All Products
Search

This Product

    Elastic Desktop Service:Create and manage convenience office networks

    Document Center

    Elastic Desktop Service:Create and manage convenience office networks

    Last Updated:Feb 11, 2026

    Elastic Desktop Service (EDS) supports the following account types: convenience accounts and enterprise Active Directory (AD) accounts. When you create office networks (formerly workspaces), you can specify their account types. This topic describes how to create an office network of the convenience account type (convenience office network for short).

    Create a basic office network

    Basic office networks are configured with basic settings and can be used out of the box. If you want to try EDS or create no more than 50 cloud computers, create a basic office network. If you want to learn about the differences between basic office networks and advanced office networks, see the "Office network types" section of the Overview topic.

    1. Log on to the Elastic Desktop Service Enterprise console.

    2. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    3. In the top navigation bar, select a region.

    4. On the Office Networks page, click Create Office Network.

    5. In the Create Office Network panel, select a region, enter a name for the office network that you want to create, select Basic Office Network, and then click OK.

    Create an advanced office network

    Advanced office networks are configured with advanced settings and provide various features. If you want to configure advanced settings or require more than 50 cloud computers, create an advanced office network.

    1. Log on to the Elastic Desktop Service Enterprise console.

    2. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    3. In the top navigation bar, select a region.

    4. On the Office Networks page, click Create Office Network.

    5. In the Create Office Network step, select Advanced Office Network, configure parameters as prompted, and then click Next: Configure Account System. The following table describes the parameters.

      Parameters

      Parameter

      Description

      Region

      The region where you want to create the office network. For more information about supported regions and limits, see Regions.

      Name

      The name of the office network. Follow the on-screen instructions to specify a name.

      IPv4 CIDR Block

      When you create a cloud computer in an office network, an IP address is automatically assigned to the cloud computer from the IPv4 CIDR block of the office network's VPC. The number of IP addresses in the VPC CIDR block determines the maximum number of cloud computers that the network can accommodate. Plan your CIDR blocks carefully. For more information, see Plan CIDR blocks.

      By default, you can specify the CIDR block of the virtual private cloud (VPC) to which the office network uses to one of the following IPv4 CIDR blocks and their subnets:

      • 192.168.0.0/16

      • 10.0.0.0/12

      • 172.16.0.0/12

      If you want to use a custom IPv4 CIDR block, submit a ticket to contact Alibaba Cloud technical support.

      Connection Method

      The connection type determines how end users connect to cloud computers within the office network. The supported options include the following:

      • The Internet: Allows connections only over the Internet. This is the default option. To use this method, the on-premises device that is used to connect to the cloud computer must have Internet access.

      • Enterprise private network (VPC): Allows connections only through a VPC. To use this method, you must attach the office network to a Cloud Enterprise Network (CEN) instance. Then, you can use products such as Express Connect (leased lines), Smart Access Gateway (SAG), or VPN Gateway to connect your on-premises network to the cloud network. For more information, see Attach an office network to or detach an office network from a CEN instance and How do I choose a private network product?.

      • The Internet and enterprise private network (VPC): Supports both of the connection types described above.

      Note

      The method that you want to use to connect Alibaba Cloud Workspace terminals to cloud computers. A VPC connection depends on PrivateLink, which is free of charge. If you select VPC or Internet and VPC, the system automatically activates PrivateLink.

      Attach to CEN

      If you set the Connection Method parameter to VPC, you must set this parameter to Yes. To attach the VPC to CEN, you can select a CEN instance within the current or from another Alibaba Cloud account.

      Note

      If you connect an on-premises network to the cloud by using Smart Access Gateway, Express Connect, or VPN Gateway, you must attach the office network to the same CEN instance as that of the on-premises network.

      To ensure that cloud computers in the office network can be used as expected, click Check after you specify a CEN instance. The system checks whether the CIDR block of the route of the CEN instance is overlapped with the IPv4 CIDR block of the office network. If the CIDR blocks conflict, click View Conflict Details and Recommended CIDR Blocks. Then, specify another IPv4 CIDR block or CEN instance.

    6. In the Configure Account System step, select Convenience Account in the Account Type section and click OK.

    Enable interconnection between cloud computers in an office network

    By default, cloud computers within the same office network cannot access each other. To enable connectivity, go to the office network details page and enable the Intra-office Network Cloud Computer Connectivity feature.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Network Information section of the details page, turn on Interconnectivity.

    Associate a premium bandwidth plan with an office network

    EDS provides free bandwidth of 5 Mbit/s for each cloud computer in an office network. If you want higher bandwidth, associate a premium bandwidth plan with your office network. For more information about the billing rules of premium bandwidth plans, see Billable items.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Public Bandwidth section of the details page, click Associate.

    5. In the Associate dialog box, select a premium bandwidth plan. If no plan exists, click Buy Premium Bandwidth Plan.

    Manage permissions on Internet access for cloud computers

    By default, the cloud computers in an office network can access the Internet by using the basic bandwidth plan, which is free of charge. You can perform the following steps to manage the permissions on Internet access for cloud computers:

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Public Bandwidth section of the details page, choose an Internet access control policy in the Internet Access Control policy based on your business requirements:

      • Select Allow all cloud computers to access the Internet. You can configure a list of cloud computers that are not allowed to access the Internet. If you want to specify a list of cloud computers that are not allowed to access the Internet, click Add and specify cloud computers.

      • Select Do not allow access to the Internet. You can configure a list of cloud computers that are allowed to access the Internet. If you want to specify a list of cloud computers allowed to access the Internet, click Add in the Allow Internet Access section and specify cloud computers.

    Configure a logon method and authentication

    To improve end user logon security, you can enable single sign-on (SSO) and other security verification measures.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Other Information section of the details page, turn on or off the following switches based on your business requirements:

      • SSO Settings: After you enable this feature, you must configure mutual trust between an identity provider (IdP), such as Active Directory Federation Services (AD FS) that is associated with your corporate Active Directory (AD), and a service provider (SP), such as WUYING Workspace. After the configuration is complete, end users can quickly log on to a WUYING Terminal by authenticating their identity credentials with the IdP. For more information, see Overview.

      • Multi-factor authentication: After you enable this feature, when end users use an office network ID (formerly workspace ID) to log on to a WUYING Terminal, they must enter a dynamic verification code generated by a virtual MFA device in addition to their username and password. For more information, see Configure MFA for logon.

      • Client logon verification: After you enable this feature, when end users log on from a new device, they must complete a CAPTCHA verification before they can log on.

      Note

      Multi-factor authentication (MFA), single sign-on (SSO), and Client Logon Verification are mutually exclusive. You can turn on only one of them for an office network.

    View basic information

    You can view basic information about an office network on its details page.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to manage and click its ID.

    4. In the Basic Information section of the details page, you can view the following parameters:

      • Name

      • ID

      • Type

      • Created At

      • Instances

      • Region

      • Status

    Unlock an office network

    If you do not create cloud computers in a convenience office network for 15 consecutive days, the office network is locked, and its VPC resources are automatically released. If you want to use the locked office network, perform the following steps to unlock it.

    Note

    The system does not lock office networks that meet the following conditions:

    • Office networks that are attached to CEN instances.

    • Office networks that can be connected over enterprise private networks. That is, office networks whose Connection Method is set to VPC.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the locked office network that you want to manage and click Unlock in the Status column.

    4. In the message that appears, click OK.

      Note

      If you fail to unlock the office network, submit a ticket to contact Alibaba Cloud technical support.

    Delete an office network

    You can delete office networks in which all cloud computers are released.

    Warning

    Before you delete an office network, make sure that you have backed up important resources and data of cloud computers in the office network. You cannot restore deleted office networks. Proceed with caution.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the office network that you want to delete and click Delete in the Actions column.

    4. In the message that appears, read the message and click OK.

    What to do next

    After you create an office network, you can perform the following operations:

    Troubleshooting

    Why am I unable to receive a verification code when I choose a CEN instance from another Alibaba Cloud account?

    You did not specify a method for receiving notifications, or the contact information that you specified was invalid. Perform the following steps to check the notification method and contact information:

    1. Log on to the Elastic Desktop Service Enterprise console.

    2. In the top navigation bar in the EDS console, click the 通知..png icon to go to the Message Center console.

    3. In the left-side navigation pane, choose Message Settings > Common Settings.

    4. On the Common Settings page, check whether notification methods that correspond to the Notifications Regarding the Creation and Activation of Product Instances parameter are selected and whether the contact information is valid.