Use Workbench to connect to a Windows instance over RDP - Elastic Compute Service

Workbench is a web-based remote connection tool provided by Alibaba Cloud. Workbench operates within a browser to allow you to connect to an Elastic Compute Service (ECS) instance without the need for additional software. You can connect to an ECS instance by using the public or private IP address assigned to the instance and perform O&M operations on the instance. This topic describes how to connect to a Windows ECS instance by using Remote Desktop Protocol (RDP) and GUI.

Prerequisites

Before you connect to a Windows ECS instance by using RDP, complete the following preparations:

Check the instance status. You can connect to the ECS instance only when the instance is in the Running state.
Complete permission-related operations for using Workbench: If permission issues occur, contact the Alibaba Cloud account owner or an administrator to grant the required permissions on Workbench. For more information, see the Workbench service-linked role section of the "Connect to an instance through Workbench" topic.
Configure security groups to which the instance is assigned. Add security group rules to the security groups to allow the IP addresses related to Workbench to access the ECS instance. The security group rules vary based on the network type of the instance. For more information, see the Security group settings related to Workbench section of the "Connect to an instance through Workbench" topic.
If no security group is specified, you can specify a security group as prompted in the Instance Login dialog box of Workbench. You can configure a security group as prompted.

Procedure

In this example, an ECS instance running Windows Server 2022 is used. By default, port 3389 is used as the RDP port. If you want to use another port as the RDP port to connect to the instance, see the Specify the RDP port section of this topic.

By default, a Workbench session persists for 6 hours. If no operation is performed for more than 6 hours in the session, the session is closed and you must reconnect to the instance by using Workbench.

In the ECS console, find the instance to which you want to connect and go to the Instance Login dialog box of Workbench.
1. Go to ECS console - Instance.
2. In the top navigation bar, select the region and resource group of the resource that you want to manage.
3. Click the ID of the instance to which you want to connect. On the Instance Details page, click Connect in the upper-right corner.
4. In the Remote connection dialog box, click Sign in now in the Workbench section.

In the Instance Login dialog box, configure the parameters.

Configure basic information about the instance.

Note

By default, Workbench uses the default RDP port (3389) when you connect to a Windows instance. For information about how to change the RDP port, see the Specify the RDP port section of this topic.

Parameter

Description

Instance

The information of the current instance is automatically populated. You can also enter the IP address or the name of another instance.

Connection

To connect to an instance that resides in a virtual private cloud (VPC), use the public or private IP address of the instance.
If a public IP address is assigned to an instance in the classic network, you can use only the public IP address to connect to the instance. Otherwise, you can use the internal IP address to connect to the instance.

For information about different network types, see Overview of VPC and IP addresses of ECS instances in the classic network.

Select an authentication method in the Authentication field.

The following table describes the different authentication methods.

Authentication method	Description
Password-based	Enter a username, such as root or ecs-user, and the logon password.
Credential-based	Credential-based authentication allows you to save the username and password or username and key pair as credentials. If you select this authentication method, select a credential in the Credential field, without the need to enter the username, password, or key pair. For information about how to create a credential, see the Use credential-based authentication section of this topic.

After you specify the preceding parameters, click OK.
After you connect to the Windows instance, the Windows desktop appears. You can manage your instance based on your business requirements.

More features

Specify the RDP port

To specify the RDP port, click More Options in the Instance Login dialog box, as shown in the following figure.

Use credential-based authentication

Credential-based authentication allows you to save the username and password or username and key pair as credentials. If you select this authentication method, select a credential in the Credential field, without the need to enter the username, password, or key pair. To create a credential, perform the following steps.

Note

You cannot share the credential with other accounts. Only the credential creator can use the credential to connect to the instance.

Go to the Add Credential dialog box, as shown in the figure.
1. In the Instance Login dialog box, set Connection to a public or private IP address.
2. Select Credential-based for the Authentication parameter.
3. Click Create Credential in the Credential field to go to the Add Credential dialog box.

In the Add Credential dialog box, configure credential parameters.
Take note of the following parameters. To specify other parameters, follow on-screen instructions.
- Username: the name of the logon user.
- Credential Type: Select Password.
- Password: the logon password that corresponds to the username.
Click OK.

Issues

If you cannot connect to a Windows instance, troubleshoot the issue by following the procedure described in RDP connection issues.