Azure Bastion
What is Azure Bastion?
Azure Bastion is a seamless and secure way to access your virtual machines via SSH and RDP from the azure portal using SSL without exposing the public IP address.
When utilising Azure Bastion, it’s important to note that;
- You should be part of the Azure Active Directory i.e. you should be able to login into portal.azure.com
- You need to be granted a role to access the machine for the RDP otherwise it won’t work
- Bastion host is Azure managed. You’re not controlling this environment, it’s jut giving you a connection to the other VM(s)
- Bastion can also be used for SSH connectivity e.g. when you have a linux machine but you cannot target it over https or another protocol You can target the VM machine(s) you’ve created in your network sub net via 2 options: a) Manually- This will give you the opportunity to choose how many instances you require b)Deploy Option-Will automatically create a bastion host in the background & a public IP will be created which will only be known by the administrator.
- Azure Bastion will have its own subnet which will be exclusive to it cannot be used for the creation of any other resources
- There are 64 IPs in the azure bastion subnet to be utilised. In every subnet 5 IPs are reserved for Microsoft i.e. first 4 and the last one leaving a minimum of 59 usable IPs
- Bastion can access all the machines in the subnet unless you create a deny rule in the NSG
- The network architecture that will be used for connectivity is not over the RDP protocol rather SSL& TLS.
Written By : George Auma (Implementation & Support Engineer at Fintech-Group)
