All Products
Search

This Product

    Elastic Desktop Service:Create and manage convenience office networks

    Document Center

    Elastic Desktop Service:Create and manage convenience office networks

    Last Updated:Feb 28, 2026

    Elastic Desktop Service (EDS) organizes cloud computers into office networks (formerly workspaces) that define networking, authentication, and access policies. A convenience office network uses convenience accounts for simplified user management without Active Directory (AD) infrastructure. EDS also supports enterprise AD accounts.

    Create a basic office network

    Basic office networks use default settings and work out of the box. Create one to try EDS or when you need no more than 50 cloud computers. For differences between basic and advanced office networks, see the "Office network types" section of Overview.

    1. Log on to the Elastic Desktop Service Enterprise console.

    2. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    3. In the top navigation bar, select a region.

    4. On the Office Networks page, click Create Office Network.

    5. In the Create Office Network panel, select a region, enter a name, select Basic Office Network, and then click OK.

    Create an advanced office network

    Advanced office networks provide additional configuration options. Create one when you need advanced settings or more than 50 cloud computers.

    1. Log on to the Elastic Desktop Service Enterprise console.

    2. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    3. In the top navigation bar, select a region.

    4. On the Office Networks page, click Create Office Network.

    5. In the Create Office Network step, select Advanced Office Network, configure the following parameters, and then click Next: Configure Account System.

      Parameters

      ParameterDescription
      RegionThe region for the office network. For supported regions and limits, see Regions.
      NameThe name of the office network. Follow the on-screen instructions.
      IPv4 CIDR BlockThe CIDR block of the VPC used by the office network. An IP address from this block is automatically assigned to each cloud computer. The number of available IP addresses determines the maximum number of cloud computers the network supports. Plan your CIDR blocks carefully. For more information, see Plan CIDR blocks. Default options:
      • 192.168.0.0/16
      • 10.0.0.0/12
      • 172.16.0.0/12
      To use a custom IPv4 CIDR block, submit a ticket to contact Alibaba Cloud technical support.
      Connection MethodHow end users connect to cloud computers:
      • The Internet (default): Connections over the Internet only. The on-premises device must have Internet access.
      • Enterprise private network (VPC): Connections through a VPC only. Attach the office network to a Cloud Enterprise Network (CEN) instance, then use Express Connect, Smart Access Gateway (SAG), or VPN Gateway to connect your on-premises network to the cloud. For more information, see Attach an office network to or detach an office network from a CEN instance and How do I choose a private network product?.
      • The Internet and enterprise private network (VPC): Both connection types are supported.
      Attach to CENIf you set the Connection Method parameter to VPC, you must set this parameter to Yes. Select a CEN instance from the current account or another Alibaba Cloud account. If you connect your on-premises network through Smart Access Gateway, Express Connect, or VPN Gateway, select the same CEN instance used by the on-premises network. After you specify a CEN instance, click Check to verify that the CEN route CIDR block does not overlap with the office network IPv4 CIDR block. If a conflict exists, click View Conflict Details and Recommended CIDR Blocks and specify a different CIDR block or CEN instance.
      Note

      A VPC connection depends on PrivateLink, which is free of charge. If you select VPC or Internet and VPC, the system automatically activates PrivateLink.

    6. In the Configure Account System step, select Convenience Account in the Account Type section, and then click OK.

    Enable cloud computer interconnection

    By default, cloud computers within the same office network cannot access each other. Enable interconnectivity to allow communication between cloud computers.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the target office network and click its ID.

    4. In the Network Information section of the details page, turn on Interconnectivity.

    Associate a premium bandwidth plan

    EDS provides free bandwidth of 5 Mbit/s per cloud computer. To get higher bandwidth, associate a premium bandwidth plan with the office network. For billing details, see Billable items.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the target office network and click its ID.

    4. In the Public Bandwidth section of the details page, click Associate.

    5. In the Associate dialog box, select a premium bandwidth plan. If no plan exists, click Buy Premium Bandwidth Plan.

    Manage Internet access for cloud computers

    By default, cloud computers access the Internet through the free basic bandwidth plan. Configure access control policies to manage Internet access per cloud computer.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the target office network and click its ID.

    4. In the Public Bandwidth section of the details page, select an Internet Access Control policy:

      • Allow all cloud computers to access the Internet. You can configure a list of cloud computers that are not allowed to access the Internet: To deny specific cloud computers, click Add and select the cloud computers.

      • Do not allow access to the Internet. You can configure a list of cloud computers that are allowed to access the Internet: To allow specific cloud computers, click Add in the Allow Internet Access section and select the cloud computers.

    Configure logon authentication

    Strengthen end user logon security by configuring one of the following authentication methods in the Other Information section of the office network details page.

    Note

    MFA, SSO, and Client Logon Verification are mutually exclusive. Enable only one per office network.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the target office network and click its ID.

    4. In the Other Information section of the details page, turn on or turn off one of the following:

      • SSO Settings: Configure mutual trust between an identity provider (IdP), such as Active Directory Federation Services (AD FS), and a service provider (SP), such as WUYING Workspace. End users then log on to a WUYING Terminal by authenticating through the IdP. For more information, see Overview.

      • Multi-factor authentication: End users must enter a dynamic verification code from a virtual MFA device in addition to their username and password when logging on with an office network ID (formerly workspace ID). For more information, see Configure MFA for logon.

      • Client logon verification: End users must complete a CAPTCHA verification when logging on from a new device.

    View office network details

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the target office network and click its ID.

    4. In the Basic Information section of the details page, view the following fields: Name, ID, Type, Created At, Instances, Region, and Status.

    Unlock a locked office network

    If no cloud computers are created in a convenience office network for 15 consecutive days, the office network is locked and its VPC resources are automatically released. If you want to use the locked office network, perform the following steps to unlock it.

    Note

    The system does not lock office networks that meet either of the following conditions:

    • The office network is attached to a CEN instance.

    • The Connection Method is set to VPC.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the locked office network and click Unlock in the Status column.

    4. In the confirmation message, click OK.

    Note

    If you fail to unlock the office network, submit a ticket to contact Alibaba Cloud technical support.

    Delete an office network

    You can delete an office network only after all cloud computers in it are released.

    Warning

    Before deleting an office network, back up all important resources and data. Deleted office networks cannot be restored.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the top navigation bar, select a region.

    3. On the Office Networks page, find the target office network and click Delete in the Actions column.

    4. In the confirmation message, read the details and click OK.

    What to do next

    After creating an office network, you can perform the following operations:

    Troubleshooting

    Unable to receive a verification code when selecting a CEN instance from another Alibaba Cloud account

    This issue occurs when no notification method is configured or the contact information is invalid. Verify your notification settings:

    1. Log on to the Elastic Desktop Service Enterprise console.

    2. In the top navigation bar, click the notification icon to go to the Message Center console.

    3. In the left-side navigation pane, choose Message Settings > Common Settings.

    4. On the Common Settings page, verify that notification methods for Notifications Regarding the Creation and Activation of Product Instances are selected and that the contact information is valid.