GCP | How to connect to a Windows VM with RDP using IAP in Compute Engine
Vložit
- čas přidán 28. 06. 2024
- 🔴 #GCP has many #security features that help you make your life easier and your environment is more secure. One of these is #IAP or (Identity-Aware Proxy).
IAP or Identity-Aware Proxy is used for many purposes in GCP. Whether you want to integrate your application’s authorization or authentication with Google, or if you want to protect your #Windows #Server VMs and workloads.
The most obvious time when you need to use IAP is when you want to connect to a VM in GCP Compute Engine when that VM does not have an external IP address. In this case you won’t be able to setup an #RDP connection to that VM.
And if you are in this situation, and still want to access the VM, then you may need to use one of these 2 options:
1. Either use a Cloud #VPN connection, or use a #Cloud #Interconnect
2. Or use IAP or Identity-Aware Proxy.
In this video I will show you how you can use IAP to connect to your Windows VMs with RDP in GCP Compute Engine.
I will start by an introduction, and then what’s required to ensure you will be able to connect to the VM on RDP with IAP such as how to enable IAP in your GCP project, and what are the required firewall rules.
Once I finish from that, then I’ll show you the required steps to establish an IAP tunnel between your system and the target VM that you want to access.
This does involve using gcloud command line tool and in specific this command:
gcloud compute start-iap-tunnel
The other option and method that I will show you is by using IAP Desktop which is a nice tool made by Google that will make your life easier and more secure not only for RDP but for #SSH as well.
--------------------------------------
--------------------------------------
🔴🔴 Please don’t forget to like the video and subscribe as well! 🔴🔴
--------------------------------------
--------------------------------------
🔴✅ Video timeline and chapters:
- 00:00 - Introduction
- 00:20 - When and why do you need to use IAP (Identity-Aware Proxy) to connect to a Windows VM with RDP in GCP?
- 01:59 - Requirements for using IAP (Identity-Aware Proxy) to connect to a Windows VM on RDP in GCP
- 03:31 - How to use gcloud compute start-iap-tunnel to connect to a Windows VM with RDP in GCP?
- 05:29 - How to use IAP Desktop to connect to a Windows VM on RDP in GCP?
- 06:29 - Closing
--------------------------------------
--------------------------------------
✅ Links mentioned in the video:
- GCP | How to Use IAP to Access VMs RDP and SSH in Google Compute Engine: • GCP | How to Use IAP t...
- gcloud | How to setup and configure gcloud command line tool and basic commands | gcloud tutorial: • gcloud | How to setup ...
- GitHub - GoogleCloudPlatform/iap-desktop: IAP Desktop is a Windows application that provides zero-trust Remote Desktop and SSH access to Linux and Windows VMs on Google Cloud.: github.com/GoogleCloudPlatfor...
--------------------------------------
--------------------------------------
📣✅ Other useful links:
- Follow me on Twitter: / salehram87
- Connect with me on LinkedIn: / salehram
- Check my website and blog: www.salehram.com
- Check out my Google Workspace Admin Course on Udemy and get it with a discounted price: www.salehram.com/gws-admin-tr...
--------------------------------------
--------------------------------------
📣✅ Interesting channels to follow and subscribe:
- Google Workspace - / googleworkspace
- Google Cloud Tech - / googlecloudplatform
- Google Cloud - / @googlecloud
- Learn GCP with Mahesh - / learngcpwithmahesh
- Saperis - Hands-on tutorials for Google Workspace apps - / saperis
I think I mentioned in the video that 'Owners and Editors' get access by default to connect using IAP tunnel, which is not true and I stand corrected on this.
Please note that ONLY the 'Owner' role will include the permissions to connect with IAP by default, and if you have other users such as 'Editor' or anything else, you need to manually grant them access by assigning 'IAP-secured Tunnel User'..
Thank you for this video. I'm just starting to learning GCP (been studying mostly Azure) and this video was a tremendous help for accessing my Windows VMs. Subbed!
it is possible to let only one server appear on the IAP desktop, for example only that developer has access and only that server will appear, not the other servers.
Hi, that's a great point to bring up!
I think the answer is yes, but then I never had the need to do it, so let me test it for you and I'll provide a more clear answer shortly.
However if this to be done, I assume the person who wants to access that specific VM should only be grated permissions to connect to that VM only. Meaning they should not have any of the following roles: Project Editor, Compute Admin, Compute Instances Admin..
But then let me test it to see the behavior and I'll be back with updates