Azure Bastion: The managed remote access PaaS service

Image: Azure Bastion
By James Powell on

RDP and SSH from right inside the Azure Portal!

Microsoft have just recently announced a new method of connecting to your Azure hosted VMs called Azure Bastion. Making it easier to either RDP or SSH into a server on a private virtual network.

This can be achieved without the need for those hosts to have a public IP address, exposing the servers themselves to an external endpoint, and removing a need to use any kind of jump-off solution.

Introducing Azure Bastion

Azure Bastion is a new managed PaaS service that provides seamless RDP and SSH connectivity to your virtual machines over the Secure Sockets Layer (SSL). You might consider it a jump off server ‘as a service’ solution.

The ability to use your browser not only simplifies the connectivity into hosted VMs within your private virtual networks, it removes any reliance on client application requirements for remote tools making the connection to the host client OS agnostic.

The solution is at this time in public preview, but is available now for you to test access to your VMs

Key features available with the preview include:

  • RDP and SSH from the Azure portal: Initiate RDP and SSH sessions directly in the Azure portal with a single-click seamless experience.
  • Remote session over SSL and firewall traversal for RDP/SSH: HTML5 based web clients are automatically streamed to your local device providing the RDP/SSH session over SSL on port 443. This allows easy and securely traversal of corporate firewalls.
  • No public IP required on Azure Virtual Machines: Azure Bastion opens the RDP/SSH connection to your Azure virtual machine using a private IP, limiting exposure of your infrastructure to the public Internet.
  • Simplified secure rules management: Simple one-time configuration of Network Security Groups (NSGs) to allow RDP/SSH from only Azure Bastion.
  • Increased protection against port scanning: The limited exposure of virtual machines to the public Internet will help protect against threats, such as external port scanning.
  • Hardening in one place to protect against zero-day exploits: Azure Bastion is a managed service maintained by Microsoft. It’s continuously hardened by automatically patching and keeping up to date against known vulnerabilities.

Azure Bastion can be deployed in your private virtual network providing RDP/SSH access to all authorised virtual machines connected to the virtual network.

To participate in this preview, you can go here https://docs.microsoft.com/en-gb/azure/bastion/bastion-create-host-portal

How to connect to an Azure VM using Azure Bastion

To start, you need to search for Bastion (preview) in the Azure Portal marketplace, select and click create.

Image: Connecting to an Azure virtual machine

Follow the steps to select your Resource Group and subnet, creating a new subnet if required.

You will see a message letting you know that your deployment is underway. Status will display on this page as the resources are created. It takes about 5 minutes for the Bastion resource to be created and deployed.

Existing VM?

It is also possible to create a bastion host in the portal by using an existing VM, various settings will automatically default corresponding to your virtual machine and/or virtual network.

In the preview portal, navigate to your virtual machine, then click Connect.

Image: Navigate to your virtual machine

On the right sidebar, click Bastion, then Use Bastion and then fill in the requested details.

Image: Connect to your virtual machine

Connecting

Once your Bastion solution is implemented, you can now select the host you wish to connect to within the Azure Portal and click ‘Connect’.

You will see you have a new option to select Bastion. Input your username and password for the host and click on connect.

Image: Bastion option

Then you will see your desktop either in the existing window or in a new popup/tab depending on your chosen settings.

Example SSH

Image: Example SSH

Example Windows RDP

Image: Example RDP
https://azure.microsoft.com/en-us/blog/announcing-the-preview-of-microsoft-azure-bastion/

Azure Bastion–The road ahead

Like with all other Azure networking services, Microsoft plan to build out Azure Bastion by adding more capabilities before general availability.

The future brings Azure Active Directory integration, adding seamless single-sign-on capabilities using Azure Active Directory identities and Azure Multi-Factor Authentication, and effectively extending two-factor authentication to your RDP/SSH connections.

Microsoft are also looking to add support for native RDP/SSH clients so that you can use your favourite client applications to securely connect to your Azure Virtual Machines, using Azure Bastion, while at the same time enhance the auditing experience for RDP sessions with full session video recording!

Watch this space.

Want to get in touch?

If you would like to discuss any methods of connecting to your Azure hosted VMs, simply complete the form below to speak to one of our consultants.

And join one of our regular workshops and webinars providing the latest updates and expert advice about Microsoft 365, Cloud and Hybrid IT, security, compliance and partner tools. We also post regular blogs so please do follow us.

Contact us

  • This field is for validation purposes and should be left unchanged.

We have the expertise and the experience to provide specialist solutions and drive your business forward

Get in touch

How can we help you?

Get in touch

What updates would you like?

Subscribe