All Products
Search

This Product

    Elastic Desktop Service:Use Express Connect circuits to access cloud computers from Alibaba Cloud Workspace clients over private networks

    Document Center

    Elastic Desktop Service:Use Express Connect circuits to access cloud computers from Alibaba Cloud Workspace clients over private networks

    Last Updated:Jun 27, 2024

    You can use an Express Connect circuit to establish a connection between an on-premises data center and a virtual private cloud (VPC) on Alibaba Cloud. This topic describes how to use an Express Connect circuit to establish a connection between an on-premises data center and a VPC of Elastic Desktop Service (EDS) and then allow clients to access cloud computers over a private network.

    Background information

    Express Connect provides a secure and convenient method to connect on-premises data centers to Alibaba Cloud. You can lease an Express Connect circuit from a third-party Express Connect partner to connect an on-premises data center to an Alibaba Cloud access point. Connections over Express Connect circuits are not exposed to the Internet. Compared with Internet connections, connections over Express Connect circuits are safer and faster, and deliver higher reliability and lower network latency. For more information, see What is a connection over an Express Connect circuit?

    A VPC that an office network of EDS uses is an Alibaba Cloud private network. When you create an office network, you can specify an IPv4 CIDR block that is contained in the office network. Then, the system creates a VPC for the office network based on the CIDR block.

    How it works

    The following figure shows how to use an Express Connect circuit to access a cloud computer over a private network.

    通过物理专线实现客户端私网访问云桌面-zh..png

    Preparations

    Before you begin, read the Access a cloud computer over a private network topic and make the following preparations:

    • Before you apply for an Express Connect circuit, make sure that an access point is available, a site survey of the third-party Express Connect provider is complete, and you understand the billing of Express Connect circuits.

    • Plan CIDR blocks and IP addresses. You must plan the CIDR blocks of the data center, the IPv4 CIDR block for the office network, and the peer IP addresses configured on the virtual border router (VBR) based on your business requirements.

      In this topic, the CIDR blocks and IP addresses that are described in the following table are used as examples. The actual CIDR blocks and IP addresses that you use shall prevail.

      Configuration item

      IP address/CIDR block

      IPv4 CIDR block of the office network

      192.168.0.0/16

      CIDR block of the data center

      172.30.0.0/24

      Peer IP addresses configured on the VBR

      • IP address (Alibaba Cloud gateway): 10.0.0.1/30

      • IP address (data center gateway): 10.0.0.2/30

      • Subnet mask: 255.255.255.252

    • A Cloud Enterprise Network (CEN) instance is created. If you do not have a CEN instance, create a CEN instance before you proceed. For more information, see Create a CEN instance.

    • An Alibaba Cloud Workspace client is downloaded and installed. For more information, see Use a client.

    Step 1: Apply for an Express Connect circuit and install the Express Connect circuit

    To connect a data center to a VPC of an office network by using an Express Connect circuit, you must first apply for an Express Connect circuit and then install the circuit. For more information, see Step 1: Apply for an Express Connect circuit and install it.

    Step 2: Create a VBR and add a route to the VBR

    After you install the Express Connect circuit, you must create a VBR to bridge the Express Connect circuit and the data center.

    1. Log on to the Express Connect console.

    2. Follow the on-screen instructions to create a VBR. Then, add a route that points to the data center to the route table of the VBR. For more information, see Step 2: Create a VBR and add a route to the VBR.

    Step 3: Attach the VBR and the office network VPC to a CEN instance

    To establish a connection between the office network VPC and the data center, you must attach the office network VPC and VBR to a transit router in Cloud Enterprise Network (CEN). Then, CEN distributes and learns routes to establish the connection.

    Attach the office network VPC to a CEN instance

    This section describes how to create an office network and how to attach the VPC of the office network to a CEN instance. In this section, a convenience office network is used as an example. You can also create and attach an enterprise AD office network to a CEN instance in actual business scenarios. For more information, see Create and manage a convenience office network or Create and manage an enterprise AD office network.

    1. Log on to the Elastic Desktop Service (EDS) console.

    2. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    3. In the upper-left corner of the top navigation bar, select a region.

    4. Click Create Office Network. In the Create Office Network panel, set the following parameters and click Next: Configure Account System.

      The following table describes the parameters:

      Parameter

      Description

      Example

      Region

      The region where the office network resides.

      China (Hangzhou)

      Name

      The name of the office network. The name is used to identify the office network and must conform to the naming rules that are displayed in the console.

      test001

      Network type

      The type of the network that you want to create. Select Advanced Office Network. A basic office network cannot be attached to a CEN instance.

      Advanced Office Network

      IPv4 CIDR blocks

      The IPv4 CIDR block of the office network.

      192.168.0.0/16

      Connection Method

      The method that is used to connect clients to cloud computers.

      VPC

      Attach to CEN

      Specifies whether to attach the office network to a CEN instance. In this example, Yes is selected. You must select the ID of a CEN instance in the same Alibaba Cloud account or a different Alibaba Cloud account. Then, follow the on-screen instructions to complete the verification.

      In this example, the ID of the CEN instance that is prepared in the "Preparations" section of this topic is selected. The CEN instance is created by the same Alibaba Cloud account. Example: cen-ebr75yhfkm8eg3****.

    5. In the Configure Account System step, set Account Type to Convenience Account and click OK.

    Attach the VBR to the CEN instance

    After the office network VPC is attached to the CEN instance, CEN automatically creates a Basic Edition transit router by default. In this case, you must connect a VBR to the CEN transit router. This section describes how to attach a VBR to a CEN instance. In this section, a Basic Edition transit router is used as an example. In actual business scenarios, you can also create an Enterprise Edition transit router. For more information, see Transit router CIDR blocks.

    1. Log on to the CEN console.

    2. On the Instances page, click the ID of the CEN instance that you want to manage.

    3. On the Basic Settings > Transit Router tab, find the transit router that you want to manage and click Create Connection in the Actions column.

    4. On the Connection with Peer Network Instance page, configure the required parameters to create a VBR connection. The following table describes the parameters.

      Parameter

      Description

      Example

      Instance Type

      The type of the instance to which you want to connect.

      Virtual Border Router (VBR)

      Region

      The region where the desired VBR instance is deployed.

      China (Hangzhou)

      Transit Router

      The system displays existing transit routers in the region.

      tr-m5ekrwb509owzxp5qd1****

      Resource Owner ID

      The Alibaba Cloud account to which the instance belongs.

      Current Account

      Network Instance

      The ID of the VBR instance.

      In this example, the VBR that you created in this topic is selected.

      VBR-test

    5. Click OK.

    Step 4: Configure a cloud service

    After you connect the VBR to the transit router, you can use on-premises networks that are associated with the transit router to access Alibaba Cloud services.

    This section describes how to configure a cloud service in a transit router. In this section, a Basic Edition transit router is used as an example. In actual business scenarios, you can follow the on-screen instructions to configure cloud services based on the transit router edition. For more information, see Manage access to cloud services.

    Important

    For information about CIDR blocks that can be used to access EDS, see Port overview.

    1. Log on to the CEN console.

    2. On the Instances page, click the ID of the CEN instance that you want to manage.

    3. On the Basic Settings > Transit Router tab, click the ID of the transit router that resides in the region where a desired cloud service is deployed.

    4. On the details page of the transit router, click the Cloud Services tab.

    5. On the Cloud Services tab, click Configure AnyTunnel.

    6. In the Configure AnyTunnel dialog box, configure the parameters and click OK. The following table describes the parameters.

      Parameter

      Description

      Service IP Address

      The IP address or CIDR block of the cloud service. Example: 100.118.28.0/24.

      Service Region

      The region where the cloud service is deployed.

      Service VPC

      The VPC that is connected to the transit router.

      Access Region

      The region where the VBR or CCN instance that requires access to the cloud service is deployed.

      Description

      The description of the cloud service.

      Note

      In most cases, a cloud service uses multiple IP addresses or CIDR blocks. Repeat the preceding steps to add all IP addresses or CIDR blocks of the cloud service.

    Step 5: Verify whether a cloud computer can be connected by using a private network

    Note

    The following example shows how to connect to a cloud computer over a private network. In this section, an Alibaba Cloud Workspace client V5.2.0 is used as an example. You can also use another type of Alibaba Cloud Workspace client to access your cloud computer over a private network based on your business requirements.

    1. Create a user. For more information, see Create a convenience account.

    2. Create a cloud computer in the office network that you created in Step 3 and assign the cloud computer to the user. For more information, see Create cloud computers or Assign cloud computers to users.

    3. Obtain information, such as the office network ID, username, and password, that is required to log on to the client from the received email.

      1. Launch the client. In the lower part of the logon page, choose More > Connection Type and select Alibaba Cloud VPC.

      2. Enter the office network ID and click the Next icon.

        Note

        The Alibaba Cloud VPC option is available only if you log on to the client by using an office network ID.

      3. Enter the username and password and click the Next icon.

      4. Connect to the cloud computer.

        If the client logon is successful, your cloud computer is displayed as a card on your screen. You can click Connect Cloud Computer to connect to the cloud computer. If the connection is successful, you can view and use your cloud computer in a new window.

        Important

        If a timeout error is reported, the network is inaccessible. In this case, you need to check your configurations and then log on to the client and retry to connect to the cloud computer.