Azure Bastion
introduced by Microsoft on 17th June 2019 as PaaS service as
preview. And azure Bastion (preview) is a fully managed PaaS service that
provides secure and seamless RDP and SSH access to your virtual machines
directly through the Azure portal. Azure Bastion is provisioned directly in
your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet)
using SSL without any exposure through public IP addresses.
Now no need to
have public IP to your Virtual machines to access it over internet, it could be
RDP or SSH access. All is Azure Bastion will take care, it will be single point
of contact to access your VM over internet. Exposing the Bastion host as
primary exposed public access helps lockdown of public Internet exposure and
limit threats such as port scanning and other types of malware targeting your
VMs.
Important
This public preview is provided
without a service level agreement and should not be used for production
workloads. Certain features may not be supported, may have constrained
capabilities, or may not be available in all Azure locations. See the Supplemental
Terms of Use for Microsoft Azure Previews for details.
Architecture
Create Azure Bastion Host
Step 1: Create Azure Bastion resource
Now go to this URL http://aka.ms/BastionHost which will redirect you to the Azure portal with preview features enabled. It looks something like the below picture.
Now search for Bastion and click on it, as shown below.
Click on Add.
Fill out the information according to your need.
Note:
If you are creating
new/Existing VNet create one extra SubNet for Bastion with name “Azurebastionsubnet” Whichever VMs will be there on that Vnet all can be connected
remotely using Azure Bastion, without public IP.
Once your azure bastion created, you can go the VM and click on connect, so you will get Azure Bastion option to connect with.
Once your name and password of the VM has been provided, you can able to login your VM on new Tab of the browser, make sure you allow the popup for this site.
