how to use Express Connect circuits to access cloud computers from WUYING clients over private networks - WUYING Workspace

You can use an Express Connect circuit to establish a connection between an on-premises data center and a virtual private cloud (VPC) on Alibaba Cloud. This topic describes how to use an Express Connect circuit to establish a connection between an on-premises data center and a VPC of WUYING Workspace (Pro Edition). This way, end users can access cloud computers over private networks from Alibaba Cloud Workspace clients (hereinafter referred to as WUYING clients).

Background

Express Connect provides a secure and convenient method to connect on-premises data centers to Alibaba Cloud. You can lease an Express Connect circuit from a third-party Express Connect partner to connect an on-premises data center to an Alibaba Cloud access point. Connections over Express Connect circuits are not exposed to the Internet. Compared with Internet connections, connections over Express Connect circuits are safer and faster, and deliver higher reliability and lower network latency. For more information, see What is a connection over an Express Connect circuit?

Office network VPCs in WUYING Workspace (Pro Edition) are private networks in Alibaba Cloud VPC. When you create an office network, you can specify an IPv4 CIDR block and the WUYING Workspace system can create a VPC for the office network based on the CIDR block.

How it works

The following figure shows how to use an Express Connect circuit to access a cloud computer over a private network.

通过物理专线实现客户端私网访问云桌面-zh..png

Preparations

Before you begin, read the Access a cloud computer over a private network topic and complete the following preparations:

Before you apply for an Express Connect circuit, make sure that an access point is available, a site survey of the third-party Express Connect provider is complete, and you understand the billing of Express Connect circuits.

CIDR blocks and IP addresses are planned. You must plan the CIDR blocks of the data center, the IPv4 CIDR block for the office network, and the peer IP addresses configured on the virtual border router (VBR) based on your business requirements.

In this topic, the CIDR blocks and IP addresses that are described in the following table are used as examples. The actual CIDR blocks and IP addresses that you use shall prevail.

Configuration item	IP address/CIDR block
IPv4 CIDR block of the office network	192.168.0.0/16
CIDR block of the data center	172.30.0.0/24
Peer IP addresses configured on the VBR	IP address (Alibaba Cloud gateway): 10.0.0.1/30 IP address (data center gateway): 10.0.0.2/30 Subnet mask: 255.255.255.252

A Cloud Enterprise Network (CEN) instance is created. If you do not have a CEN instance, create a CEN instance before you proceed. For more information, see Create a CEN instance.
A WUYING client is downloaded and installed.
An Alibaba Cloud Workspace client such as the Windows client, macOS client, or web client is installed on your on-premises device. You can log on to the installed client and check whether you can access your cloud computer over the VPC.

Step 1: Apply for an Express Connect circuit and install the Express Connect circuit

To connect a data center to a VPC of an office network by using an Express Connect circuit, you must first apply for an Express Connect circuit and then install the circuit. For more information, see the "Step 1: Apply for an Express Connect circuit and install it" section of the Connect an on-premises data center to a VPC by using an Express Connect circuit topic.

Step 2: Create a VBR and add a route to the VBR

After you install the Express Connect circuit, you must create a VBR to bridge the Express Connect circuit and the data center.

Log on to the Express Connect console.
Follow the on-screen instructions to create a VBR. Then, add a route that points to the data center to the route table of the VBR. For more information, see the "Step 2: Create a VBR and add a route to the VBR" section of the Connect a data center to a VPC by using an Express Connect circuit topic.

Step 3: Attach the VBR and the office network VPC to a CEN instance

To establish a connection between the office network VPC and the data center, you must attach the office network VPC and VBR to a transit router in Cloud Enterprise Network (CEN). Then, CEN distributes and learns routes to establish the connection.

Attach the office network VPC to a CEN instance

The following section describes how to create an office network and how to attach the VPC of the office network to a CEN instance. In this section, a convenience office network is used as an example. You can also create and attach an enterprise AD office network to a CEN instance in actual business scenarios. For more information, see Create or delete a convenience office network or Create and configure an AD office network.

Log on to the WUYING Workspace console.
In the left-side navigation pane, choose Network & Storage > Office Network (Formerly Workspace).
In the upper-left corner of the top navigation bar, select a region.
Click Create Office Network.

Configure the required parameters and click Next: Configure Account System.

The following table describes the parameters.

Parameter	Description	Example
Region	The region where the office network resides. For information about supported regions and limits, see the "Region" section of the Limits topic.	China (Hangzhou)
Office Network Name	The name of the office network. The name is used to identify the office network and must conform to the naming rules that are displayed in the console.	test001
Custom IPv4 CIDR Block	The IPv4 CIDR block of the office network.	192.168.0.0/16
Connection Method	The method that is used to connect WUYING clients to cloud computers.	VPC
Attach to CEN	Specifies whether to attach the office network to a CEN instance. In this example, Yes is selected. You must select the ID of a CEN instance in the same Alibaba Cloud account or a different Alibaba Cloud account. Then, follow the on-screen instructions to complete the verification.	In this example, the ID of the CEN instance that is prepared in the "Preparations" section of this topic is selected. The CEN instance is created by the same Alibaba Cloud account. Example: cen-ebr75yhfkm8eg3****.

In the Configure Account System step, set the Account Type parameter to Convenience Account. Then, click OK.

Attach the VBR to the CEN instance

After the office network VPC is attached to the CEN instance, CEN automatically creates a Basic Edition transit router by default. In this case, you must connect a VBR to the CEN transit router. This section describes how to attach a VBR to a CEN instance. In this section, a Basic Edition transit router is used as an example. In actual business scenarios, you can also create an Enterprise Edition transit router. For more information, see Transit router CIDR blocks.

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the Basic Settings > Transit Router tab, find the transit router that you want to manage and click Create Connection in the Actions column.

On the Connection with Peer Network Instance page, configure the required parameters to create a VBR connection. The following table describes the parameters.

Parameter	Description	Example
Network Type	The type of instance to which you want to connect.	Virtual Border Router (VBR)
Region	The region where the desired VBR instance is deployed.	China (Hangzhou)
Transit Router	The system displays existing transit routers in the region.	tr-m5ekrwb509owzxp5qd1****
Resource Owner ID	The Alibaba Cloud account to which the instance belongs.	Current Account
Network Instance	The ID of the VBR instance. In this example, the VBR that you created in this topic is selected.	VBR-test

Click OK.

Step 4: Configure a cloud service

After you connect the VBR to the transit router, you can use on-premises networks that are associated with the transit router to access Alibaba Cloud services.

This section describes how to configure a cloud service in a transit router. In this section, a Basic Edition transit router is used as an example. In actual business scenarios, you can follow the on-screen instructions to configure cloud services based on the transit router edition. For more information, see Manage access to cloud services.

Important

For information about CIDR blocks that can be used to access WUYING Workspace, see Port overview.

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the Basic Settings > Transit Router tab, click the ID of the transit router that resides in the region where a desired cloud service is deployed.
On the details page of the transit router, click the Cloud Services tab.
On the Cloud Services tab, click Configure AnyTunnel.

In the Configure AnyTunnel dialog box, configure the parameters and click OK. The following table describes the parameters.

Parameter	Description
Service IP Address	The IP address or CIDR block that the cloud service uses to provide services. Example: 100.118.28.0/24.
Service Region	The region where the cloud service is deployed.
Service VPC	The VPC that is connected to the transit router.
Access Region	The region where the VBR or CCN instance that require access to the cloud service is deployed.
Description	The description of the cloud service.

Note

In most cases, a cloud service uses multiple IP addresses or CIDR blocks. Repeat the preceding steps to add all IP addresses or CIDR blocks of the cloud service.

Step 5: Verify whether a cloud computer can be connected by using a private network

Note

The following example shows how to connect to a cloud computer over a private network. In this section, a WUYING client V5.2.0 is used as an example. You can also use another type of WUYING client to access your cloud computer over a private network based on your business requirements.

Create a user. For more information, see Create a convenience user.
Create a cloud computer in the office network that you created in Step 3 and assign the cloud computer to the user. For more information, see Create a cloud computer or Assign cloud computers to end users.
1. Obtain information, such as the office network ID, username, and password, that is required to log on to the Windows client from the received email.
  1. Double-click the icon to open the Windows client.
  2. Follow the on-screen instructions to enter the username and password.
    Important
    If you log on to a client by using only an office network ID, select Alibaba Cloud VPC.
  3. Click Connection Type, select Alibaba Cloud VPC, and then click Confirm.
  4. Click Next.
  5. Follow the on-screen instructions to enter the username and password. Then, click Next.
2. Connect to the cloud computer.
  If the client logon is successful, your cloud computer is displayed as a card on your screen. You can click Connect Cloud Computer on the card to connect to your cloud computer. If the connection is successful, you can view and use your cloud computer in a new window.
  Important
  If a network request timeout error is reported, the network is inaccessible. In this case, you need to check your parameter settings. After you confirm your parameter settings, you can log on to your client and connect to your cloud computer again.