All Products
Search
Document Center

Elastic Compute Service:Methods for connecting to an ECS instance

Last Updated:Nov 27, 2024

Before you can perform O&M operations, such as installing software or deploying services, on an Elastic Compute Service (ECS) instance that you created, you must connect to the instance. Alibaba Cloud allows you to connect to an ECS instance by using SSH, Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), and Session Manager and develops multiple connection tools. You can select an appropriate method and tool to connect to ECS instances based on your business requirements.

Connection process overview

Before you can manage and operate an ECS instance that you created, you must connect to the instance. Perform the following steps to select an appropriate connection method and tool:

  1. Obtain the required information about the ECS instance.

    Take note of the IP addresses, operating system, and logon credentials of the ECS instance.

  2. Select an appropriate method and tool to connect to the ECS instance.

    You can select an appropriate connection method and tool based on your instance configurations and business scenario.

1. Obtain the required information about the ECS instance to which you want to connect

Before you can connect to an ECS instance, you must perform the following operations:

1.1 Obtain information about the ECS instance, such as the instance IP addresses and operating system

  • Instance IP addresses: Network devices can find the ECS instance based on the IP addresses of the instance in networks. After you create an ECS instance, you can go to the Instance page in the ECS console and view the IP addresses of the instance. Then, you can connect to the ECS instance by using one of the IP addresses.

    Note

    ECS instances can have public and private IP addresses. The methods and tools that you can use to connect to an ECS instance vary based on the instance IP address type.

  • Instance operating system: Windows and Linux ECS instances support different connection tools. The operating system of an ECS instance varies based on the image that is used to create the instance. You can go to the Instance page in the ECS console and view the operating system of the ECS instance to which you want to connect.

image

1.2 Obtain the logon credentials of the ECS instance

Obtain the logon credentials that you configured for the ECS instance during instance creation, as shown in the following figure. A set of logon credentials can consist of a username and password or a username and key pair. If you set Logon Credential to Set Later when you created the ECS instance, you can use one of the following methods to connect to the instance:

image

2. Use an appropriate method and tool to connect to the ECS instance

In most cases, you can use SSH to connect to Linux ECS instances and RDP to connect to Windows ECS instances. You can also use Alibaba Cloud Session Manager to connect to ECS instances in an easier manner or use VNC to connect to ECS instances for troubleshooting.

2.1 Connect to a Linux ECS instance by using SSH

To connect to a Linux ECS instance, you can use SSH.

SSH is a method for establishing secure connections between remote computers over an encrypted protocol.

Many SSH connection tools are available in the market. The following sections describe the SSH connection tools that you can use in ECS. Select an appropriate tool to connect to a Linux ECS instance by using SSH.

Alibaba Cloud Workbench (installation-free tool used in a browser)

  • Characteristics: Alibaba Cloud Workbench is an installation-free tool that you can directly use in a browser.

  • Network: Alibaba Cloud Workbench allows you to connect to a Linux ECS instance by using the public or private IP address of the instance.

  • Authentication method: Alibaba Cloud Workbench supports key pair-based authentication, password-based authentication, and temporary key pair-based authentication for logon to Linux ECS instances. You can use key pairs or temporary key pairs for authentication, instead of passwords, when you connect to Linux ECS instances by using Alibaba Cloud Workbench.

  • References: Connect to a Linux instance by using a password or key.

Alibaba Cloud Client (installable feature-rich tool)

  • Characteristics: You must install Alibaba Cloud Client before you can use Alibaba Cloud Client.

    In addition to connecting to ECS instances, Alibaba Cloud Client provides other features. For more information, see Overview of Alibaba Cloud Client.
  • Network: Alibaba Cloud Client allows you to connect to a Linux ECS instance by using the public or private IP address of the instance.

  • Authentication method: Alibaba Cloud Client supports key pair-based authentication, password-based authentication, and temporary key pair-based authentication for logon to Linux ECS instances. You can use key pairs or temporary key pairs for authentication, instead of passwords, when you connect to Linux ECS instances by using Alibaba Cloud Client.

  • References: Use Alibaba Cloud Client to manage ECS instances.

Third-party SSH client

  • Characteristics: You may need to install a third-party SSH client before you can use the third-party SSH client.

    Common SSH clients include OpenSSH, PuTTY, and XShell.
  • Network: When you use a third-party SSH client to connect to a Linux ECS instance, you must provide the public IP address of the instance.

  • Authentication method: Third-party SSH clients support key pair-based authentication and password-based authentication for logon to Linux ECS instances.

  • References: Connect to an instance by using third-party client tools.

2.2 Connect to a Windows ECS instance by using RDP

To connect to a Windows ECS instance, you can use RDP.

RDP is a remote desktop protocol specific to Windows. You can connect to a Windows ECS instance by using RDP and manage the instance by using a GUI.

The following sections describe the RDP connection tools that you can use in ECS. Select an appropriate tool to connect to a Windows ECS instance by using RDP.

Alibaba Cloud Workbench (installation-free tool used in a browser)

  • Characteristics: Alibaba Cloud Workbench is an installation-free tool that you can directly use in a browser.

  • Network: Alibaba Cloud Workbench allows you to connect to a Windows ECS instance by using the public or private IP address of the instance.

  • Authentication method: Alibaba Cloud Workbench supports password-based authentication for logon to Windows ECS instances.

  • References: Connect to a Windows instance by using a password or key.

Alibaba Cloud Client (installable feature-rich tool)

  • Characteristics: You must install Alibaba Cloud Client before you can use Alibaba Cloud Client.

    In addition to connecting to ECS instances, Alibaba Cloud Client provides other features. For more information, see Overview of Alibaba Cloud Client.
  • Network: Alibaba Cloud Client allows you to connect to a Windows ECS instance by using the public or private IP address of the instance.

  • Authentication method: Alibaba Cloud Client supports password-based authentication for logon to Windows ECS instances.

  • References: Use Alibaba Cloud Client to manage ECS instances.

Microsoft or third-party RDP clients

  • Characteristics: You may need to install an RDP client before you can use the RDP client.

    Common RDP clients include Microsoft Remote Desktop and Windows Remote Desktop.
  • Network: When you use an RDP client to connect to a Windows ECS instance, you must provide the public IP address of the instance.

  • Authentication method: RDP clients support password-based authentication for logon to Windows ECS instances.

  • References: Connect to a Windows instance by using a username and password.

2.3 Connect to a Windows or Linux ECS instance by using Session Manager

Session Manager is a feature provided by Cloud Assistant that allows you to connect to ECS instances without the need to use passwords or jump servers. For more information about Session Manager, see Session Manager.

  • Characteristics: When you use Session Manager to connect to an ECS instance, you do not need to provide the password of the instance but you must log on to your Alibaba Cloud account or Resource Access Management (RAM) user. Compared with SSH and RDP, Session Manager establishes more secure connections to ECS instances.

    1. Session Manager allows you to connect to ECS instances by using Cloud Assistant without the need to use public IP addresses, which reduces intrusion risks. 2. Session Manager supports features, such as audit, to perform better post-incident troubleshooting.
  • Network: Internet connectivity is not required when you use Session Manager to connect to ECS instances.

  • Limits

    • You must install Cloud Assistant Agent on an ECS instance before you can connect to the instance by using Session Manager.

      Cloud Assistant Agent is automatically installed on ECS instances of most instance types during instance creation.
    • You can only run commands to connect to Windows or Linux ECS instances by using Session Manager.

  • Authentication method: You can use Session Manager as a RAM user who has the required permissions to connect to an ECS instance without the need to use a password.

  • References:

2.4 Connect to an ECS instance by using VNC

If you cannot connect to an ECS instance by using other methods, you can connect to the instance by using VNC to troubleshoot the issue. You can use VNC to connect to Windows and Linux ECS instances.

Common scenarios: If you cannot connect to an ECS instance due to incorrect firewall settings, high CPU utilization, or high bandwidth utilization, you can use VNC to connect to the instance to perform troubleshooting.
  • Characteristics: When you connect to an ECS instance by using VNC, you must log on to your Alibaba Cloud account or Resource Access Management (RAM) user. You cannot connect to stopped ECS instances by using VNC.

  • Network: Internet connectivity is not required when you use VNC to connect to ECS instances.

  • Authentication method: VNC supports password-based authentication for logon to ECS instances.

  • References: Connect to an instance by using VNC.