Country / Region
I. Background
Local taxation departments lack information technology application and are faced with numerous information network management issues. A cloud platform for information data resources with the help of cloud desktops and virtualization management platforms can improve the information management efficiency of the entire bureau, innovate taxation management services, and improve the management level of taxation administration services. The demand for cloud desktops in the taxation industry is mainly from scenarios such as the taxation hall, taxation office, and training classroom. The Tax E-Learning platform of the Tax E-Learning application issued by the Education Center of the State Administration of Taxation is an integrated system that combines the learning system, training system, management system, and evaluation system. This platform addresses the needs for customer training, online examination, online question answering, and online face-to-face lectures, with physical isolation between internal and external networks for switching between internal and external networks.
II. Pain point analysis
Security: data security vulnerability
Data is stored locally in terminals.
It is difficult to manage and control different types of ports.
Restriction of user behavior is challenging.
Data leakage occurs as a result of computer theft and other high-risk activities.
Management: heavy O&M workload
Traditional PC deployment is time-consuming.
Faults need to be rectified on site, causing low efficiency.
Standardized management is difficult due to the diversity of software and software.
Data is prone to loss, adversely affecting official business.
Resources: low resource utilization
Business information cannot be effectively integrated and collaborated.
Upgradeability is limited due to the standardized hardware configuration.
Hardware resources are solidified and cannot be reused in the idle state, resulting in low resource utilization.
III. Solution overview
The preceding figure shows the architecture of H3C taxation cloud desktop solution:
H3C Workspace taxation cloud desktop solution is mainly composed of the following components:
1. H3C Cloud Desktop Studio
The management platform for cloud desktops is installed on the server. An administrator can use the platform to manage virtualization platforms, desktop images, desktop pools, and users related with cloud desktops.
2. H3C Workspace App
The client program for connecting to a Virtual Desktop Infrastructure (VDI) cloud desktop is deployed on a PC or a thin client. A user can use the client to efficiently transfer a desktop image and map a local device on the PC or thin client to the VDI cloud desktop.
3. H3C IDV Client
H3C Intelligent Desktop Virtualization (IDV) client runs on an IDV client. A user can access the IDV desktop through the H3C IDV client.
4. H3C Workspace SpaceAgent
The agent is used by H3C Workspace Studio management platform to manage terminals. It is deployed on a terminal and can provide various terminal management capabilities for the management platform.
Solution features
Superior experience
H3C Workspace taxation cloud desktops are scenario-optimized and performance-optimized for different application scenarios to better meet users' particular needs.
Similar user experience as PC
Users can log in to, power on, or power off desktops in the same way as for PCs. The Virtual Desktop Protocol (VDP) for desktop connection has been extensively optimized for desktop image transfer, achieving a significantly improved desktop access experience and the ability to log in to a desktop in seconds.
Perfect software compatibility
A list of compatible software is provided, supporting mainstream applications and anti-virus software. Industry software (such as C/S and B/S application software) is compatible. The GPU passthrough or hardware virtualization technology is used to meet the performance requirements of professional applications such as industrial drawing, supporting typical mainstream drawing software including 3DMaxs, AutoCAD, and ProE. For some special industry applications, customization is supported.
Smooth video experience
Video redirection technology improves the video experience for users while also reducing the server's resource overhead from video decoding. Moreover, high-concurrency video scenarios are supported.
Support for various external devices
With the independently developed peripheral redirection core technology and the same bus channel for PCs, employees can use peripherals such as printers, scanners, and Ukeys in the same way as for PCs.
Strong security
H3C Workspace taxation cloud desktop adopts the "Cloud-Network-Edge" systematic secure and reliable design to ensure multi-level security from terminal security, network security, and cloud platform security, to management security. With prevention as the main focus, reinforced by monitoring and auditing, this product guarantees all-round information security of office desktops, and reliability of clients and platforms.
Terminal security: Provides terminal feature code authentication and identity authentication of multiple factors such as fingerprint and USB key, denylist/whitelist control of ports and peripherals.
Network security: Supports virtual desktop pool isolation, desktop connection security, and encryption transmission.
Data security: Allows users to set a use policy of desktop peripherals and uses application software to control the use of non-compliant software. Security properties such as desktop watermark and read only for storage equipment ensure that data is not lost.
Cloud platform security: Supports distributed storage, VM image tiering storage, software-based data disk encryption, and traceless data processing. The virtualization anti-virus software ensures the security of the underlying virtualization platform.
Management security: Allows administrators to perform decentralized or domain-based management and to audit the behavior logs of desktop users.
All-round reliability guarantee: Supports network status detection, client self-service backup and recovery, automatic reconnection upon network crash, HA resource reservation of key components, and batch backup of VMs.
In addition, H3C Workspace taxation cloud desktop products support integration with third-party anti-virus or security software, such as ASIM Security, to provide a complete security protection solution in the virtualization environment. Without need of installing any agent in a virtual desktop, this product can protect the VM, thus ensuring the security of the virtualization environment.
Simple management
H3C Workspace Cloud Desktop Studio can manage physical resources, virtual resources, virtual desktop lifecycles, system alarms, and failures in a unified manner to improve efficiency of IT O&M.
Manage virtual desktop lifecycles, alarms, and failures in unified mode. Deploy the basic desktop environment in one hour, make the desktop quickly come online and expand, flexibly schedule resources to quickly respond to service changes, and improve the service support capability and response speed.
Allocate different desktop resource pools for different scenarios, supporting static, dynamic, and manual desktop pools.
Support batch upgrade of operating systems and application software and execute batch upgrade of software without affecting the software installed by users and personalized data.
Provide centralized network policy management and support specifying detailed security access rules for virtual desktop traffic (L2, L3, and L4 control, bilateral control, time interval-based control). When a virtual desktop is migrated between server hosts, the corresponding network policy configuration (ACL, QoS, VLAN, port binding, and others) files are also migrated simultaneously to ensure that the access control policy remains unchanged while services are not interrupted.
Smart O&M
H3C Workspace manages resources in centralized mode and simplifies the O&M process, bringing a balance between cost and efficiency to enterprises and improving the value of IT O&M.
Improve the IT O&M value
Provide rich automated O&M management tools, including the tool for automatically collecting and analyzing the information of the enterprise office environment (CPU, memory, and disk) with one click, user experience optimization tool, and one-click log collection tool, reducing maintenance difficulty and improving O&M efficiency.
Support automatic capacity expansion and automatic discovery of powered hardware to achieve flexible and fast expansion, and support linked cloning desktops to improve user experience and management efficiency.
Provide core components with independent intellectual property rights, support open and standard interfaces, flexibly adapt to industry applications, and quickly provide solutions to match industry-specific requirement.
IV. Solution features
Desktop management
Through the cloud desktop management platform, administrators can manage and control virtual desktops in a unified and centralized manner based on desktop pools. Administrators can perform batch deployment of virtual desktops in desktop pools and batch authorization for local users, domain users, and user groups. Through the static desktop pool, administrators allows users to exclusively use virtual desktops and make personalized settings for virtual desktops.
With the manual desktop pool, administrators can manually set desktop pool restore points as needed and manually perform restore operations when needed.
In the dynamic desktop pool, virtual desktops can be dynamically authorized. Virtual desktops are randomly assigned from the dynamic pool when users log in and automatically restored to the initial state after users close the virtual desktops.
In a static desktop pool, administrators can import existing VMs and manually remove VMs from the pool. In a manual or dynamic desktop pool, the management platform supports the release beyond a certain time after a VM is shut down, namely, the authorization relationship is automatically released over a certain time after the virtual desktop is closed. In this case, the virtual desktop can be requested for use by other authorized users in the pool.
User management
Through the user management module of H3C Workspace taxation cloud desktop management platform, administrators can maintain local users and domain users by group, including adding, modifying, deleting, querying, and other operations, as well as view the information of virtual desktops authorized by users and user groups. Administrators can synchronize LDAP domain users manually or periodically, and monitor online user information.
Furthermore, this platform supports local authentication, enabling users to simply authenticate in the cloud desktop management platform when logging in, resulting in faster login speeds and simpler management.
Desktop watermark
H3C Workspace taxation cloud desktop allows an administrator to configure the visible watermark function of the desktop. Then, the virtual desktop shows the login user name and time, and a user can customize the display content according to actual needs. The user can set the watermark to a fixed position or full screen and change its color, angle, and font prevent users from photographing the virtual desktop with camera equipment and leaking secrets.
The cloud desktop also supports the invisible watermark function, which means the watermark cannot be seen visually. The invisible watermark is suitable for confidentiality scenarios such as copyright protection or tracing responsibility following the disclosure of confidential information. If a user steals sensitive information through a snapshot of the cloud desktop screen, resulting in sensitive information leakage, the cloud desktop and user can be traced back through invisible watermark parsing.
Software distribution
When deploying software or updating software through H3C Workspace, administrators can create a separate software repository and distribute it directly to VMs without updating templates. The software distribution feature supports software deployment in seconds. To update software, only software libraries need to be distributed to VMs, which then restart and normally use the updated software.
Application control
H3C Workspace taxation cloud desktop supports batch control of illegal application software in the desktop pool by setting up an authorization policy for the software denylist, including:
Customize the software usage in VMs. When users do not want to run specific software in VMs, they can use this feature to prevent it from running.
Some software may affect VM security and stability in a given environment. In this case, you can use the software denylist function to block such software for a better virtual desktop experience.
Large-screen O&M
Through a unified web-based management portal, the H3C Workspace taxation cloud desktop management platform enables the centralized management and unified monitoring of physical and virtual resources. Cloud resources are displayed on the dashboard, implementing unified monitoring of data center clusters, hosts, storage, virtual machines, and network resources. Currently, the platform can monitor top 5 hosts and VMs in CPU, memory, and other resources.
High Reliability
H3C Workspace taxation cloud desktop cluster is developed based on the server virtualization platform with the hyper-convergence management feature and can provide users with multiple system reliability guarantees such as HA, DRS, and DPM, effectively ensuring the stability of cloud desktops. The centralized management based on the cluster has the following benefits:
Administrators can organize, monitor, and control the entire IT environment through a unified interface based on centralized management, lowering management expenses.
A cluster composed of multiple independent server hosts with a shared resource pool simplifies the complexity of desktop pool maintenance while also providing high availability. The virtualization platform monitors all hosts in the cluster. If one server fails, it responds quickly and restarts the affected virtual desktops on another server in the cluster, or you can manually migrate the online virtual desktop. The storage online migration function enables the online migration of virtual desktops across different storage types and between storage products from different vendors, allowing users to migrate running virtual desktops from one storage location to another in real time without interruption or downtime, providing a cost-effective solution for cloud desktop high availability.