Configure Secure RDP using a Windows Bastion Host

60m access · 60m completion
Student Resources
  • Lab Solution Deployment Manager Template
Connection Details

7 Credits

This lab costs 7 Credits to run. You can purchase credits or a subscription under My Account.


Configure Secure RDP Using a Windows Bastion Host


Google Cloud Self-Paced Labs


For this Challenge Lab you must complete a series of tasks within a limited time period. Instead of following step-by-step instructions, you'll be given a scenario and task - you figure out how to to complete it on your own! An automated scoring system (shown on this page) will provide feedback on whether you have completed your tasks correctly.

To score 100% you must complete all tasks within the time period!

When you take a Challenge Lab, you will not be taught GCP concepts. You'll need to use your advanced Google Compute Engine (GCE) skills to assess how to build the solution to the challenge presented. This lab is only recommended for students who have GCE skills. Are you up for the challenge?

Topics tested

  • Create a new VPC to host secure production Windows services.

  • Create a Windows host connected to a subnet in the new VPC with an internal only network interface.

  • Create a Windows bastion host (jump box) in with an externally accessible network interface.

  • Configure firewalls rules to enable management of the secure Windows host from the Internet using the bastion host as a jump box.

Join Qwiklabs to read the rest of this lab...and more!

  • Get temporary access to the Google Cloud Console.
  • Over 200 labs from beginner to advanced levels.
  • Bite-sized so you can learn at your own pace.
Join to Start This Lab


A new non-default VPC has been created

Run Step

/ 5

The new VPC contains a new non-default subnet within it

Run Step

/ 5

A firewall rule exists that allows TCP port 3389 traffic ( for RDP )

Run Step

/ 5

A Windows compute instance called vm-bastionhost exists that has a public ip-address to which the TCP port 3389 firewall rule applies.

Run Step

/ 5

A Windows compute instance called vm-securehost exists that does not have a public ip-address

Run Step

/ 5

The vm-securehost is running Microsoft IIS web server software.

Run Step

/ 5