This topic describes how to access a Windows host from a bastion host.
Prerequisites
- SQL Server is selected as the engine of your ApsaraDB MyBase dedicated cluster.
- The Grant OS Permissions parameter is set to Enabled when you create the ApsaraDB MyBase dedicated cluster. For more information, see Create a dedicated cluster.
- A host account is created. For more information, see Create a host account.
Authorize a bastion host account to access a Windows host
- Log on to the ApsaraDB MyBase console.
- In the upper-left corner of the page, select a region.
- Find the cluster that you want to manage and click Details in the Actions column.
- In the left-side navigation pane, click Bastion Hosts. Find the bastion host that you want to manage, click Associate with Bastion Host in the Actions column.
- Select the ApsaraDB MyBase host to which you want to log on and click Next.
- Create a bastion host account.
- Click Create Bastion Host Account. On the Create Bastion Host Account dialog box, configure the following parameters.

Parameter |
Description |
Username |
The username of the account that can be used to log on to the bastion host. The username
must meet the following requirements:
- The username can be up to 50 characters in length.
- The username contains at least three of the following types of characters: uppercase
letters, lowercase letters, digits, and special characters.
- Special characters are
underscores (_), hyphens (-), commas (.), and percent signs (%) .
|
Password |
The password of the account that can be used to log on to the bastion host. The password
must meet the following requirements:
- The password can be 8 to 64 characters in length.
- The password contains letters, digits, and special characters.
- Special characters include
at signs (@), number signs (#), and dollar signs ($) .
|
Confirm Password |
Enter the password of the account to confirm that you entered the correct password.
|
Name |
Your name. You can enter up to 100 characters in length. |
Email Address |
Optional. Your e-mail address. |
Phone Number |
Optional. Your phone number. |
- Click Create.
- Authorize the bastion host account to log on to the ApsaraDB MyBase host.
- Find the bastion host account and click Authorize Host in the Actions column. This way, you can log on to the Bastionhost console.

- On the Users page, find the bastion host account and click Authorize Hosts in the Actions column.

- On the Authorized Hosts tab, click Authorize Hosts.
- In the Authorize Hosts panel, select the ApsaraDB MyBase host to which you want to log on and click OK.
Note After the authorization is completed, go to the Authorize Host wizard. Click View Authorized Hosts in the Authorized Host column to check the hosts to which you can log on by using the bastion host account.
Access the host from the bastion host
- Start RDC on your local host.
- Enter
<Bastionhost O&M address>:63389
and click Connect.
- In the Remote Desktop Connection dialog box that appears, click Yes.
- In the login dialog box that appears, enter the username and password used to access
Bastionhost and click Login.
- Optional:If multi-factor authentication (MFA) is enabled for a RAM user, enter the verification
code obtained from the bound MFA device (the Alibaba Cloud app) in the Two Factor
dialog box that appears and click Ok.
- Select the Windows host.
- On the asset management page, double-click the authorized host that you want to access
for O&M.