In Elastic Desktop Service (EDS), a cloud computer policy is a set of configurations for managing cloud computers, including data security, access control, user experience, and collaboration. EDS provides a default cloud computer policy that cannot be modified or deleted. To meet your business requirements, you can create custom policies. This topic describes how to create and manage custom policies.
Create a custom policy
You can use different methods to create a custom policy.
Create from scratch
You can create a custom policy from scratch.
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose
.On the Policies page, click Create Policy.
On the Create Policy page, configure the Policy Name parameter as prompted, modify the policy configurations based on your business requirements, and then click OK.
After you create the custom policy, you can view the policy on the Policies page.
Clone an existing custom policy
If you want to quickly create a custom policy whose configurations are the same as or similar to an existing custom policy, we recommend that you clone the existing custom policy and modify the configurations based on your business requirements.
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose
.On the Policies page, find the existing custom policy that you want to clone and click Clone in the Actions column.
In the Clone Policy dialog box, specify a name for the custom policy that you want to create and click OK.
After you clone the existing custom policy, you can view the clone of the policy in the policy list and modify the configurations of the policy based on your business requirements.
Import a policy configuration file
You can import a standard policy configuration file in the JSON format to quickly create a custom policy.
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose
.On the Policies page, click Import Policy.
In the Import Policy dialog box, specify a name for the custom policy that you want to create, upload a policy configuration file in the JSON format, and then click OK.
From region-specific policies to global policies
Custom policies created before October 2024 are specific to individual regions and can only be applied to cloud computers in the same region. Custom policies created after October 2024 are not region-specific and can be applied to cloud computers across regions. For custom policies created before October 2024, you can switch them from region-specific to globally applicable. In this case, you can bind them to cloud computers from any regions.
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose
.On the Policies page, find the custom policy that you want to manage and click Switch to Global Policy in the Actions column. In the message that appears, click OK.
Change an associated policy
If the policy associated with your cloud computer or cloud computer pool cannot meet your business requirements, you can change the associated policy.
Replace the existing policy of a cloud computer
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose
.On the Cloud Computers page, perform the following operations to replace the existing policy of one or more cloud computers based on your business requirements:
Replace the existing policy of a cloud computer: Find the cloud computer that you want to manage, click the ⋮ icon in the Actions column, and then select Change Policy.
Replace the existing policy of multiple cloud computers: Select one or more cloud computers and choose
in the lower part of the page.
In the Change Policy panel, clear the current policy, select a new policy, and then click OK.
In the message that appears, click OK.
Replace the existing policy of a cloud computer pool
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose
.On the Cloud Computer Pools page, find the cloud computer pool that you want to manage and click the ID of the cloud computer pool in the Pool ID/Name column.
On the Basic Information tab, find the Policy Group Name parameter and click the icon.
In the Change Policy panel, clear the current policy, select a new policy, and then click OK.
Modify a custom policy
If the custom policy associated with your cloud computer cannot meet your business requirements, you can modify the policy.
Procedure
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose
.On the Policies page, find the custom policy that you want to modify and click Change Policy in the Actions column.
On the Modify Policy page, modify the configurations based on your business requirements and click OK.
Time when modifications take effect
After you modify a policy that is associated with a cloud computer, the rules determine the time when the modifications take effect. Modifications to the following rules immediately take effect. End users do not need to disconnect from and reconnect to cloud computers.
Display mode
Watermark
Security group control
Domain name access control
Screen recording audit
Remote assistance
Modifications to other rules take effect the next time end users connect to the cloud computers with which the policy is associated.
Specify CIDR blocks on which a custom policy takes effect
By default, a custom policy takes effect on all CIDR blocks. If you want the custom policy to take effect only on specific CIDR blocks, specify the CIDR blocks. This way, when end users connect to cloud computers that are associated with the custom policy from Alibaba Cloud Workspace terminals, the system determines whether the egress IP addresses of the terminals are within the specified CIDR blocks. If the egress IP addresses of the terminals are not within the specified CIDR blocks, the policy does not take effect.
Procedure
To specify a CIDR block on which a policy takes effect, perform the following steps:
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose
.On the Policies page, find the custom policy that you want to manage and click Change Policy in the Actions column.
In the upper part of the Modify Policy page, select Specific CIDR Block for the Valid IP Address parameter and click Add CIDR Block.
NoteFor policies that are not associated with cloud computers and policies that are associated with cloud computers and take effect on specific CIDR blocks, you can directly change the CIDR blocks.
For policies that are associated with cloud computers and take effect on all CIDR blocks, you must disassociate the policies from cloud computers. Then, you can specify the CIDR blocks on which the policies take effect. If you do not want to disassociate the policies, you can clone the policies to create new policies that have the same configurations, specify a CIDR block for the new policies, and then associate the new policies with the cloud computers. For more information about how to clone a custom policy, see Create a custom policy.
In the Add CIDR Block dialog box, enter up to three CIDR blocks and click OK.
After you specify CIDR blocks for a policy and associate the policy with a cloud computer, the policy takes effect the next time the cloud computer is connected.
NoteYou must associate each cloud computer with exactly one policy that takes effect on all CIDR blocks. You can associate a cloud computer with up to four policies that take effect on specific CIDR blocks.
Export a policy
You can export policies. The exported policies are configuration files in the JSON format. If you share the files to other users, the users can import the files to quickly create policies.
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose
.On the Policies page, find the policy that you want to export and click Export Policy in the Actions column.
After you export the policy, a file in the JSON format is generated, and you can download the file to your on-premises device.
Delete a custom policy
If you no longer require a policy, you can delete the policy.
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose
.On the Policies page, perform the following operations to delete one or more custom policies.
NoteIf the policy that you want to delete is associated with cloud computers, you must replace the policy with a different policy and then proceed with the delete operation. For more information, see Replace the existing policy of a cloud computer.
Delete a policy: Find the custom policy that you want to delete and click Delete in the Actions column.
Delete multiple policies at the same time: Select one or more custom policies that you want to delete and click Delete in the lower part of the page.
In the message that appears, click OK.