使用 Azure Bastion 连接到 Windows 虚拟机Connect to a Windows virtual machine using Azure Bastion

使用 Azure Bastion,可以直接在 Azure 门户中通过 SSL 安全无缝地连接到你的虚拟机。Using Azure Bastion, you can securely and seamlessly connect to your virtual machines over SSL directly in the Azure portal. 使用 Azure Bastion 时,VM 不需要客户端、代理或其他软件。When you use Azure Bastion, your VMs don't require a client, agent, or additional software. 本文说明如何连接到 Windows VM。This article shows you how to connect to your Windows VMs. 若要了解如何连接到 Linux VM,请参阅使用 Azure Bastion 连接到 VM - LinuxFor information about connecting to a Linux VM, see Connect to a VM using Azure Bastion - Linux.

Azure Bastion 为预配它的虚拟网络中的所有 VM 提供安全的连接。Azure Bastion provides secure connectivity to all of the VMs in the virtual network in which it is provisioned. 使用 Azure Bastion 可防止虚拟机向外部公开 RDP/SSH 端口,同时仍然使用 RDP/SSH 提供安全访问。Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH. 有关详细信息,请参阅概述For more information, see the Overview.

准备阶段Before you begin

请确保已为 VM 所在的虚拟网络设置 Azure Bastion 主机。Make sure that you have set up an Azure Bastion host for the virtual network in which the VM is located. 在虚拟网络中预配和部署 Bastion 服务后,便可以使用它连接到此虚拟网络中的任何 VM。Once the Bastion service is provisioned and deployed in your virtual network, you can use it to connect to any VM in the virtual network. 若要设置 Azure Bastion 主机,请参阅创建 Azure Bastion 主机To set up an Azure Bastion host, see Create an Azure Bastion host.

必需的角色Required roles

若要建立连接,需要以下角色:To make a connection, the following roles are required:

  • 虚拟机上的读者角色Reader role on the virtual machine
  • NIC 上的读者角色(使用虚拟机的专用 IP)Reader role on the NIC with private IP of the virtual machine
  • Azure Bastion 资源上的读者角色Reader role on the Azure Bastion resource

端口Ports

若要连接到 Windows VM,必须在 Windows VM 上打开以下端口:To connect to the Windows VM, you must have the following ports open on your Windows VM:

  • 入站端口:RDP (3389)Inbound ports: RDP (3389)

连接Connect

  1. 打开 Azure 门户Open the Azure portal. 导航到要连接到的虚拟机,然后单击“连接”并从下拉列表中选择“Bastion”。Navigate to the virtual machine that you want to connect to, then click Connect and select Bastion from the dropdown.

    VM 连接

  2. 单击“Bastion”后,会出现一个侧栏,上面有 3 个选项卡(“RDP”、“SSH”和“Bastion”)。After you click Bastion, a side bar appears that has three tabs - RDP, SSH, and Bastion. 如果已为虚拟网络预配了 Bastion,则默认情况下“Bastion”选项卡处于活动状态。If Bastion was provisioned for the virtual network, the Bastion tab is active by default. 如果未为虚拟网络预配 Bastion,可单击链接来配置 Bastion。If you didn't provision Bastion for the virtual network, you can click the link to configure Bastion. 有关配置说明,请参阅配置 BastionFor configuration instructions, see Configure Bastion.

    “Bastion”选项卡

  3. 在“Bastion”选项卡上,输入虚拟机的用户名和密码,然后单击“连接”。On the Bastion tab, input the username and password for your virtual machine, then click Connect. 通过 Bastion 连接到此虚拟机的 RDP 将使用端口 443 和 Bastion 服务在 Azure 门户中(通过 HTML5)直接打开。The RDP connection to this virtual machine via Bastion will open directly in the Azure portal (over HTML5) using port 443 and the Bastion service.

    RDP 连接

后续步骤Next steps

阅读 Bastion 常见问题解答Read the Bastion FAQ