This topic describes the service architecture and network architecture of Elastic Desktop Service (Enterprise Edition) to help you understand the service workflow and network structure.
Service architecture
Elastic Desktop Service (Enterprise Edition) users are classified into the following types based on their job responsibilities and requirements:
Administrators: personnel who create and maintain cloud computers. Administrators manage resources such as office networks (formerly workspaces), cloud computers, policies, images, networks, storage, enterprise applications, and cloud computer templates.
End users: personnel who use cloud computers. End users can access cloud computers from Alibaba Cloud Workspace terminals.
Network architecture
Virtual private clouds (VPCs) are logically isolated private networks in the cloud. Elastic Desktop Service (Enterprise Edition) supports the following VPCs: management VPCs, Elastic Desktop Service VPCs, and office network VPCs. All the preceding types of VPCs are maintained by Alibaba Cloud.
You can use management VPCs and Elastic Desktop Service VPCs to deploy management components, cloud computers, and other resources.
Office network VPCs are secure office networks that are created by the Elastic Desktop Service system based on the IPv4 CIDR blocks that you specify when you create office networks. For more information about office networks, see Overview.
The following figure shows the network architecture.
Network connection
When end users use Alibaba Cloud Workspace terminals to connect to cloud computers, your end users can connect to cloud computers over the Internet (Alibaba Cloud networks) or VPCs (office networks). The network types that are used by end users to connect to cloud computers are determined by the attributes that you specify when you create the office networks in which the cloud computers reside.
Access over the Internet
If end users connect to cloud computers over the Internet, make sure that Alibaba Cloud Workspace terminals can access the Internet.
Access over VPCs
If end users connect to cloud computers over VPCs, you must use Express Connect, Smart Access Gateway (SAG), or VPN Gateway to establish connectivity between on-premises and off-premises networks.
NoteVPC connection relies on Alibaba Cloud PrivateLink, which helps establish private connection between Virtual Private Cloud and Alibaba Cloud services. You are not charged for using PrivateLink. If you select VPC or Internet and VPC as the connection method when you create an office network, the system automatically activates PrivateLink.
WarningIf you activate Elastic Desktop Service (Enterprise Edition) by using an Alibaba Cloud account on the China site (aliyun.com) in regions outside the Chinese mainland or on the International site (alibabacloud.com) in regions within the Chinese mainland, your business data in the cloud may be transmitted to the geographical locations or regions that you specified. Make sure that you have the permissions to manage business data in the cloud and can adopt technologies and policies to protect data. You must ensure that data transmission complies with legal regulations. For example, the transmitted data must not violate relevant policies or include forbidden or confidential content.
If your operations may involve cross-border data transmission, for example, from the Chinese mainland to countries and regions outside the Chinese mainland or between other countries and regions, contact professionals or compliance personnel before you proceed. Make sure that cross-border data transmission abides by legal regulations and policies. For example, you must obtain the permissions on individual information from entities, complete the signing and filling of service terms and agreements, and complete security assessment and other statutory obligations (if applicable).