Windows
This document describes how to connect to Windows virtual machine (VM)instances using RDP. For other ways to connect to Windows VMs, see the followingguides:
- Connect to Windows VMs using PowerShell
- Connect to Windows VMs using the SAC
- Connect to Windows VMs using SSH
Before you begin
- Be sure the VM allows access through Remote Desktop Protocol (RDP). By default, Compute Engine creates firewall rules that allow RDP access on TCP port 3389. Verify that these firewall rules exist by visiting the firewall rules page in the Google Cloud console and looking for firewall rules that allow
tcp:3389
connections. - If you haven't already, set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine as follows.
Select the tab for how you plan to use the samples on this page:
Console
When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.
gcloud
-
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
- Set a default region and zone.
-
Connect to Windows VMs by using RDP
Compute Engine supports multiple ways to connect to your Windows instances.
The best way to connect to the remote desktop of a Windows instance depends onmultiple factors:
- If you are connecting from anywhere over the public internet(Connecting from> Anywhere in theprevious illustration), it's best to enableIdentity-Aware Proxy TCP forwarding for yourproject. Then use IAP Desktop (on Windows) or the Google Cloud CLI incombination with an RDP client. For more information, see Microsoft Remote Desktopclients to connect to the Windows instance.If you cannot use Identity-Aware Proxy TCP forwarding, useChrome Remote Desktop.
- If the VM instance has a public IP address and firewall rules permitRDP access, use an RDP client. For more information, see Microsoft Remote Desktopclients to connect to the Windows instance.
- If the VM instance does not have a public IP and you are connecting by usingCloud VPN or Cloud Interconnect,you can connect to the VM's private IP address by using an RDP clientFor more information, see Microsoft Remote Desktopclients.
If you have difficulty connecting using RDP, see TroubleshootingRDP. If you can't connect toa Windows instance by using Remote Desktop, seeConnect to Windows VMs using the SAC.
To connect to the remote desktop of a Windows instance, use one of the followingprocedures.
IAP Desktop
IAP Desktop is a Windows application that lets you manage multiple Remote Desktopconnections to Windows VM instances. IAP Desktop connects to VM instancesby using Identity-Aware Proxy TCP forwardingand does not require VM instances to have a public IP address.
Before you connect by using IAP Desktop, make sure that thefollowing prerequisites are met:
- You've configured your VPC toallow IAP traffic to your VM instance.
- You've downloaded and installed IAP Desktop on your local computer.
To connect to a VM instance by using IAP Desktop, do the following:
In IAP Desktop, select Profile>Add project.
Enter the ID or name of your project, and click OK.
In the Project Explorer window, right-click the VM instance youwant to connect to and select Connect.
For more information about IAP Desktop, see the GitHub projectpage.
Remote Desktop Connection app
You can use the Microsoft Remote Desktop Connection app that is part ofWindows to connect to Windows instances.
Before you connect using the Microsoft Remote Desktop Connection app, makesure that one of the following prerequisites is met:
- Your VM instance has a public IP address and your firewallrulesallow TCP ingress traffic from your client's public IP address tothe instance by using port 3389.
- Your local network is connected to your VPC by usingCloud VPN orCloud Interconnectand your firewallrulesallow TCP ingress traffic from your client's private IP address tothe instance by using port 3389.
To connect with Microsoft Windows Remote Desktop, do the following:
Create a Windows account andpasswordif you do not have one yet.
To connect over the internet, use the external IP address.To connect by using Cloud VPN or Cloud Interconnect, use theinternal IP address.
Identify the external and internal IP addresses of your Windows instanceby completing one of the following steps:
In the Google Cloud console, go to the VM instances page.
Go to the VM instances page
By using the gcloud CLI, run
gcloud compute instances list
:gcloud compute instances list
Open Microsoft Windows Remote Desktop Connection on your Windows machine.You can find the executable at
%systemroot%\system32\mstsc.exe
In the Computer box, enter the IP address.
If you've configured your instance to use a different port number forRDP, add it after the IP address, for example:
1.2.3.4:3389
.Click Connect.
Enter your username and password, and click OK.
If you have forgotten your password, you canreset it.
Chrome Remote Desktop
Chrome Remote Desktopis a service that lets you remotely access anothercomputer by using a web browser.Chrome Remote Desktop works on Windows, macOS, and Linux and does not requirethe VM instance to have a public IP address.
Before you connect by using Chrome Remote Desktop, make sure that thefollowing prerequisites are met:
- You've created a Windows account andpasswordon the VM instance.
- You've installed the Chrome Remote Desktop service on the VMinstance.
To connect to a VM instance by using Chrome Remote Desktop, do thefollowing:
On your local computer, go to theChrome Remote Desktop website.
If you're not already signed in to Google, sign in with the same GoogleAccount that you used to set up the Chrome Remote Desktop service.
Select the instance that you want to connect to.
When you're prompted, enter the PIN that you created when installingthe Chrome Remote Desktop service, and click thearrow_forward arrow buttonto connect.
Other
You can connect to your Windows VM instances by using other RDP clients,such as clients developed for Android, iOS, Mac, and others. For a list ofofficially supported clients, see Microsoft Remote Desktopclients.
Before you connect, make sure that one of the following prerequisites ismet:
- Your VM instance has a public IP address and yourfirewall rulesallow TCP ingress traffic from your client's public IP address tothe instance by using port 3389.
- Your local network is connected to your VPC by usingVPN orCloud Interconnectand yourfirewall rulesallow TCP ingress traffic from your client's private IP address tothe instance by using port 3389.
To connect using other RDP clients, do the following:
To connect over the internet, use the external IP address.To connect by using Cloud VPN or Cloud Interconnect, use theinternal IP address.
Identify the external and internal IP addresses of your Windows instanceby completing one of the following steps:
In the Google Cloud console, go to the VM instances page.
Go to the VM instances page
By using the gcloud CLI, run
gcloud compute instances list
:gcloud compute instances list
Install the supported client according to the client's installationinstructions.
Connect using the IP address of your instance, and authenticatewith your username and password for the instance.
If you have difficulty connecting using RDP, see theTroubleshooting RDP page. For information about RDP licensing, see the FAQ about Microsoft licenses.
Verify the RDP certificate
Verify the RDP certificate by viewing the serial port output from the initialboot of the VM or by using the appropriate PowerShell command from the SAC.
Serial port
Verify the RDP certificate by viewing the output from serial port1during the initial boot of the Windows VM.
Examine the output of serial port 1 during the initial boot of theWindows VM for the following:
Serial port 1 (console) output for rdp-test......2021/03/31 15:53:58 GCEInstanceSetup: RDP certificate details: Subject: CN=rdp-test, Thumbprint: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX......
PowerShell from the SAC
Connect to the Windows SAC.
Run the following PowerShell commands:
# WinRM CertWrite-Host 'WinRM certificate details:'; Get-ChildItem 'Cert:\LocalMachine\My' | Where-Object { $_.Subject -like "CN=$env:COMPUTERNAME*" -and $_.NotAfter -gt $(Get-Date) -and $_.HasPrivateKey} | Select-Object Subject, Thumbprint | Format-List# RDP CertWrite-Host 'RDP certificate details:'; Get-ChildItem 'Cert:\LocalMachine\Remote Desktop\' | Where-Object { $_.Subject -like "CN=$env:COMPUTERNAME*" -and $_.NotAfter -gt $(Get-Date) -and $_.HasPrivateKey} | Select-Object Subject, Thumbprint | Format-List
What's next
Learn how totransfer files to Windows VMs.
Learn how toConnect to Linux VMs.