Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure Virtual Machines. An Azure Bastion secures your strategic and critical assets in order to protect you from cyber risks. It is the only node exposed to the internet and it is acting like a Gateway.

Check the architecture on the following schema from Microsoft Docs:

Schema from Microsoft Docs

In this article, I will explain how to create an Azure Bastion host.

Prerequisites

The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To create an Azure Bastion, you must create a Virtual Network with the name “AzureBastionSubnet” and with the prefix of at least /27.

How does it work?

Once you provision the Azure Bastion in a Virtual Network, it is available to all your Virtual Machines in the same virtual network. It means that the deployment is per virtual network. Then a Public IP Address will be assigned to your Azure Bastion. When you will connect to a Virtual Machine, a new tab will be opened in your web browser. When you connect via Azure Bastion, your virtual machines do not need a public IP address.

Registering

The first step is to register for the preview. To perform this task, you must be signed into your Azure Account and then you must be enrolled with the following command:

Register-AzProviderFeature

The second step is to register your Azure subscription:

Register-AzResourceProvider

You can check that the feature is registered using the following command:

ProviderNamespace

Creating an Azure Bastion Host

Once the feature is registered, then you can open the Azure Portal Preview from this URL: http://aka.ms/BastionHost

Creating an Azure Bastion Host

Specify the configuration settings for your Bastion resource:

  1. Select a Resource Group
  2. Enter the name of your Azure Bastion
  3. Select the region (e.g the prerequisites)
  4. Select a Virtual Network
  5. Select the Subnet with at least /27
  6. Select a Public IP Address

Specify the configuration settings for your Bastion resourceIf you already have an existing Virtual Machine, then you can easily transform the VM to an Azure Bastion. Open the Virtual Machine and click “Connect”. Then, select “Bastion” and click “Use Bastion”.Transform the VM to an Azure Bastion

Connecting to Azure Bastion

Go back to the Azure Bastion blade, and confirm that the deployment is done.

Azure Bastion blade

In order to connect to a Virtual Machine using the Azure Bastion, you just need to:

  • Open the Virtual Machine Blade
  • Start the Virtual Machine you want to connect
  • Click “connect” and select “Bastion”
  • Enter the username and password and click “Connect”

Connect to a Virtual Machine using the Azure BastionA new tab will be opened into your web browser using the Bastion service and HTML5.Bastion service and HTML5Wait a few seconds and then you can use your Virtual Machine in your web browser. Use your Virtual Machine in your web browser

VSAN from StarWind eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows VSAN from StarWind to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.

Learn more about ➡ VSAN from StarWind

Conclusion

Azure Bastion Service is still in preview, but it works like a charm. It is very easy to deploy and it will secure access to your Virtual Machines. You just need to assign one Public IP Address to the Azure Bastion instead of assigning one Public IP Address per Virtual Machine.

Views All Time
2
Views Today
6
Appreciate how useful this article was to you?
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5
5 out of 5, based on 1 review
Loading...
Back to blog
The following two tabs change content below.
Nicolas Prigent
Nicolas Prigent
Nicolas Prigent works as a System Engineer, based in Switzerland with a primary focus on Microsoft technologies. Nicolas is Microsoft MVP in Cloud And Datacenter Management with 8 years experience in administering Windows Servers, Hyper-V and System Center products. He also received the "PowerShell Heroes 2016" Award.