HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Boundary
Boundary Home

Overview

Targets are Boundary resources that represent a networked service that end-users with appropriate permissions can connect to.

Target aliases are global references for targets that simplify connecting to targets with a Boundary client.

How you configure a target determines what connection workflows you can use to connect to the target.

Target types

A target allows Boundary users to define an endpoint with a default port and a protocol to establish a session. Targets require a network address, which can be directly defined on the target for quick access or one-off connections, or host sets for deployments at scale. Hosts within host sets are considered the same from an access management perspective. Boundary will choose one host in the host set to connect to at random.

To learn more about creating hosts and host sets, refer to the Host management in Boundary page.

In Boundary the following target types are available:

  • TCP
  • SSH HCP/ENT
  • RDP HCP/ENT

For HCP Boundary or Boundary Enterprise users, SSH and RDP targets enable enterprise features like session recording. You must use these target types if you want to record and audit session activity using Boundary.

To learn how to configure a worker for session recording, refer to the Configure workers for session recording page.

TCP targets

TCP targets use the TCP protocol to establish sessions. They represent generic targets in that they use a network address and a port to connect on, and use the TCP protocol to handle network traffic.

A TCP target can be a database, SSH server, HTTP endpoint, Kubernetes cluster, or a Windows server. TCP targets are not aware of the details for any server you are connecting to. TCP targets are only aware of the address and port you define for sessions to connect with.

Different connection workflows exist for end users, such as the Boundary Desktop Client, the boundary connect command, and transparent sessions. Boundary also includes connect helpers for the CLI to make connecting to TCP targets easier.

To learn how to create and manage TCP targets, refer to the Create a TCP target page.

SSH targets

Enterprise

This feature requires HCP Boundary or Boundary Enterprise.

SSH targets are an HCP Boundary and Boundary Enterprise feature. SSH targets enable session recording and auditing by using a worker to intercept the SSH data stream and upload the recording into a storage backend. Configuring session recording is not required to use SSH target types.

To learn how to create and manage SSH targets, refer to the Create an SSH target page.

RDP targets

Enterprise

This feature requires HCP Boundary or Boundary Enterprise.

RDP targets are an HCP Boundary and Boundary Enterprise feature. RDP targets enable session recording and auditing by using a worker to intercept the RDP data stream and upload the recording into a storage backend. Configuring session recording is not required to use RDP target types.

To learn how to create and manage RDP targets, refer to the [Create an RDP target](/boundary/docs/targets/ create/rdp) page.

Target aliases and transparent sessions

An alias is a globally unique, DNS-like string you can associate with a destination resource, like a target. You can establish a session to a target by referencing its alias, instead of having to provide a target ID or target name and scope ID.

If you configure a target alias, you can use transparent sessionsHCP/ENT to connect to targets using the Boundary Desktop Client.

To learn how to set up a target alias, refer to the Create target aliases page.

Edit this page on GitHub