You can use an Express Connect circuit to connect an on-premises data center to a virtual private cloud (VPC) on Alibaba Cloud. This topic describes how to use an Express Connect circuit to establish a connection between an on-premises data center and a VPC of Elastic Desktop Service (EDS) Enterprise, enabling client access to cloud computers over the VPC.
Background information
Express Connect offers a secure, reliable, and high-performance solution for connecting your on-premises data center to Alibaba Cloud. By leasing an Express Connect circuit from a third-party partner, you can establish a private connection to an Alibaba Cloud access point. Express Connect circuits are not exposed to the Internet, ensuring enhanced security, faster speeds, and reduced latency. These circuits also offer higher reliability compared to Internet-based connections. For more information, see Connection over an Express Connect circuit.
An office network VPC in EDS Enterprise is a private network created based on Alibaba Cloud VPC. When setting up an office network, you can specify an IPv4 CIDR block, and the system provisions the VPC based on the provided block.
Configuration process
The following figure shows how to use an Express Connect circuit to enable client access to cloud computers over a VPC.
Preparations
Before you begin, carefully review the Access cloud computers over VPCs topic and complete the following preparations:
Before you apply for an Express Connect circuit, verify access point availability, complete the third-party site survey, and review the billing details.
Plan CIDR blocks and IP addresses. You must plan the CIDR blocks for the on-premises data center, the IPv4 CIDR block for the office network, and the peer IP addresses on the virtual border router (VBR) based on business requirements.
This topic uses the CIDR blocks and IP addresses in the following table as examples. The CIDR blocks and IP addresses you use will take precedence.
Configuration item
IP address/CIDR block
IPv4 CIDR block of the office network
192.168.0.0/16
CIDR block of the on-premises data center
172.30.0.0/24
Peer IP addresses configured on the VBR
IP address (Alibaba Cloud gateway): 10.0.0.1/30
IP address (data center gateway): 10.0.0.2/30
Subnet mask: 255.255.255.252
Create a Cloud Enterprise Network (CEN) instance if one does not exist before proceeding. For more information, see Create a CEN instance.
Download and install an Alibaba Cloud Workspace client. For more information, see Use a client.
Step 1: Apply for connecting to an Express Connect circuit
To connect an on-premises data center to an office network VPC by using an Express Connect circuit, request an Express Connect circuit and establish the connection. For more information, see Step 1: Apply for an Express Connect circuit and install it.
Step 2: Create a VBR and configure a route.
After you establish the connection, you must create a VBR to bridge the Express Connect circuit and the on-premises data center.
Log on to the Express Connect console.
Create a VBR and configure a route that points to the on-premises data center. For more information, see Step 2: Create VBRs.
Step 3: Attach the VBR and office network VPC to an CEN instance
You must attach the office network VPC and VBR to a CEN instance. This enables the transit router of the CEN instance to automatically distribute and learn routes, facilitating communication between the office network VPC and the on-premises data center.
Attach the office network VPC to the CEN instance
The following section describes how to attach a VPC to a CEN instance by using a convenience office network. In actual business scenarios, the office network can be either a convenience office network or an enterprise Active Directory (AD) office network, both of which can be attached to a CEN instance. For more information, see Create and manage convenience office networks or Create and manage an enterprise AD office network.
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose .
In the upper-left corner of the top navigation bar, select a region.
Click Create Office Network. In the Create Office Network panel, configure the following parameters based on your business requirements and click Next: Configure Account System.
Parameter
Description
Example
Region
The region where you want to create the office network.
China (Hangzhou)
Name
The name of the office network. The name is used to identify the office network. Follow the on-screen instructions to specify a name.
test001
Office Network Type
The type of the office network that you want to create. Select Advanced Office Network. A basic office network cannot be attached to a CEN instance.
Advanced Office Network
IPv4 CIDR Block
The IPv4 CIDR block of the office network.
192.168.0.0/16
Connection Method
The access mode for cloud computers in the office network.
VPC
Attach to CEN
Specifies whether to attach the office network to a CEN instance. In this example, Select Yes.
Select the ID of a CEN instance from either the same Alibaba Cloud account or a different account. Then, follow the on-screen instructions to complete the verification.
In this example, select the CEN instance ID created by using the same Alibaba Cloud account in the "Preparations" section. Example: cen-ebr75yhfkm8eg3****.
In the Configure Account System step, set the Account Type parameter to Convenience Account and click OK.
Attach the VBR to the CEN instance
After you attach the office network VPC to the CEN instance, CEN automatically creates a Basic Edition transit router. Then, you must connect your VBR to the CEN transit router. The following section describes how to attach a VBR to an CEN instance by using a Basic Edition transit router. In actual business scenarios, you can also use an Enterprise Edition transit router. For more information, see Transit router CIDR blocks.
Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the page that appears, choose Basic Information > Transit Router, find the transit router that you want to manage, and then click Create Connection in the Actions column.
On the Connection with Peer Network Instance page, configure the parameters described in the following table to create a VBR connection.
Parameter
Description
Example
Instance Type
The type of the network instance to which you want to connect.
Virtual Border Router (VBR)
Region
The region of the network instance.
China (Hangzhou)
Transit Router
The system automatically displays existing transit routers in the region.
tr-m5ekrwb509owzxp5qd1****
Resource Owner ID
The Alibaba Cloud account to which the network instance belongs.
Current Account
Network Instance
The ID of the VBR instance.
In this example, select the VBR that you created in this topic.
VBR-test (created in Step 2)
Click OK.
Step 4: Configure an enterprise VPC IP address or a cloud service route
You can select one of the following solutions based on your business requirements: Solution 1 and Solution 2 explain how to configure the IP address for an enterprise VPC. The main difference is that Solution 1 uses a static IP address, which makes the process easier for end users because they do not need to configure a custom IP address.
Solution 1: Configure a static IP address for an enterprise VPC
Obtain the private gateway address of the office network.
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose .
On the Office Networks page, find the desired office network and click the network ID.
In the Network Information section of the office network details page, find the Private Gateway Address parameter and copy the parameter value. The private gateway address is required in subsequent steps.
Configure a CNAME record on the enterprise DNS server and point the
private.wuying.comdomain name to the private gateway address.Configure the network access mode on an Alibaba Cloud Workspace client as an end user.
Open a Windows client.
In the upper-right corner of the logon page, click the icon and then click Connection Configuration.
In the Connection Configuration dialog box, configure the following parameters:
ImportantMake sure that the version of your Windows client is 7.7 or later. Otherwise, you cannot configure an enterprise VPC IP address.
Connection Type: Set the value to Alibaba Cloud VPC.
Alibaba Cloud VPC Address: Set the value to Default Address.
Then, click Confirm.
Solution 2: Configure a custom IP address for an enterprise VPC
Obtain the private gateway address of the office network and forward it to end users.
Log on to the EDS Enterprise console.
In the left-side navigation pane, choose .
On the Office Networks page, find the desired office network and click the network ID.
In the Network Information section of the office network details page, find the Private Gateway Address parameter and copy the parameter value. The private gateway address is required in subsequent steps.
Configure the network access mode on an Alibaba Cloud Workspace client as an end user.
Open a Windows client.
In the upper-right corner of the logon page, click the icon and then click Connection Configuration.
In the Connection Configuration dialog box, configure the following parameters:
ImportantMake sure that the version of your Windows client is 7.7 or later. Otherwise, you cannot configure an enterprise VPC IP address.
Connection Type: Set the value to Alibaba Cloud VPC.
Alibaba Cloud VPC Address: Set the value to Custom Address.
Custom Address: Enter the obtained private gateway address of the office network.
Then, click Confirm.
Solution 3: Configure a cloud service
After you connect the VBR to the transit router, you can use on-premises networks that are associated with the transit router to access Alibaba Cloud services.
This section describes how to configure a cloud service in a Basic Edition transit router. In actual business scenarios, you can follow the on-screen instructions to configure cloud services based on the transit router edition. For more information, see Manage access to cloud services.
For information about CIDR blocks that can be used to access EDS Enterprise, see Port overview.
Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the tab, click the ID of the transit router that resides in the region where EDS Enterprise is deployed.
On the transit router details page, click the Cloud Services tab.
On the Cloud Services tab, click Configure AnyTunnel.
In the Configure AnyTunnel dialog box, configure the parameters described in the following table and click OK.
Parameter
Description
Service IP Address
The IP address or CIDR block of the cloud service. Example: 100.118.28.0/24.
Service Region
The region where the cloud service is deployed.
Service VPC
The VPC that is connected to the transit router.
Access Region
The region where the VBR or Cloud Connect Network (CCN) instance that requires access to the cloud service is deployed.
Description
The description of the cloud service.
NoteIn most cases, a cloud service uses multiple IP addresses or CIDR blocks. Repeat the preceding steps to add all IP addresses or CIDR blocks of the cloud service.
Step 5: Verify whether cloud computers can be accessed over the enterprise VPC
Open a Windows client.
In the upper-right corner of the logon page, click the icon and then click Connection Configuration.
In the Connection Configuration dialog box, set the Connection Type parameter to Alibaba Cloud VPC.
Enter the logon credentials sent to your email address, which includes an office network ID or organization ID, username, and password. Then, click the Next icon to proceed.
Find the cloud computer from the resource list. Then, start and connect to the cloud computer.
NoteIf errors such as network request timeout occur, network connectivity is not established. Check whether the preceding network settings are correctly configured. Then, re-log on to the client and connect to the cloud computer.