使用 Azure Bastion 连接到 Windows 虚拟机Connect to a Windows virtual machine using Azure Bastion

使用 Azure Bastion,可以直接在 Azure 门户中通过 SSL 安全无缝地连接到你的虚拟机。Using Azure Bastion, you can securely and seamlessly connect to your virtual machines over SSL directly in the Azure portal. 使用 Azure Bastion 时,VM 不需要客户端、代理或其他软件。When you use Azure Bastion, your VMs don't require a client, agent, or additional software. 本文说明如何连接到 Windows VM。This article shows you how to connect to your Windows VMs. 若要了解如何连接到 Linux VM,请参阅连接到 Linux VMFor information about connecting to a Linux VM, see Connect to a Linux VM.

Azure Bastion 为预配它的虚拟网络中的所有 VM 提供安全的连接。Azure Bastion provides secure connectivity to all of the VMs in the virtual network in which it is provisioned. 使用 Azure Bastion 可防止虚拟机向外部公开 RDP/SSH 端口,同时仍然使用 RDP/SSH 提供安全访问。Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH. 有关详细信息,请参阅什么是 Azure Bastion?For more information, see the What is Azure Bastion?.

先决条件Prerequisites

在开始之前,请验证是否满足以下条件:Before you begin, verify that you have met the following criteria:

  • 一个已安装 Bastion 主机的 VNet。A VNet with the Bastion host already installed.

    请确保已为 VM 所在的虚拟网络设置 Azure Bastion 主机。Make sure that you have set up an Azure Bastion host for the virtual network in which the VM is located. 在虚拟网络中预配和部署 Bastion 服务后,便可以使用它连接到此虚拟网络中的任何 VM。Once the Bastion service is provisioned and deployed in your virtual network, you can use it to connect to any VM in the virtual network. 若要设置 Azure Bastion 主机,请参阅创建堡垒主机To set up an Azure Bastion host, see Create a bastion host.

  • 虚拟网络中的 Windows 虚拟机。A Windows virtual machine in the virtual network.

  • 需要以下角色:The following required roles:

    • 虚拟机上的读者角色。Reader role on the virtual machine.
    • NIC 上的读者角色(使用虚拟机的专用 IP)。Reader role on the NIC with private IP of the virtual machine.
    • Azure Bastion 资源上的读者角色。Reader role on the Azure Bastion resource.
  • 端口:若要连接到 Windows VM,必须在 Windows VM 上打开以下端口:Ports: To connect to the Windows VM, you must have the following ports open on your Windows VM:

    • 入站端口:RDP (3389)Inbound ports: RDP (3389)

连接Connect

  1. 打开 Azure 门户Open the Azure portal. 导航到要连接的虚拟机,然后选择“连接”。Navigate to the virtual machine that you want to connect to, then select Connect . 从下拉列表中选择“Bastion”。Select Bastion from the dropdown.

    选择“Bastion”

  2. 从下拉列表中选择“Bastion”后,将显示一条侧边栏,其中包含三个选项卡:RDP、SSH 和 Bastion。After you select Bastion from the dropdown, a side bar appears that has three tabs: RDP, SSH, and Bastion. 由于已针对虚拟网络预配了 Bastion,因此默认情况下,“Bastion”选项卡处于活动状态。Because Bastion was provisioned for the virtual network, the Bastion tab is active by default. 选择“使用 Bastion”。Select Use Bastion .

    选择“使用 Bastion”

  3. 在“使用 Azure Bastion 连接”页上,输入虚拟机的用户名和密码,然后选择“连接” 。On the Connect using Azure Bastion page, enter the username and password for your virtual machine, then select Connect .

    “连接”

  4. 通过 Bastion 连接到此虚拟机的 RDP 将使用端口 443 和 Bastion 服务在 Azure 门户中(通过 HTML5)直接打开。The RDP connection to this virtual machine via Bastion will open directly in the Azure portal (over HTML5) using port 443 and the Bastion service.

    使用端口 443 连接

后续步骤Next steps

阅读 Bastion 常见问题解答Read the Bastion FAQ.