All Products
Search

This Product

    Elastic Desktop Service:Create and manage convenience office networks

    Document Center

    Elastic Desktop Service:Create and manage convenience office networks

    Last Updated:Nov 01, 2024

    Elastic Desktop Service (EDS) supports the following account types: convenience accounts and enterprise Active Directory (AD) accounts. When you create office networks (formerly workspaces), you can specify their account types. This topic describes how to create an office network of the convenience account type (convenience office network for short).

    Create a basic office network

    Basic office networks are configured with basic settings and can be used out of the box. If you want to try EDS or create no more than 50 cloud computers, create a basic office network. If you want to learn about the differences between basic office networks and advanced office networks, see the "Office network types" section of the Overview topic.

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    3. In the upper-left corner of the top navigation bar, select a region.

    4. On the Office Networks page, click Create Office Network.

    5. In the Create Office Network panel, select a region, enter a name for the office network that you want to create, select Basic Office Network, and then click OK.

    Create an advanced office network

    Advanced office networks are configured with advanced settings and provide various features. If you want to configure advanced settings or require more than 50 cloud computers, create an advanced office network.

    1. Log on to the EDS Enterprise console.

    2. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    3. In the upper-left corner of the top navigation bar, select a region.

    4. On the Office Networks page, click Create Office Network.

    5. In the Create Office Network step, select Advanced Office Network, configure parameters as prompted, and then click Next: Configure Account System. The following table describes the parameters.

      Parameters

      Parameter

      Description

      Select Region

      The region where you want to create the office network. For more information about supported regions and limits, see Regions.

      Name

      The name of the office network. Follow the on-screen instructions to specify a name.

      IPv4 CIDR Block

      When you create cloud computers in an office network, the system automatically assigns IP addresses to the cloud computers from the CIDR block of the VPC that is used by the office network. The number of IP addresses varies based on the CIDR block. For more information, see Plan a CIDR block.

      By default, you can specify the CIDR block of the virtual private cloud (VPC) to which the office network uses to one of the following IPv4 CIDR blocks and their subnets:

      • 192.168.0.0/16

      • 10.0.0.0/12

      • 172.16.0.0/12

      If you want to use a custom IPv4 CIDR block, submit a ticket to contact Alibaba Cloud technical support.

      Connection Method

      When you create an office network, you must specify a method used by end users to connect cloud computers from the Alibaba Cloud Workspace client. The following connection methods are provided:

      • Internet (default): End users can connect to the cloud computers only over the Internet. If you select this method, on-premises machines that are used to connect to the cloud computers must be able to access the Internet.

      • VPC: End users can connect to the cloud computers only over a VPC. If you select this method, you must attach the office network to a Cloud Enterprise Network (CEN) instance. In addition, you must use Express Connect (circuits), Smart Access Gateway (SAG), or VPN Gateway to establish a connection between the on-premises and cloud networks. For more information, see Attach and detach an office network to and from a CEN instance and Select a private network service.

      • VPC and Internet: End users can use both of the preceding connection methods.

      Note

      The method that you want to use to connect Alibaba Cloud Workspace terminals to cloud computers. A VPC connection depends on PrivateLink, which is free of charge. If you select VPC or Internet and VPC, the system automatically activates PrivateLink.

      Attach to CEN

      If you set the Connection Method parameter to VPC, you must set this parameter to Yes. To attach the VPC to CEN, you can select a CEN instance within the current or from another Alibaba Cloud account.

      Note

      If you connect an on-premises network to the cloud by using Smart Access Gateway, Express Connect, or VPN Gateway, you must attach the office network to the same CEN instance as that of the on-premises network.

      To ensure that cloud computers in the office network can be used as expected, click Check after you specify a CEN instance. The system checks whether the CIDR block of the route of the CEN instance is overlapped with the IPv4 CIDR block of the office network. If the CIDR blocks conflict, click View Conflict Details and Recommended CIDR Blocks. Then, specify another IPv4 CIDR block or CEN instance.

    6. In the Configure Account System step, select Convenience Account in the Account Type section and click OK.

    Connect to cloud computers in the same office network

    Cloud computers in an office network are also isolated. To implement connectivity, you can turn on Interconnectivity on the details page of the office network.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Network Information section of the details page, turn on Interconnectivity.

    Configure a custom access domain name

    If end users need to access EDS resources across regions, such as accessing cloud computers deployed in the Chinese mainland from an overseas region, you can configure a custom access domain name for the office network in which the cloud computers reside. The custom access domain name can be used to replace the default gateway domain name of the deployment region, and network acceleration services such as Global Accelerator (GA) are used to speed up resource access and improve user experience. For more information, see Improve cross-region access experience of cloud computers with GA.

    Applicable scope

    • Terminals: Alibaba Cloud Workspace terminals, excluding the Alibaba Cloud Workspace client for web

    • Regions: China (Fuzhou - Local Region), China (Guangzhou), China (Hong Kong), Philippines (Manila), Thailand (Bangkok), US (Silicon Valley), and Germany (Frankfurt)

      Note

      If the preceding regions cannot meet your business requirements, submit a ticket.

    Prerequisites

    A custom domain name is obtained.

    Procedure

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Network Information section on the details page, click Configure next to Custom Domain.

    5. In the Configure Custom Domain dialog box, enter your custom domain name and click OK.

    Associate a premium bandwidth plan with an office network

    EDS provides free bandwidth of 5 Mbit/s for each cloud computer in an office network. If you want higher bandwidth, associate a premium bandwidth plan with your office network. For more information about the billing rules of premium bandwidth plans, see Billable items.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Public Bandwidth section of the details page, click Associate.

    5. In the Associate dialog box, select a premium bandwidth plan. If no plan exists, click Buy Premium Bandwidth Plan.

    Manage permissions on Internet access for cloud computers

    By default, the cloud computers in an office network can access the Internet by using the basic bandwidth plan, which is free of charge. You can perform the following steps to manage the permissions on Internet access for cloud computers:

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Public Bandwidth section of the details page, choose an Internet access control policy in the Internet Access Control policy based on your business requirements:

      • Select Allow all cloud computers to access the Internet. You can configure a list of cloud computers that are not allowed to access the Internet. If you want to specify a list of cloud computers that are not allowed to access the Internet, click Add and specify cloud computers.

      • Select Do not allow access to the Internet. You can configure a list of cloud computers that are allowed to access the Internet. If you want to specify a list of cloud computers allowed to access the Internet, click Add in the Allow Internet Access section and specify cloud computers.

    Configure a logon method and authentication

    To ensure the security of logons, you can enable single sign-on (SSO) and other authentication for office networks. The following authentication methods are supported:

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Other Information section of the details page, turn on or off the following switches based on your business requirements:

      • SSO: You must configure a trust relationship between an identity provider (IdP), such as Active Directory Federation Service (AD FS) and a service provider (SP), such as Elastic Desktop Service (Enterprise Edition) . When end users log on to the Alibaba Cloud Workspace client, the system authenticates only the IdP logon credentials of the end users. If the credentials pass authentication, the end users can log on to the Alibaba Cloud Workspace client. For more information, see Overview.

      • MFA: You must bind a virtual multiple-factor authentication (MFA) device that dynamically generates code when the device receives an authentication request. When end users log on to the Alibaba Cloud Workspace client by using office network IDs, usernames, and passwords, the end users must also enter a dynamic code. For more information, see Configure MFA.

      • Client Logon Verification: End users must enter a verification code that the system sends to their email addresses or mobile phones when the end users use new devices to log on to the Alibaba Cloud Workspace client.

      Note

      Multi-factor authentication (MFA), single sign-on (SSO), and Client Logon Verification are mutually exclusive. You can turn on only one of them for an office network.

    View basic information

    You can view basic information about an office network on its details page.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Basic Information section of the details page, you can view the following parameters:

      • Name

      • ID

      • Type

      • Status

      • Created At

      • Region

      • Cloud Computers

      • Users

    Unlock an office network

    If you do not create cloud computers in a convenience office network for 15 consecutive days, the office network is locked, and its VPC resources are automatically released. If you want to use the locked office network, perform the following steps to unlock it.

    Note

    The system does not lock office networks that meet the following conditions:

    • Office networks that are attached to CEN instances.

    • Office networks that can be connected over enterprise private networks. That is, office networks whose Connection Method is set to VPC.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Networks page, find the locked office network that you want to manage and click Unlock in the Status column.

    4. In the message that appears, click OK.

      Note

      If you fail to unlock the office network, submit a ticket to contact Alibaba Cloud technical support.

    Delete an office network

    You can delete office networks in which all cloud computers are released.

    Warning

    Before you delete an office network, make sure that you have backed up important resources and data of cloud computers in the office network. You cannot restore deleted office networks. Proceed with caution.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to delete and click Delete in the Actions column.

    4. In the message that appears, read the message and click OK.

    What to do next

    After you create an office network, you can perform the following operations:

    Troubleshooting

    Why am I unable to receive a verification code when I choose a CEN instance from another Alibaba Cloud account?

    You did not specify a method for receiving notifications, or the contact information that you specified was invalid. Perform the following steps to check the notification method and contact information:

    1. Log on to the EDS Enterprise console.

    2. In the top navigation bar in the EDS console, click the 通知..png icon to go to the Message Center console.

    3. In the left-side navigation pane, choose Message Settings > Common Settings.

    4. On the Common Settings page, check whether notification methods that correspond to the Notifications Regarding the Creation and Activation of Product Instances parameter are selected and whether the contact information is valid.