If your cloud desktop in a workspace requires Internet access, you can enable Internet access for the workspace. This topic describes how to enable, manage, and terminate Internet access in the Elastic Desktop Service (EDS) console.

Background information

By default, a cloud desktop cannot access the Internet before you enable Internet access for the workspace to which the cloud desktop belongs. After you enable Internet access for the workspace, an Internet access package is associated with the workspace, and your cloud desktop can access the Internet as expected.

When you enable Internet access for the workspace, you are charged for the public bandwidth that you use. For more information, see Billing of the Internet access bandwidth.

Note This topic is applicable only to the latest version of workspaces whose IDs are in the <Region ID>+dir+<10-digit string> format. If your workspace is upgraded from a directory of an earlier version and the workspace ID is in the <Region ID>+dir+<17-character string consisting of letters and digits> format, you can enable Internet access for your cloud desktop by configuring an elastic IP address (EIP) or a network address translation (NAT) gateway. For more information, see Configure an EIP and Configure a NAT gateway.

Enable Internet access

If you enable Internet access for a workspace, all cloud desktops in the workspace can access the Internet. To enable Internet access, perform the following steps:

Notice You cannot use Internet access packages that are purchased from the China site to access the Internet in the China (Hong Kong) region and regions outside China. If cloud desktops in a workspace require Internet access and the Internet access package in the workspace is unavailable due to a region limit, we recommend that you use Cloud Enterprise Network (CEN) to connect to a virtual private cloud (VPC) of the workspace and create a NAT gateway or a proxy server.
  1. Log on to the EDS console.
  2. In the upper-left corner of the top navigation bar, select a region.
  3. In the left-side navigation pane, choose Secure Office Network > Internet access.
  4. On the Internet Access page, click Open Internet Access.
  5. In the Open Internet Access panel, perform the following steps to configure parameters:
    1. Select the workspace that you want to manage.
      If you enable Internet access for a workspace, all cloud desktops in the workspace can access the Internet.
      Note You can enable Internet access for each workspace only once. You can purchase only one Internet access package for each workspace. You cannot re-enable Internet access for a workspace for which Internet access is enabled.
    2. Select a billing method.
      Valid values:
      • Pay-by-data-transfer: You are charged for inbound traffic. You can pay for resources after you use them.
      • Pay-by-bandwidth: You are charged for the public bandwidth based on the specified peak bandwidth value and the usage duration. You must pay for resources before you use them.
    3. If you set Billing Type to Pay-by-bandwidth, you must specify a usage duration.
    4. Specify the peak bandwidth value.
      This value indicates the upper limit for the inbound bandwidth. The upper limit for the outbound bandwidth is one quarter of this value. The upper limits for the inbound bandwidth and outbound bandwidth are not guaranteed performance.
    5. Confirm the fees and click Confirm.
  6. If you set Billing Type to Pay-by-bandwidth, you must follow on-screen instructions to complete the payment before you can proceed.

Manage an Internet access package

When you enable Internet access, you must buy an Internet access package. You can perform the following steps to manage the package:

On the Internet Access page, find the Internet access package that you want to manage.
You can use different methods to manage the Internet access package based on the billing method.
  • Pay-by-data-transfer
    • View the information about the Internet access package

      In the list of Internet access packages, you can view the basic information, egress IP address, and bandwidth monitoring data of the package.

    • Change the peak bandwidth value
      If the peak bandwidth value cannot meet your business requirements, you can change the value.
      1. Click Edit in the Actions column.
      2. In the Edit Internet Access panel, change the peak bandwidth value based on your business requirements.
      3. Confirm the fees and click Confirm.
    • Disable or restore Internet access
      If you want to temporarily disable the access from cloud desktops to the Internet to reduce network bandwidth costs, you can stop using the Internet access package. If you want to restore the access from cloud desktops to the Internet, you need to only continue using the Internet access package.
      1. Click Restore in the Actions column.
      2. In the message that appears, click OK.
    • Terminate Internet access
      If your cloud desktops no longer require access to the Internet, we recommend that you terminate Internet access to prevent additional fees.
      1. Click Delete in the Actions column.
      2. In the message that appears, click Confirm.
    • Disassociate an Internet access package from a workspace
      If all cloud desktops in a workspace no longer need to access the Internet, you can disassociate the Internet access package from the workspace.
      1. Click Disassociate in the Actions column.
      2. In the Disassociate Internet Access Package from Workspace message, click Confirm.
      When you disassociate an Internet access package from a workspace, take note of the following rules:
      • During disassociation: The system deletes specified network speed rules and revokes the Internet access permissions of the workspace. If you want to specify the network speed for and grant Internet access permissions to another workspace, associate an Internet access package with the workspace and proceed with the Internet access settings.
      • After disassociation: The cloud desktops in the workspace cannot access the Internet.
      • After disassociation: You can associate the Internet access package with another workspace in which cloud desktops require Internet access.
  • Pay-by-bandwidth
    • View the information about the Internet access package

      In the list of Internet access packages, you can view the basic information, egress IP address, and bandwidth monitoring data of the package.

    • Renew an Internet access package
      A pay-by-bandwidth Internet access package takes effect for a specific period of time. To ensure that cloud desktops can continue accessing the Internet, renew the package before it expires.
      1. Click Renew in the Actions column.
      2. On the page that appears, select a renewal duration and click Confirm Order.
      3. You must complete the payment before you can proceed.
    • Unsubscribe from an Internet access package
      If you no longer use a pay-by-bandwidth Internet access package, you can unsubscribe from it.
      1. Click Unsubscribe in the Actions column of the package.
      2. On the Unsubscribe page, select the resource and service from which you want to unsubscribe.
      3. Confirm the information and click Unsubscribe.
    • Change the peak bandwidth value
      If the peak bandwidth value cannot meet your business requirements, you can change the value.
      1. Click Change in the Actions column.
      2. On the Change Network page, select Upgrade Configurations or Downgrade Configurations to change the peak bandwidth value.
      3. Check the fees and click Confirm.
      Note After you change the peak bandwidth value, the configuration immediately takes effect for the cloud desktops in the workspace.
    • Disassociate an Internet access package from a workspace
      If all cloud desktops in a workspace no longer need to access the Internet, you can disassociate the Internet access package from the workspace. When you disassociate an Internet access package from a workspace, take note of the following rules:
      • During disassociation: The system deletes specified network speed rules and revokes the Internet access permissions of the workspace. If you want to specify the network speed for and grant Internet access permissions to another workspace, associate an Internet access package with the workspace and proceed with the Internet access settings.
      • After disassociation: The cloud desktops in the workspace cannot access the Internet.
      • After disassociation: You can associate the Internet access package with another workspace in which cloud desktops require Internet access.
      1. Click Disassociate in the Actions column.
      2. In the Disassociate Internet Access Package from Workspace message, click Confirm.
    Note You cannot delete a pay-by-bandwidth Internet access package.

Ports that are connected to private networks

When you connect to a cloud desktop over a private network, clients must allow traffic over specific ports from specific domain names. Traffic over these ports must be allowed at all time. If you enable the firewall on your local computer, one or more ports may become unavailable. In this case, you must allow traffic over the ports. The following table describes related domain names and ports.

Ports at the control layer

Item Domain name Port
Alibaba Cloud DNS (DNS) service N/A 53 (TCP/UDP)
Note Valid values for the IP address of DNS:
  • 100.100.2.136
  • 100.100.2.138
Alibaba Cloud Network Time Protocol (NTP) service For more information about domain names, see Alibaba Cloud NTP server. 123 (TCP/UDP)
Access control link ecd-vpc.region.aliyuncs.com 443 (TCP)

Mapping between the region of an access control link and a domain name

Region Domain name
China (Hangzhou) ecd-vpc.cn-hangzhou.aliyuncs.com
China (Shanghai) ecd-vpc.cn-shanghai.aliyuncs.com
Nanjing Local Region ecd-vpc.cn-nanjing.aliyuncs.com
China (Shenzhen) ecd-vpc.cn-shenzhen.aliyuncs.com
China (Beijing) ecd-vpc.cn-beijing.aliyuncs.com
China (Zhangjiakou) ecd-vpc.cn-zhangjiakou.aliyuncs.com
China (Hong Kong) ecd-vpc.cn-hongkong.aliyuncs.com
Singapore (Singapore) ecd-vpc.ap-southeast-1.aliyuncs.com
Japan (Tokyo) ecd-vpc.ap-northeast-1.aliyuncs.com
Australia (Sydney) ecd-vpc.ap-southeast-2.aliyuncs.com

Ports at the data layer

At the data layer, 10 ports are reserved. To prevent connections from being denied after you increase the number of cloud desktops, we recommend that you reserve 10 ports.

Item Port range
TCP
  • 1494–1503
  • 3496–3505
  • 5912–5921
UDP 5912–5921
IP IP address of the VPC endpoint that corresponds to a workspace