Add and deploy an application server-Bastionhost(Bastionhost)-阿里云帮助中心

This topic describes how to add an application server to Bastionhost and deploy it. This allows Bastionhost to use the application server as a proxy to access target applications.

Prerequisites

You have deployed a Windows Server as an application server. For more information, see Deploy a Windows Server as an application server.
You have added the application server to Bastionhost. For more information, see Create a host.

Add an application server

Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance is located.
In the list of Bastionhost instances, find the target instance and click Manage.
In the navigation pane on the left, choose Assets > Applications.
On the Application Servers tab, click Add Application Server. In the dialog box that appears, select the target application server and click Add.
On the deployment page that appears, complete the deployment. For configuration instructions, see Deploy an application server.

Deploy an application server

Bastionhost accesses application assets by using an application server as a proxy and launching a client on it. To enable this, you must first deploy the application server.

Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance is located.
In the list of Bastionhost instances, find the target instance and click Manage.
In the navigation pane on the left, choose Assets > Applications.
On the Application Servers tab, find the target application server. In the Actions column, click Deploy.
In the Deploy Application Server panel, configure Chrome policies to support operations on Chrome applications:
- Allow Chrome File Downloads: Allows operators to open the download folder when managing Chrome applications.
- Allow Chrome to Open Folder Upload Dialogs: Allows operators to open the file selection dialog when managing Chrome applications.
Important
If the application server was previously deployed, these options are disabled by default. To enable them, log on to the application server as an administrator and delete the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome registry key.

Click Generate command. Copy the command, open Windows PowerShell as an administrator on the application server, and run the command.

The following output is expected in Windows PowerShell:

PS C:\Users\Administrator> $path= $env:TEMP\AppDriverSetup-1.0.0-windows-amd64.exe"; [Net.ServicePointManager]::ServerCertificateValidationCallback={$true}; (new-object System.Net.WebClient).DownloadFile('https://bastionhost-cn-hangzhou-xxx
xxx/app-driver/AppDriverSetup-1.0.0-windows-amd64.exe?Expires=1725892434&OSSAccessKeyId=xxx
xxx', $path); Start-Process -FilePath $path -ArgumentList "ak=xxx sk=xxx zip_url=https://bastionhost-cn-hangzhou-xxx
xxx.mcs.com/bastionhost-cn-xxx/downloads/pkg/app-driver/App
Driver-1.0.0-windows-amd64.zip?Expires=1725892433&OSSAccessKey=xxx
xxx&response-content-type=application%2Foctet-stream";
PS C:\Users\Administrator>
(261/281): C:\Program Files (x86)\USMDriver\chromedriver.exe Extracted
(262/281): C:\Program Files (x86)\USMDriver\conf\yaml Extracted
(263/281): C:\Program Files (x86)\USMDriver\guadriver.exe Extracted
(264/281): C:\Program Files (x86)\USMDriver\Interop.SHDocVw.dll Extracted
(265/281): C:\Program Files (x86)\USMDriver\LingBridge.dll Extracted
(266/281): C:\Program Files (x86)\USMDriver\Microsoft.mshtml.dll Extracted
(267/281): C:\Program Files (x86)\USMDriver\regedit Extracted
(268/281): C:\Program Files (x86)\USMDriver\regedit\vbs Extracted
(269/281): C:\Program Files (x86)\USMDriver\regedit\vbs\ArchitectureAgnosticRegistry.vbs Extracted
(270/281): C:\Program Files (x86)\USMDriver\regedit\vbs\ArchitectureSpecificRegistry.vbs Extracted
(271/281): C:\Program Files (x86)\USMDriver\regedit\vbs\JsonSafeTest.wsf Extracted
(272/281): C:\Program Files (x86)\USMDriver\regedit\vbs\regCreateKey.wsf Extracted
(273/281): C:\Program Files (x86)\USMDriver\regedit\vbs\regDeleteKey.wsf Extracted
(274/281): C:\Program Files (x86)\USMDriver\regedit\vbs\regList.wsf Extracted
(275/281): C:\Program Files (x86)\USMDriver\regedit\vbs\regListStream.wsf Extracted
(276/281): C:\Program Files (x86)\USMDriver\regedit\vbs\regPutValue.wsf Extracted
(277/281): C:\Program Files (x86)\USMDriver\regedit\vbs\regUtil.vbs Extracted
...
(278/281): C:\Program Files (x86)\USMDriver\regedit\vbs\util.vbs Extracted
(279/281): C:\Program Files (x86)\USMDriver\USMDriver.exe Extracted
(280/281): C:\Program Files (x86)\USMDriver\winapp.exe Extracted
(281/281): C:\Program Files (x86)\USMDriver\monitor.exe Extracted
==> Package extracted successfully
==> Writing to registry
==> Registry write successful
==> Registering service
==> Service registered successfully
==> Deployment successful!

Important

The application server must have internet access. Otherwise, the deployment package cannot be downloaded when you run the command.

After the deployment completes, publish the USMDriver.exe RemoteApp program on the application server.

The following steps use Windows Server 2019 as an example:
1. In Server Manager, navigate to Remote Desktop Services > Collection > QuickSessionCollection. In the TASKS pane, select Publish RemoteApp program.
2. In the Select RemoteApp programs dialog box, select USMDriver and click Next.
  
  Important
  If USMDriver is not in the list, add it manually. The typical path is C:\Program Files (x86)\USMDriver\USMDriver.exe.
3. Confirm that the correct RemoteApp program is selected and click Publish.
4. After the program is published, right-click USMDriver and select Edit Properties.
5. On the Parameters tab, select Allow any command-line parameters and click Apply.
  
  The system displays a warning that allowing the RemoteApp program to run with any command-line parameters can expose the server to security risks.