All Products
Search

This Product

    Elastic Desktop Service:Create and manage a convenience office network

    Document Center

    Elastic Desktop Service:Create and manage a convenience office network

    Last Updated:Jun 18, 2024

    Elastic Desktop Service (Enterprise Edition) supports the following account types: convenience account type and enterprise Active Directory (AD) account type. When you create office networks (formerly workspaces), you can specify their account types. This topic describes how to create an office network of the convenience account type (hereinafter referred to as a convenience office network).

    Create a basic office network

    Basic office networks are configured with basic settings and can be used out of the box. If you want to use Elastic Desktop Service (Enterprise Edition) or require no more than 50 cloud computers, you can create a basic office network. If you want to learn about the differences between basic office networks and advanced office networks, see the "Office network types" section of the Office network types topic.

    1. Log on to the Elastic Desktop Service console.

    2. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    3. In the upper-left corner of the top navigation bar, select a region.

    4. On the Office Network (Formerly Workspace) page, click Create Office Network.

    5. In the Create Office Network panel, select a region, enter a name for the office network that you want to create, select Basic Office Network, and then click OK.

    Create an advanced office network

    Advanced office networks are configured with advanced settings and provide various features. If you want to configure advanced settings or require more than 50 cloud computers, you can create an advanced office network.

    1. Log on to the Elastic Desktop Service console.

    2. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    3. In the upper-left corner of the top navigation bar, select a region.

    4. On the Office Network (Formerly Workspace) page, click Create Office Network.

    5. In the Create Office Network panel, select Advanced Office Network, configure parameters as prompted, and then click Next: Configure Account System. The following table describes the parameters.

      Parameters

      Parameter

      Description

      Region

      The region where you want to create the office network. For more information about the supported regions and limits, see the "Region" section of the Limits topic.

      Name

      The name of the office network. Follow the on-screen instructions to specify a name.

      IPv4 CIDR Block

      When you create cloud computers in an office network, the system automatically assigns IP addresses to the cloud computers from the CIDR block of the VPC that is used by the office network. The number of IP addresses varies based on the CIDR block. For more information, see Plan a CIDR block.

      By default, you can specify the CIDR block of the virtual private cloud (VPC) to which the office network uses to one of the following IPv4 CIDR blocks and their subnets:

      • 192.168.0.0/16

      • 10.0.0.0/12

      • 172.16.0.0/12

      If you want to use a custom IPv4 CIDR block, submit a ticket to contact Alibaba Cloud technical support.

      Connection Method

      When you create an office network, you must specify a method used by end users to connect cloud computers from Alibaba Cloud Workspace clients. The following connection methods are provided:

      • Internet (default): End users can connect to the cloud computers only over the Internet. If you select this method, on-premises machines that are used to connect to the cloud computers must be able to access the Internet.

      • VPC: End users can connect to the cloud computers only over a VPC. If you select this method, you must attach the office network to a Cloud Enterprise Network (CEN) instance. In addition, you must use Express Connect (circuits), Smart Access Gateway (SAG), or VPN Gateway to establish a connection between the on-premises and cloud networks. For more information, see Attach and detach an office network to and from a CEN instance and Select a private network service.

      • VPC and Internet: End users can use both of the preceding connection methods.

      Note

      The method that you want to use to connect Alibaba Cloud Workspace clients to cloud computers. A VPC connection depends on PrivateLink, which is free of charge. If you select VPC or Internet and VPC, the system automatically activates PrivateLink.

      Attach to CEN

      If you set the Connection Method parameter to VPC, you must set this parameter to Yes. To attach the VPC to Cloud , you can select a CEN instance within the current or from another Alibaba Cloud account.

      Note

      If you connect an on-premises network to the cloud by using Smart Access Gateway, Express Connect, or VPN Gateway, you must attach the office network to the same CEN instance as that of the on-premises network.

      To ensure that cloud computers in the office network can be used as expected, click Check after you specify a CEN instance. The system checks whether the CIDR block of the route of the CEN instance is overlapped with the IPv4 CIDR block of the office network. If the IPV4 CIDR blocks conflict, click View Conflict Details and Recommended CIDR Blocks. Then, specify another IPv4 CIDR block or CEN instance.

    6. In the Account Type section, select Convenience Account and click OK.

    Implement connectivity between cloud computers in an office network

    Cloud computers in an office network are also isolated. To implement connectivity, you can turn on Interconnection Between Cloud Computers in Office Network on the details page of the office network.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Network (Formerly Workspace) page, click the ID of the office network that you created in the previous section to go to the details page.

    4. In the Network section of the details page, turn on Interconnection Between Cloud Computers in Office Network.

    Associate a premium bandwidth plan with an office network

    Elastic Desktop Service (Enterprise Edition) provides free bandwidth of 5 Mbit/s for each cloud computer in an office network. If you want higher bandwidth, you can associate a premium bandwidth plan with your office network. For more information about the billing rules of premium bandwidth plans, see Billable items.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Network (Formerly Workspace) page, click the ID of the office network that you created in the previous section to go to the details page.

    4. In the Bandwidth section of the details page, click Associate.

    5. In the Associate dialog box, select a premium bandwidth plan. If no plan exists, click Buy Premium Bandwidth Plan.

    Manage permissions on Internet access for cloud computers

    By default, the cloud computers in an office network can access the Internet by using the free bandwidth. You can perform the following steps to manage the permissions on Internet access for cloud computers:

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Network (Formerly Workspace) page, click the ID of the office network that you created in the previous section to go to the details page.

    4. In the Bandwidth section of the details page, choose an Internet access policy based on your business requirements:

      • Select Allow all cloud computers to access the Internet. You can configure a list of cloud computers that are not allowed to access the Internet. If you want to specify a list of cloud computers that are not allowed to access the Internet, click Add and specify cloud computers.

      • Select Do not allow access to the Internet. You can configure a list of cloud computers that are allowed to access the Internet. If you want to specify a list of cloud computers that are allowed to access the Internet, click Add and specify cloud computers.

    Configure authentication

    To ensure the security of logons, you can enable single sign-on (SSO) and other authentication for office networks. The following authentication methods are supported:

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Network (Formerly Workspace) page, click the ID of the office network that you created in the previous section to go to the details page.

    4. In the Other section of the details page, click Show in the upper-right corner and turn on or off the following switches to configure authentication:

      • SSO: You must configure a trust relationship between an identity provider (IdP), such as Active Directory Federation Service (AD FS) and a service provider (SP), such as Elastic Desktop Service (Enterprise Edition) . When end users log on to Alibaba Cloud Workspace clients, the system authenticates only the IdP logon credentials of the end users. If the credentials pass authentication, the end users can log on to Alibaba Cloud Workspace clients. For more information, see Overview.

      • MFA: You must bind a virtual multiple-factor authentication (MFA) device that dynamically generates code when the device receives an authentication request. When end users log on to Alibaba Cloud Workspace clients by using office network IDs, usernames, and passwords, the end users must also enter a dynamic code. For more information, see Configure MFA.

      • Client Logon Verification: End users must enter a verification code that the system sends to their email addresses or mobile phones when the end users use new devices to log on to Alibaba Cloud Workspace clients.

      Note

      Multi-factor authentication (MFA), single sign-on (SSO), and Client Logon Verification are mutually exclusive. You can turn on only one of them for an office network.

    View basic information

    You can view basic information about an office network on its details page.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Network (Formerly Workspace) page, click the ID of the office network that you created in the previous section to go to the details page.

    4. In the Basic Information section of the details page, you can view the following information:

      • Name

      • ID

      • Type

      • Status

      • Creation time

      • Region

      • Number of cloud computers

      • Number of users

    Unlock an office network

    If you do not create cloud computers in a convenience office network for 15 consecutive days, the office network is locked and its VPC resources are automatically released. If you want to use the locked office network, perform the following steps.

    Note

    The system does not lock office networks that meet the following conditions:

    • The office networks are attached to CEN instances.

    • The office networks are configured with enterprise private networks. That is, office networks whose Connection Method is set to VPC.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Network (Formerly Workspace) page, find the desired office network and click Unlock in the Status column.

    4. In the message that appears, click Unlock.

      Note

      If you fail to unlock the office network, submit a ticket to obtain Alibaba Cloud technical support.

    Delete an office network

    You can delete office networks in which all cloud computers are released.

    Warning

    Before you delete an office network, make sure that you backed up important resources and data of cloud computers. You cannot restore deleted cloud computers. Proceed with caution.

    1. In the left-side navigation pane, choose Networks & Storage > Office Networks.

    2. In the upper-left corner of the top navigation bar, select a region.

    3. On the Office Network (Formerly Workspace) page, find the desired office network and click Delete in the Actions column.

    4. In the message that appears, read the message and click OK.

    What to do next

    After you create an office network, you can perform the following operations:

    FAQ

    Why am I unable to receive a verification code when I choose a CEN instance from another Alibaba Cloud account?

    You did not specify a method for receiving notifications, or the contact information that you specified was invalid. Perform the following steps to check the notification method and contact information:

    1. Log on to the Elastic Desktop Service console.

    2. In the top navigation bar, click the 通知..png icon to go to Message Center.

    3. In the left-side navigation pane, choose Message Settings > Common Settings.

    4. On the Common Settings page, check whether notification methods that corresponds to the Notifications Regarding the Creation and Activation of Product Instances parameter are selected and whether the contact information is valid.