This topic describes the service architecture and network architecture of WUYING Workspace to help you understand the service workflow and network structure.
Service architecture
Users of WUYING Workspace are categorized into the following roles based on the role responsibility and business requirements:
Administrators: personnel who create and maintain cloud computers. Administrators manage office networks (formerly workspaces), cloud computers, policies, images, networks, storage, enterprise applications, and cloud computer templates.
End users: personnel who use cloud computers. End users can access cloud computers from WUYING terminals.
Network architecture
Virtual private clouds (VPCs) are logically isolated private networks in the cloud. WUYING Workspace supports the following VPCs: management VPCs, WUYING Workspace VPCs, and office network VPCs. All the preceding types of VPCs are maintained by Alibaba Cloud.
In management VPCs and WUYING Workspace VPCs, you can deploy management components, cloud computers, and other resources.
Office network VPCs are secure office networks that are created by the WUYING Workspace system based on the IPv4 CIDR blocks that you specify when you create office networks. For more information about office networks, see Overview.
The following figure shows the network architecture.
Network connection
When end users access cloud computers from WUYING terminals, they can connect to the cloud computers over the Internet (Alibaba Cloud networks) or VPCs (office networks). The network types that are used by end users to connect to cloud computers are determined by the attributes that you specify when you create the office networks in which the cloud computers reside.
Access over the Internet
If end users connect to cloud computers over the Internet, make sure that WUYING terminals can access the Internet.
Access over a VPC
If end users connect to cloud computers over VPCs, you must use Express Connect, Smart Access Gateway (SAG), or VPN Gateway to establish network connection between on-premises and off-premises networks.
NoteVPC connection relies on Alibaba Cloud PrivateLink. PrivateLink helps establish private connection between VPC and Alibaba Cloud services. You are not charged for using PrivateLink. If you select VPC or Internet and VPC as the connection method, the system automatically activates PrivateLink.
WarningIf you activate WUYING services by using an Alibaba Cloud account on the China site (aliyun.com) in regions outside the Chinese mainland or an Alibaba Cloud account on the International site (alibabacloud.com) in regions within the Chinese mainland, your business data in the cloud may be transmitted to the geographical locations or regions that you specified. Make sure that you have the permissions to manage business data in the cloud and can adopt technologies and policies to protect data. You must ensure that data transmission complies with legal regulations. For example, the transmitted data must not violate relevant policies or include forbidden or confidential content.
If your operations may involve cross-border data transmission, especially from the Chinese mainland to countries and regions outside the Chinese mainland or between other countries and regions, contact professionals or compliance personnel before you proceed. Make sure that cross-border data transmission abides by legal regulations and policies. For example, you must obtain the permissions on individual information from entities, complete the signing and filling of service terms and agreements, and complete security assessment and other statutory obligations (if applicable).