This topic describes the network architecture of Elastic Desktop Service (EDS).

Virtual private clouds (VPCs) are logically isolated private networks in the cloud. The network architecture of EDS consists of management VPCs, desktop service VPCs, and workspace VPCs, as shown in the following figure. All of these VPCs are maintained by Alibaba Cloud. The management and desktop service VPCs are used to deploy management components and desktop resources. A workspace VPC is a secure office network created by the system based on the CIDR block that you specified when you created the workspace. Cloud desktops can access resources in a workspace VPC by mounting the network interface controller (NIC) eth1 of the workspace VPC. Network architecture
  • EDS uses workspaces to manage the network division of cloud desktops. When you create a workspace, you must specify a CIDR block of a secure office network. The system then creates a VPC based on the specified CIDR block. All cloud desktops created within the same workspace belong to the same secure office network. The system assigns IP addresses from the specified CIDR block to the cloud desktops.
  • Each cloud desktop has two NICs: eth0 and eth1. eth0 is an internal NIC and is used to control traffic and establish connections between clients and cloud desktops. The IP addresses are assigned by EDS. eth1 is a NIC used to access the Internet or resources in a VPC. The IP addresses are assigned by the system from the CIDR block of the secure office network that is specified when you created the workspace. If your cloud desktop requires Internet access, you must enable the Internet access feature for the corresponding workspace. For more information, see Manage Internet access.
  • By default, cloud desktops in different workspaces cannot access each other. If you require network connectivity, you can attach the secure office networks corresponding to the workspaces to the same Cloud Enterprise Network (CEN) instance. For more information, see Attach a secure office network to or detach a secure office network from a CEN instance.
    Note The secure office networks of workspaces of the enterprise AD account type are already attached to CEN instances when the workspaces were created.