Identity & Security

Zero-trust remote admin access for Windows VMs on Compute Engine

It’s more important than ever for IT administrators to be able to securely access resources from wherever they are. Exposing VM instances to the public internet can be risky, potentially giving bad actors a direct access path to your network. But solutions such as VPN tunnels or jump (bastion) hosts to access these systems can be cumbersome and may not provide the precise access control admin tasks demand.

To help solve this dilemma, we’re introducing a new open-source tool to help Windows users and administrators to access and manage Windows VMs running in Compute Engine—conveniently and securely. 

IAP Desktop is a Windows application that allows you to manage multiple Remote Desktop Protocol (RDP) connections to Windows VM instances running on Google Cloud. IAP Desktop, builds on our existing Identity-Aware Proxy service, which can help you control access to your applications and VMs running on Google Cloud. IAP works by verifying a user’s identity and the context of a request to determine if that user should be allowed to access an application or a VM. All RDP connections are automatically encrypted and tunneled via IAP so you can access VM instances that don’t expose RDP publicly or even have a public IP address. Specifically, IAP Desktop uses IAP TCP forwarding to tunnel RDP connections. 

But IAP Desktop is more than just a Remote Desktop client: It also provides an overview of and quick access to all your VM instances across your Google Cloud projects. You can also access common functions, like generating Windows credentials or viewing logs, with a single click.

Remote Desktop client.gif

You can download IAP Desktop on our GitHub page. Give it a try, we hope it makes it easier to manage your Windows instances on Google Cloud. And, if you’d like to implement simple, secure remote access to applications, check out our BeyondCorp remote access offering.