All Products
Search
Document Center

Elastic Desktop Service:Connect ECS and EDS networks using CEN

Last Updated:Jun 02, 2026

Use Cloud Enterprise Network (CEN) and its Enterprise Edition transit router to connect ECS instances and Elastic Desktop Service (EDS) cloud desktops.

Background information

Elastic Compute Service (ECS) is an Alibaba Cloud IaaS service that provides scalable virtual servers. For more information, see What is ECS?

Cloud Enterprise Network (CEN) runs on Alibaba Cloud's private global network. CEN uses transit routers to connect Virtual Private Cloud (VPC) networks across regions into an enterprise-scale cloud network. For more information, see What is Cloud Enterprise Network?

Limits

  • Only premium office networks can be attached to CEN instances.

  • Supported regions and zones for transit routers

    Area

    Region

    Availability zone

    Chinese mainland

    China (Hangzhou)

    B, H, I, J, K

    China (Shanghai)

    B, E, F, G, L, M, N

    China (Nanjing) (Decommissioning)

    A

    China (Fuzhou) (Decommissioning)

    A

    China (Shenzhen)

    A (New purchases are unavailable to new users), C, D, E, F

    China (Heyuan)

    A, B

    China (Guangzhou)

    A, B

    China (Qingdao)

    B, C

    China (Beijing)

    C, F, G, H, I, J, K, L

    China (Zhangjiakou)

    A, B, C

    China (Hohhot)

    A, B

    China (Ulanqab)

    A, B, C

    China (Chengdu)

    A, B

    China (Zhongwei)

    A, B

    Asia Pacific

    Singapore

    A, B, C, D

    China (Hong Kong)

    B, C, D

    Malaysia (Kuala Lumpur)

    A, B, C

    Indonesia (Jakarta)

    A, B, C

    Philippines (Manila)

    A, B

    Japan (Tokyo)

    A, B, C, E

    South Korea (Seoul)

    A, B

    Thailand (Bangkok)

    A, B

    Europe

    Germany (Frankfurt)

    A, B, C

    UK (London)

    A, B

    North America

    US (Virginia)

    A, B

    US (Silicon Valley)

    A, B

    US (Atlanta)

    To use this region, contact your account manager to request access.

    A, B

    Mexico

    A

    Middle East

    UAE (Dubai)

    A, B

    Saudi Arabia (Riyadh)

    A, B

Example scenario

A company deployed ECS instances in the Alibaba Cloud China (Hangzhou) region and EDS cloud desktops in the China (Hangzhou) region. They are not connected.

To share resources, use CEN to connect VPC1 (ECS) and VPC2 (EDS office network) to an Enterprise Edition transit router in the China (Hangzhou) region. This enables same-region network communication.

Prerequisites

  • Plan non-overlapping IPv4 CIDR blocks for the ECS VPC and the EDS office network. CIDR blocks must not conflict with routes in the CEN instance. For more information, see Plan CIDR blocks.

    This example CIDR block plan is for reference only. Use CIDR blocks appropriate for your requirements.

    Example CIDR block plan:

    Network instance

    Region

    CIDR block plan

    VPC1 for ECS

    China (Hangzhou)

    • VPC CIDR block: 192.168.0.0/18

    • vSwitch CIDR block: 192.168.0.0/24

    VPC2 for the EDS office network

    China (Hangzhou)

    IPv4 CIDR block: 10.0.0.0/14

    Transit router CIDR block

    China (Hangzhou)

    10.10.10.0/24

  • Review the security group rules for VPC1 (ECS) and VPC2 (EDS office network). For more information, see View security group rules.

Before you begin

Procedure

Follow these steps to connect an ECS instance and an EDS cloud desktop using the example scenario and CIDR blocks.

Note

Example values are for reference only. Use values appropriate for your requirements.

Step 1: Create a CEN instance

Create a CEN instance. For detailed instructions, see Create a CEN instance.

Example parameters:

Parameter

Example

Name

test-cen

Description

CEN instance for connecting ECS and EDS.

Step 2: Attach the VPCs to the CEN instance

Attach VPC1 (ECS) and VPC2 (EDS) to a transit router in the China (Hangzhou) region. After attachment, the VPCs automatically learn each other's routes.

Perform the following steps:

  1. Attach VPC1 (for ECS) to the CEN instance.

    1. Create an Enterprise Edition transit router. For detailed instructions, see Create a transit router.

      Example parameters:

      Parameter

      Example

      Region

      China (Hangzhou)

      Edition

      Automatically detected based on the current region.

      Note

      Only one transit router can exist per region. To upgrade an existing Basic Edition transit router, click Upgrade on its details page.View the edition of a transit router.

      Enable multicast

      Keep the default setting.

      Transit router CIDR block

      10.10.10.0/24

    2. Create a VPC connection by using the Enterprise Edition transit router to attach VPC1 to the CEN instance. For detailed instructions, see Create a VPC connection.

      Example parameters:

      Parameter

      Example

      Instance type

      Select VPC.

      Region

      China (Hangzhou)

      Transit router

      Automatically selected.

      Network instance

      Select VPC1 (for ECS).

      vSwitch

      Select a vSwitch in a zone supported by the transit router.

      Note

      Select a vSwitch in each zone to minimize latency.

      Advanced settings

      Keep the default settings.

  2. Attach VPC2 (for the EDS office network) to the CEN instance.

    1. Log on to the EDS enterprise console.

    2. In the left-side navigation pane, choose Networks & Storage > Office Network.

    3. In the top navigation bar, select a region.

    4. On the Office Network page, find the target office network and click Attach to CEN Instance in the Actions column.

    5. In the Attach to CEN Instance dialog box, follow the on-screen instructions.

      Example parameters:

      Parameter

      Description

      CEN Instance ID

      Select the CEN instance from Step 1.

      Peer Account UID

      For cross-account setups, enter the UID of the CEN instance owner.

      Peer CEN Instance ID

      For cross-account setups, enter the CEN instance ID.

Note

For cross-region connectivity, attach VPCs to their regional transit routers and purchase a bandwidth plan.Connect VPCs that belong to different accounts.

Step 3: Configure security group rules

By default, all inbound traffic to EDS cloud desktops is denied. Add inbound security group rules to allow specific traffic.

Note
  • To limit access, authorize only specific cloud desktop IP addresses in the security group rules.

  • If all cloud desktops need access, authorize the ECS VPC CIDR block.

  1. In the ECS console, add an inbound security group rule to allow traffic from VPC2. For detailed instructions, see Create a security group and Add a security group rule.

  2. In the EDS console, add an inbound security group rule to allow traffic from VPC1. For detailed instructions, see Manage security groups.

Step 4: Test the network connectivity

After configuring security group rules, test connectivity. This example assumes all EDS cloud desktops can access the ECS instance.

  1. Connect to a cloud desktop.

  2. On the cloud desktop, ping the ECS instance to test connectivity.

    ping <IP_address_of_the_ECS_instance>

Related documents