Office networks (formerly workspaces) are private networks hosted on Virtual Private Cloud (VPC). Office networks can determine the number of cloud computers that can be housed and the methods to connect to the cloud computers from Alibaba Cloud Workspace terminals. This topic describes how office networks work and how office networks are classified.
Features
In Elastic Desktop Service (EDS) Enterprise, cloud computers reside in office networks, which determine specific configurations of cloud computers. This section describes how office networks affect cloud computers:
IPv4 CIDR block
When you create cloud computers in an office network, the system automatically assigns IP addresses to the cloud computers from the CIDR block of the VPC that is used by the office network. The number of IP addresses varies based on the CIDR block. For more information, see Plan a CIDR block.
Connection methods
When you create an office network, you must specify a method used by end users to connect to cloud computers from Alibaba Cloud Workspace terminals. The following connection methods are provided:
Internet (default): End users can connect to the cloud computers only over the Internet. If you select this method, on-premises machines that are used to connect to the cloud computers must be able to access the Internet.
VPC: End users can connect to the cloud computers only over a VPC. If you select this method, you must attach the office network to a Cloud Enterprise Network (CEN) instance. In addition, you must use Express Connect, Smart Access Gateway (SAG), or VPN Gateway to establish a connection between the on-premises and cloud networks. For more information, see Attach and detach an office network to and from a CEN instance and Select a private network service.
Internet and VPC: End users can connect to the cloud computers over both a VPC and the Internet.
Internet access
EDS provides 5 Mbit/s of bandwidth that is free of charge for office networks, which cloud computers can use to access the Internet by default. To manage the Internet access of cloud computers in a fine-grained manner, you can configure global settings and domain whitelists for the office networks in which the cloud computers reside. If you require higher bandwidth, you can purchase premium bandwidth plans for office networks. For more information, see Billable items.
Network connectivity
By default, office networks are isolated from each other. If you want to connect office networks, attach the office networks to the same CEN instance. For more information, see Attach and detach an office network to and from a CEN instance.
Cloud computers in an office network are mutually isolated. To allow connectivity, you can turn on Interconnection Between Cloud Computers in Office Network on the details page of the office network.
File sharing
By default, cloud computers in an office network cannot share files. If you want to share files between cloud computers, you must attach a File Storage NAS (NAS) file system to the cloud computers. For more information, see Mount a NAS file system on a Windows cloud computer or Mount a NAS file system on a Linux cloud computer. You are charged for NAS file systems. For more information, see Billing of General-purpose NAS file systems.
NAS file systems must be automatically mounted on Windows cloud computers.
NoteYou can create only one NAS file system for each advanced office network.
NAS file systems must be manually mounted on Linux cloud computers.
Logon and authentication
To ensure the security of logons, you can enable single sign-on (SSO) and other authentication methods for office networks. The following authentication methods are supported:
SSO: You must configure a trust relationship between an identity provider (IdP), such as Active Directory Federation Service (AD FS), and a service provider (SP), such as EDS Enterprise. When end users log on to Alibaba Cloud Workspace terminals, the system authenticates only the IdP logon credentials of the end users. If the credentials pass authentication, the end users can log on to Alibaba Cloud terminals. For more information, see SSO overview.
MFA: You must bind a virtual multiple-factor authentication (MFA) device that dynamically generates codes when the device receives an authentication request. When end users log on to Alibaba Cloud Workspace terminals by using office network IDs, usernames, and passwords, the end users must also enter a dynamic code. For more information, see Configure MFA.
Client Logon Verification: End users must enter a verification code that the system sends to their email addresses or mobile phones when the end users use new devices to log on to Alibaba Cloud Workspace terminals.
Office network types
EDS Enterprise provides basic and advanced office networks. Basic office networks are formerly known as basic workspaces, and advanced office networks are formerly known as standard workspaces. The following table compares the two types.
Item | Basic | Advanced |
Benefit | You can configure basic settings with ease and the network is ready out of the box. | You can configure advanced settings for robust performance. |
Scenarios |
|
|
Maximum number of cloud computers | 50 | Unlimited |
Account system | Convenience account |
|
Connection method | Internet |
|
Custom IPv4 CIDR block | Not supported | Supported |
CEN attachment | Not supported | Supported |
NAS file system | Not supported | Supported |