Getting started with Yandex Cloud Desktop
Note
This guide contains information on how to create and set up a desktop group. If you received a link to the user desktop showcase from an administrator, go to Get connection credentials.
Cloud Desktop is a service to manage virtual Linux-based desktop infrastructure.
Create a Yandex Cloud Organization user group and deploy a Cloud Desktop desktop group for it:
- Prepare your cloud.
- Create a user group.
- Deploy a desktop group.
- Configure an ACL for the desktop group.
- Create a desktop.
- Get the connection credentials.
- Connect to the desktop.
Getting started
-
Log in or sign up to the management console
. If not signed up yet, navigate to the management console and follow the instructions. -
On the Billing
page, make sure you have a billing account linked and it is inACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account yet, create one. -
If you do not have a folder yet, create one.
-
Make sure you have the following minimum roles:
- organization-manager.admin for the cloud: To create a user group.
- vdi.admin for the folder: To create a desktop group and assign an ACL to it.
If you have a primitive admin role for a folder, you do not need to assign any additional roles.
-
To make sure your desktops have access to the internet, set up a NAT gateway for the subnets that will host them.
Create a user group
-
Log in to Yandex Cloud Organization
using an administrator or organization owner account. -
In the left-hand panel, select
Groups. -
In the top-right corner of the page, click
Create group. -
Enter a name and description for the group.
The name must be unique within the organization and follow the naming requirements:
- It must be from 1 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
-
Click Create group.
-
On the page that opens, go to the Members tab and click Add member.
-
In the window than opens, select the users to deploy a desktop group for.
-
Click Save.
Deploy a desktop group
- In the management console
, select the folder to create your desktop group in. - In the list of services, select Cloud Desktop.
- Click Create desktop group.
- Enter a name for the desktop group.
- Select
Ubuntu 20.04 LTS
for the OS image. - Under Disks:
- Under Computing resources:
- Set the number of vCPU cores to
2
. - Select
100%
for the guaranteed vCPU share. - Set RAM to
8 GB
.
- Set the number of vCPU cores to
- Under Network settings, select the cloud network and subnets to host desktops.
- Click Create.
Configure an ACL for the desktop group
Cloud Desktop leverages Yandex Identity and Access Management roles and access control lists (ACL) to manage access. This example shows how access control works in Cloud Desktop.
- To the right of the desktop group created earlier, click
and select Configure ACL. - In the ACL editing window that appears, select the user group you created earlier, specify the
vdi.viewer
role for it, and click Add. - Click Save.
Create a desktop
-
In the left-hand panel, select
Desktops. -
Click Create desktop.
-
Select the desktop group you created earlier.
-
Specify the subnet the desktop will be in.
Note
To provide your desktop with internet access, make sure to configure a NAT gateway in the subnet.
-
Specify the user that the desktop is created for.
-
Click Create.
Get the connection credentials
- In the management console
, select the folder containing your desktop. - In the list of services, select Cloud Desktop.
- In the left-hand panel, select
Desktops. - Select the desktop to connect to.
- Under Access, next to the user account, click
and select Reset password. - Confirm the password reset.
- Save a new password from the pop-up window and close it.
- At the top right, click
Download RDP file.
-
Open the User desktop showcase
. -
Authenticate with your Yandex ID
or Single Sign-On (SSO). -
If the desktop you want to connect to has the
Stopped
status, run it by clicking and confirm the action.Wait for the desktop status to change to
Active
. -
Click
and confirm the password reset. -
Save a new password from the pop-up window and close it.
-
Click
Download RDP file.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
See the description of the CLI command to get RDP file data:
yc desktops desktop get-rdp-file --help
-
Get a list of desktops in the default folder:
yc desktops desktop list
Result:
+----------------------+------------------+--------+----------------------+---------------------+ | ID | NAME | STATUS | DESKTOP GROUP ID | CREATED (UTC-0) | +----------------------+------------------+--------+----------------------+---------------------+ | e3vmvhgbgac4******** | my-cloud-desktop | ACTIVE | e3v1rbln45tl******** | 2024-10-09 22:42:28 | | e3vio1bc5ppz******** | reserved-desktop | ACTIVE | e3v1rbln45tl******** | 2024-10-09 21:35:17 | +----------------------+------------------+--------+----------------------+---------------------+
-
Select the
ID
orNAME
of the desktop you need, e.g.,my-cloud-desktop
. -
Reset the desktop user password.
-
Request the data:
yc desktops desktop get-rdp-file --name <desktop_name>
Result:
full address:s:my-cloud-desktop gatewayhostname:s:rdg.vdi.cloud.yandex.net:3839 gatewaycredentialssource:i:5 gatewayusagemethod:i:1 gatewayprofileusagemethod:i:1 gatewayaccesstoken:s:ver=1;desktopUserToken=0174a9f2-...V6DQ networkautodetect:i:0 bandwidthautodetect:i:1 connection type:i:6 username:s:.\alice-little domain:s: bitmapcachesize:i:32000 smart sizing:i:1 audiocapturemode:i:1 audiomode:i:0 authentication level:i:0
-
Save the resulting data to a file with the
.rdp
extension.
Use the getRdpFile REST API method for the Desktop resource or the DesktopService/GetRdpFile gRPC API call.
To reset the password, use the resetPassword REST API method for the Desktop resource or the DesktopService/ResetPassword gRPC API call.
Connect to the desktop
To establish a desktop connection, use the Remote Desktop Protocol
- Right-click the downloaded RDP file and select Edit (in Windows 11, select Show more options → Edit).
- In the Remote Desktop Connection window, the General tab, select Allow me to save credentials and click Connect.
- In the security window, select Don't ask me again for connections to this computer and click Yes.
- Enter the previously saved password, select Remember me, and click OK.
To reconnect to the desktop, run the RDP file you saved.
- Install and run Microsoft Remote Desktop
, an official free RDP client for macOS. - Open the Connections menu amd click Import from RDP file.
- In the window that opens, select the downloaded RDP file and click Import.
- Open the Microsoft Remote Desktop menu and select Settings.
- In the window that opens, go to the User Accounts tab.
- In the list of accounts on the left, select the account to connect and paste the previously saved password into the Password field.
- Close the settings window.
- In the PCs tab, run the desktop added.
- In the security window, click Continue.
To reconnect to the desktop, run it in the Microsoft Remote Desktop client in the PCs tab. In the security window, click Continue.
See also
-
Install Remmina
, a free RDP client for Linux. Run the following commands in the terminal:sudo apt-add-repository ppa:remmina-ppa-team/remmina-next sudo apt-get update sudo apt-get install remmina remmina-plugin-rdp
-
Start Remmina.
-
In the top menu, click
and select Import. Run the downloaded RDP file and click Import. -
Right-click the added desktop and select Edit.
-
In the Remote Connection Profile window, set up the connection:
- In the Username field, remove the first two characters:
.\
. - In the Password field, type the previously saved password.
- In the Username field, remove the first two characters:
-
Click Save and Connect.
To reconnect to the desktop, run it in the Remmina client.