Cloud computers can be accessed from Alibaba Cloud Workspace clients over the Internet or a virtual private cloud (VPC). To connect to a cloud computer over a VPC, the on-premises network used by the client must be connected to the office network of the cloud computer. For a clear understanding of the connection mechanism and how to establish connections between on-premises and off-premises networks, we recommend that you read this topic before you proceed.
Background information
When connecting to a cloud computer from an Alibaba Cloud Workspace client, you can select Internet or VPC as the connection method, depending on the office network configuration of the cloud computer. The following table describes the network connection methods provided in the Elastic Desktop Service (EDS) Enterprise console.
Connection method | Description |
Internet | The gateway of a cloud computer can be connected only over the Internet from an Alibaba Cloud Workspace client. |
VPC | The gateway of a cloud computer can be connected only over an enterprise VPC from an Alibaba Cloud Workspace client. |
Internet and VPC | The gateway of a cloud computer can be connected over the Internet or a VPC from an Alibaba Cloud Workspace client. |
Network architecture
You can attach the internal network of your data center and the VPC of the office network of a cloud computer to a Cloud Enterprise Network (CEN) instance by using Express Connect, Smart Access Gateway (SAG), or VPN Gateway. This can establish connection between the data center and all cloud resources in the VPC of the office network, as shown in the following figure.
In the preceding figure:
The VPC-based connection relies on hybrid cloud deployment capabilities provided by CEN, enabling access to cloud resources through private connections established between on-premises data centers and VPCs. Access from Alibaba Cloud Workspace clients to cloud computers relies on management and data links. You must ensure proper route configurations for both the management and data links. CEN enables private connections between network instances, including VPCs, virtual border routers (VBRs), and cloud connect networks (CCNs), allowing seamless communication between on-premises and off-premises resources. For more information, see What is CEN? or Combine multiple connection methods to build an enterprise-class hybrid cloud.
VPCs are isolated private networks within the cloud environment. In EDS Enterprise, networks are categorized into management VPCs and office network VPCs, both managed by Alibaba Cloud. Management VPCs support management components, while office network VPCs, also known as secure office networks, are dedicated VPCs assigned specific CIDR blocks for office networks.
Express Connect can connect the internal network of an on-premises data center to an Alibaba Cloud endpoint by using an Express Connect circuit. One end of the circuit connects the gateways of the data center, and the other end connects to a VBR. When you attach the VBR and office network VPC to the same CEN instance, the data center can access resources in the VPC. For more information, see Express Connect.
SAG is a software-defined wide area network (SD-WAN) service provided by Alibaba Cloud, typically used in conjunction with CCN. For more information, see What is SAG?
VPN Gateway provides secure connectivity between multiple sites. VPN Gateway allows you to establish secure and reliable connections between a data center and an Alibaba Cloud VPC by creating encrypted tunnels. The user VPC in the preceding figure is required because VPN Gateway typically needs to create a server within the VPC in the cloud. Therefore, providing a VPC is necessary to deploy a server in the VPN solution. For more information, see What is VPN Gateway?
Network access solutions
To access cloud computers from Alibaba Cloud Workspace clients over VPCs, you must first connect the on-premises networks of the clients to the VPCs. Alibaba Cloud provides solutions such as SAG, VPN Gateway, and Express Connect to enable network connectivity. You must select the appropriate solution from the following table based on your business requirements.
Solution | Description | References |
SAG APP | A SAG app is a software client for SAG that can be installed on devices such as on-premises computers or mobile phones. Once installed, the app enables access to cloud computers over CCN. | |
VPN Gateway (IPsec-VPN) | VPN Gateway supports IPsec-VPN and SSL-VPN connections. For more information, see VPN gateways. The IPsec-VPN feature enables secure connections between a data center and a VPC, or between two VPCs, allowing access to a cloud computer from an Alibaba Cloud Workspace client over a VPC. | |
VPN Gateway (SSL-VPN) | The SSL-VPN feature allows an Alibaba Cloud Workspace client to access applications and services deployed in a VPC, thus enabling cloud computer access over the VPC. | |
Express Connect | Alibaba Cloud Express Connect enables high-speed, stable, and secure private network connections between data centers and VPCs through Express Connect circuits. For more information, see Connection over an Express Connect circuit. You can use an Express Connect circuit and an IPsec VPN connection to set up active/standby links for accessing cloud computers over VPCs. | Access cloud computers by Using Express Connect circuits over VPCs |