Connecting to Windows instances

Before you begin

Complete the following prerequisites:

1. Make sure that you have the private key that is associated with the public SSH key that was used to create the Windows server. If multiple SSH keys were added when the server was created, you must use the first SSH key that was added.

For Windows or VMware images, you must use the RSA SSH key type. The Ed25519 SSH key type can't be used to with Windows or VMware images. For more information, see Getting started with SSH keys.

1. Ensure that you downloaded, installed, and initialized the following CLI plug-ins:

   • IBM Cloud CLI
   • The infrastructure-service plug-in
   • For more information, see Setting up your API and CLI environment.

2. Have Microsoft Remote Desktop client software available.

3. Make sure the security group that is associated with the instance allows inbound and outbound Remote Desktop Protocol traffic (TCP port 3389).

   For example, to allow all SSH traffic (3389) and ping traffic (ICMP type 8):

   Table 1. Configuration information for inbound rules

   Protocol	Source Type	Source	Value
   TCP	Any	<cidr_range>	3389
   UDP	Any	<cidr_range>	3389
   ICMP	Any	<cidr_range>	Type: 8, Code: Any

   Then, configure outbound rules that allow all TCP traffic:

   Table 2. Configuration information for outbound rules

   Protocol	Destination Type	Source	Value
   TCP	Any	<cidr_range>	Any port

4. Make sure that you reserve and associate a floating IP address to your Windows instance.

Connecting to your Windows instance

After you create your Windows instance and complete the prerequisites, complete the following steps to connect to your Windows instance.

1. Query the status of your instance by running the following command. INSTANCE is the ID or Name for the instance that you want to connect:

   ibmcloud is instance INSTANCE
   

   When the instance shows that it's running, you are ready to retrieve the initialization values to get your password.

2. Run the following command to initialize your instance and obtain your instance password. Specify your instance ID or Name for the INSTANCE variable and your private key for the KEY or KEY_FILE variable:

   ibmcloud is instance-initialization-values INSTANCE [--private-key (KEY | @KEY_FILE)]
   

   This command decodes and decrypts your password, which is automatically generated when you create an instance by using a Windows image. The password is decoded and decrypted based on the public SSH Key that you used at instance create time and the associated private SSH key that you specify in the instance-initialization-values command. For more information, see the CLI command reference.

   The following command shows example usage for the instance-initialization-values command where 0xx4e27x-33xx-4e7x-a08b-bexx2ac3xx0c is the instance ID and ~/.ssh/id_rsa is the location of the user's private key file. If you run the command from a Windows client, you must add the full path to the SSH key.

   ibmcloud is instance-initialization-values 0xx4e27x-33xx-4e7x-a08b-bexx2ac3xx0c --private-key "@~/.ssh/id_rsa"
   

   You can also use the API to get the encrypted password, which returns the decoded and decrypted password. For more information, see Retrieve initialization configuration for an instance.

3. After you obtain your instance password, you can optionally associate a floating IP address to your Windows instance so you can connect to it from an internet location. Run the following command to associate a floating IP address to your instance, where NIC is the ID or Name of the target network interface (for example, eth0).

   ibmcloud is floating-ip-reserve <FLOATING_IP_NAME> --nic <NIC>
   

4. You now have what you need to connect to your Windows instance: a decrypted password and a floating IP address. Use your preferred Remote Desktop client to connect to your instance. To connect to your instance, provide the floating IP address and the decrypted password. The username is Administrator by default. If you're connecting from a client that is running the Windows Administrator account, use .\administrator as the user ID to log on to RDP.

Next steps

After you connect to your instance, you can manage your instances.