top of page
Search

OCI Secure Desktop

  • subhash496
  • Feb 13, 2024
  • 2 min read

The Oracle Cloud Infrastructure Secure Desktops service allows an administrator to create a set of identically configured virtual desktops, which individual users can then securely access.



The sections below contains OCI Secure Desktop setup steps for compartments, policies for users and groups, compute images, storage, and network.


Section 1: Setup the OCI Tenancy for Secure Desktop

1.1 OCI Compartment

Create a Compartment for Secure Desktop pool,

Compartment Name: SecureDesktop

ree

1.2 Create Dynamic Group

Create a Dynamic Group

Dynamic group name = DesktopPoolsDynamicGroup

Match any rules defined below

All {resource.type = 'desktoppool', resource.compartment.id = '<CompOCID>'}

ree

1.3 Create Policies

In the root compartment, add the following policies for the DesktopPoolsDynamicGroup dynamic group

Allow dynamic-group DesktopPoolsDynamicGroup to {DOMAIN_INSPECT} in tenancy

Allow dynamic-group DesktopPoolsDynamicGroup to inspect users in tenancy

Allow dynamic-group DesktopPoolsDynamicGroup to inspect compartments in tenancy

Allow dynamic-group DesktopPoolsDynamicGroup to use tag-namespaces in tenancy

Allow dynamic-group DesktopPoolsDynamicGroup to {DOMAIN_INSPECT} in tenancy

Allow dynamic-group DesktopPoolsDynamicGroup to inspect users in tenancy

Allow dynamic-group DesktopPoolsDynamicGroup to inspect compartments in tenancy

Allow dynamic-group DesktopPoolsDynamicGroup to use tag-namespaces in tenancy

Allow dynamic-group DesktopPoolsDynamicGroup to use virtual-network-family in compartment Network

Allow dynamic-group DesktopPoolsDynamicGroup to {VCN_ATTACH, VCN_DETACH} in compartment Network

Allow dynamic-group DesktopPoolsDynamicGroup to manage virtual-network-family in compartment SecureDesktop

Allow dynamic-group DesktopPoolsDynamicGroup to read instance-images in compartment SecureDesktop

Allow dynamic-group DesktopPoolsDynamicGroup to manage instance-family in compartment SecureDesktop

Allow dynamic-group DesktopPoolsDynamicGroup to manage volume-family in compartment SecureDesktop

Allow dynamic-group DesktopPoolsDynamicGroup to manage dedicated-vm-hosts in compartment SecureDesktop

Allow dynamic-group DesktopPoolsDynamicGroup to manage orm-family in compartment SecureDesktop

Allow dynamic-group DesktopPoolsDynamicGroup to {VNIC_CREATE, VNIC_DELETE} in compartment SecureDesktop

Allow dynamic-group DesktopPoolsDynamicGroup to manage instance-configurations in compartment SecureDesktop

ree

1.4 Add a Service Gateway and NAT Gateway to the VCN

Add a Service Gateway and a NAT Gateway to the VCN that will be used for Secure Desktop Pool.

ree
ree

Add routing rules attached to the Secure Desktop VCN for the Service Gateway and NAT Gateway.

ree



Section 2: Create Windows Image

2.1 Create a Windows Compute

Create a Windows compute with following properties:

Networking: Choose a VCN and Private subnet

Image: Choose a Windows flavour that will determine the underlying OS for the guest secure desktops

Shape: Choose a compute shape that reflects the guest secure desktops e.g. VM.Standard.E4.Flex


ree

2.2 Install applications and update windows settings

Install applications on the above windows compute that are required in the guest secure desktop e.g. putty, chrome, Firefox, FileZilla etc


2.3 Create Windows custom image

Click More actions -> Create custom image from the above shown compute screen to create a custom image based on the above compute.

IMPORTANT: Add following tags when creating the custom image:

oci:desktops:is_desktop_image true

oci:desktops:image_os_type Windows

oci:desktops:use_dedicated_host false

ree


Section 3: Create Secure Desktop pool

3.1 Create desktop pool

Create a desktop pool using the VCN & custom image configured in the previous steps.

ree
ree

3.2 Confirm desktop pool status

Confirm the Desktop Pool has been created and in ACTIVE status.

Confirm at least One Desktop image has been created and is in status Active.

ree

Section 4: Setup Users and Groups

4.1 Create Secure Desktop User and Administrator group

Create Secure Desktop Users and Administrator Groups and assign relevant users to the groups.

ree

ree

4.2 Create policies for the Secure Desktop User and Administrator groups

Create Policies for the Secure Desktop Users and Administrator Groups for assigning access to the users to the Secure Desktop pool.

ree
ree


Section 5: Launch Secure Desktop

5.1 Access Secure Desktop Portal

The Secure Desktop default URL is

https://published.desktops.<region>.oci.oraclecloud.com/client

e.g.


Login using users OCI login credentials and confirm launch of the landing page.


ree

5.2 Launch Desktop using Web Client


Click on the desktop-pool-01 or the three dots to launch the desktop in the browser.

Optionally download Windows/Linux/MacOS client to launch the secure virtual desktop.


Note: The virtual desktop may fail to launch due to browser popup blocker. Click on the Pop-ups blocked notification to launch the virtual desktop.

ree
ree

References:





Comments

© 2035 by Analytix. Powered and secured by Wix

bottom of page