Microsoft Azure Bastion - Secure access to Azure VMs
Microsoft recently announced Azure Bastion as a new managed PaaS service that provides seamless RDP and SSH connectivity to your virtual machines over the Secure Sockets Layer (SSL). Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without any exposure through public IP addresses. With this PaaS service announcement, Microsoft eliminated the need of Jumpbox Virtual Machine that was used to connect to the VMs without exposing them publicly.
Azure Bastion service is in Preview right now and is expected to be made generally available soon once it gets stabilized and matured as a product. Microsoft plans to bring in Azure Active Directory integration, adding seamless single-sign-on capabilities using Azure Active Directory identities and Azure Multi-Factor Authentication, and effectively extending two-factor authentication to your RDP/SSH connections. There are also plans to enhance the auditing experience for RDP sessions with full session video recording.
Sounds good? Then give it a try and explore the whole new possibilities with Azure Bastion service.
How will it work?
Image source: https://azure.microsoft.com/en-us/blog/announcing-the-preview-of-microsoft-azure-bastion/
Benefits of Azure Bastion
- Removes requirement for a RDP or SSH client on your local machine.
- No need for local RDP or SSH ports (very useful if your enterprise believes in complete lock down of ports).
- Uses secure SSL/TLS encryption.
- No need to assign public IP addresses to your Azure Virtual Machine.
- Works in basically any modern browser on any device (Windows, macOS, Linux, etc.).
- Simplified and one-time configuration of NSGs to allow access to Azure Bastion.
The preview version of Azure Bastion is currently available in the following regions:
- West US
- East US
- West Europe
- South Central US
- Australia East
- Japan East