Access server applications

Required roles

To follow the steps in this guide, you need the following roles:

Prerequisites

To follow the steps in this guide, make sure that you meet the following prerequisites:

You created a firewall rule that allows IAP to connect to the port used by the server application.

You can use IAP Desktop to access server applications in two ways:

You can let IAP Desktop launch and connect a client application for you. IAP Desktop automatically establishes an IAP TCP forwarding tunnel and keeps the tunnel open until you close the client application.

This is the most convenient option, but it only works for client applications that allow connection details (server name, port number) to be passed as a command line parameter.
You can let IAP Desktop open a tunnel. You can then use any tool to connect to that tunnel and the tunnel remains open until you close IAP Desktop.

This option is slightly less convenient, but works with most client applications.

Connect a client application

To launch and connect a client application automatically, do the following:

ChromeCustom

In the Project Explorer tool window, right-click your web server VM and select Connect client application > Chrome (port 80) or Chrome (port 8080).
IAP Desktop now creates an IAP TCP forwarding tunnel and launches an instance of Chrome in guest mode.

You can let IAP Desktop open a tunnel and connect to tha tunnel by doing the following:

Server portCustom

In the Project Explorer tool window, right-click your database VM and select Tunnel to > Other server port.
On the Forward local port dialog, enter the port number to connect to.
Click OK:

A notification appears:

You can now use any client application to connect to the forwarded port.

To view all active tunnels and their port numbers, select View > Active IAP tunnels in the main menu.

Note

When you open a tunnel to the same VM again in the future, IAP Desktop will use the same port number unless it's in use by a different application.