In this blog post we are going to have a look on how you can connect securely to your Azure Arc-enabled servers running Windows Server using Remote Desktop (RDP). As you know Azure Arc-enabled server allows connect your Linux and Windows Servers running on-premises or at other cloud providers to Microsoft Azure and use Azure as the control plane. This allows you to manage your servers from anywhere using Azure management, operations, security, and governance tools. However, even by using these management tools at scale, in some cases you still want to login to your servers in an interactive session. Azure Arc allows you to securely connect to your Windows Servers using SSH and also a new tunneling Remote Desktop (RDP) connection.
SSH and RDP access to Arc-enabled servers provides the following key benefits:
- Security connect to your servers running anywhere from anywhere.
- No public IP address or open SSH and RDP ports required
- No VPN required
- Access to Windows (SSH and RDP) and Linux (SSH) machines
- Ability to log in as a local user or an Azure user (Linux only)
- Manage permissions using Microsoft Entra (formerly Azure AD) to securely login in to the Azure control plane and Azure CLI for role-based access control (RBAC)
- Support for other OpenSSH based tooling with config file support
If you have already setup SSH access to your Azure Arc-enabled Server, you can jump directly to the connect part. If you haven’t connected your server to Azure Arc or you haven’t set up SSH access, follow the steps below.
Set up Azure Arc Remote Desktop RDP access to your Windows Servers
To set this up you simply follow these steps:
- Onboard your server to Azure Arc
- Verify agent version
- Register the HybridConnectivity resource provider
- Create default connectivity endpoint
- Install local command line tool
- Enable SSH functionality on your Arc-enabled server
Simply follow the Microsoft documentation here: Micosoft Learn
Remote Desktop RDP connection to your Azure Arc-enabled Windows Server running anywhere
To connect to your Azure-Arc enabled Windows Server with RDP, you can just run the following Azure CLI commands.
First authenticate and login with your Azure credentials. (This will also take care of additional security features such as multifactor authentication MFA, conditional access, and more)
az login
Now you can connect to your server using Remote Desktop (RDP) with the following command. This will open the local RDP client and ask for your credentials to the server.
az ssh arc --resource-group <resourcegroupname> --vm-name <servername> --local-user <localuser> --rdp
az ssh arc --resource-group tt-azurearcvms-rg --vm-name app01 --local-user thomas --rdp
This will open up the default RDP client and ask for credentials for the remote desktop login.
After that you are connected to the server without opening any ports.
Conclusion
This is a great way of accessing and managing your Windows Server machines securely from anywhere using Azure Arc and the build-in SSH feature. Also, as always, I would recommend managing your servers at scale using different management tools. But in some cases where you need an interactive session to work with a single server, this is a great and secure way of connecting to your Windows Server running remotely, No open ports, no VPN needed.
Tags: Azure, Azure Arc, Microsoft, Microsoft Azure, PowerShell, RDP, Remote Desktop, SSH, Windows, Windows Server Last modified: September 12, 2024
One of the excellent features of Azure Arc. You can also use ssh to grant the capability to establish SSH tunnels to the localhost and from there to other machines that support RDP/SSH connections.
az ssh arc –subscription “asdfasdfadf-adfadsfadsf-sdfc” –resource-group “Arc-Servers” –name “server” –local-user “useraccount” “-L 3333:192.168.x.x:3389” –rdp