All Products
Search

This Product

    Elastic Desktop Service:Create and manage cloud computer policies

    Document Center

    Elastic Desktop Service:Create and manage cloud computer policies

    Last Updated:Jan 21, 2025

    In Elastic Desktop Service (EDS) Enterprise, a cloud computer policy defines configurations for managing cloud computers, covering data security, access control, user experience, and collaboration. EDS Enterprise provides a default cloud computer policy that cannot be modified or deleted. To meet your business requirements, you can create custom policies. This topic describes how to create and manage custom policies.

    Create custom policies

    You can use different methods to create a custom policy.

    Create from scratch

    You can create a custom policy from scratch.

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Operation & Maintenance > Policies.

    3. On the Policies page, click Create Policy.

    4. On the Create Policy page, configure the Policy Name parameter as prompted, modify the policy configurations based on your business requirements, and then click OK.

      After you create the custom policy, you can view the policy on the Policies page.

    Clone an existing custom policy

    If you want to quickly create a custom policy whose configurations are the same as or similar to an existing custom policy, we recommend that you clone the existing custom policy and modify the configurations based on your business requirements.

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Operation & Maintenance > Policies.

    3. On the Policies page, find the existing custom policy that you want to clone and click Clone in the Actions column.

    4. In the Clone Policy dialog box, specify a name for the custom policy that you want to create and click OK.

      After you clone the existing custom policy, you can view the clone of the policy in the policy list and modify the configurations of the policy based on your business requirements.

    Import a policy configuration file

    You can import a standard policy configuration file in the JSON format to quickly create a custom policy.

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Operation & Maintenance > Policies.

    3. On the Policies page, click Import Policy.

    4. In the Import Policy dialog box, specify a name for the custom policy that you want to create, upload a policy configuration file in the JSON format, and then click OK.

    Switch from region-specific policies to global policies

    Custom policies created before October 2024 are specific to individual regions and can only be applied to cloud computers in the same region. Custom policies created after October 2024 are not region-specific and can be applied to cloud computers across regions. For custom policies created before October 2024, you can switch them from region-specific to globally applicable. In this case, you can bind them to cloud computers from any regions.

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Operation & Maintenance > Policies.

    3. On the Policies page, find the custom policy that you want to manage and click Switch to Global Policy in the Actions column. In the message that appears, click OK.

    Replace custom policies

    If the policy associated with your cloud computer or cloud computer pool cannot meet your business requirements, you can change the associated policy.

    Replace the existing policy of a cloud computer

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Resources > Cloud Computers.

    3. On the Cloud Computers page, perform the following operations to replace the existing policy of one or more cloud computers based on your business requirements:

      • Replace the existing policy of a single cloud computer: Find the cloud computer that you want to manage, click the ⋮ icon in the Actions column, and then select Change Policy.

      • Replace the existing policy of multiple cloud computers at the same time: Select one or more cloud computers and choose More > Change Policy in the lower part of the page.

    4. In the Change Policy panel, clear the current policy, select a new policy, and then click OK.

      Note

      If the resource group that contains the cloud computers has an associated policy, you cannot directly modify the policy for the cloud computers in this step. Instead, you can modify the policy of the resource group. Alternatively, you can remove the cloud computers from the resource group and then modify the policy for the cloud computers.

    5. In the message that appears, click OK.

    Replace the existing policy of a cloud computer pool

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Resources > Cloud Computer Pools.

    3. On the Cloud Computer Pools page, find the cloud computer pool that you want to manage and click the ID of the cloud computer pool in the Pool ID/Name column.

    4. On the Basic Information tab, find the Policy Group Name parameter and click the icon.

    5. In the Change Policy panel, clear the current policy, select a new policy, and then click OK.

    Replace the existing policy of a resource group

    After you associate a policy with a resource group, this policy applies to all cloud computers within the resource group. The policy previously associated with these cloud computers will expire.

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Resources > Resource Groups

    3. On the Resource Groups page, find the resource group with which you want to associate a policy and click the ⋮ icon in the Actions column. Then, click Associate Policy.

    4. In the Associate Policy panel, select the policy that you want to associate and click OK.

      Note

      A resource group can be associated with one policy that applies to all CIDR blocks and up to four additional policies, each applying to specific CIDR blocks.

    Modify custom policies

    If the custom policy associated with your cloud computer cannot meet your business requirements, you can modify the policy.

    Procedure

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Operation & Maintenance > Policies.

    3. On the Policies page, find the custom policy that you want to modify and click Change Policy in the Actions column.

    4. On the Modify Policy page, modify the configurations based on your business requirements and click OK.

    Effective time points of modifications

    Policy modifications take effect at different time points depending on the policy type. Modifications to the following policies will take effect immediately, without requiring end users to disconnect from and then reconnect to cloud computers:

    • Display mode

    • Watermark

    • Security group control

    • Domain name access control

    • Screen recording audit

    • Remote assistance

    Modifications to other policies take effect the next time end users connect to the cloud computers associated with the policies.

    Specify CIDR blocks for custom policies

    By default, a custom policy takes effect on all CIDR blocks. If you want the custom policy to take effect only on specific CIDR blocks, specify the CIDR blocks. This way, when end users connect to cloud computers that are associated with the custom policy from Alibaba Cloud Workspace terminals, the system determines whether the egress IP addresses of the terminals are within the specified CIDR blocks. If the egress IP addresses of the terminals are not within the specified CIDR blocks, the policy does not take effect.

    image

    Procedure

    To specify a CIDR block on which a policy takes effect, perform the following steps:

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Operation & Maintenance > Policies.

    3. On the Policies page, find the custom policy that you want to manage and click Change Policy in the Actions column.

    4. In the upper part of the Modify Policy page, select Specific CIDR Block for the Valid IP Address parameter and click Add CIDR Block.

      Note

      • For policies that are not associated with cloud computers and policies that are associated with cloud computers and take effect on specific CIDR blocks, you can directly change the CIDR blocks.

      • For policies that are associated with cloud computers and take effect on all CIDR blocks, you must disassociate the policies from cloud computers. Then, you can specify the CIDR blocks on which the policies take effect. If you do not want to disassociate the policies, you can clone them to create new policies that have the same configurations, specify CIDR blocks for the new policies to take effect, and then associate the new policies with the cloud computers. For more information about how to clone a custom policy, see Create custom policies.

    5. In the Add CIDR Block dialog box, enter up to three CIDR blocks and click OK.

      After you specify CIDR blocks for a policy and associate the policy with a cloud computer, the policy takes effect the next time the cloud computer is connected.

      Note

      You must associate each cloud computer with exactly one policy that takes effect on all CIDR blocks. You can associate a cloud computer with up to four policies that take effect on specific CIDR blocks.

    Export custom policies

    You can export policies. The exported policies are configuration files in the JSON format. If you share the files with other users, the users can import the files to quickly create policies.

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Operation & Maintenance > Policies.

    3. On the Policies page, find the policy that you want to export and click Export Policy in the Actions column.

      After you export the policy, a file in the JSON format is generated, and you can download the file to your on-premises device.

    Delete custom policies

    If you no longer require a policy, you can delete the policy.

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Operation & Maintenance > Policies.

    3. On the Policies page, perform the following operations to delete one or more custom policies.

      Note

      If the policy that you want to delete is associated with cloud computers, you must replace the policy with a different policy and then proceed with the delete operation. For more information, see Replace the existing policy of a cloud computer.

      • Delete a policy: Find the custom policy that you want to delete and click Delete in the Actions column.

      • Delete multiple policies at the same time: Select one or more custom policies that you want to delete and click Delete in the lower part of the page.

    4. In the message that appears, click OK.