What is Azure Bastion?
Azure Bastion is a fully managed PaaS (Platform as a Service) service that you deploy in your Azure Virtual Network. It provides secure and seamless RDP and SSH connectivity to your virtual machines directly through your web browser and the Azure portal. Bastion is deployed within your virtual network, eliminating the need for public IP addresses on your virtual machines for RDP/SSH access.
Key Benefits
- Enhanced Security: Connect to VMs without exposing them to the public internet. No public IP addresses are needed on your VMs for RDP/SSH.
- Seamless Experience: Access VMs directly from the Azure portal via HTML5. No client software installation required.
- Centralized Access Control: Manage access policies and credentials centrally. Integrate with Azure AD for authentication.
- Network Protection: Bastion acts as a hardened jump server, protecting your VMs from direct exposure.
- Compliance: Helps meet compliance requirements by securing access to sensitive resources.
How it Works
Azure Bastion deploys in a dedicated subnet within your virtual network called AzureBastionSubnet. It uses native RDP and SSH protocols to connect to your VMs. When you initiate a connection from the Azure portal, Bastion establishes a secure tunnel over TLS to your VM, providing a smooth and protected experience.
Getting Started
To start using Azure Bastion, you need to:
- Create an Azure Bastion host resource.
- Ensure you have an AzureBastionSubnet in your virtual network.
- Associate a public IP address with the Bastion host.
- Configure Network Security Groups (NSGs) appropriately.