Configure a bastion host to connect to a Windows host - ApsaraDB for MyBase

ApsaraDB for MyBase routes Remote Desktop Protocol (RDP) traffic through a bastion host so you can access Windows hosts without exposing them directly to the internet. This guide walks you through two stages: authorizing a bastion host account to access the host, then connecting via Remote Desktop Connection (RDC).

To access a Linux host instead, see Log on to a host by using a bastion host in Linux.

Prerequisites

Before you begin, ensure that you have:

An ApsaraDB for MyBase dedicated cluster with SQL Server as the engine
The Grant OS Permissions parameter set to Enabled when the dedicated cluster was created — see Create a dedicated cluster
A host account created for the Windows host — see Create a host account

Authorize a bastion host account to access a Windows host

Log on to the ApsaraDB for MyBase console.
In the upper-left corner of the page, select a region.
Find the cluster that you want to manage and click Details in the Actions column.
In the left-side navigation pane, click Bastion Hosts. Find the bastion host that you want to manage, and click Associate with Bastion Host in the Actions column.
Select the ApsaraDB for MyBase host to which you want to log on and click Next.

Create a bastion host account.

Click Create Bastion Host Account. In the Create Bastion Host Account dialog box, configure the following parameters.

Create an account

Parameter	Description
Username	Up to 50 characters. Must include at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters (`_`, `-`, `.`, `%`).
Password	8–64 characters. Must include letters, digits, and special characters (`@`, `#`, `$`).
Confirm Password	Re-enter the password.
Name	Your name. Up to 100 characters.
Email Address	(Optional) Your email address.
Phone Number	(Optional) Your phone number.

Click Create.

Authorize the bastion host account to access the Windows host.
1. Find the bastion host account and click Authorize Host in the Actions column to open the Bastionhost console.
2. On the Users page, find the bastion host account and click Authorize Hosts in the Actions column.
3. On the Authorized Hosts tab, click Authorize Hosts.
4. In the Authorize Hosts panel, select the ApsaraDB for MyBase host to which you want to log on and click OK.
After authorization is complete, return to the Authorize Host wizard and click View Authorized Hosts in the Authorized Host column to confirm which hosts the account can access.

Connect to the host via RDC

Start RDC on your local machine.
Enter <O&M address of a bastion host>:63389 and click Connect.
In the Remote Desktop Connection dialog box, click Yes.
Enter the username and password of the bastion host account and click Login.
(Optional) If multi-factor authentication (MFA) is enabled for the RAM user, enter the verification code from the Alibaba Cloud app and press Enter.
Select the Windows host.
On the asset management page, double-click the host to connect.

What's next

To manage host accounts, see Create a host account.
To access a Linux host using the same bastion host, see Log on to a host by using a bastion host in Linux.