Use Cloud Enterprise Network (CEN) and its Enterprise Edition transit router to connect ECS instances and Elastic Desktop Service (EDS) cloud desktops.
Background information
Elastic Compute Service (ECS) is an Alibaba Cloud IaaS service that provides scalable virtual servers. For more information, see What is ECS?
Cloud Enterprise Network (CEN) runs on Alibaba Cloud's private global network. CEN uses transit routers to connect Virtual Private Cloud (VPC) networks across regions into an enterprise-scale cloud network. For more information, see What is Cloud Enterprise Network?
Limits
Only premium office networks can be attached to CEN instances.
Example scenario
A company deployed ECS instances in the Alibaba Cloud China (Hangzhou) region and EDS cloud desktops in the China (Hangzhou) region. They are not connected.
To share resources, use CEN to connect VPC1 (ECS) and VPC2 (EDS office network) to an Enterprise Edition transit router in the China (Hangzhou) region. This enables same-region network communication.
Prerequisites
Plan non-overlapping IPv4 CIDR blocks for the ECS VPC and the EDS office network. CIDR blocks must not conflict with routes in the CEN instance. For more information, see Plan CIDR blocks.
This example CIDR block plan is for reference only. Use CIDR blocks appropriate for your requirements.
Review the security group rules for VPC1 (ECS) and VPC2 (EDS office network). For more information, see View security group rules.
Before you begin
Create VPC1 based on your planned CIDR block. For detailed instructions, see Create a VPC with an IPv4 CIDR block.
Create an ECS instance in the China (Hangzhou) region and associate it with VPC1.Quick start for Windows instances.
NoteThis example uses a Windows-based ECS instance. Select an OS that fits your requirements.
Create an EDS office network (which creates VPC2) in the China (Hangzhou) region based on your planned IPv4 CIDR block. For detailed instructions, see Create and manage an office network for a convenience account.
Procedure
Follow these steps to connect an ECS instance and an EDS cloud desktop using the example scenario and CIDR blocks.
Example values are for reference only. Use values appropriate for your requirements.
Step 1: Create a CEN instance
Create a CEN instance. For detailed instructions, see Create a CEN instance.
Example parameters:
Parameter | Example |
Name | test-cen |
Description | CEN instance for connecting ECS and EDS. |
Step 2: Attach the VPCs to the CEN instance
Attach VPC1 (ECS) and VPC2 (EDS) to a transit router in the China (Hangzhou) region. After attachment, the VPCs automatically learn each other's routes.
Perform the following steps:
Attach VPC1 (for ECS) to the CEN instance.
Create an Enterprise Edition transit router. For detailed instructions, see Create a transit router.
Example parameters:
Parameter
Example
Region
China (Hangzhou)
Edition
Automatically detected based on the current region.
NoteOnly one transit router can exist per region. To upgrade an existing Basic Edition transit router, click Upgrade on its details page.View the edition of a transit router.
Enable multicast
Keep the default setting.
Transit router CIDR block
10.10.10.0/24
Create a VPC connection by using the Enterprise Edition transit router to attach VPC1 to the CEN instance. For detailed instructions, see Create a VPC connection.
Example parameters:
Parameter
Example
Instance type
Select VPC.
Region
China (Hangzhou)
Transit router
Automatically selected.
Network instance
Select VPC1 (for ECS).
vSwitch
Select a vSwitch in a zone supported by the transit router.
NoteSelect a vSwitch in each zone to minimize latency.
Advanced settings
Keep the default settings.
Attach VPC2 (for the EDS office network) to the CEN instance.
Log on to the EDS enterprise console.
In the left-side navigation pane, choose Networks & Storage > Office Network.
In the top navigation bar, select a region.
On the Office Network page, find the target office network and click Attach to CEN Instance in the Actions column.
In the Attach to CEN Instance dialog box, follow the on-screen instructions.
Example parameters:
Parameter
Description
CEN Instance ID
Select the CEN instance from Step 1.
Peer Account UID
For cross-account setups, enter the UID of the CEN instance owner.
Peer CEN Instance ID
For cross-account setups, enter the CEN instance ID.
For cross-region connectivity, attach VPCs to their regional transit routers and purchase a bandwidth plan.Connect VPCs that belong to different accounts.
Step 3: Configure security group rules
By default, all inbound traffic to EDS cloud desktops is denied. Add inbound security group rules to allow specific traffic.
To limit access, authorize only specific cloud desktop IP addresses in the security group rules.
If all cloud desktops need access, authorize the ECS VPC CIDR block.
In the ECS console, add an inbound security group rule to allow traffic from VPC2. For detailed instructions, see Create a security group and Add a security group rule.
In the EDS console, add an inbound security group rule to allow traffic from VPC1. For detailed instructions, see Manage security groups.
Step 4: Test the network connectivity
After configuring security group rules, test connectivity. This example assumes all EDS cloud desktops can access the ECS instance.
Connect to a cloud desktop.
On the cloud desktop,
pingthe ECS instance to test connectivity.ping <IP_address_of_the_ECS_instance>