Creating a Desktop Pool
Create a pool of identically configured desktops hosted on Oracle Cloud Infrastructure (OCI) by using the Secure Desktops service.
Prerequisites:
Before creating a desktop pool:
- Verify that the tenancy administrator has configured required resources:
- Compartment with access to appropriate groups
- VCN and subnet
- IAM policies
- Users and groups (see Understanding Desktop User Access to a Desktop Pool)
- Custom image (optional)
For more information, see Setting Up the Tenancy.
- Review optional features that can be enabled when you create the desktop pool:
The following settings are immutable and cannot be edited once the desktop pool is created:
- Administrator privileges
- Placement (availability domain)
- Image and shape
- Desktop storage
- Networking (including private access)
- Desktop management inactivity and disconnect settings
- Note
To perform this task, you must be the desktop administrator.- Open the navigation menu and click Compute. Under Secure Desktops, click Desktop Pools.
-
Under List scope, select the compartment that you want to create the pool in.
The compartment determines which user groups can access the pool. See Understanding Desktop User Access to a Desktop Pool.
- Click Create desktop pool.
-
Enter a name for the desktop pool, to be used to list desktops in the Secure Desktops interface (1024-character maximum).
Make the value something meaningful to desktop users. Avoid entering confidential information. You can edit this value later.
-
(Optional) Enter a description for the desktop pool (1024-character maximum).
Users don't see this description. Avoid entering confidential information. You can edit this value later.
-
(Optional) For Pool start time, select the date and time when the pool becomes accessible.
Specifying this value is useful if you want to configure a pool in advance. All times are in Coordinated Universal Time (UTC) format. If you don’t specify a start time, the pool starts immediately after it’s created. You can edit this value later.
-
(Optional) For Pool stop time, select the date and time when the pool stops and becomes inaccessible.
Specifying this value is useful if you want to restrict pool access to a defined period, for example, a trade show. All times are in Coordinated Universal Time (UTC) format. You can edit this value later.
Note
When a pool stops, it’s shut down but not deleted. -
(Optional) For Administrator contact details, enter the information that’s displayed to desktop users if they need to contact the administrator (1024-character maximum).
For example, you might want to include the email of the administrator. Avoid entering confidential information. You can edit this value later.
- (Optional) Select Enable administrator privileges for users on their desktop to allow the desktop users to have administration privileges on their virtual desktops. This setting is immutable and cannot be edited once the desktop pool is created.
-
Under Pool size, specify the following values:
- Maximum size: The maximum number of desktops in the pool.
- Standby size: The number of available, unassigned desktops. Standby desktops consume resources because they’re running and available for immediate allocation to desktop users.
You can edit these values later.
- Under Placement, select the availability domain in which to locate the desktop resources. This setting is immutable and cannot be edited once the desktop pool is created.
-
Under Image and Shape, specify the following values:
- Desktop image:
Select the custom image to use for desktops. See Desktop Images.
- Use dedicated virtual machine host:
(Optional) Select this option to enable the desktops in the pool to be provisioned on Dedicated Virtual Machine Hosts (DVH).
Use dedicated virtual machine hosts to meet compliance and regulatory requirements for isolation that prevent you from using shared infrastructure. You can also use dedicated virtual machine hosts to meet node-based or host-based licensing requirements that require you to license an entire server.
- Desktop virtual machine shape type
Select Flexible or Fixed.
Flexible shapes can be customized to control the number of OCPUs and the amount of memory for the desktop instance. This flexibility lets you optimize desktop performance and minimize cost. For more information, see Flexible Shapes.
Fixed shapes use a predefined configuration and cannot be customized.
- Desktop shape
Select the compute shape for desktops.
The list of available shapes is automatically generated based on your selected desktop image and settings for dedicated virtual machine host and desktop virtual machine shape type.
- For flexible shapes, select a standard flex VM shape.
- For fixed shapes, select a standard VM shape.
Note
If using the dedicated virtual machine host option, only the VM shapes that can be used to provision desktops on the DVH are listed. - Desktop system resource configuration
These options are displayed only when a Flexible shape is selected.
- Select High, Medium, or Low. For each selection, corresponding values for Number of OCPUs and Amount of memory (GB) are displayed:
- High (8 OCPUs, 16GB RAM)
- Medium (4 OCPUs, 8GB RAM)
- Low (2 OCPUs, 4GB RAM)
If the Custom setting is available for the selected shape configuration, you can enter custom values in these fields. This does not apply when using dedicated virtual machine hosts.
- Baseline utilization per OCPU
This option is displayed only when a flexible shape is selected. For flexible OCI standard VM shapes, you can adjust the utilization value to configure the shape for cloud bursting. This does not apply when using dedicated virtual machine hosts.
Select a baseline level of CPU utilization with the ability to burst to a higher level to support occasional spikes in usage. Choices include 100%, 50%, or 12.5%.
This value represents the percentage of CPUs available for base usage. For example, 12.5% indicates that 12.5 percent (or 1/8) of the total OCPU count is available for baseline (non-bursting) usage. 100% baseline utilization indicates no bursting.
Note
- The Number of OCPUs multiplied by the Baseline utilization per OCPU must be equal to or greater than 1. For example, to use 50% baseline utilization, you must specify at least two OCPUs.
-
Cloud bursting is not supported for shielded instances. If you are creating a Windows 11 desktop pool using shielded instances, ensure that baseline utilization is set to 100% (no bursting) to avoid errors during pool creation.
- Select High, Medium, or Low. For each selection, corresponding values for Number of OCPUs and Amount of memory (GB) are displayed:
- Desktop image:
-
(Optional) To provide persistent storage to desktop users by creating a block volume associated with a user, select Enable desktop storage and then specify the following values:
- Desktop storage volume size (GB): The size in gigabytes of the block volume given to each user in the pool. The range is 50 to 10,000. The default value is 50. Enter the storage size, not an increment.
- Backup policy: The volume backup policy to apply to the block volumes used for desktop storage. Optionally, select one of three Oracle defined backup policies (Bronze, Silver, or Gold). The default value is No Policy. You cannot change the backup policy after creating the desktop pool.Note
Secure Desktops does not currently support user defined backup policies.
-
Under Desktop pool network, specify the following values:
- Virtual cloud network: Select the virtual cloud network (VCN) for the desktops in this pool. The VCN is used for connections to the desktop from Secure Desktops and for connections from the desktop.
If the VCN is in a different compartment, click Change compartment to select the compartment and then select the VCN.
See VCNs and Subnets for more information.
- Subnet: Select a subnet in the VCN to use for the desktops.
If the subnet is in a different compartment, click Change compartment to select the compartment and then select the subnet.
See VCNs and Subnets for more information.
- (Optional) To specify one or more network security groups (NSGs) that will include the primary virtual network interface card (VNIC) for the desktop, click Show advanced options and enable the Use network security groups to control traffic setting. Then, select the network security groups to apply. For Secure Desktops, you can specify a maximum of four network security groups.
If network security groups are in a different compartment, click Change compartment to select the compartment and then select the NSGs.
See Network Security Groups for more information.
Note
When planning networking requirements, be sure to include any necessary ingress and egress rules (for example, to the open internet). After a pool is created, its NSG configuration can’t be changed. - Virtual cloud network: Select the virtual cloud network (VCN) for the desktops in this pool. The VCN is used for connections to the desktop from Secure Desktops and for connections from the desktop.
-
(Optional) To enable private access for desktops in this pool by restricting access to a private endpoint within an OCI VCN, under Private access network, enable the Private endpoint access only setting. Then specify the following values for your private network:
- Virtual cloud network: Select the VCN where the private access subnet is configured.
If the VCN is in a different compartment, click Change compartment to select the compartment and then select the VCN.
See VCNs and Subnets for more information.
- Subnet: Select the private access subnet from which desktops will be accessed.
If the subnet is in a different compartment, click Change compartment to select the compartment and then select the subnet.
See VCNs and Subnets for more information.
- Private IP address: Optionally, enter a private IP address to assign to the private endpoint in the private access subnet. The private IP address must be within the selected subnet's CIDR range.
If you do not provide a private IP address, an available IPv4 address from the subnet is automatically assigned.
- (Optional) To specify one or more network security groups (NSGs) for private desktop access, click Show advanced options and enable the Use network security groups to control traffic setting. Then select one or more network security groups to apply. You can specify a maximum of five network security groups.
If network security groups are in a different compartment, click Change compartment to select the compartment and then select the NSGs.
See Network Security Groups for more information.
- Virtual cloud network: Select the VCN where the private access subnet is configured.
-
Under Device access policy, specify how the virtual desktop and the client device interact:
- Clipboard access: Specify whether and how the virtual desktop can access the clipboard on the client device.
- Audio access: Specify whether and how the virtual desktop can access the speakers and microphone on the client device. This option is supported only when using the installed client, and the Audio In (microphone) value is supported only on Windows desktops.
- Drive mapping access: Specify whether and how the virtual desktop can access drives on the client device. If you select Read/Write, users can move content between their local system and the virtual desktop.
You can edit these values later.
-
Under Desktop management policy, set actions for desktop inactivity and disconnect (optionally, to enable desktop hibernation), and schedule recurring times and days to start and stop the desktops in the pool.
Set actions for desktop inactivity and disconnect
- Action on inactivity:
- Select None to indicate no action. This is the default.
- Select Disconnect to automatically disconnect any interactive desktop sessions after a period of inactivity. Then specify the grace period for inactivity (in minutes). Enter a value from 5 to 1440. The default is 60 minutes.
With this setting, desktop sessions are automatically disconnected if they remain idle (inactive) for the specified grace period.
- Action on disconnect:
- Select None to shut down the desktop. This is the default.
- Select Stop to enable desktop hibernation. Then specify a grace period for disconnect (in minutes). Enter a value from 15 to 1440. The default is 60 minutes.
With this setting, when a desktop user ends their desktop session, the desktop stops and enters hibernation after the specified grace period has elapsed. During hibernation, the complete desktop state is retained and all memory is written to disk.
The next time the desktop user accesses their desktop, the desktop exits hibernation and is automatically restored in its previous running state. All applications are open and running just as they were when the desktop was hibernated. All data is preserved on disk or in memory.
Schedule recurring times to start and stop desktops in the poolNote
Scheduling options are disabled when Action on disconnect is set to Stop. The following message is displayed:Desktop scheduling not available with the selected action
.- Regular schedule: Start: (Optional) Set recurring time and days when all desktops in the pool start and become accessible, for example, 7:00 Monday through Friday. All times are in UTC format.
The Start summary displays the schedule based on your schedule settings. The default is No Schedule.
- For Minute, enter a value from 0 through 59.
- For Hour, enter a value from 0 through 23.
- For Day of the week, enter one or more values from 1 through 7, 1 being Sunday and 7 being Saturday. You can specify multiple days. For example, 1-3 indicates Sunday through Tuesday, and 1,3 indicates Sunday and Tuesday.
- Regular schedule: Stop: (Optional) Set recurring time and days when all desktops in the pool stop and become inaccessible.
The Stop summary displays the schedule based on your schedule settings. The default is No Schedule.
Note
When a pool stops, it’s shut down but not deleted.
- Action on inactivity:
-
Click Show tagging options to add tags to the desktop pool.
If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace.
Use tags to enable additional features for the desktop pool:
- Optionally, add a tag to set a custom hostname prefix for desktops in the desktop pool.
- For a Windows 11 desktop pool, add required tags to enable Measured Boot and Secure Boot for shielded desktop instances.
For more information about these tags, see Secure Desktops Tags.
- Click Create.
- Use the desktop-pool create command and required parameters to create a desktop pool in the specified compartment:
oci desktops desktop-pool create --compartment-id <ocid> --display-name <desktop_name> --are-privileged-users <is_admin> --availability-domain <availability_domain> --availability-policy <availability_policy_file> --contact-details <pool_admin_contact> --device-policy <device_policy_file> --is-storage-enabled <has_storage> --storage-size-in-gbs <storage_size> --storage-backup-policy-id <ocid> --maximum-size <max_pool_size> --standby-size <standby_size> --image <image_file> --shape-name <shape> --network-configuration <network_config_file> [OPTIONS]
For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Use the CreateDesktopPool operation to create a desktop pool.