All Products
Search

This Product

    Elastic Desktop Service:Basic policies

    Document Center

    Elastic Desktop Service:Basic policies

    Last Updated:Aug 12, 2024

    In Elastic Desktop Service (EDS), basic policies can be associated with cloud computers to manage the security and user experience for end users when they use the cloud computers. This topic describes the scenarios, application scope, and configurations of a basic policy.

    Scenarios

    A basic policy mainly involves the following parameters to ensure security and user experience for end users.

    • Parameters to prevent data leaks: Watermark and Anti-screenshot

    • Parameters to ensure file transfer security: Clipboard and Web Client File Transfer

    • Parameters to configure networks and image quality: Bandwidth Limit, Network Transmission, Max. Retry Period, Image Display Quality, and Image Quality Control

    Data leak prevention

    Applicable scope

    Parameter

    Image version

    Client version

    Enhancement

    V1.8.0 or later

    N/A

    Anti-Screen Photo

    V1.8.0 or later

    V6.7.0 or later

    Anti-screenshot

    N/A

    Windows client and macOS client V5.2.0 or later

    Parameters

    Parameter

    Description

    Watermark

    This feature is used to prevent data leaks before an event occurs and help to audit after the event occurs.

    Visible watermarks

    Visible watermarks can be clearly seen. You can specify the watermark content and display styles.

    • Content (Up to 3 items supported)

      • Username. Example: testuser01.

      • Cloud Computer ID. Example: ecd-66twv7ri4nmgh****.

      • Cloud Computer IP. Example: 192.0.2.0.

      • Client IP. Example: 192.0.2.254.

      • Current Time. Example: 20230101.

      • Custom Text. Example: Internal Data.

        Note

        You can enter 1 to 20 characters as the custom text, which can contain letters, digits, and the following special characters: ~ ! @ # $ % ^ & * ( ) - _ = + | { } ; : ' , < . ?. If you use line breaks or other special characters, the custom text may not take effect.

    • Display style

      • Font Size: The watermark content size. Valid values: 10 to 20. Default value:12. Unit: pixel (px).

      • Font Color: The watermark color. Default value: #FFFFFF, which indicates white.

      • Opacity: The watermark opacity. Valid values: 10 to 100. Unit: percentage (%). If you set this parameter to 0, watermarks are opaque. If you set this parameter to 100, watermarks are completely transparent. Default value: 25.

      • Rotation: The watermark slope. Valid values: -30 to -10. Default value: -25.

    When you configure watermarks, you can preview the watermark display style in the lower part of the watermark configuration section.

    Invisible watermarks

    Invisible watermarks are hidden. EDS provides the default invisible watermark algorithm that can encrypt watermark information for different Alibaba Cloud accounts to prevent tampering. You can configure the following parameters for invisible watermarks:

    • Security Priority: Since invisible watermarks rely on the Alibaba Cloud Workspace client and images of specific versions, we recommend that you enable this option.

      • If you enable this option, end users can connect to cloud computers that are associated with the policy by using the client and images of specific versions.

      • If you disable this option, invisible watermark configurations do not take effect, though end users can connect to cloud computers that are associated with the policy by using the client and images of other versions.

    • Enhancement: Higher watermark enhancement indicates a grainier desktop of a cloud computer, which improves the success rate of parsing invisible watermarks. Adjust the watermark enhancement based on your business requirements. This feature requires images of V1.8.0 or later.

    • Content (Up to two items supported):

      • Cloud Computer ID. Example: ecd-66twv7ri4nmgh****.

      • Cloud Computer IP. Example: 192.0.2.0.

      • Client IP. Example: 192.0.2.254.

      • Current Time. Example: 20230101.

    • Anti-Screen Photo: This feature requires images of V1.8.0 or later and the Alibaba Cloud Workspace client of V6.7.0 or later.

    Anti-screenshot

    This feature is suitable for data leak prevention scenarios. If this feature is enabled, end users cannot use snipping tools on local terminals to capture or record the screens of cloud computers.

    Note

    • The anti-screenshot feature is available only for the Windows client and macOS client of Alibaba Cloud Workspace V5.2.0 and later.

    • The availability for this feature varies based on the type of Alibaba Cloud Workspace terminal. If you want to enable this feature, we recommend that you configure the Logon Method Control parameter to allow specific types of the Alibaba Cloud Workspace client to connect to cloud computers.

    File transfer security

    Applicable scope

    For the Web Client File Transfer parameter, even if you set this parameter to Allow Upload/Download, this setting does not take effect for high-definition experience (HDX)-based Linux cloud computers. If you want to apply this feature to the cloud computers, use the default policy named All enabled policy.

    Parameters

    Parameter

    Description

    Clipboard

    Specifies whether end users can copy and paste texts, images, and files between local devices and cloud computers.

    Web Client File Transfer

    Specifies whether files can be transferred between cloud computers and local devices from the web client.

    Network and image quality

    Applicable scope

    Parameter

    Image version

    Client version

    Network Transmission (UDP and TCP)

    V1.0.0 or later

    V5.2.0 or later

    Network Transmission (AUTO and AST)

    V1.5.0 or later

    V6.5.0 or later

    Parameters

    Parameter

    Description

    Bandwidth Limit

    Specifies whether to limit bandwidth of cloud computers. If you enable this feature, you can set the value in a range from 2,000 to 50,000 Kbit/s.

    Image Display Quality

    Specifies the display quality of cloud computer screens. Valid values: LD, SD, HD, and Lossless.

    Network Transmission

    Specifies the network transmission mode. Valid values:

    • AUTO: automatically switches between the AST and UDP mode based on the content displayed on cloud computers.

    • User Datagram Protocol (UDP): suitable for office and HD graphics design scenarios and delivers high resolution.

    • Adaptive Streaming Transport (AST): suitable for high-frequency audio and video playback scenarios and can deliver smooth user experience.

    • Transmission Control Protocol (TCP): suitable for scenarios where UDP and AST are restricted and can provide a high connection success rate.

    Note

    • By default, the UDP mode is enabled. If there are limits, such as protection and throttling, on UDP ports when users connect to cloud computers, select the TCP mode.

    • This feature takes effect only on Adaptive Streaming Protocol (ASP)-based cloud computers. If you want to use the UDP or TCP mode, the images of cloud computers must be V1.0.0 or later, and the Alibaba Cloud Workspace client must be V5.2.0 or later. If you want to use the AUTO or AST mode, the images of cloud computers must be V1.5.0 or later, and the Alibaba Cloud Workspace client must be V6.5.0 or later. If the access conditions of cloud computers are not met, the client automatically switches to the TCP mode.

    Image Quality Control

    This feature improves the image quality of cloud computers. If your end users use Enterprise Graphics cloud computers in design scenarios, we recommend that you enable this feature to improve the performance and user experience of cloud computers.

    Note

    This feature applies only to HDX-based cloud computers accelerated with GPUs.

    Max. Retry Period

    Specifies the maximum period of time required for the system to reconnect to cloud computers that fail to be connected by end users. Valid values: 30 to 7200. Unit: seconds.

    References