What Is Azure Bastion?
Virtual machines (VM) accessed using public IPs are vulnerable to cyber-attacks especially when they are used directly in the production environment. The alternative is to use a site-to-site VPN or a dedicated virtual machine that stores public IP addresses. While neither of these solutions guarantees complete protection against cyber-attacks, they are complex to implement and manage.
To counter these problems, Microsoft introduced a fully managed Platform as a Service (PaaS) solution provisioned in the Azure Virtual Network (VNet) for Remote Desktop Protocol (RDP)/ Secure Shell Protocol (SSH) connectivity to Azure virtual machines called Azure Bastion. Let us understand what Azure Bastion is and how to take advantage of the solution.
What Are the Advantages of Azure Bastion?
With Azure Bastion, users take advantage of a managed jump-server that acts as a singular point for accessing their resources. However, unlike other solutions, users do not have to manage complex VPN deployments or use a public IP for a jump-server VM with a public IP that is exposed to the internet. Here are some of the other advantages of using Azure Bastion.
- Users can RDP/SSH in the Azure Portal directly.
- Remote sessions can be accessed securely over HTML5 (HTTPS/443).
- Public IP addresses that are directly exposed to the internet are not required for accessing Azure VMs.
- Organizations using the solution will not have to manage network security groups (NSG).
- Firewall traversal is not required for RDP/SSH.
When to Use Azure Bastion?
Azure Bastion is useful for enhancing the security of Azure-based VMs. Let us take a look at some of the use cases of Azure Bastion.
- If you are using Azure VMs with a subscription that does not allow you to connect with a VPN or set up jump-host in Azure vNet, Azure Bastion can be a solution.
- If you have multiple admins/ users working on the same host, setting up Azure Bastion can be more affordable than a jump-host/ Azure terminal server.
- Azure Bastion can be an alternative for organizations that need to provide standalone VM access to users who need not be authorized to use other resources in the virtual network.
- It is an ideal solution for implementing just in time (JIT) Azure administration without deploying permanent VMs when you need to deploy a bastion host quickly for a short span.
How to Deploy Azure Bastion?
Azure Bastion can be deployed from the Azure Portal. The bastion host can be created using existing Azure VM settings or using PowerShell.
Follow the steps below to add a new Azure Bastion host from the Azure portal.
- Access the Create a resource option either from the Azure portal menu or the homepage.
- When the new page opens, search for Bastion in the Marketplace.
- Click on the result that appears with Microsoft as the publisher in the Networking category.
- Create a bastion page and specify the resource configuration on the page that appears.
- Initiate the deployment once the validation is complete.
How to Connect with Azure Bastion?
You can connect to Azure Bastion from the connection pane on the Azure portal that is used for accessing your virtual machines.
- Click on Connect for the virtual machine that you need to access from the Azure portal.
- Select Bastion from the dropdown and then click on Use Bastion on the Connect page.
- Fill out the settings such as Name, Subnet, Public IP address, and
- Public IP address name, and validate the details.
- Type in your VM credentials and click on Connect.
Your RDP connection to the VM that is routed through Azure Bastion will appear on your browser in the Azure portal.
Apps4Rent Can Help with Azure Bastion Deployment
Azure Bastion is one of the standout features of securing and simplifying access to virtual machines. It is a robust platform-native solution that eliminates the need for dedicated internet-facing hosts while simplifying Azure resource administration. As a Tier 1 Microsoft CSP, Apps4Rent can help you deploy and manage your Azure resources. Contact our Azure experts who are available 24/7 via phone, chat, and email for assistance with Azure services, plans, and deployments.