In the official Huawei HCIA-Cloud Computing documentation, specifically the "FusionAccess Security" module, the system is described as having a multi-layered security architecture. These four access management policies are the primary tools used to control entry into the virtual desktop environment.

MAC address-based control (A)allows administrators to bind specific users or groups to authorized hardware devices. This ensures that even if a password is compromised, the user can only log in from a company-issued terminal.Time-based control (B)functions as a whitelist; it defines a "valid window" (e.g., 08:00 to 18:00) during which desktop access is permitted. Outside of these hours, the system rejects connection attempts, which is critical for managing contractors or ensuring compliance with labor regulations.

IP address-based control (C)is highly flexible, supporting both blacklists (to block known malicious ranges) and whitelists (to allow only local office subnets). Administrators can define these rules for individual IPs or entire CIDR blocks. Finally,Certificate-based control (D)provides the highest level of identity assurance. Unlike the other policies which can be granular, certificate authentication is typically a global system setting in the ITA/HDC configuration. When enabled, every client must present a valid digital certificate issued by a trusted Certificate Authority (CA) before they are even prompted for a username and password.

By combining these policies, Huawei FusionAccess creates a "Zero Trust" style environment where access is granted based on the user's identity, their physical device, their location (IP), and the time of day. Understanding how to configure these policies in theITA (IT Adapter)portal is a key requirement for the HCIA-Cloud Computing certification and essential for maintaining a secure enterprise desktop cloud.

====================