Enabling Remote Access for Windows Azure Deployments in Eclipse
Updated: May 1, 2013
To help troubleshoot your deployed roles, you may enable and use Remote Access to connect to the virtual machine hosting your deployment. The Remote Access functionality relies on the Remote Desktop Protocol (RDP). The following image shows the Remote Access properties dialog used to enable remote access.
There are two ways to display the Remote Access properties dialog. You can display it by clicking the Advanced link in the Remote Access section of the Publish to Windows Azure dialog, and you can display it by opening the Properties dialog of your Windows Azure project.
When you create a new Windows Azure deployment project, by default, the project will not have Remote Access enabled. However, you can easily enable remote access by specifying the user name and password in the Publish to Windows Azure dialog. The Remote Access password is encrypted using X.509 certificates. If you do not use provide your own certificate, the encryption relies on a self-signed certificate shipped with the Windows Azure Plugin for Eclipse with Java. This self-signed certificate is in the cert folder of your Windows Azure project, stored both as a public certificate file (SampleRemoteAccessPublic.cer) and as a Personal Information Exchange (PFX) certificate file (SampleRemoteAccessPrivate.pfx). The latter contains the private key for the certificate, and it has a default password, Password1. However, since this password is public knowledge, the default certificate should be used only for learning purposes, not for a production deployment. So other than for learning purposes, when you want to enabled remote sessions for your deployments, you should click the Advanced link in the Publish to Windows Azure dialog to specify your own certificate. Note that you’ll need to upload the PFX version of the certificate to your hosted service within the Windows Azure Management Portal, so that Windows Azure can decrypt the user password.
The remainder of the tutorial shows you how to enable remote access for a Windows Azure deployment project that was initially created with remote access disabled. For purposes of this tutorial, we’ll create a new self-signed certificate, and its .pfx file will have a password of your choice. You also have the option of using a certificate issued by a certificate authority.
To enable Remote Access in your package
Within Eclipse’s Project Explorer pane, right-click your Windows Azure project and click Properties.
In the Properties dialog, expand Windows Azure in the left-hand pane and click Remote Access.
In the Remote Access dialog, ensure Enable all roles to accept Remote Desktop Connections with these login credentials is checked.
Specify a user name for the Remote Desktop connection.
Specify and confirm the password for the user. The user name and password values set in this dialog will be used when you make a Remote Desktop connection. (Note that this is a separate password from your PFX password.)
Specify the expiration date for the user account.
Click New to create a new self-signed certificate. (Alternatively, you could select a certificate from your workspace or file system through the Workspace or FileSystem buttons, respectively, but for purposes of this tutorial we’ll create a new certificate.)
In the New Certificate dialog, specify and confirm the password you’ll use for your PFX file.
Specify the path and file name where the new certificate, in .cer form, will be saved. For this step and the next step, you could use the cert folder of your Windows Azure project, but you’re free to choose another location. For purposes of this tutorial, we’ll use c:\mycert\mycert.cer. (Create the c:\mycert folder prior to proceeding, or use an existing folder if desired.)
Specify the path and file name where the new certificate and its private key, in .pfx form, will be saved. For purposes of this tutorial, we’ll use c:\mycert\mycert.pfx. Your New Certificate dialog should look similar to the following (update the folder paths if you did not use c:\mycert):
Click OK to close the New Certificate dialog.
Your Remote Access dialog should look similar to the following:
Click OK to close the Remote Access dialog.
Rebuild your application, with the build set for deployment to cloud.
To log in remotely
Once your role instance is ready, you can remotely log in to the virtual machine that is hosting your application.
If you’ve set the Start remote desktop on deploy option during your deployment to Windows Azure, you will be presented with a Remote Desktop Connection logon screen when your deployment starts. When asked for the user name and password, enter the values you specified for the remote user, and then you’ll be logged in.
Another way to log in remotely is through the Windows Azure Management Portal. Within the Cloud Services view of the Windows Azure Management portal, click your cloud service, click Instances, click an instance, and then click the Connect button. The Connect button appears as the following in the command bar:
After clicking the Connect button, you’ll be prompted to open an RDP file. Open the file and follow the prompts. (You could also save this file to your local computer, and then run the file by double-clicking it to remote log in to your virtual machine without needing to first go the management portal.) When asked for the user name and password, enter the values you specified for the remote user, and then you’ll be logged in.