Install Boundary Desktop

5min
HCP
Boundary

End-users of HCP Boundary can utilize the Boundary Desktop app to connect to a running HCP Boundary instance to easily:

Browse available targets
Connect to targets
Manage active sessions

Security administrators use the Boundary CLI and API to automate infrastructure access management, but the Desktop app makes Boundary accessible to low-code and no-code users. Users that establish sessions with targets frequently will also find the browse, connect, and manage functionality convenient for day-to-day operations.

In this tutorial, you will install the Boundary Desktop app and connect to a running target.

Prerequisites

Access to an HCP Boundary instance.
Completed the previous quick start tutorials.
A publicly accessible Ubuntu instance used in the Connect to Your First Target tutorial.
A ssh key-pair that can be used to authenticate with the Ubuntu instance.

Install Boundary Desktop

Boundary Desktop can be installed on MacOS, Windows, or Linux systems. Select the tab for your preferred OS.

Boundary Desktop on MacOS can be installed by either:

The Homebrew package manager
Direct Download

Homebrew is a free and open-source package management system for Mac OS X. Install from the official Boundary Desktop cask from the terminal.

First, install the HashiCorp tap, a repository of all our Homebrew packages.

$ brew tap hashicorp/tap

Next, install Boundary Desktop with Homebrew:

$ brew install hashicorp-boundary-desktop

Boundary Desktop on Windows can be installed via direct download of the zipped .exe application file.

Download the latest zipped copy of the .exe from the releases page.

Locate the downloaded boundary-desktop zip file and extract its contents
Open the unzipped Boundary/ folder and locate the boundary-desktop_<version>_.exe file. You may move the application file to your Desktop, or your preferred location for quicker access
Double-click the boundary-desktop_<version>_.exe file to launch the Desktop application

Install Boundary Desktop

Boundary Desktop on Linux is currently only available as a .deb package, and can be installed via direct download of the application file.

Download the latest .deb installer from the releases page.

On Debian systems either:

Right-click the downloaded .deb file and choose Kubuntu Package Menu -> Install Package

Open a terminal and point dpkg to the installer file:

$ sudo dpkg -i boundary-desktop_1.5.0_linux_amd64.deb

Install Boundary Desktop Linux

Authenticate with Boundary Desktop

Next you will launch the Boundary Desktop app and connect it to the running controller.

Open the Boundary Desktop app installed earlier.
Enter the Boundary server Cluster URL and click Submit.
You can retrieve this from the HCP Portal or run echo $BOUNDARY_ADDR from your terminal session.
Click Choose a different scope and select the global scope.
Enter the administrator account in the Username field you selected when creating the HCP Boundary instance.
Enter the password you selected for the administrator account in the Password field.
Click Authenticate.
You are presented with the Targets view, which contains the targets created in the Connect to Your First Target tutorial.

Connect to a target

Next you will connect to the default target using the Desktop app.

Establish a connection
Click on Connect next to the quick-start-target target.
Copy the target's connection details
You will be presented with a dialog box that displays the target's connection info. You can copy the connection details to your clipboard by clicking the button to the right of the Local proxy address.
View the pending connection
Click OK, and navigate to the Sessions view using the sidebar on the left. Notice that the status for the Generated target has been updated to pending.

Start an SSH session

Open a new shell session or your SSH client of choice to establish an SSH connection.

Replace username with a valid username for your target host. Replace port with the value from the copied target details after the :. For example if the copied value was 127.0.0.1:12345 replace port with 12345. Replace private_key.pem with the path to your private key.

$ ssh -p 12345 username@127.0.0.1 -i private_key.pem

The authenticity of host '[127.0.0.1]:55315 ([127.0.0.1]:55315)' can't be established.
ECDSA key fingerprint is SHA256:ZsbEADHGE95YlTkqSoKH+OMLHh//u33yEWs6DuB1DSc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[127.0.0.1]:55315' (ECDSA) to the list of known hosts.
Last login: Wed Mar 17 15:06:03
$

Once connected, return to the Boundary Desktop and the Sessions view should show the Generated target's status has been updated to active.
Terminate the connection
You can close the active session directly from the Boundary Desktop app.
Under the Sessions view, click Cancel to the right of the status for the Generated target. The status will update to canceling and a confirmation dialog should appear to verify the successful session termination.
Back in your terminal session, there should be a dialog confirming a closed connection by the remote host.
```
$ Connection to 127.0.0.1 closed by remote host.
Connection to 127.0.0.1 closed.
```

Next steps

You have completed the quick start series for HCP Boundary. Next, take a deeper dive into the various resources you created during this series such as scopes, targets, and host groups in the HCP Administration series.

Next Collection