1. Enable private desktop access with OCI Secure Desktops
  2. About Private Endpoints for Desktop Pools

About Private Endpoints for Desktop Pools

Oracle Cloud Infrastructure (OCI) Secure Desktops is a cloud-native, managed service that ensures the security and reliability of your desktop environments.
Use OCI Secure Desktops to allow your global workforce to access enterprise data with a secure, centrally controlled, customizable, and consistent experience, regardless of the device used to access the desktop. Since only a view of the virtual desktop is rendered and actual data is not transmitted, your enterprise can be confident that their data is secure in the event of a lost or stolen device.

You may need secure, private access from your virtual cloud network (VCN) or on-premises networks to OCI services. You can enable service private endpoints or service gateway for private connectivity. Compare both types of private access and learn about the differences and the unique use cases to make your deployment successful.

You can privately access services hosted in OCI from your on-premises network by using OCI private access technologies, such as FastConnect private peering and VPN Connect. You can set up access from hosts within your VCN or your on-premises network.

In this solution playbook, you learn how IT administrators and architects can deploy OCI Secure Desktops with private access endpoints securely and efficiently.

Before You Begin

Before you begin, perform the following prerequisites before configuring a Desktop Pool with a private endpoint:

  • Configure required policies for the resources you are working with.

    See Prerequisite: IAM Policies Required to Manage Private Endpoints for more information.

  • Create a VCN within the region that will access your Desktop Pools.

    See VCNs and Subnets for more information.

  • Configure a subnet within your VCN configured with default DHCP options.

    See DNS in Your Virtual Cloud Network for more information.

    Note:

    You require availability of address spaces in the VCN for additional subnets to perform host name resolution when you access desktops from an on-premises network.
  • (Optional) Before configuring a private endpoint, specify a Network Security Group (NSG) within your VCN. The NSG specifies rules for connections to Oracle Autonomous Database.

    See Network Security Groups for more information.

About Required Services and Roles

This solution requires the following services and roles:
  • Oracle Cloud Infrastructure (OCI)
  • Oracle Cloud Infrastructure Identity and Access Management
  • Oracle Cloud Infrastructure Networking

These are the roles needed for each service.

Service Name: Role Required to...
OCI: Tenancy administrator Performs the initial deployment of the ORM stack. Create policies for users and groups.

Note:

The Tenancy administrator has permissions to deploy all the stacks. Oracle recommends that you use dedicated roles to perform individual deployments based on your organizational needs.
OCI: IAM (Identity Domain) Administrator Manage users, groups, applications, system configuration, and security settings.
OCI: Network Administrator Manage the network components including VCNs, subnets, security rules, and Bastions.
OCI: Security Administrator Inspect access to resources such as compute, network, and complete access to observability and management services.

See Oracle Products, Solutions, and Services to get what you need.