Creating a Desktop Pool

Enter the following values:

• Name: The name for the desktop pool, to be used to list desktops in the Secure Desktops interface (1024-character maximum). Avoid entering confidential information..

  Make the value something meaningful to desktop users. You can edit this value later.

• Description: A description for the desktop pool (1024-character maximum). Avoid entering confidential information.

  Desktop users don't see this description. You can edit this value later.

• Administrator contact details: Information that’s displayed to desktop users if they need to contact the administrator (1024-character maximum). Avoid entering confidential information.

  For example, you might want to include the email of the desktop administrator. You can edit this value later.

• Enable administrator privileges for users on their desktop: Allow the desktop users to have administration privileges on their virtual desktops. You can't edit this value later.

Select the following options and values:

• Enable pool start time: Selecting this option is useful to configure a pool in advance. If you don’t enable this value and specify a start time, the pool starts immediately after it’s created. You can edit this value later. All times are in Coordinated Universal Time (UTC) format.
  Note
  
  Scheduling options and desktop hibernation are mutually exclusive. To avoid a request error, don't specify pool start or stop times if you plan to enable desktop hibernation in your desktop management policy settings (Action on disconnect set to stop).
• Pool start date: The date when the pool becomes accessible.
• Pool start time: The time when the pool becomes accessible.
• Enable pool stop time: Selecting this value is useful to restrict pool access to a defined period, for example, a trade show or project duration. When a pool stops, it’s shut down but not deleted. You can edit this value later. All times are in Coordinated Universal Time (UTC) format.
  Note
  
  Scheduling options and desktop hibernation are mutually exclusive. To avoid a request error, don't specify pool start or stop times if you plan to enable desktop hibernation in your desktop management policy settings (Action on disconnect set to stop).
• Pool stop date: The date when the pool stops and becomes inaccessible. You can edit this value later.
• Pool stop time: The time when the pool stops and becomes inaccessible. You can edit this value later.

Enter the following values:

• Maximum size: The maximum number of desktops in the pool. You can edit this value later.
• Standby size: The number of available, unassigned desktops. Standby desktops consume resources because they're running and available for immediate allocation to desktop users. You can edit this value later.

Select the availability domain in which to locate the desktop resources. You can't edit this later.

Select or enter the following values:

• Desktop image compartment: The compartment where the custom image is stored. You can edit this value later.
• Desktop image: The image used for the desktops. This can be a standard image or custom image. You can edit this value later, but only to another image with the same OS type, shape, and dedicated virtual machine host setting. See Desktop Images.
  Important
  
  Ensure that the image includes the required tag for use with Secure Desktops:

  oci:desktops:is_desktop_image true

  For more information, see Secure Desktops Tags.

  If you select a Windows image, the Windows license type panel appears. The following details are displayed:

  • Bring your own license (BYOL) image name
  • Image operating system
  • Image operating system version

  The operating system and operating system version are read from the image properties set in the desktop image during custom image creation. Windows 10 or 11 requires you to bring your own license. During custom image creation, you must specify the Windows operating system when importing the image.

  If the operating system displayed is incorrect or unsupported, select a different image, or cancel pool creation and edit the custom image using the following OCI CLI command:

  oci compute image update --image-id <image OCID> --operating-system Windows --operating-system-version "<Windows10 or Windows11>"

  To proceed, select the check box to accept the licensing terms of use.

• Use dedicated virtual machine host: Select this option to enable the desktops in the pool to be provisioned on Dedicated Virtual Machine Hosts (DVH). You can't edit this value later.

  Use dedicated virtual machine hosts to meet compliance and regulatory requirements for isolation that prevent you from using shared infrastructure. You can also use dedicated virtual machine hosts to meet node based or host-based licensing requirements that require you to license an entire server.

• Desktop virtual machine shape type: Select Flexible or Fixed.

  Flexible shapes can be customized to control the number of OCPUs and the amount of memory for the desktop instance. This flexibility lets you optimize desktop performance and minimize cost. For more information, see Flexible Shapes.

  Fixed shapes use a predefined configuration and can't be customized.

• Desktop shape: The compute shape to be used for desktops in the pool. You can't edit this value later.

  The list of available shapes is automatically generated based on the selected desktop image and settings for dedicated virtual machine host and desktop virtual machine shape type.

  • For flexible shapes, select a standard flex VM shape.
  • For fixed shapes, select a standard VM shape.
  For Windows desktop pools that require dedicated virtual machine hosts, use one of the following preferred shapes. These shapes are mapped to DVH shapes for allocation of OCPUs and memory.

  • Flex Low (2 OCPUs, 4GB RAM)
  • Flex Medium (4 OCPUs, 8GB RAM)
  • Flex High (8 OCPUs, 16GB RAM)
  Note
  
  If using the dedicated virtual machine host option, only the VM shapes that can be used to provision desktops on the DVH are listed.
• Desktop system resource configuration:

  These options are displayed only when a Flexible shape is selected.

  • Select High, Medium, or Low. For each selection, corresponding values for Number of OCPUs and Amount of memory (GB) are displayed:
    • High (8 OCPUs, 16GB RAM)
    • Medium (4 OCPUs, 8GB RAM)
    • Low (2 OCPUs, 4GB RAM)

    If the Custom setting is available for the selected shape configuration, you can enter custom values in these fields. This doesn't apply when using dedicated virtual machine hosts.

    Important
    
    For a Windows image, if you select HIGH or enter a custom value greater than 8 OCPUs, ensure that the image is configured to use paravirtualization protocol V1 only:

    1. Open the navigation menu and select Compute. Then select Custom Images.
    2. Select the custom image that you're interested in.
    3. Select Actions and then Edit image capabilities.
    4. For Paravirtualization version, select version 1 only.
    5. For Preferred paravirtualization version for volume attachments, specify a value of 1.
    6. Select Save changes.
  • Baseline utilization per OCPU

    This option is displayed only when a flexible shape is selected. For flexible OCI standard VM shapes, you can adjust the utilization value to configure the shape for cloud bursting. This doesn't apply when using dedicated virtual machine hosts.

    Consider carefully whether bursting is suitable for this desktop pool. Usually, desktops require constant CPU, and choosing to enable bursting might cause performance issues. See Using Flexible Shapes and Bursting for more information.

    Select a baseline level of CPU utilization with the ability to burst to a higher level to support occasional spikes in usage. 100% baseline utilization indicates no bursting.

    Select a baseline level of CPU utilization with the ability to burst to a higher level to support occasional spikes in usage. Choices include 100%, 50%, or 12.5%.

    • The Number of OCPUs multiplied by the Baseline utilization per OCPU must be equal to or greater than 1. For example, to use 50% baseline utilization, you must specify at least two OCPUs.

    • Cloud bursting won't work with shielded instances. If you're creating a Windows 11 desktop pool using shielded instances, ensure that baseline utilization is set to 100% (no bursting) to avoid errors during pool creation.

    • Cloud bursting can't be enabled for Secure Boot instances.
• Set boot volume size for desktops: Instead of using the boot volume size specified by the image, set a specific boot volume size. This might be important for desktops set to hibernate, as extra storage is needed to maintain desktop data when hibernating. See Enabling Desktop Hibernation for more information.
• Boot volume size: The size, in gigabytes, of the boot volume for each desktop in the pool. The size must be greater than the boot volume specified in the image.

Select Enable desktop storage to provide persistent storage to desktop users by creating a block volume associated with a user. Then specify the following values:

• Desktop storage volume size (in GB): The size in gigabytes of the block volume provided to each user in the pool. The range is 50 to 10,000. The default value is 50. Enter the storage size, not an increment. You can't edit this value later.
• Backup policy compartment: The compartment where the backup policy is stored.
• Backup policy: The volume backup policy to apply to the block volumes. The default value is No Policy. You can't change the backup policy after creating the desktop pool.
  Note
  
  Secure Desktops also supports user defined backup policies.

Select the following values:

• Virtual cloud network compartment: The compartment where the virtual cloud network (VCN) is stored. You can't edit this value later.
• Virtual cloud network: Select the VCN for the desktops in this pool. The VCN is used for connections to the desktop from Secure Desktops and for connections from the desktop. You can't edit this value later.

  See VCNs and Subnets for more information.

• Subnet compartment: The subnet in the VCN to use for the desktops. You can't edit this value later.
• Subnet: Select a subnet in the VCN to use for the desktops. You can't edit this value later.

  See VCNs and Subnets for more information.

• Use network security groups to control traffic: Specify one or more network security groups (NSGs) that will include the primary virtual network interface card (VNIC) for the desktop. For Secure Desktops, you can specify a maximum of four network security groups.

  See Network Security Groups for more information.

  Note
  
  When planning networking requirements, be sure to include any necessary ingress and egress rules (for example, to the open internet). After a pool is created, its NSG configuration can’t be changed.
  For each network security group specify the following:
  • Network security group compartment: The compartment where the NSG is stored.
  • Network security group: The name of the network security group.

Select Private access network to enable private access for desktops in this pool by restricting access to a private endpoint within an OCI VCN. Then specify the following values for your private network:

• Virtual cloud network compartment: The compartment where the VCN is configured.
• Virtual cloud network: The VCN where the private access subnet is configured.

  See VCNs and Subnets for more information.

• Subnet compartment: The compartment where the private access subnet is configured.
• Subnet: The private access subnet from which desktops will be accessed.

  See VCNs and Subnets for more information.

• Private endpoint IP address: A private IP address to assign to the private endpoint in the private access subnet. The private IP address must be within the selected subnet's CIDR range.

  If you don't provide a private IP address, an available IPv4 address from the subnet is automatically assigned.

• Use network security groups to control traffic: Select this option to specify one or more network security groups (NSGs) for private desktop access. Then select one or more network security groups to apply, specifying the compartment in each case. You can specify a maximum of five network security groups.

  See Network Security Groups for more information.

Select the following values:

• Clipboard access: Specify whether and how the desktop can access the clipboard on the client device. You can edit this value later.
• Audio access: Specify whether and how the desktop can access the speakers and microphone on the client device. This option is available only when using the installed client, and the Audio in (microphone) value is available only on Windows desktops. You can edit this value later.
• Drive mapping access: Specify whether and how the desktop can access drives on the client device. If you select Read or Write, users can move content between their local system and the virtual desktop. You can edit this value later.
• Camera access: Specify whether the desktop can access a web cam or other type of camera on the client device. You can edit this value later.

Select the following values:

• Action on inactivity: The action to take after a desktop has had no keyboard or mouse input for a specified grace period.
  • Select None to indicate no action. This is the default.
  • Select Disconnect to automatically disconnect any desktops after a period of inactivity. Then specify the grace period for inactivity (in minutes). Enter a value from 5 to 1440. The default is 60 minutes.
• Action on disconnect: Select the action for desktops when they disconnect.
  • Select None to leave the desktop running. This is the default.
  • Select Stop to enable desktop hibernation. Then specify a grace period for disconnect (in minutes). Enter a value from 15 to 1440. The default is 60 minutes. For more information see Enabling Desktop Hibernation.

    After the specified grace period has elapsed the desktop is stopped and enters hibernation. During hibernation, the complete desktop state is retained and all memory is written to disk.

    The next time the desktop user accesses their desktop, the desktop exits hibernation and is automatically restored in its previous running state. All applications are open and running just as they were when the desktop was hibernated. All data is preserved on disk or in memory.

  • Select Delete to enable non persistent desktops. Then specify the grace period for disconnect (in minutes). Enter a value from 5 to 1440. The default is 60 minutes.

    With this setting, desktops are automatically deleted after the specified grace period. This might be suitable if users don't require to store data on their desktops, or a desktop pool is sized for concurrent users rather than total users.

• Use a Schedule to start and/or stop desktops in the pool: Set recurring time and days when all desktops in the pool start and become accessible, for example, 07:00 Monday through Friday. All times are in UTC format.
  Note
  
  Scheduling options are disabled when Action on disconnect is set to Stop. The following message is displayed: Desktop scheduling not available with the selected action.

  Enter the following values for the start and stop schedules:

  • For Minute, enter a value from 0 through 59.
  • For Hour, enter a value from 0 through 23.
  • For Day of the week, enter one or more values from 1 through 7, 1 being Sunday and 7 being Saturday. You can specify multiple days. For example, 1-3 indicates Sunday through Tuesday, and 1,3 indicates Sunday and Tuesday.
  Note
  
  When a pool stops, it’s shut down but not deleted.

• The Start summary and Stop summary displays the schedule based on the values you entered. The default is - meaning no schedule is set.

Select Add tag to add tags to the desktop pool.

If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace.

Optionally, add a tag to set a custom hostname prefix for desktops in the desktop pool.

For more information, see Secure Desktops Tags. For general information about resource tagging, see Resource Tags.

If you're not sure whether to apply tags, ask an administrator or skip this option. You can apply tags later.