Access server applications

Required roles

To follow the steps in this guide, you need the following roles:

• Compute Viewer on the project.
• IAP-Secured Tunnel User on the project or VM.

Prerequisites

To follow the steps in this guide, make sure that you meet the following prerequisites:

• Your server application runs on a Compute Engine VM. IAP Desktop currently can't connect to Cloud SQL or applications hosted on Kubernetes Engine.
• You created a firewall rule that allows IAP to connect to the port used by the server application.

You can use IAP Desktop to access server applications in two ways:

1. You can let IAP Desktop launch and connect a client application for you. IAP Desktop automatically establishes an IAP TCP forwarding tunnel and keeps the tunnel open until you close the client application.

   This is the most convenient option, but it only works for client applications that allow connection details (server name, port number) to be passed as a command line parameter.

2. You can let IAP Desktop open a tunnel. You can then use any tool to connect to that tunnel and the tunnel remains open until you close IAP Desktop.

   This option is slightly less convenient, but works with most client applications.

Connect a client application

To launch and connect a client application automatically, do the following:

MySQL ShellChromeCustom

1. In the Project Explorer tool window, right-click your database VM and select Connect client application > MySQL Shell.

   

   Note

   If you don't see the menu entry, then IAP Desktop wasn't able to find a supported version of MySQL Shell on your computer.

2. IAP Desktop now creates an IAP TCP forwarding tunnel and launches MySQL shell.

1. In the Project Explorer tool window, right-click your web server VM and select Connect client application > Chrome (port 80) or Chrome (port 8080).

2. IAP Desktop now creates an IAP TCP forwarding tunnel and launches an instance of Chrome in guest mode.

You can register your own client applications by creating an IAP Application Protocol Configuration (IAPC).

Open a tunnel

You can let IAP Desktop open a tunnel and connect to tha tunnel by doing the following:

MySQL WorkbenchpgAdminCustom

1. In the Project Explorer tool window, right-click your database VM and select Tunnel to > MySQL/MariaDB.

   

   A notification appears:

   

2. Launch MySQL Workbench.

3. In MySQL Workbench, go to Database > Connect to database.

4. In the Connect to database dialog, configure the following:

   • Hostname: 127.0.0.1
   • Port: Enter the port number indicated in the notification.

5. Click OK.

1. In the Project Explorer tool window, right-click your database VM and select Tunnel to > PostgreSQL.

   A notification appears:

   

2. Launch pgAdmin.

3. Click Add new server.
4. In the Register server dialog, enter a name for the server.

5. Switch to the Connection tab and configure the following:

   • Host name/address: 127.0.0.1
   • Port: Enter the port number indicated in the notification.

6. Click Save.

You can register your own client applications by creating an IAP Application Protocol Configuration (IAPC).

To view all active tunnels and their port numbers, select View > Active IAP tunnels in the main menu.

Note

When you open a tunnel to the same VM again in the future, IAP Desktop will use the same port number unless it's in use by a different application.