Azure Bastion – RDP and SSH to Azure

Azure Bastion is a new Azure service that enables you to create private RDP and SSH to Azure machines. Before Azure Bastion, you would have to create VPN access to Azure or assign a public IP address to the virtual machine(s) and allow RDP/SSH access from the internet.
Before Azure Bastion you could secure the access to the virtual machine using Just In Time VM Access or a VPN. Bastion gives you a full private service in your Azure virtual network so you can access your machines using SSL in the browser without the need to expose your machines.

Azure Bastion is currently in preview. You can access the preview using this URL : https://aka.ms/BastionHost.

Azure Bastion architecture

How Azure Bastion Works

The Azure Bastion service works over port 443 (SSL) and this is the only port and connection Bastion uses. So port 443 will be the only port that you will have to enable in your virtual network (NSG). Behind Bastion it will connect to your devices over port 3389 (RDP) or 22 (SSH) to the virtual machines.

Alternative to Azure Bastion, you could work with a VPN service to Azure, IP access (with whitelisting) or Just In Time VM Access.

Click the READ MORE button to start going though the actual configuration

How to configure Azure Bastion

Create an Azure Bastion Subnet

Open your Virtual Network and create a new subnet. Bastion requires a separate subnet with the name AzureBastionSubnet. I would recommend at least a /27 subnet for Bastion. Make sure you use this name for the subnet!

The new AzureBastionSubnet subnet

Deploy Azure Bastion from the Marketplace

Search for ‘ Bastion’ in the Azure portal and open the ‘Bastion (preview)’ Service

After opening the ‘Bastion (preview)’ service, fill in the required information and make sure to select your virtual network where you already created the AzureBastionSubnet subnet.

Make sure to give the Bastion service an public IP address

Then click ‘review + create’ and again click create. It can take some time to deploy the service. My deployment took 5 minutes.

Access your virtual machines

Using the preview URL, you can access your machines using Bastion. Look up the virtual machine you want to connect to, open up the ‘connect’ button, enter your virtual machine (domain or local) credentials and connect.. that’s is!

Leave a Reply

Your email address will not be published. Required fields are marked *