• Workspace

  1. Help Center
  2. Workspace
  3. User Guide
  4. Getting Started
  5. Applying for the Workspace Service

Applying for the Workspace Service


Apply for the Workspace service. After you apply for Workspace, a secure and exclusive Workspace infrastructure will be deployed and a dedicated elastic IP address used for accessing Workspace will be allocated to you. The AD is a necessary component used for managing users and desktops. You can create an ECS for deploying the AD on the cloud or use an existing AD. After you apply for the Workspace service, you can create Workspace desktops.


When applying for Workspace, if the existing enterprise AD domain is used, refer to How Do I Interconnect Workspace with Microsoft AD? to enable related ports on the AD server and prepare the following data:

  • Domain name
  • Domain administrator's account and password
  • Active domain controller IP address
  • (Optional) Standby domain controller IP address
  • Active DNS server IP address
  • (Optional) Standby DNS server IP address


  1. Log in to the Workspace management console.
  2. On the Dashboard page, click Apply for Workspace.

    The Apply for Workspace page is displayed.

  3. Select an AZ based on actual conditions.


    An availability zone (AZ) is a physical region where resources use independent power supplies and networks. AZs are physically isolated but interconnected through an internal network, improving HA of applications.

  4. Click View VPC to create a VPC and a subnet.

    For details about how to create a VPC, see the Virtual Private Cloud User Guide.


    You are advised to use 16-bit subnet gateways during VPC creation. After you apply for the Workspace service, do not modify the VPC configuration.

    Workspace reserves the network segment for the NIC on the management plane. Use other network segments when creating subnets in VPCs.

  5. Click to refresh the VPC drop-down list.
  6. Configure the VPC.

    Select the VPC and Service Subnet created in Step 4 and enter Management Subnet.

    • You can select multiple subnets to support more desktops.
    • Use the subnet that is created in Step 4 and dedicated to Workspace. Do not use the subnet dedicated to other services.
    • The service subnet is used by desktops to access applications and resources on ECSs or enterprises internets.
    • The management subnet is used for internal communication among desktops.

  7. Configure the AD domain.

    Check whether your enterprise has an AD domain.

  8. Create an AD domain.

    Set the Domain NameDomain Administrator AccountDomain Administrator Password, and Confirm Password parameters of the new AD domain.

    After an AD domain is created, go to Step 10.


    To ensure system security, you need to change the password periodically. You are advised to change the password every three months.

  9. Connect to the existing domain.

    Set the Domain NameDomain Administrator AccountDomain Administrator PasswordPrimary Domain Controller IP AddressStandby Domain Controller IP AddressActive DNS IP Address, and Standby DNS IP Address parameters of the existing domain.


    Workspace supports only AD servers running Windows Server 2008 or later. When you use an existing AD domain, ensure that the related ports of the firewall are enabled. For details, see How Do I Interconnect Workspace with Microsoft AD?.

  10. Specify the network access mode. By default, Internet access is selected. You can select multiple options.


    The DirectConnect access mode provides the load balancing capability. Therefore, enterprises do not need to deploy third-party load balancers before access addresses.

  11. Click Apply Now. The Workspace service application is complete.

    • The application process takes about 40 minutes.
    • The system creates WorkspaceManagerSecurityGroup and WorkspaceUserSecurityGroup security groups in the VPC during the application. WorkspaceManagerSecurityGroup is used for management components, and WorkspaceUserSecurityGroup is used for user desktops. By default, only desktops in the WorkspaceUserSecurityGroup security group can access each other. If you want to access a desktop in the security group from an external desktop, choose VPC > Security Groups to modify the configurations.