1. Set up a new OCI tenancy and create a Secure Desktops pool
  2. Prepare

Prepare

A tenancy or a network administrator must perform the following steps to prepare for deployment of a desktop pool:

  1. Set up the tenancy for the desktop pools.
  2. Configure network access, set up compartments, create policies for users and groups.
  3. Import and configure the available images, storage, and network for the desktop administrator.

Set Up Region and Tenancy

Decide whether you want to distribute your desktops across multiple regions in a tenancy.

Create and configure your region or tenancy before deployment. Use clear and specific naming conventions so that your team can easily identify the region or tenancy. For example, name a region-based desktop pool as EMEA-secure-desktops.

Oracle recommends using the OCI Secure Desktops ORM stack to simplify the process of setting up your tenancy. The ORM stack assists with several process tasks to help ensure the tenancy is set up according to best practices. The OCI Secure Desktops ORM deployment stack:

  • Creates policies, dynamic groups, and sets up user access.
  • Creates or onboards existing network resources.
  • Imports a custom image for use in a OCI Secure Desktops pool.

Organize Resources

Create the following resources:

  1. Create or identify compartments to organize resources in your stack:
    Desktops Compartment: Host Compute resources and contain desktop pools and Compute Instances.
    Network Compartment: Host Network resources, the VCN and subnet that will be used by the desktop pool.
    Image Compartment: Store custom images and the compute image used for desktops.
  2. Create a custom image to be used for the desktops and export it to either:
    • A preauthenticated URL
    • Or, an Object Storage bucket

Configure Network Access

Network access to the OCI Secure Desktops service must be set up for each region that will have a desktop pool. You can choose to create a new VCN, or use an existing VCN. Create a new subnet so that you can set up the ingress and egress rules to work for the desktop pool. Define a VCN and subnet in each region that will have a desktop pool.

Optionally, set up a compute image to use for a desktop pool. Import a new image for each desktop pool in each region. You can also import updated images separately. To only import an image, run the ORM Stack in the desired region and unselect Create Desktop Policies and Configure Network Access to Desktops.