Workbench allows multiple users to connect to a single Elastic Compute Service (ECS) instance at the same time. Workbench is more efficient and convenient than Virtual Network Console (VNC).

Prerequisites

  • A logon password or a key is configured for the Windows instance to which you want to connect.
    Note The ECS console cannot be used to bind key pairs to Windows instances. If you want to use a key to log on to a Windows instance, you can enable the sshd service (such as Cygwin SSHD or WinSSHD in Windows) and configure a key on the instance. For more information about how to enable the sshd service in Windows, see Get started with OpenSSH.
  • The instance is in the Running state.
  • Security group rules are added to allow the IP addresses related to the Workbench service to access the instance. For more information, see Add security group rules to allow Workbench access to a Windows instance.

Background information

By default, a Workbench remote session persists for 6 hours. If you do not perform operations for 6 hours, the remote connection is closed. You must reconnect to the instance.

Workbench can be used to connect to ECS instances over one of the following protocols:
  • Remote Desktop Protocol (RDP): By default, Windows instances are connected by using RDP. RDP can also be used to connect to Linux instances on which remote desktop services are enabled. For information about how to connect to a Windows instance over RDP, see the Connect to a Windows instance over RDP section.
    Note If you want to connect to an instance over RDP, make sure that the public bandwidth is at least 5 Mbit/s. If the public bandwidth is less than 5 Mbit/s, the remote desktop freezes.
  • SSH: By default, Linux instances are connected by using SSH. SSH can also be used to connect to Windows instances on which a GNU-like system such as Cygwin is installed. For information about how to connect to a Windows instance over RDP, see the Connect to a Windows instance over SSH section.

Connect to a Windows instance over RDP

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Instances & Images > Instances.
  3. In the top navigation bar, select a region.
  4. On the Instances page, find the instance to which you want to connect, and click Connect in the Actions column.
  5. In the Connection and Command dialog box, click Connect in the Workbench Connection section.
  6. In the Instance Login dialog box, specify parameters.
    The following table describes the required parameters in the dialog box.
    Parameter Description
    Instance The information of the current instance is automatically populated. You can also manually enter the IP address or name of another instance.
    Connection
    • To connect to instances in virtual private clouds (VPCs), you can use the public or private IP addresses of the instances.
    • To connect to instances in the classic network, you can use their public or internal IP addresses.
    Username and Password Enter a username, such as Administrator, and its password.
    In the lower part of the dialog box, click More Options to show the optional parameters described in the following table.
    Parameter Description
    Resource Group By default, All is selected. You can manually select a resource group from the drop-down list.
    Region By default, All is selected. You can manually select a region from the drop-down list.
    Protocol By default, Remote Desktop (RDP) is selected.
    Port When Protocol is set to Remote Desktop (RDP), this parameter is automatically set to 3389.
  7. Click OK.
If all of the requirements specified in the prerequisites are met but the instance cannot be connected, perform the following checks on the instance:
  • Check whether a remote desktop service (such as Remote Desktop Services in Windows) is enabled. If not, enable a remote desktop service.
  • Check whether the required remote desktop port (typically port 3389) is enabled. If not, enable the port.
  • If you log on to the Windows instance as a non-administrator user, the user must belong to the Remote Desktop Users group.

Connect to a Windows instance over SSH

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Instances & Images > Instances.
  3. In the top navigation bar, select a region.
  4. On the Instances page, find the instance to which you want to connect, and click Connect in the Actions column.
  5. In the Connection and Command dialog box, click Connect in the Workbench Connection section.
  6. In the Instance Login dialog box, specify parameters.
    1. In the lower part of the dialog box, click More Options
    2. Set Protocol to Terminal Connection (SSH).
    3. In the Confirm message, click OK.
    4. Specify the parameters described in the following table.
      Parameter Description
      Resource Group By default, All is selected. You can manually select a resource group from the drop-down list.
      Region By default, All is selected. You can manually select a region from the drop-down list.
      Instance The information of the current instance is automatically populated. You can also manually enter the IP address or name of another instance.
      Connection
      • To connect to instances in VPCs, you can use the public or private IP addresses of the instances.
      • To connect to instances in the classic network, you can use their public or internal IP addresses.
      Port When Protocol is set to Terminal Connection (SSH), this parameter is automatically set to 22.
      Username, Password, and Private Key Enter a username such as root and select an authentication method. The following authentication methods are supported:
      • Password-based: Enter the password of your specified username.
      • Certificate-based: Enter or upload a certificate. If the certificate is encrypted, enter its key passphrase.
      Language Select your preferred language. The selected language affects the outputs of the instance. We recommend that you select Default for Workbench to detect the language settings of the instance and make configurations accordingly.
      Character Set Select your preferred character set. The selected character set affects the outputs of the instance. We recommend that you select Default for Workbench to detect the character set settings of the instance and make configurations accordingly.
  7. Click OK.
If all of the requirements specified in the prerequisites are met but the instance cannot be connected, perform the following checks on the instance:
  • Check whether the sshd service (such as Cygwin SSHD or WinSSHD in Windows) is enabled. If not, enable the sshd service.
  • Check whether the required terminal connection port (typically port 22) is enabled. If not, enable the port.
  • If you log on to the Windows instance as a non-administrator user, the user must belong to the Remote Desktop Users group.

Add security group rules to allow Workbench access to a Windows instance

This section describes how to add rules to security groups of different network types in the ECS console to allow Workbench access to a Windows instance.
  • If you want to connect to a Windows instance in a VPC, find a security group of the instance, go to the Security Group Rules page, and then add a rule on the Inbound tab. The following table describes the parameters to be configured for the rule.
    NIC Type Rule Direction Action Protocol Type Port Range Priority Authorization Type Authorization Object
    N/A Inbound Allow
    • If port 3389 is enabled by default on the Windows instance, select RDP (3389).
    • If you have manually enabled other ports on the Windows instance, select Custom TCP.
    • If port 3389 is enabled by default on the Windows instance, 3389/3389 is automatically entered after you select the protocol type.
    • If you have manually enabled other ports on the Windows instance, enter a corresponding port range.
    		1 IPv4 CIDR Block
    • If you want to connect to the instance by using its public IP address, specify 161.117.90.22. The public IP address can be the public IP address that is automatically assigned to the instance or an elastic IP address (EIP) that is associated with the instance.
    • If you want to connect to the instance by using its private IP address, specify 100.104.0.0/16.
    Note You can also specify 0.0.0.0/0 as the authorization object to allow inbound access from all IP addresses. However, this imposes security risks. Proceed with caution.
  • If you want to connect to a Windows instance in the classic network over the Internet, find a security group of the instance, go to the Security Group Rules page, and then add a rule on the Internet Ingress tab. The following table describes the parameters to be configured for the rule.
    NIC Type Rule Direction Action Protocol Type Port Range Priority Authorization Type Authorization Object
    Public Inbound Allow
    • If port 3389 is enabled by default on the Windows instance, select RDP (3389).
    • If you have manually enabled other ports on the Windows instance, select Custom TCP.
    • If port 3389 is enabled by default on the Windows instance, 3389/3389 is automatically entered after you select the protocol type.
    • If you have manually enabled other ports on the Windows instance, enter a corresponding port range.
    		1 IPv4 CIDR Block If you want to connect to the instance by using its public IP address, specify 161.117.90.22. The public IP address can be the public IP address that is automatically assigned to the instance or an EIP that is associated with the instance.
    Note You can also specify 0.0.0.0/0 as the authorization object to allow inbound access from all IP addresses. However, this imposes security risks. Proceed with caution.
  • If you want to connect to a Windows instance in the classic network over the internal network, find a security group of the instance, go to the Security Group Rules page, and then add a rule on the Internal Network Ingress tab. The following table describes the parameters to be configured for the rule.
    NIC Type Rule Direction Action Protocol Type Port Range Priority Authorization Type Authorization Object
    N/A Inbound Allow
    • If port 3389 is enabled by default on the Windows instance, select RDP (3389).
    • If you have manually enabled other ports on the Windows instance, select Custom TCP.
    • If port 3389 is enabled by default on the Windows instance, 3389/3389 is automatically entered after you select the protocol type.
    • If you have manually enabled other ports on the Windows instance, enter a corresponding port range.
    		1 IPv4 CIDR Block If you want to connect to the instance by using its internal IP address, specify 161.117.90.22.
    Notice High security risks may arise if you specify 0.0.0.0/0 as the authorization object. We recommend that you do not specify 0.0.0.0/0.