Last week, Microsoft released Azure Bastion in GA. This feature enables us to connect to VMs (Linux or Windows) through Azure Portal.

We all know that connecting production VMs directly to the Internet via a public IP is a huge concern from a cybersecurity standpoint. Therefore, usually, all critical VMs don’t have public IPs, and they are managed either from a site-to-site VPN or a console VM that holds a public IP. In both cases, managing your Azure VMs is not easy since cybersecurity is a concern.

Thanks to Azure Bastion, you don’t need a site-to-site VPN or a console VM to manage all your Azure VMs anymore. Azure Bastion is a PaaS connected between the Internet (through a public IP) and a virtual network. When this service is enabled, you can connect to your VMs through Azure Bastion. By doing this, you will be able to open a console RDS or SSH directly inside the Azure Portal. In this topic, we will see how to deploy and use Azure Bastion.

Requirements

Before deploying Azure Bastion, you need a virtual network with a subnet called exactly AzureBastionSubnet.

Deployment

To deploy Azure Bastion, open the Azure Marketplace and search for Azure Bastion.

Then click on Create to start the process of Azure Bastion deployment.

Next, specify the following information:

Name : provide a name for the resource

: provide a name for the resource Resource Group : choose a resource group where Azure bastion will belong

: choose a resource group where Azure bastion will belong Region : a few regions are currently available, select a region that fit your needs

: a few regions are currently available, select a region that fit your needs Virtual Network : select the virtual network where you created AzureBastionSubnet

: select the virtual network where you created AzureBastionSubnet Subnet : Select AzureBastionSubnet

: Select AzureBastionSubnet Public IP Address: you can use an existing static public IP or you can create a new one.

At the end of the process, you can review the settings you specified. If all is good, just click on Create.

Connect to VM through Azure Bastion

Now, when you click on Connect in an Azure VM, you have an additional option called Bastion. In order to get this option, the Azure VM must belong to the same virtual network as the Azure Bastion.

For a Windows VM, specify the credentials to connect. You can open the console in a new tab or directly inside the Azure Portal:

For a Linux VM, you will be asked to specify SSH credentials instead of Windows credentials.

VSAN from StarWind eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows VSAN from StarWind to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses. Learn more about ➡ VSAN from StarWind

Session logs

Azure Bastion is now able to log an active RDS / SSH session. You can check who is connected and where. You also have the option to disconnect them.

Moreover, Azure Bastion can be connected to a Log Analytics workspace to centralize event logs.

Related materials:

Views All Time Views All Time 4 Views Today Views Today 5

Appreciate how useful this article was to you? No Ratings Yet

No Ratings Yet

Loading... Loading...