Before you can manage and operate an Elastic Compute Service (ECS) instance that you created, such as installing software or deploying services, you must first connect to the instance. Alibaba Cloud allows you to connect to an ECS instance by using SSH, Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), and Session Manager and develops multiple connection tools. You can select an appropriate method and tool to connect to ECS instances based on your business requirements.
Connection process overview
Before you can manage and operate an ECS instance that you created, you must connect to the instance. Perform the following steps to connect to an ECS instance:
Obtain the required information about the ECS instance.
Take note of the IP addresses, operating system, and logon credentials of the ECS instance.
Select an appropriate method and tool to connect to the ECS instance.
You can select an appropriate connection method and tool based on your instance configurations and business scenario.
1. Obtain the required information about the ECS instance to which you want to connect
Before you can connect to an ECS instance, you must perform the following operations:
1.1 Obtain information about the ECS instance, such as the instance IP addresses and operating system
Instance IP addresses: Network devices can find the ECS instance based on the IP addresses of the instance in the network. After you create an ECS instance, you can go to the Instance page in the ECS console and view the IP addresses of the instance. Then, you can connect to the ECS instance by using one of the IP addresses.
NoteECS instances can have public and private IP addresses. The methods and tools that you can use to connect to an ECS instance vary based on the instance IP address type.
Instance operating system: Windows and Linux ECS instances support different connection tools. The operating system of an ECS instance varies based on the image that is used to create the instance. You can go to the Instance page in the ECS console and view the operating system of the ECS instance to which you want to connect.
1.2 Obtain the logon credentials of the ECS instance
Obtain the logon credentials that you configured for the ECS instance during instance creation, as shown in the following figure. A set of logon credentials can consist of a username and password or a username and key pair. If you set Logon Credential to Set Later when you created the ECS instance, you can use one of the following methods to connect to the instance:
Use the Reset Password feature to configure a password for the instance and then connect to the instance by using the password. For information about how to use the Reset Password feature to configure a password for an ECS instance, see Reset the logon password of an ECS instance.
Connect to the instance without using a password. For more information, see the 2. Use an appropriate method and tool to connect to the ECS instance section of this topic.
2. Use an appropriate method and tool to connect to the ECS instance
Connection methods
You can use the following methods to connect to a running ECS instance to perform O&M. You can select an appropriate connection method based on the operating system of the instance.
Connect to a Linux ECS instance by using SSH
To connect to a Linux ECS instance, you can use SSH.
SSH is a method for establishing secure connections between remote computers over an encrypted protocol.
Many SSH connection tools are available in the market. The following sections describe the SSH connection tools that you can use in ECS. Select an appropriate tool to connect to a Linux ECS instance by using SSH.
Connect to a Windows ECS instance by using RDP
To connect to a Windows ECS instance, you can use RDP.
RDP is a remote desktop protocol specific to Windows. You can connect to a Windows ECS instance by using RDP and manage the instance by using a GUI.
The following sections describe the RDP connection tools that you can use in ECS. Select an appropriate tool to connect to a Windows ECS instance by using RDP.
Connect to a Windows or Linux ECS instance without a password by using Session Manager
Session Manager is a feature provided by Cloud Assistant that allows you to connect to ECS instances without the need to use passwords or jump servers. For more information about Session Manager, see Session Manager.
Characteristics: When you use Session Manager to connect to an ECS instance, you do not need to provide the password of the instance but you must log on to your Alibaba Cloud account or Resource Access Management (RAM) user. Compared with SSH and RDP, Session Manager establishes more secure connections to ECS instances.
1. Session Manager allows you to connect to ECS instances by using Cloud Assistant without the need to use public IP addresses, which reduces intrusion risks. 2. Session Manager supports features, such as audit, to perform better post-incident troubleshooting.
Network: Internet connectivity is not required when you use Session Manager to connect to ECS instances.
Limits
You must install Cloud Assistant Agent on the ECS instance to which you want to connect by using Session Manager.
Cloud Assistant Agent is automatically installed on ECS instances of most instance types during instance creation.
You can only run commands to connect to Windows or Linux ECS instances by using Session Manager.
Authentication method: You can use Session Manager as a RAM user who has the required permissions to connect to an ECS instance without the need to use a password.
References:
You can directly use Session Manager in the Alibaba Cloud Management Console in a browser to connect to ECS instances without the need to install Session Manager. For more information, see Connect to an instance by using Session Manager.
If you want to use Session Manager in Alibaba Cloud Client to connect to ECS instances, you must first install Alibaba Cloud Client. For more information, see Use Alibaba Cloud Client to manage ECS instances.
To use ali-instance-cli to connect to ECS instances, you must first install ali-instance-cli. For more information, see Connect to an instance by using ali-instance-cli.
Connect to an ECS instance by using VNC for troubleshooting
If you cannot connect to an ECS instance by using other methods, you can connect to the instance by using VNC to troubleshoot the issue. You can use VNC to connect to Windows and Linux ECS instances.
Common scenarios: If you cannot connect to an ECS instance due to incorrect firewall settings, high CPU utilization, or high bandwidth utilization, you can use VNC to connect to the instance to troubleshoot issues.
Characteristics: When you connect to an ECS instance by using VNC, you must log on to your Alibaba Cloud account or RAM user. You cannot connect to stopped ECS instances by using VNC.
Network: Internet connectivity is not required when you use VNC to connect to ECS instances.
Authentication method: VNC supports password-based authentication for logon to ECS instances.
References: Connect to an instance by using VNC.