All Products
Search
Document Center

Elastic Desktop Service:EDS shared responsibility model

Last Updated:Jun 03, 2026

WUYING Workspace Enterprise Edition (EDS) security is a shared responsibility between Alibaba Cloud and customers.

Importance of cloud security

China has introduced more than 200 laws and regulations on network and data security, including the Cybersecurity Law and the Data Security Law, imposing strict requirements on enterprise data security. As cloud computing grows, enterprises are shifting focus from how to move to the cloud to how to operate their business securely and continuously in the cloud, making security and compliance a top priority.

Cloud security uses policies, controls, and technologies to protect infrastructure, data, and applications from internal and external threats. Building a secure cloud business is a shared responsibility between Alibaba Cloud and customers. Customers must understand the risks of their cloud business and proactively implement security controls to reduce operational burdens and minimize potential asset loss from security incidents.

EDS shared responsibility model

EDS is an end-to-end, cloud-device integrated solution from Alibaba Cloud. Alibaba Cloud and customers share security responsibilities as follows:

  • Alibaba Cloud is responsible for the "security of the cloud": Alibaba Cloud secures the underlying infrastructure and services that run EDS, including physical hardware, software services, network communications, and management control services.

  • Customers are responsible for "security in the cloud": Customers manage security within EDS. This includes configuring least-privilege permissions for sub-administrators and end users, setting cloud computer policies to control file transfers and website access, and backing up cloud computer data.

The following diagrams detail these responsibilities.

EDS security shared responsibility model

Alibaba Cloud is responsible for the "security of the cloud"

Alibaba Cloud secures the cloud across the following layers, from the bottom up:

  • Physical security

    • Personnel management: Data center suites, power testing areas, and storage rooms are separated with two-factor authentication such as fingerprint access control. Specific areas use cages for physical isolation. Strict account management, identity authentication, authorization, separation of duties, and access controls are enforced.

    • Data center disaster recovery: Dual utility power, redundant power systems, precision air conditioning with hot standby redundancy, and fire/smoke detectors maintain constant temperature and humidity and ensure stable operations.

    • O&M audit: All data center areas have security monitoring. Production systems are accessible only through a Bastionhost, and all operations are fully logged and stored on a log platform.

    • Storage device asset management: Asset management is granular down to the individual storage component level. Each component is assigned a unique hardware identifier for precise tracking of the storage medium or the smallest unit containing it. Storage media cannot leave the data center or secure areas unless securely erased or physically destroyed per established standards.

    • Data destruction: Storage media are securely erased per NIST SP 800-88. When a customer's cloud service is terminated, data assets are promptly deleted and storage media are purged multiple times.

    • Network isolation: Production and non-production networks are securely isolated. Network ACLs ensure that cloud service networks cannot access the physical network. A Bastionhost at the production network border requires multi-factor authentication (domain account password and dynamic password) for all O&M access.

  • Hardware security

    • Hardware firmware security: WUYING Terminals support secure boot and OS image upgrades. Upgrade packages are transmitted over TLS-encrypted channels with signature and integrity checks on the terminal.

      • Secure boot

        WUYING Terminal systems support secure boot on ARM and x86 platforms. Secure Boot ensures that a device loads only known and trusted firmware and operating systems at startup, from the hardware level through OS loading, preventing malware injection during boot.

      • System integrity verification

        Secure boot covers firmware through the OS kernel. WUYING extends the chain of trust to read-only partitions such as `system` and `vendor` using Integrity Measurement Architecture (IMA) and DM-Verity, preventing malicious tampering.

      • Kernel hardening

        • Kernel Address Space Layout Randomization (KASLR): Randomizes the kernel address space layout, making code reuse attacks more difficult and reducing the likelihood of many complex attacks.

        • Stack Protection: Inserts security checks into the stack frame to prevent buffer overflow attacks.

        • Data Execution Prevention (DEP): Distinguishes between data and code regions in memory, preventing data regions from being executed to mitigate overflow-based attacks.

    • Encrypted computing: WUYING Terminals use a Secure Element (SE) — a tamper-proof microcontroller specially designed to securely store and process sensitive information, widely used in finance and payment scenarios. The SE resists physical attacks and includes a cryptographic engine supporting AES, RSA, and ECC algorithms.

    • Trusted computing:

      • Trusted Platform Module (TPM): A dedicated microcontroller that provides hardware-level security per ISO/IEC 11889. Its main goal is to establish and maintain a Root of Trust for computing devices. In WUYING, the TPM participates in the boot process by generating and verifying Platform Configuration Registers (PCRs) to record the software and hardware state during startup, ensuring no unauthorized changes. It also verifies bootloader and OS image integrity to prevent malware injection.

      • Trusted Execution Environment (TEE/TrustZone): A hardware-assisted security architecture that creates an isolated execution area outside the general computing environment (usually the CPU) for protected applications, separate from the Rich Execution Environment (REE) that runs the OS and user applications.

      • Device management: Each WUYING Terminal has a built-in, tamper-proof, non-forgeable, and globally unique trusted identity. The WUYING cloud platform uses this identity for device registration, management, and security audits, preventing unauthorized use and access. Lost or stolen devices can be blacklisted and remotely wiped.

      • System integrity verification: WUYING extends the chain of trust beyond secure boot to read-only partitions such as `system` and `vendor` using IMA and DM-Verity, preventing malicious tampering.

  • Virtualization security

    • Tenant isolation: Hardware virtualization isolates virtual machines on multiple compute nodes at the system level. Tenants cannot access each other's resources.

      • Compute isolation: The management system is isolated from customer virtual machines, and customer virtual machines are isolated from each other.

      • Network isolation: Each virtual network is isolated from other networks.

      • Storage isolation: The architecture is compute-storage decoupled. Virtual machines can only access their allocated physical disk space.

    • Security hardening: The hypervisor and host OS/kernel undergo security hardening. Virtualization software is compiled and runs in a trusted execution environment.

    • Escape detection: Advanced VM placement algorithms prevent malicious VMs from targeting specific physical hosts. VMs cannot probe their host environment. Abnormal behavior triggers detection and hotpatching.

    • Hotpatching: The virtualization platform supports hotpatching technology. The patching process does not require users to restart their systems and does not affect their business operations.

    • Data zeroing: After an instance server is released, a reliable data erasure operation is performed on its original storage media to ensure the security of user data.

    • Virtualization system security: Compute, storage, and network virtualization enable multi-tenant resource isolation in the cloud environment.

  • Cloud platform security and compliance

    • Cloud platform compliance qualifications: Alibaba Cloud holds multiple domestic and international compliance qualifications for customers in regulated industries. Compliance documents are available at Alibaba Cloud Trust Center.

    • Cloud platform compliance capabilities: Alibaba Cloud implements internal and external compliance standards across its platform and products, covering infrastructure security, network security, identity security, host security, data security and personal information protection, and cloud product security.

    • Cloud platform compliance certifications: Alibaba Cloud holds over 140 security and compliance certifications worldwide, verified by independent third-party organizations. These certifications help customers meet regional and industry-specific compliance requirements.

  • Cloud product security

    • End-to-end product security assurance: Alibaba Cloud applies defense-in-depth and zero-trust principles throughout the product lifecycle, using automated and digital security measurement to ensure requirements are met across the platform and its products.

    • Comprehensive Red Team/Blue Team validation: Alibaba Cloud runs internal adversarial exercises at APT-level intensity to identify and fix vulnerabilities. An external white-hat ecosystem and vulnerability bounty program provide additional validation through third-party penetration tests and vulnerability mining.

    • Terminal hardware product security: WUYING provides security protections for hardware terminals across device, firmware, and system layers:

      • Hardware terminals use built-in, non-replicable, and non-forgeable hardware identifiers to ensure the authenticity and uniqueness of the terminal device. User privacy data is encrypted with a unique key per device. Debug and diagnostic interfaces require user authorization. Some terminals, such as WUYING Apsara-Cube Pro and WUYING Ark Pro, support biometric authentication including fingerprint and facial recognition.

      • Hardware terminals support secure boot and OS image upgrades. Upgrade packages are transmitted over TLS-encrypted channels with signature and integrity checks.

      • The terminal system supports vulnerability scanning and patching for kernel and business code. Core system files and services include tamper-proofing and strict permission management.

Customers are responsible for "security in the cloud"

Alibaba Cloud provides security management and configuration tools to help customers secure their EDS workloads. Customer responsibilities include: