Configuring Workspace to Access the Internet

Scenario

After you purchase a cloud desktop, the cloud desktop is in the VPC subnet by default and cannot access the Internet. You need to configure the NAT gateway to share an EIP so that users can access the Internet from the cloud desktop after accessing the cloud desktop. If the cloud desktop has multiple service subnets, the Internet function must be enabled for each service subnet. When a user logs in to a cloud desktop in a subnet for which the Internet is not enabled, the user cannot access the Internet from the desktop.

This section described how to enable the Internet using the purchasing NAT and EIP pages provided by Workspace. You can also access the NAT or EIP page to purchase the service to enable the Internet by referring to How Do I Enable the Internet on Other Cloud Service Pages?

Prerequisites

• You have obtained the region, project, VPC, and subnet information of the desktop that needs to access the Internet.
• You have the permission to perform operations on the NAT and EIP services.
  

  • By default, a Huawei account has the operation permissions on all Huawei Cloud services.
  • To use NAT and EIP, the IAM account created under the Huawei account must be added to the admin user group or a user group with NAT and EIP operation permissions. Go to the IAM page to check whether the user belongs to the admin user group. If not, grant the IAM account the permission to use the NAT and EIP services. For details, see Creating a User and Granting NAT Gateway Permissions and Creating a User and Granting EIP Permissions.

Procedure

1. Log in to the console.
2. Check whether the Internet access address is enabled.
   

   After a desktop is purchased, the Internet access address is enabled by default.

   1. In the navigation pane on the left, choose Tenant Configuration.
   2. Check the status of Internet access address.
      • If the IP address is displayed, the Internet access address is enabled. Go to 3.
      • If Disable is displayed, the Internet access address is disabled. Click Enable and go to 3.
        

        After the Internet access address is disabled, you can enable Internet access address again. After the function is enabled again, the IP address changes. You need to notify the desktop user to use the new IP address to access the desktop.

3. Check whether the desktop can access the Internet.
   1. In the navigation pane on the left, choose Desktops > Desktops.
   2. On the Desktops page, check the Internet column of the desired desktop.
      • If the value is Disabled, end users cannot access the Internet through cloud desktops. See Internet Access Management to enable Internet access.
      • If the value is Enabled, end users can access the Internet through cloud desktops. In this case, skip subsequent operations.
        

        • If the current tenant VPC has multiple service subnets and cloud desktops in each service subnet need to access the Internet, enable Internet access for each service subnet by referring to Internet Access Management.
        • If multiple NAT gateways are created in the same VPC, ensure that the default route in the route table points to all NAT gateways. Check whether the default route in the route table points to all NAT gateways. If no, configure this.

4. (Optional) Configure DNS forwarding.

   If a Windows AD server is connected, you need to configure DNS domain name resolution on the Windows AD server. For details, see 4.a to 4.j. If no Windows AD is connected, skip the following operations.

   1. Log in to the DNS server as the administrator.
   2. On the taskbar in the lower left corner, click .
   3. Click on the right of the Start menu.
   4. The Server Manager window is displayed.
   5. In the navigation pane on the left, click DNS.
   6. In the SERVERS area, right-click a Server name and choose DNS Manager from the shortcut menu.
   7. The DNS Manager dialog box is displayed.
   8. Expand DNS. Right-click the computer name, and choose Properties from the shortcut menu.
   9. On the Advanced tab page, deselect Disable recursion (also disable forwarders) and click Apply.
   10. On the Forwarder tab page, click Edit, enter the default DNS server IP address of the desktop region in the text box, and click OK.
       

       The default DNS server IP address of the desktop region can be obtained from What Are Huawei Cloud Private DNS Server Addresses?

5. Notify end users to use the Internet access address to access cloud desktops.

Follow-up Operations

When a user does not need to access the Internet, see Disabling Internet Access to disable Internet access.