/tenant VLANs,
networks uplink aggregation

Best Practice: Deploy switches in stacking mode and bind NICs of the same model to
the same plane to avoid single‑NIC failures.

Deployment Plan Diagram

Shows an active/standby VRM configuration, multiple clusters, and storage connectivity.

The accompanying table (described in the image) outlines node types, deployment modes
(physical vs. VM), and placement rules ensuring high availability.
Logical View of VRM Nodes (VM‑based)

Illustrates two clusters with active/standby VRMs running as VMs, connected to CNAs on
three physical servers. Emphasizes HA design where VRMs reside on separate hosts.

🖥️ Installation Preparation & Process

Item Minimum Requirement Recommended
CPU 64‑bit (Intel VT‑x or ARM) Multi‑core, VT‑x enabled
Memory > 2 GB (x86) / > 8 GB ≥ 16 GB for production
(recommended)
Disk ≥ 150 GB system disk SSD for OS, additional
(RAID‑1) storage for VMs
OS Linux (CentOS/Ubuntu) Latest stable release
with kernel supporting
KVM
Network Minimum 2 NICs ≥ 4 NICs for full plane
(management + service) isolation
Software Tools: PuTTY (SSH), WinSCP (file transfer), FusionCompute
installation wizard.
Installation Steps
 1. Prepare the host BIOS (enable virtualization, disable secure boot).
2. Install the host OS and required kernel modules.
3. Deploy VRM (ISO mount or web‑based installer).
4. Install CNA on each compute node (PXE or manual ISO).
5. Configure network planes, storage, and create clusters via the
WebUI.

GPU Virtualization Diagram

Shows two VMs sharing a single physical GPU that is partitioned into virtual GPUs (vGPU).
This enables high‑performance graphics for multiple tenants while reducing hardware
cost.
🎮 Advanced VM Resource Management
1. Online CPU/Memory Adjustment
vCPU/vRAM can be added online (memory) or offline (CPU).
No VM reboot required for memory; CPU changes take effect after a restart.

2. CPU QoS (Quota, Reservation, Limit)

Parameter Meaning
CPU Quota Proportion of CPU a VM may use when
contending
CPU Reservation Minimum guaranteed CPU cycles
CPU Limit Upper bound of physical CPU usage for
the VM

3. Host Memory Overcommitment

Techniques: Memory Ballooning, Memory Sharing (copy‑on‑write), Memory Swapping.
Allows virtual memory pool > physical RAM, improving VM density and cutting
hardware cost by up to 50 %.

4. Live Migration & HA

Live Migration uses memory compression; only VM state mapping changes.
VM HA automatically recreates a failed VM on another node within 1–
2 minutes.

5. Rule Groups (Placement Policies)

Rule Type Effect
Keep‑VMs‑Together Selected VMs run on the same host
Keep‑VMs‑Mutually‑Exclusive Selected VMs run on different hosts
VM‑to‑Host Bind a VM group to a specific host group
 VM‑to‑VM Define priority dependencies between VM
groups

6. Dynamic Resource Scheduling (DRS) & Power Management (DPM)

DRS monitors host load and migrates VMs to balance CPU/MEM usage.
DPM powers off idle hosts when load < light‑load threshold (default 40 min) and
powers them on when load > heavy‑load threshold (default 5 min).

✅ Quiz
1. Products in the FusionCompute suite
A. FusionCompute ✅
C. eBackup ✅
D. UltraVR ✅
2. Benefits of FusionCompute
A. Improving resource utilization ✅
B. Improve system availability✅
C. Reduced TCO ✅
D. Green and energy saving ✅
📚 Acronyms & Abbreviations
Acronym Meaning
KVM Kernel‑based Virtual Machine
VMM Virtual Machine Monitor
CNA Compute Node Agent
VRM Virtual Resource Management
DVS Distributed Virtual Switch
HA High Availability
DR Disaster Recovery
CBT Changed Block Tracking
 QoS Quality of Service
vGPU Virtual GPU
BMC Baseboard Management Controller

These notes capture the core concepts, architecture, deployment, and operational
features of Huawei FusionCompute, enabling quick reference and study for exams or
📂
practical implementation.## FusionCompute Storage Virtualization Architecture
Key Components
User VMs – run on the host.
Kernel space of the host – driver layer connects to SAN/NAS.
Host user space – hosts file systems, disk drivers, disk tools.
Storage components – NAS, local storage, SAN.

Definition – FusionCompute Storage Virtualization provides a unified view of block

devices (SAN, local disks) through a block device driver layer and generic block
layer, presenting a single storage device to hosts.

🗂️ Datastore Types
Datastore Virtualized? Features
Virtualized storage ✅ Thin provisioning,
advanced utilization,
security, reliability.
Non‑virtualized storage ❌ Used for Huawei
distributed block storage
or eVol (no virtualization by
default).
Raw Device Mapping
(RDM)
✅ (as whole disk) Direct LUN attachment, no
virtualized features.

📦 Storage Model Overview

NAS – shared directory.
SAN – LUN.
Local hard disk – can be virtualized or used raw.
Huawei distributed block storage – non‑virtualized by default.
 eVol – storage pool used as datastore; creates LUN automatically, does not use
VIMS.

🖥️ Virtual Image Management System (VIMS)

Purpose – High‑performance cluster file system for VM storage.

The diagram shows VMs with stacked disks connected to FusionCompute, which in turn
links to VIMS and SAN devices, illustrating the storage hierarchy.
Supported File System Formats
VIMS – optimized for VM storage.
NFS (v3) – NAS‑based.
EXT4 – local disk virtualization.
Distributed Lock Manager (DLM)
Implements distributed full‑symmetric lock.
Multiple masters, each handles one lock resource.
Master election: first requester or smallest VIMS node ID; re‑elected on failure.

Heartbeat Types
Disk heartbeat – verifies read/write capability on shared storage.
Network heartbeat – checks inter‑host communication.

💾 Disk Types & Configuration Modes

Disk Type Shared? Description
Non‑shared ❌ Used by a single VM only.
Shared ✅ Accessible by multiple
VMs.
Configuration Modes
1. Common – allocate full capacity, zero out data (best performance).
2. Thin provisioning – allocate on demand, expands up to configured size.
3. Thick provisioning lazy zeroed – allocate space now, zero on first write
(medium performance).
Disk Modes
Dependent – participates in snapshots.
Independent & persistent – unaffected by snapshots.
Independent & non‑persistent – changes discarded after VM stop or snapshot
restore.

📁 Delta Disk & Snapshot

Delta disk – stores only differential data relative to a parent disk; essential for
snapshots, non‑persistent disks, linked clones.
Read flow – try delta first; if missing, read from parent.
Write flow – always writes to delta.
 Definition – Snapshot preserves VM state (disk, memory, registers). FusionCompute
supports common, consistency, and memory snapshots.

Snapshot Lifecycle
1. Create → delta disk generated; source disk becomes read‑only.
2. Rollback → delete delta, revert to source.
3. Delete → merge delta into source, producing a new consolidated disk.

🔄 Storage Live Migration

Cold migration – VM stopped, disks moved.
Live migration – VM running; uses write‑on‑write redirection to a differential
disk on target storage.

Important – Shared disks, linked‑clone disks, and non‑persistent disks cannot be

live‑migrated; VMs must be stopped for those cases.

📦 Raw Device Mapping (RDM)

Maps physical LUNs (FC or iSCSI) directly to VMs, bypassing the hypervisor.
Advantages – Shorter I/O path, near‑bare‑metal performance, transparent
SCSI command pass‑through.
Limitations – No thin provisioning, live migration, snapshot, QoS, backup, etc.

🌐 Network Virtualization
Linux Bridge
Layer‑2 virtual switch; bridges physical NIC (eth0) with tap interfaces (tap0,
tap1).
Shows VMs connected via tap interfaces to a bridge (br0) which binds to the physical NIC,
providing transparent L2 forwarding.
Open vSwitch (OVS)
Software‑based virtual Ethernet switch.
Supports OpenFlow, NetFlow, sFlow, SPAN, RSPAN, LACP, 802.1ag.
Can run in kernel mode or user‑mode with DPDK for high‑performance packet
processing.
Distributed Virtual Switch (DVS)
Acts as a single logical switch across multiple hosts.
Port groups define common attributes (QoS, security) and share a VLAN.
Uplink connects DVS to physical NICs; uplink aggregation provides
load‑balancing.
Two hosts with VMs connected to separate DVS instances, which then link to a hardware
switch, illustrating cross‑host VM communication.
VM Communication on FusionCompute
Depicts VMs (VM1‑VM7) communicating via CNAs and VLANs through a DVS, highlighting
isolation and traffic flow.

🔐 Security Features
Layer‑2 Security Policies
IP‑MAC binding – prevents spoofing; enables IP Source Guard & DAI.
DHCP server quarantine – blocks unauthorized DHCP services.

Broadcast Packet Suppression

Suppresses excessive broadcast traffic; configurable per port‑group threshold.

Security Groups
Collections of VMs sharing the same access rules.
Each VM NIC belongs to one security group.

Trunk Port

Illustrates tagging/untagging of traffic: untagged packets receive PVID 10; tagged packets
for VLAN 10 or 20 are forwarded accordingly.
Access port – single VLAN.
Trunk port – multiple VLANs; used when a VM NIC needs multi‑VLAN tagging.

📊 Network QoS & Port Binding

QoS policies – direction‑based bandwidth control, shaping, priority per
port‑group.
 Port binding – aggregates NICs for reliability; modes include active‑backup,
round‑robin, LACP, MAC/IP‑based load balancing.

🏢 Cluster & Host Management

Cluster Resource Management
Configure HA policy, memory over‑commit, VM start policy.
Enable Dynamic Resource Scheduler (DRS) after activating scheduling.

Host Management Tasks

BMC configuration – enables remote power control.
Maintenance mode – isolates host for repairs; VMs must be stopped or
migrated.
Hugepage memory – optimizes VM memory access.
User‑mode switch (DPDK) – configure for high‑performance networking.

💻 VM Lifecycle Management
Creation Options
Bare VM – no OS; install later.
Template‑based VM – inherits OS, disks, NICs from template.
Clone – copy of existing VM; can modify attributes during creation.

Cloning, Power‑off, Deletion

Clone creates a new VM with optional parameter changes.
Power‑off stops VM execution; deletion removes VM and associated resources.

📁 Storage Resource Management

Shows steps: add service port → configure storage mapping → scan devices → associate
with host → add datastore → create disk.
Supports IP SAN (example flow).
Datastore creation may require formatting (ensure data is backed up).

🌐 Network Resource Management

Element Description
DVS Virtual switch for L2 communication
across hosts.
Port group Logical set of ports sharing VLAN and
QoS attributes.
Uplink Connects DVS to physical NICs for
external traffic.

🚨 Alarm & Monitoring

Severity Meaning
Critical Immediate service‑affecting fault.
Major Urgent fault that could become critical.
Minor Non‑impacting fault; corrective action
recommended.
 Warning Potential issue detected before impact.
Monitoring can query cluster, host, VM metrics over specified periods.
Charts support single‑object/multiple‑KPIs or single‑KPI/multiple‑objects.

👤 Account Management
Login Mode Default User / Password Permissions
Common admin / XXXXX System administrator (full
rights).
System sysadmin / XXXXX Service management.
Security secadmin / XXXXX Role‑based security admin
(no user creation).
Auditor secauditor / XXXXX Read‑only log access.
Login mode set at installation; cannot be changed later.
Daily automated backup at 02:00; hourly management data backup; retention
of two backup files.

🛠️ System Configuration
Domain authentication, license updates, logo change.
Login timeout, resource scheduling interval, SNMP station.
VRM deployment mode switch (standalone ↔ active/standby).

📋 Task Management
View task progress, logs, and status via the Task Center.

📚 FusionAccess Overview
Architecture Highlights
Shows TCM/TC, FusionAccess Web Client, LiteAS/AD/DNS/DHCP, vLB/vAG, and cloud
infrastructure (hybrid/public, Kunpeng & x86). Service flow (solid red) and control flow
(dotted red) are distinguished.
VDI vs. IDV – VDI centralizes compute/storage in the data center; IDV uses
local resources on terminals.
Benefits – cloud data storage, automated resource management, high
availability (99.9 %), mobile office support, reduced noise/power, high‑fidelity
display & audio via HDP protocol.

FusionAccess Advantages
Central “Leading HDP Protocol” node points to four benefit boxes: high‑fidelity display,
high‑fidelity audio, peripheral compatibility, multiple virtual channels with flexible control.
High‑fidelity display & audio – superior user experience.
Peripheral compatibility – supports diverse devices.
Multiple virtual channels – flexible control and resource allocation.

Key Takeaways
FusionCompute integrates compute, storage, and network virtualization
through VIMS, DVS, and RDM.
Storage options include virtualized datastores, raw device mapping, and eVol
pools, each with distinct features.
Network virtualization leverages Linux bridge, OVS, and DVS to provide
flexible, secure L2 connectivity, VLAN tagging, QoS, and security policies.
FusionAccess builds on FusionCompute to deliver a cloud‑based desktop
solution with centralized data, high availability, and HDP‑driven high‑fidelity
🖥️
experience. ## HDP Overview & Virtual Channels
Up to 64 virtual channels; each carries a distinct upper‑layer application
protocol.
QoS priorities ensure critical channels (e.g., keyboard & mouse) receive top
priority, enhancing security and user experience.
Compression strategies: lossless for text & UI elements, lossy for natural
images, balancing bandwidth and display quality.
 Intelligent bandwidth saving: HDP detects unchanged image regions and
transmits only changed data.

Definition: Virtual channel – a logical pathway within HDP that isolates traffic for
different application types, allowing independent QoS handling.

🎨 High‑Fidelity Display & Audio Technology

Display
Lossless compression for non‑natural images (PSNR > 50 000 dB,
SSIM ≈ 0.999955).
Lossy compression for photos and videos.
Automatic detection of video scenes; uses H.264/MPEG‑2 encoding.
Supports 4K video playback with dynamic frame‑rate adaptation
based on network quality.
Audio
Detects voice scenarios, applies denoising, and uses VoIP‑optimized
codecs for speech.
High‑fidelity music compression for music streams.
Maintains 44.1 kHz sampling rate and stereo mixing.
Low latency path: audio data bypasses buffering to preserve
real‑time communication.

🔌 Peripheral Compatibility
Supports a wide range of peripherals: USB devices, printers, cameras, TWAIN
scanners, etc.
Port redirection (USB, serial, parallel) maps hardware ports to the remote
desktop.
Device redirection (camera, TWAIN) compresses data before transmission,
reducing bandwidth by up to 10×.

📊 FusionAccess Deployment Scenarios

Scenario Description Deployment Model Typical Use‑Case
Personalized Apps Users need custom 1:1 private Daily office, R&D
& Data installations & desktop (full copy)
personal storage.
 Shared Apps, No custom apps; M:N pooled Call center
Personal Data personal data desktops (linked
stored on NAS. clone) + profile
roaming
No No custom apps or M:N pooled Meeting rooms,
Personalization data; auto‑restore desktops (linked training classrooms
on shutdown. clone)

🔐 E2E Security Design

SSL‑encrypted HDP ensures secure transmission.
Multiple protection layers (authentication, encrypted management channels,
firewalls, watermark policies).
11 key measures guarantee data is not stored locally, actions are traceable,
and processes are auditable.

Definition: E2E security – end‑to‑end protection covering transmission, access control,

and data handling throughout the FusionAccess stack.

🛡️ High‑Reliability Solution
Hardware reliability: redundant cabinets, power, cooling; servers with
component redundancy & intelligent fault detection.
Network reliability: separate management, service, and storage planes;
stacked switches with redundancy; NICs in active‑standby mode.
Cloud desktop reliability: automatic session reconnection, anti‑collision port
handling, self‑healing agents, and self‑service maintenance console.

🧩 Core Components Architecture

The diagram breaks down FusionAccess into layers: Terminal Access (TC/SC/MT, HDP
Client), Access Control (WI, UNS, VAG, VLB), Virtual Desktop Management (HDC, LiteAS,
License, ITA, TCM, GaussDB, Backup Server, AUS, Cache), Virtual Desktop Pool (VM,
HDA, Windows/Linux), Existing IT Systems (AD, DNS, DHCP), and the Cloud Platform.
Terminal Access
HDP Client – installed on terminals; uses SSL‑encrypted HDP to communicate
with the access gateway.
HDA (Huawei Desktop Agent) – runs inside VMs; bridges VM I/O with
desktop management components.

Access Control Layer

WI (Web Interface) – web login page; forwards encrypted credentials to
LiteAS for authentication, then displays VM list from HDC.
VAG (Virtual Access Gateway) – gateway & self‑service console; enables VNC
access for faulty desktops.
VLB (Virtual Load Balancer) – distributes login requests across multiple WIs,
performs health checks, and resolves a shared domain name to active WI IPs.
UNS (Unified Name Service) – provides a single domain name/IP to reach
multiple FusionAccess systems, simplifying user access.
VNCProxy – self‑help console for fault recovery via VNC.
Virtual Desktop Management Layer
ITA (IT Adapter) – web service (Tomcat) that creates, provisions, and maintains
VMs by interfacing with HDC, FusionCompute, DNS, etc.
HDC (Huawei Desktop Controller) – core manager; maps users to desktops,
handles login flow, and aggregates status from HDA.
TCM (Thin Client Management) – central manager for thin clients (version
upgrades, status monitoring, logs).
License Server – distributes HDP connection licenses; enforces limits (e.g., new
users blocked when usage > 1.1 × total licenses).
GaussDB – stores configuration data for ITA, HDC, LiteAS.
Backup Server – daily FTPS backups (01:00 AM), retains up to 10 days of
snapshots.
LiteAS – unified authentication server; can integrate up to 20 Windows AD
domains.
AUS (AccessAgent Update Server) – handles HDA upgrades.
Cache – high‑performance key‑value store for fast reads/writes.

📺 HDP Protocol Details

2D Graphics Display Technology
Lossless compression for non‑natural images; lossy for natural images.
Change detection sends only modified regions, reducing bandwidth.
Multiple algorithms automatically selected per image type.

Audio Technology
Feature Description
Music compression Uses high‑fidelity codecs for music
streams.
Voice compression VoIP‑optimized codec with denoising.
Latency Transparent transmission on TCs to avoid
buffering.
Sampling Fixed 44.1 kHz, stereo mixing enabled.

Display Technology (Video)

Two playback modes:
 1. Video recoding – server decodes & re‑encodes before sending
(CPU‑heavy).
2. Video redirection – server captures video stream, sends raw stream
to client for decoding (CPU‑light).
4K support: video streams are decapsulated and decoded on the client,
minimizing server load.
Key video techniques: intelligent video detection, dynamic frame‑rate
adaptation, resolution‑aware traffic adjustment, hardware‑accelerated
decoding on TCs.

Peripheral Redirection
Port redirection: USB, serial, parallel ports forwarded unchanged to VM (high
compatibility, higher bandwidth).
Device redirection: e.g., camera data compressed (H.264) on client, sent to
VM, reducing bandwidth 10×.

3D Graphics Display Technology

GPU Passthrough – each VM gets exclusive access to a physical GPU via driver.
GPU Hardware Virtualization (vGPU) – one physical NVIDIA GRID card split
into up to 32 vGPUs, each bound to a VM.
Graphics Workstation Management – integrates dedicated graphics
workstations into FusionAccess for CAD, animation, simulation workloads.

The client manager interface lists client groups, showing status, IP, agent version, and
system build date, facilitating centralized thin‑client administration.
📚 Comparison of Common Desktop Protocols
Feature PCoIP ICA/HDX RDP/RemoteFX SPICE HDP
Transmission High Low High Low Low
bandwidth
Image High Medium Low High High
quality
Two‑way Low High Medium High High
audio
Video Low Medium Medium High High
support
Peripheral Low High High Medium High
support
Security High High Medium High High

🏢 Application Scenarios
Secure Office (Intranet/Extranet Isolation)
Logical & physical isolation via dual‑NIC TCs.
One NIC connects to the office network, the other to the service network;
dual‑screen support enables simultaneous access to two desktops.

Public Desktop (Pooled, Auto‑Recycle)

No fixed user‑desktop mapping; desktops are reclaimed after use.
Supports auto‑restart, batch updates, and simple maintenance.

Standard Office (1:1 Dedicated)

Full‑copy VMs with independent system & data disks.
High security, customization, and performance; peripheral support identical to
physical PCs.

Professional Design (GPU Cloud Desktops)

GPU‑accelerated VMs for CAD, simulation, media editing.
 Uses NVIDIA vGPU or passthrough, delivering smooth 3D rendering and 4K
playback.

Branch Offices
Centralized management at HQ; only management traffic traverses WAN
(≈2 Mbit/s, < 50 ms latency).
Local VM traffic stays on‑premises, reducing bandwidth needs and ensuring
continuity during WAN outages.

Office Automation
Integrates with existing AD, DNS, DHCP for seamless authentication and IP
assignment.
Zone‑based data security (red/yellow/green) isolates information by
confidentiality level.

🗂️ Deployment Schemes
Scheme Users Components per Key Specs
VM
All‑in‑one < 500 All components on EulerOS 2.8 (ARM)
a single VM (ITA, / 2.5 (x86),
GaussDB, HDC, 16 vCPU, 16 GB
Cache, WI, License, RAM, 60 GB
LiteAS) sys‑disk, 2 NICs
Standard 500 – 10 000 Split across multiple Similar OS, 8 vCPU,
VMs (e.g., VAG, 4 GB RAM, 40 GB
VLB, VNCProxy sys‑disk per
separate) component VM
Dual‑node Any Same components First NIC = service
(active/standby) as above, deployed plane, second NIC =
on two CNA nodes management plane
for HA (added post‑install)

🌐 Network Plane & Port Groups

Illustrates the separation of management and service NICs: ManagementDVS hosts
ManagePortgroup (connected to VRM1/VRM2) while FA_ServicePortgroup links to
FA‑01/FA‑02, AD/DHCP/DNS, and virtual desktops.
Same network segment → create service‑plane port group on
ManagementDVS.
Different segments → create service‑plane port group on a dedicated
ServiceDVS.

🗂️ Active Directory (AD) Basics

Definition: Active Directory – a directory service that stores network resource
information (users, computers, printers) and provides centralized authentication,
authorization, and policy management.

AD Objects
Domain Controller – hosts the AD database; multiple controllers synchronize
data.
User, Computer, Group, Organizational Unit (OU) – fundamental objects
organized in a hierarchical tree.

Organizational Units vs. Groups

Aspect OU Group
Contains Users, computers, printers, Only user/computer
shared folders accounts
 Policy application Can have Group Policy No GPOs; used for
Objects (GPOs) applied permission assignment
Nesting Can contain other OUs Groups can be nested

Shows the “Move” operation for a user account (tsdadmin) from one container to another
OU, preserving permissions while adopting the target OU’s group policies.
Common AD Operations
Add/Remove users to/from groups.
Enable/disable accounts, reset passwords.
Move objects between OUs.
Rename or delete objects.

End of study notes.## 🔐 AD vs OU Similarities & Differences

Similarity: Both Organizational Units (OUs) and domains are Active
Directory (AD) logical structures.
They serve as management units for users and computers.
Both contain AD objects and can be configured with Group Policies.
Differences
Users can log in to a domain but cannot log in to an OU.
Domains are created before OUs; OUs exist inside domains.
A domain is a higher‑level container than an OU.
 Definition: Organizational Unit (OU) – a container within an AD domain used to
organize objects for easier administration.

🖥️ Adding a Computer to an AD Domain

1. Host/VM joins AD – the host sends a login request.
2. Local login → system verifies credentials against the local account database.
3. Domain login → system checks credentials against the Domain Controller (DC)
database.
4. If credentials match, the user gains access; otherwise, the login fails.

Definition: Domain Controller – a server that stores AD data and handles

authentication requests.

🌐 DNS Overview
Distributed database that maps IP addresses ↔ domain names.
Advantages:
Users type easy‑to‑remember names instead of numeric IPs.
Works with the domain controller; the DC registers its role so other
computers can locate it.
The diagram shows the hierarchical DNS tree: Root → Top‑Level Domains (com, edu, gov,
etc.) → Second‑Level Domain (hcia.edu) → Subdomain (fa.hcia.edu) → Host (host‑a, www).
This visual clarifies how domain names are structured from the root down to individual
hosts.
DNS Domain Name Structure
Level Example
Root domain . (implicit)
Top‑Level domain com, edu, gov, int, mil, net, org
Second‑Level domain hcia.edu
Subdomain fa.hcia.edu
Host name host-a (laptop) or www (server)

📡 DNS Query Types

Query Mode Behavior
Recursive DNS server must return the final answer
to the client, querying other servers if
needed.
Iterative DNS server refers the client to another
DNS server; the client continues querying
until it gets the answer.

Definition: Recursive query – the DNS server does all the work to resolve the name for
the client.
Definition: Iterative query – the DNS server points the client to a next‑closest server.

🗂️ DNS Records
Forward lookup zone – resolves domain name → IP address.
Reverse lookup zone – resolves IP address → domain name (creates a PTR
record).
Creating a forward‑lookup host record
Example FQDN: host.vdesktop.huawei.com → IP 192.168.105.0.
Optionally select “Create associated PTR record” to also generate a reverse
entry.
Creating a reverse‑lookup zone
Define the network ID (e.g., 192.168.105) and the zone name becomes
105.168.192.in‑addr.arpa.

📡 DNS Forwarder Configuration

DNS server first attempts local resolution.
On failure, it sends a recursive query to an external DNS server (the
forwarder).
Ensures VMs can resolve public Internet names.

📶 DHCP Overview
Protocol at the application layer (uses UDP).
Functions:
Automatically assign IP address, subnet mask, default gateway,
DNS server.
Centralize IP management for the entire network.

Definition: DHCP lease – the time period for which an IP address is allocated to a
client.

Why DHCP Is Needed

Issue DHCP Solution
Address conflicts in large networks Central allocation prevents duplicates.
Manual configuration burden for many Automated provisioning reduces errors
hosts and effort.
Dynamic environments (roaming laptops, Lease renewal adapts to new locations
subnet changes) automatically.
🖥️ FusionAccess Components
Component Role
HDC (Huawei Desktop Controller) Handles AD synchronization and user
login.
FusionAccess VM Provides desktop services.
FusionCompute Underlying virtualization platform.
VAG / VLB Gateway and load‑balancing for virtual
desktops.
LiteAS Default authentication/authorization
service (can be replaced by AD).
DHCP / DNS Network services for VM connectivity.

🖥️ AD/DNS/DHCP Installation Plan (Specs)

Parameter Requirement
OS Windows
Server 2016 Standard/Datacenter 64‑bit
or Windows
Server 2019 Standard/Datacenter 64‑bit
CPU / Memory VCPU count & GB RAM as per deployment
size (e.g., 50 GB disk, 2 NICs)
Storage Data disk > 15 GB for backups
Deployment mode Dual‑node (active/standby) on separate
CNAs
Additional NIC Optional for management traffic

📦 Clone Technologies Overview

Full Copy – each VM gets its own independent system disk; modifications do
not affect the template.
 Linked Clone – multiple VMs share a read‑only base disk plus a
thin‑provisioned delta disk for writes.
QuickPrep – similar to Full Copy but without Sysprep; the VM is renamed and
joined to the domain by application scripts.

The diagram shows a Source VM (CPU, Memory, Disk) cloned into a Target VM. The
Target shares the Disk with the Source, illustrating the “share” relationship of linked
clones.
Comparison Table
Feature Full Copy Linked Clone QuickPrep
System Disk Independent per Shared base + delta Independent (no
VM (thin) Sysprep)
Provisioning Slow Fast Medium
Speed
 Storage Use High (duplicate Low (shared base) Medium
disks)
Update Method Update each VM Update base Update each VM
individually template once (no template)
Data Persistence Saves user changes Delta cleared on Saves changes (like
reboot (optional) full copy)
SID Handling Requires Sysprep No Sysprep needed No Sysprep needed

🛠️ Template Creation Steps

Windows Template
1. Create a bare VM on FusionCompute.
2. Mount the Windows ISO and install OS + required drivers/software.
3. Run Sysprep (removes SID, resets activation).
4. Convert the VM to a template.
Linux Template
1. Create a bare VM and mount the Linux ISO.
2. Install OS, drivers, and necessary packages.
3. Ensure the VM can communicate with AD (for domain‑joined templates).
4. Convert the VM to a template.

Definition: Sysprep – a Microsoft tool that removes system‑specific data (e.g., SID)
from a Windows image to allow safe cloning.

🖥️ System Encapsulation & Sysprep

System encapsulation records a full system image to a virtual drive, allowing
rapid redeployment (5‑10 min).
Sysprep is required for Full Copy templates to avoid SID duplication, which
would cause domain‑join and permission issues.

📂 Desktop Groups & Pools

Private group – one‑to‑many mapping; a computer may serve multiple users
(but not simultaneously).
 Static pool – each user gets a fixed computer after first login.
Dynamic pool – computers are assigned on‑demand; no permanent binding.

Definition: Desktop group – a collection of virtual computers assigned to users or user

groups.

🚀 Quick Provisioning Overview

1. Create a computer – select computer group, template, CPU/Memory/Disk,
NIC, quantity.
2. Assign computers – pick desktop group, assignment type, and user(s).
3. Confirm – review configuration.
4. Finish – provisioning takes ~20 min; monitor progress in the task center.

The flowchart illustrates the four‑step quick‑provision process: create → assign → confirm
→ finish.

📋 Parameters for Creating a Computer

Computer Group – existing or new (Full Copy / Linked Clone / QuickPrep).
Template – select appropriate OS/template.
CPU / Memory – default or custom values.
Disk – choose storage, set Thin Provisioning for linked clones.
NIC – select service‑plane port group; first NIC can use static IP.
Domain name – must match the domain of the template (for QuickPrep/Linked
Clone).
Quantity – up to 100 computers per batch (recommended < 5 for test).
Naming rule – optional; avoid including domain account names in
static/dynamic pool names.
🖥️ Assigning Computers
1. Choose HDC (if needed).
2. Select Desktop Group (Private, Static Pool, Dynamic Pool).
3. Set Assignment type (single user, static multi‑user, etc.).
4. Add users or groups and set permission level (Administrator / Users).

📑 Policy Management – Protocol Policy Creation

1. Create Policy Group – start from a template or a blank policy.
2. Specify Policies – configure peripherals, audio, display, file & clipboard, access
control, etc.
3. Specify Target – choose Desktop Group, Computer, VIP Desktop, User, OU,
Client IP, or WI.
4. Finish – policy becomes active.

The flowchart details the four stages of creating a protocol policy: create group → specify
policies → specify target → finish.
Common Policy Types
Peripherals – USB, printer redirection.
Audio – enable/disable audio redirection, set volume.
Display – resolution, bandwidth, compression.
File & Clipboard – copy‑paste restrictions.
Access Control – IP‑based restrictions, time‑based login limits.
Watermark – overlay for data protection.

🛠️ Modifying Computer Specifications

 1. Navigate to Resources > Desktops > Computers.
2. Select the target computer → Operation > Modify.
3. Adjust CPU / Memory (changes take effect after a restart).

➕ Adding Users to a Computer

1. Go to Resources > Desktops > Computers.
2. Select the computer → Operation > Assignment Relationship > Add User.
3. Choose users, set permission groups (Administrator / Users), and confirm.

The diagram shows the step‑by‑step process for adding a user to a computer in
FusionAccess.

📈 Upgrading to VIP Desktop

1. In Resources > Desktops, select the computer(s).
2. Choose Operation > Upgrade to VIP.
3. Confirm; the system restarts the VM to apply higher‑priority resource policies.

🔐 User Access Control Policies

By default, no restrictions are applied.
To protect sensitive VMs, configure IP access control or time‑based login
limits within the protocol policy.

Key Acronyms
AD – Active Directory
OU – Organizational Unit
DNS – Domain Name System
DHCP – Dynamic Host Configuration Protocol
VM – Virtual Machine
 SID – Security Identifier
Sysprep – System Preparation Tool (Microsoft)
VAG / VLB – Virtual Access Gateway / Virtual Load Balancer
These notes capture the essential concepts, processes, and configurations needed to
work with Active Directory, DNS/DHCP, and Huawei FusionAccess virtualization
🔐
environments.## Access Control Policies
Access Time Control – restricts VM access during specified time periods.
Gateway Authentication Policy – enables encrypted client‑server connections
using Chinese cryptographic algorithms.
Terminal‑User Binding – a user can log in only from the bound terminal; other
devices are denied.
Terminal‑Desktop Binding – a desktop can be accessed only from its bound
terminal.

Definition: Binding relationships link users or groups to specific terminals/computers

to enforce access restrictions and protect sensitive information.

Policy Types Overview

Policy Type Purpose Key Setting
Access Time Control Limit VM usage windows Multiple time periods,
object exclusion
Gateway Authentication Secure encrypted links Chinese cryptographic
algorithm
Terminal‑User Binding Enforce device‑specific User ↔ Terminal
login association
Terminal‑Desktop Binding Enforce desktop‑specific Desktop ↔ Terminal
login association

🖥️ Unassigning and Restoring Computer Assignments

Unassign Process (Single‑User Assignment)
1. In FusionAccess, navigate Resources → Desktops → Operation → Unassigned.
2. Select the target computer(s) and confirm unassignment.
 The computer stops automatically.
After unassignment, it can be reassigned only to the original user; group
permissions stay unchanged.

Restore Process
1. Go to System → Tasks and Logs → Task Tracing.
2. Locate the Restore task, select the computers, and click Restore.
3. Wait for the task status to become Completed.

Notes
Computers with Assign to multiple users or Assign to a desktop group cannot
be reassigned after unassignment.
Restored computers become available after a ~3‑minute startup delay.

🔧 Changing a Computer IP Address

1. Select the target computer in FusionAccess.
2. Choose Operation → Modify (optional manual IP change).
3. (Optional) Enable/disable MAC Binding.
4. Restart the computer if the Running Status is Migrating or Recovering (MAC
operations are blocked).

Tip: IP synchronization is allowed only when the computer is in the Running state.

📦 VM Template Management
Updating a Full‑Copy VM Template
1. In FusionCompute, Create → VM → Choose Resource → Install Application
Template.
2. Convert the VM to a Full Copy template.
3. On FusionAccess, select the template and choose Update Template.

Updating a Linked‑Clone / QuickPrep Template

1. Convert an existing VM to a Linked Clone or QuickPrep template.
2. Use the template tool to configure OS and install required applications.
3. Convert the cloned template back to a VM and start it.
 4. In FusionCompute, VM Template → More → Clone to Template.

The flowchart illustrates the four steps for converting a VM into a template, configuring it,
and cloning it back to a VM.
Post‑Update Actions
After updating a linked‑clone template, delete old VMs and provision new ones,
or recompose system disks.
Prepare services beforehand, as live network traffic may be affected.

💾 System Disk Recompose & Restore

Action Scope Data Retention Key Warning
Recompose Single or batch Data disks only; Notify users to
System Disk computers (same system disk data back up; full‑copy
assignment type) (Desktop, computers can
Favorites) lost keep the original
disk as a data disk
Restore System Single or batch Data disks only; Same backup
Disk computers (same system disk data notice as
assignment type) lost recomposition
Only linked‑clone computers lose system‑disk data; full‑copy computers can
retain the original disk as a data disk.

🔄 Self‑Service Backup
Enable on end‑user computers via Resources → Desktops → Operation → Set
Backup.
 Prerequisites: Assignment status must be Assigned; supported desktop types
are 1:1 dedicated desktops and static pool desktops.
Backup Mode Schedule Storage Location
Local 03:00 daily /var/desktop/backup/
Remote 01:00 daily /var/ftpsite/<component>/
on backup server
Only one backup per desktop is kept; a new backup overwrites the previous
one.
Restoration uses the latest backup prior to the fault.

🆔 Updating Computer SIDs

When Windows AD changes domain info, computer SIDs may become inconsistent.
1. In FusionAccess, go to System → Tasks and Logs → Task Tracing.
2. Select affected computers, click More → Update SID.
3. Verify the task completes with status Completed.

Note: SIDs cannot be updated if the computer is currently recomposing or restoring a

system disk.

🛠️ FusionAccess Maintenance Tasks

Daily Tasks
Component Status Monitoring – detect exceptions via Monitoring → VIP
Desktop Alarms.
VIP Desktop Alarm Handling – configure email notifications (Monitoring →
Alarms → Email Notification).

Weekly Tasks
User VM Restart – recommended every 3–5 days (or weekly for long‑running
VMs).
Backup Function Check – ensure backup data exists according to the backup
policy.
🚫 Forbidden Operations
Category Prohibited Action Risk
Service Delete virtual desktops Users lose access
Network Disable VM NICs, modify Service disruption
routes, delete firewall ports
28511, 28512, 28521,
28522
Process Change default services in System instability
msconfig, disable HDP
services, kill
Local/Network/System
processes
Others Delete files in C:\Program Data loss / security breach
Files\Huawei, enable VM
hibernation, modify HDP
client config, run registry
cleaners

⚠️ Critical Operations
Operation Risk Mitigation
Bulk VM Service interruption if done Perform in low‑traffic
creation/association during peak hours periods
Recompose System Disk Potential data loss (system Only for linked‑clone VMs;
disk) backup data disks first
Restore System Disk Same data‑loss risk as Ensure backup of data
recomposition disks
Adjust VM clock source Service interruption if Adjust during maintenance
changed during active use windows
Concurrent VM updates CPU overload, I/O storms Stagger updates, monitor
alarms
🛡️ O&M Tools
Windows O&M Tool – provides connection inspection, log collection,
peripheral assistance, and process monitoring. Pre‑installed on provisioned
desktops.
Linux Log Collection Tool – auto‑installed on Linux workspaces for log
gathering.
Linux Maintenance Tool – checks workspace status and auto‑rectifies faults.

🔁 Periodic Infrastructure VM Restart

Restart every 3 months (≤ 120 days) during idle hours.
Restart active ITA node only when no provisioning tasks run.
If HDP passes through the gateway, restarting active/standby ITA nodes forces
users to re‑login.

🔐 Account Management
Password Rotation – change default passwords for all FusionAccess accounts.
Lockout Threshold – set a reasonable login‑failure limit via System → System
Authentication → Lockout Threshold to balance security and usability.

🗄️ Backup & Restoration Policies

Mode Time Location Retention
Local 03:00 daily /var/desktop/backup/Unlimited (subject
to disk space)
Remote 01:00 daily /var/ftpsite/<component>/ 10 days
on backup server (auto‑delete oldest
if space low)
Restoration: Identify the fault alarm timestamp, then restore using the latest
backup preceding the fault.
Recovery Paths:
Software reinstallation → reinstall component, restore from backup.
OS reinstallation → rebuild server, reinstall component, restore from
backup.
📚 OpenStack Overview
OpenStack = open‑source cloud operating system managing compute, storage,
and network pools via RESTful APIs or Horizon dashboard.

Core Services
Service Function
Nova Compute instance lifecycle management
Neutron Network provisioning and management
Cinder Block storage for instances
Swift Object storage for unstructured data
Glance VM image catalog
Keystone Identity, authentication, and service
catalog
Heat Orchestration (templates, stacks)
Ceilometer Telemetry and metering

Illustrates how devices connect to edge nodes, which in turn integrate with cloud services
(IEF) for processing and management.

🔗 OpenStack vs. FusionCompute

Feature OpenStack FusionCompute
 Licensing Fully open‑source, free Some features require
license
Architecture Modular, separate All‑in‑one packaged
components solution
Multi‑Tenancy Supported (metering, Not supported
approval)
CMP Layer (ManageOne) Supported Not supported

🖥️ Edge Computing
Definition: Distributed architecture moving compute, storage, and services
from central data centers to network‑edge nodes.
Advantages
Data privacy (local processing)
Lower latency & faster processing
Cost reduction (less data transfer)
Offline operation capability
Decentralized resilience
Edge‑Cloud Relationship
Edge handles real‑time processing; cloud stores long‑term data and performs
heavy analytics.

🤖 Intelligent Edge (IEF)

Built on KubeEdge + Kubernetes; provides lightweight, ultra‑low‑latency edge
nodes.
Shows the layered architecture: Products & Services (DevOps, Microservice/CI‑CD,
Container) atop the Platform (cloud platform, compute/storage/network).
Key Values
Lightweight Operations – runs on 128 MB edge hardware.
Edge‑Cloud Collaboration – AI inference at edge, training in cloud.
Secure Access – per‑device certificates.
Offline Self‑Healing – local management when disconnected.
Open Ecosystem – marketplace for edge applications.

Application Scenarios
Smart Campus, Quality Inspection, Smart Mining, Smart Transport.

⛓️ Blockchain Basics
Blockchain = tamper‑proof distributed ledger using cryptographic hashing and
consensus.
Core Concepts
Concept Description
Distributed Ledger Replicated, synchronized database across
participants
Hash Algorithm Verifies data integrity; any change alters
the hash
 Consensus Majority agreement on transaction validity
Smart Contract Automated, immutable code triggered by
conditions

Benefits
Higher efficiency, reduced costs, lower risk, stronger trust, transparent audit.

☁️ Cloud Native
Cloud Native = building & running scalable applications that fully exploit cloud
environments (containers, microservices, immutable infrastructure, declarative
APIs).
Components
Container – OS‑level virtualization (e.g., Docker).
Microservice – Small, independent services communicating via APIs.
Service Mesh – Decouples service communication, provides observability &
security.
Immutable Infrastructure – Replace rather than modify running instances.
Declarative APIs – Describe desired state; system converges to it.

Twelve‑Factor Principles (summary)

1. Codebase + Version control
2. Dependencies declared
3. Config stored in environment
4. Backing services treated as attached resources
5. Build, release, run separation
6. Stateless processes
7. Port binding
8. Concurrency via process model
9. Disposability (fast start/stop)
10. Dev/prod parity
11. Logs as event streams
12. Admin processes as one‑off tasks

🤖 Artificial Intelligence Overview

 AI – science & engineering of making machines exhibit intelligent behavior.
Machine Learning (ML) – algorithms that learn patterns from data.
Deep Learning (DL) – neural‑network‑based ML, handling high‑dimensional
data.

Development Pipeline
1. Determine Objective
2. Prepare Data
3. Train Model
4. Evaluate Model
5. Deploy Model

ModelArts Platform
One‑stop AI development (data prep, auto‑labeling, distributed training, model
deployment).
Supports TensorFlow, PyTorch, MindSpore, and custom frameworks.
Enables one‑click model building, shared AI deployment across cloud, edge,
and devices.