Written by 12:11 pm Microsoft Azure, PowerShell, Windows Server • One Comment

Remote Desktop Connection (RDP) to Azure Arc-enabled Windows Server machines anywhere

Remote Desktop Connection RDP to Azure Arc-enabled Windows Server machines

In this blog post we are going to have a look on how you can connect securely to your Azure Arc-enabled servers running Windows Server using Remote Desktop (RDP). As you know Azure Arc-enabled server allows connect your Linux and Windows Servers running on-premises or at other cloud providers to Microsoft Azure and use Azure as the control plane. This allows you to manage your servers from anywhere using Azure management, operations, security, and governance tools. However, even by using these management tools at scale, in some cases you still want to login to your servers in an interactive session. Azure Arc allows you to securely connect to your Windows Servers using SSH and also a new tunneling Remote Desktop (RDP) connection.

SSH and RDP access to Arc-enabled servers provides the following key benefits:

  • Security connect to your servers running anywhere from anywhere.
  • No public IP address or open SSH and RDP ports required
  • No VPN required
  • Access to Windows (SSH and RDP) and Linux (SSH) machines
  • Ability to log in as a local user or an Azure user (Linux only)
  • Manage permissions using Microsoft Entra (formerly Azure AD) to securely login in to the Azure control plane and Azure CLI for role-based access control (RBAC)
  • Support for other OpenSSH based tooling with config file support

If you have already setup SSH access to your Azure Arc-enabled Server, you can jump directly to the connect part. If you haven’t connected your server to Azure Arc or you haven’t set up SSH access, follow the steps below.

Set up Azure Arc Remote Desktop RDP access to your Windows Servers

To set this up you simply follow these steps:

  • Onboard your server to Azure Arc
  • Verify agent version
  • Register the HybridConnectivity resource provider
  • Create default connectivity endpoint
  • Install local command line tool
  • Enable SSH functionality on your Arc-enabled server

Simply follow the Microsoft documentation here: Micosoft Learn

Remote Desktop RDP connection to your Azure Arc-enabled Windows Server running anywhere

To connect to your Azure-Arc enabled Windows Server with RDP, you can just run the following Azure CLI commands.

First authenticate and login with your Azure credentials. (This will also take care of additional security features such as multifactor authentication MFA, conditional access, and more)

az login

Now you can connect to your server using Remote Desktop (RDP) with the following command. This will open the local RDP client and ask for your credentials to the server.

az ssh arc --resource-group <resourcegroupname> --vm-name <servername> --local-user <localuser> --rdp
az ssh arc --resource-group tt-azurearcvms-rg --vm-name app01 --local-user thomas --rdp

This will open up the default RDP client and ask for credentials for the remote desktop login.

Remote Desktop Connection RDP to Azure Arc-enabled Windows Server machines anywhere
Remote Desktop Connection RDP to Azure Arc-enabled Windows Server machines anywhere

After that you are connected to the server without opening any ports.

Remote Desktop Connection RDP to Azure Arc-enabled Windows Server machines
Remote Desktop Connection RDP to Azure Arc-enabled Windows Server machines

Conclusion

This is a great way of accessing and managing your Windows Server machines securely from anywhere using Azure Arc and the build-in SSH feature. Also, as always, I would recommend managing your servers at scale using different management tools. But in some cases where you need an interactive session to work with a single server, this is a great and secure way of connecting to your Windows Server running remotely, No open ports, no VPN needed.

Tags: , , , , , , , , , Last modified: September 12, 2024
Close Search Window
Close