If you require network connectivity between workspaces or between workspace and data centers, you can use Cloud Enterprise Network (CEN) to implement network connectivity. This topic describes how to attach a virtual private cloud (VPC) that a workspace uses to or detach the workspace VPC from the CEN instance.

Prerequisites

  • A workspace of the convenience account type is created.
  • A CEN instance is created. For more information, see Create a CEN instance.

Background information

CEN is a high availability network that is built on the global private network of Alibaba Cloud that offers high performance and low latency. You can use CEN to establish private network connections between VPCs in different regions or between VPCs and data centers. This helps accelerate network convergence, improve the quality and security of network communication, and connect all network resources. For more information, see What is CEN?

CEN consists of the following parts:
  • CEN instances

    CEN instances are basic network resources that you can use to create and manage interconnected networks. After you create a CEN instance, you can attach different networks to the instance and implement network connectivity between the attached networks.

  • Transit routers

    Transit routers are core components of CEN. When you create a CEN instance, the system creates a transit router instance in each region. Each transit router instance represents a transit router. You can use transit routers to connect network instances that are deployed in the current region to other network instances that are deployed in the same region or different regions. This way, the network instances can communicate with each other. Transit routers support regional route tables, route maps, and cross-region connections. You can also use transit routers to create custom policies for traffic communication, isolation, and redirection based on your business requirements. For more information, see How transit routers work.

  • Bandwidth plans

    You do not need to purchase bandwidth plans for communication between network instances in the same region. You must purchase bandwidth plans and set the cross-region bandwidth to enable communication between network instances across regions. For more information, see Billing.

After you create a CEN instance, you can attach a security office network of a workspace to the CEN instance to implement network connectivity in different scenarios. The secure office network of a workspace indicates the VPC that the workspace uses. For example, if you want your workspace VPC to communicate with another network instance, such as a VPC, virtual border router (VBR), or Cloud Connect Network (CCN) instance, or cloud desktops in different workspaces, attach the workspace VPC to the CEN instance.
Note You can attach the workspace VPC to only one CEN instance. When you configure the VPC of a workspace that is of the enterprise AD account type, you must attach the network to a CEN instance. After you attach the workspace VPC, you cannot detach it from the CEN instance.

Attach a secure office network to a CEN instance

To attach the workspace VPC to a CEN instance, perform the following operations:

  1. Log on to the EDS console.
  2. In the upper-left corner of the top navigation bar, select a region.
  3. In the left-side navigation pane, choose Secure Office Network > Secure office network.
  4. On the Secure Office Network page, find the network that you want to attach and click Attach to CEN Instance in the Actions column.
  5. In the dialog box that appears, select a CEN instance that belongs to your Alibaba Cloud account or another account based on your business requirements.
    • If you click the Same Account tab, you must select the CEN instance to which you want to attach the network from the drop-down list and click Confirm.
    • If you click the Different Account tab, you must enter information about the CEN instance for security verification.
      1. Enter the ID of the CEN instance and the ID of the Alibaba Cloud account to which the instance belongs.
      2. Click Get Verification Code. The system sends a verification code to the email address that is associated with the Alibaba Cloud account.
      3. Click Submit to check whether the specified information is valid and whether the CIDR block of the CEN instance and the IPv4 CIDR block of the workspace overlap.

        If the verification fails, follow the on-screen instructions to proceed.

      4. Click Confirm.
      Note After you attach a workspace to a CEN instance, you can use the instances, such as VPCs, that are attached to the CEN instance to access the workspace. The traffic destined for cloud desktops in EDS is managed by security group policies. By default, only the outbound traffic is allowed. If you want to access cloud desktops, add inbound security group rules. For more information, see Security group control.

Detach a secure office network from a CEN instance

If you no longer need to connect your workspace VPC to other workspaces or data centers, you can detach the workspace VPC from the CEN instance. Perform the following operations:

  1. On the Secure Office Network page, find the network that you want to detach and click Detach from CEN Instance in the Actions column.
  2. In the message that appears, click Confirm.