Connect to Azure Virtual Machines

This document provides comprehensive guidance on how to connect to your Azure Virtual Machines (VMs) from various client environments. Connecting securely and efficiently is crucial for managing your cloud infrastructure.

Connecting via RDP (Remote Desktop Protocol)

RDP is the primary method for connecting to Windows VMs. Ensure your VM has a public IP address or is accessible via a VPN or Azure Bastion.

Steps to Connect via RDP:

Navigate to your VM resource in the Azure portal.
In the Overview section, click the Connect button.
Select RDP.
Download the RDP file.
Open the downloaded RDP file and enter your VM's administrator credentials.

Note: For security best practices, consider using Azure Bastion for RDP connections, which eliminates the need for a public IP address on your VM.

Connecting via SSH (Secure Shell)

SSH is the standard protocol for connecting to Linux VMs. You can connect from various clients, including OpenSSH on Linux/macOS and PuTTY on Windows.

Steps to Connect via SSH:

Ensure your Linux VM has an SSH port open (typically port 22) and a public IP address or is accessible via a VPN/Azure Bastion.
From a Linux/macOS terminal, use the following command:
```
ssh @
```
If using password authentication, enter your password when prompted. If using SSH keys, ensure your public key is deployed to the VM.

Using SSH Keys:

SSH keys provide a more secure authentication method than passwords. When creating a Linux VM in Azure, you can specify an SSH public key to be deployed automatically.

ssh -i /path/to/your/private/key @

Tip: For Windows users, consider using the built-in OpenSSH client in Windows 10/11 or downloading a tool like PuTTY.

Connecting via Azure Bastion

Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH connectivity to your virtual machines directly through the Azure portal over TLS. Bastion provides enhanced security by eliminating the need to expose RDP/SSH ports directly to the public internet.

Benefits of Azure Bastion:

No public IP address required on VMs.
Centralized access control and management.
Protection against port scanning and brute-force attacks.
Native integration with the Azure portal.

Deployment Steps:

Bastion is deployed to a dedicated subnet named AzureBastionSubnet within your virtual network. Once deployed, you can connect to your VMs through the Bastion host via the Azure portal.

Connecting via VPN or ExpressRoute

For private network connectivity, you can use Azure Virtual Network Gateway (VPN) or Azure ExpressRoute. These services allow your on-premises network or other virtual networks to connect to your Azure VNets, enabling secure access to your VMs without direct public exposure.

Key Concepts:

Site-to-Site VPN: Connects your on-premises network to an Azure VNet.
Point-to-Site VPN: Connects an individual client device to an Azure VNet.
ExpressRoute: Provides a private connection from your premises to Microsoft Azure.

Warning: Always ensure you are using secure connection methods and managing access credentials appropriately to protect your Azure resources.

For more detailed information and advanced scenarios, refer to the Azure Virtual Machines networking documentation.