All Products
Search
Document Center

Elastic Desktop Service:Access a cloud computer over a private network

Last Updated:Jun 20, 2024

Cloud computers can be connected from an Alibaba Cloud Workspace client over the Internet or a virtual private cloud (VPC). If you want to connect to a cloud computer from a VPC, you must connect the on-premises network that the client uses to the office network of the cloud computer. To help you better understand the connection mechanism and establish connection between on-premises and off-premises networks, we recommend that you read this topic before you proceed.

Overview

When you connect to a cloud computer from an Alibaba Cloud Workspace client, you can select Internet or VPC as the connection method based on the connection method of the office network in which the cloud computer resides. The following table describes the network connection methods provided in the Elastic Desktop Service console.

Connection method

Description

Internet

The gateway of a cloud computer can be connected only over the Internet from an Alibaba Cloud Workspace client.

VPC

The gateway of a cloud computer can be connected only over an enterprise network in a VPC from an Alibaba Cloud Workspace client.

Internet and VPC

The gateway of a cloud computer can be connected over the Internet or a VPC from an Alibaba Cloud Workspace client.

Network architecture

You can attach the internal network of your data center and the VPC of the office network of a cloud computer to a Cloud Enterprise Network (CEN) instance by using Express Connect, Smart Access Gateway (SAG), or VPN Gateway. This can establish connection between the data center and all cloud resources in the VPC of the office network, as shown in the following figure.

image

In the preceding figure:

  • The private access solution of the office network relies on the hybrid cloud deployment capabilities provided by CEN. Then, the cloud computer can be accessed over the private network established between the data center and the VPC. You must configure route settings for the management link and data link of an Alibaba Cloud Workspace client. CEN can establish private connections between different network instances, such as VPCs, virtual border routers (VBRs), and cloud connect networks (CCNs). This way, on-premises and off-premises resources can communicate with each other. For more information, see What is CEN? or Combine multiple connection methods to build an enterprise-class hybrid cloud.

  • VPCs are logically isolated private networks in the cloud. In Elastic Desktop Service, networks fall into management VPCs and office network VPCs. The VPCs are maintained by Alibaba Cloud. Management VPCs provide networks for management components, and office network VPCs are dedicated VPCs, which are also called secure office networks, when you specify CIDR blocks of office networks.

  • Express Connect can connect the internal network in a data center to an Alibaba Cloud endpoint by using an Express Connect circuit. One end of the circuit connects the gateways in the data center, and the other end connects to a VBR. When you attach the VBR and office network VPC to the same CEN instance, the data center can access resources in the VPC. For more information, see What is a Express Connect?

  • SAG is a software-defined wide area network (SD-WAN) service provided by Alibaba Cloud. In most cases, SAG takes effect together with CCN. For more information, see What is a SAG?

  • VPN Gateway provides secure connectivity between multiple sites. VPN Gateway allows you to establish secure and reliable connections between a data center and an Alibaba Cloud VPC by creating encrypted tunnels. In the preceding figure, a user VPC is used to create a server in the cloud. The cloud server is required when you use VPN Gateway. In this case, you must provide a cloud VPC (user VPC) to create a cloud server. For more information, see What is VPN Gateway?

Network connection

If you want to log on to an Alibaba Cloud Workspace client by using the enterprise private network, you must establish a connection between on-premises and off-premises networks. You must connect the client to the office network of the cloud computer. You can use SAG, VPN Gateway, or Express Connect to establish the connection.

Method

Description

Reference

SAG APP

A SAG app is a software client of SAG. You can install the SAG app on a device such as a local computer or a mobile phone, and then use CCN to connect to the cloud to connect to a cloud computer.

Use an SAG app to access cloud computers from an Alibaba Cloud Workspace client over a private network

VPN Gateway (IPsec-VPN)

VPN Gateway supports IPsec-VPN and SSL-VPN connections. For more information, see VPN gateways.

You can use the IPsec-VPN feature to establish a secure connection between a data center and a VPC, or between two VPCs to access a cloud computer from an Alibaba Cloud Workspace client over a private network.

Use IPsec-VPN to access cloud computers from an Alibaba Cloud Workspace client over private networks

VPN Gateway (SSL-VPN)

You can use the SSL-VPN feature to access applications and services that are deployed in a VPC from an Alibaba Cloud Workspace client to access a cloud computer over a private network.

Use SSL-VPN to access cloud computers from an Alibaba Cloud Workspace client over a private network

Express Connect circuit

Alibaba Cloud Express Connect can establish high-speed, stable, and secure private network connections between data centers and VPCs by using Express Connect circuits. For more information, see What is a connection over an Express Connect circuit?

You can use an Express Connect circuit and an IPsec-VPN connection to establish active/standby connections to access a cloud computer over a private network.