In today’s world, remote access to virtual machines is a necessity for many businesses. However, it can be challenging to provide secure remote access without exposing the virtual machines to the public internet. Azure Bastion is a fully managed service that provides more secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs) without any exposure through public IP addresses. In this blog post, we will introduce Azure Bastion and provide a step-by-step guide on its setup.
What is Azure Bastion?
Azure Bastion is a fully managed service that provides secure and seamless RDP and SSH access to virtual machines without any exposure through public IP addresses. It is a Platform as a Service (PaaS) offering from Microsoft Azure that eliminates the need for a public IP address, Network Security Groups (NSGs), or a jump host. Azure Bastion provides connectivity directly from the Azure portal using Transport Layer Security (TLS) and can be provisioned directly in your local or peered virtual network (vNet) to get support for all the VMs within it.
How to set up Azure Bastion?
Setting up Azure Bastion is a straightforward process. Here’s a step-by-step guide:
-
Create a virtual network: If you don’t already have a virtual network, create one in the Azure portal. This vNet will need to be peered with other vNets that contain your virtual machines, or you can skip this step an go to step 2 in your existing Virtual Network.
-
Create a subnet: Create a subnet in the virtual network that you created in step 1 or within your existing vNet. This subnet must be called “AzureBastionSubnet” to be used with the Azure Bastion service.
-
Create an Azure Bastion resource: In the Azure portal, search for “Azure Bastion” and create a new resource.
-
Configure Azure Bastion: Configure Azure Bastion by specifying the virtual network and subnet that you created in steps 1 and 2.
-
Connect to the virtual machine: In the Azure portal, navigate to the virtual machine that you created in step 3 and click on the “Connect” button. You should now see an option to connect via Azure Bastion.
-
Connect via Azure Bastion: Click on the “Connect via Azure Bastion” option and enter your credentials. You should now be connected to your virtual machine via Azure Bastion.
Automating Provisioning and Deletion of Azure Bastion
To reduce costs associated with Bastion you can automate the provisioning and deletion of Azure Bastion, you can use Azure PowerShell or Azure CLI. Here’s how to do it using Azure PowerShell:
-
Create a PowerShell script for provisioning: Create a PowerShell script that includes the commands to create the Azure Bastion resource. Refer to the following link Deploy Bastion
-
Create a PowerShell script for removal:: Create a PowerShell script that includes the commands to remove the Azure Bastion resource. Refer to the following link Remove Bastion
-
Schedule the scripts: Use the Azure Automation to schedule the script to run at specific times that meets your requirements.
Conclusion
Azure Bastion is a fully managed service that provides more secure and seamless RDP and SSH access to virtual machines without any exposure through public IP addresses. It eliminates the need for a public IP address, Network Security Groups (NSGs), or a jump host, and provides a browser-based interface that can be accessed from anywhere, without the need for software installation or configuration. Setting up Azure Bastion is a straightforward process that can be completed in just a few steps. By using Azure Bastion, you can provide secure remote access to your virtual machines in Azure and ensure that your data is protected. By automating the provisioning and deletion of Azure Bastion, you can ensure that your virtual machines are always secure, even during out-of-hours periods.