Azure Bastions

Microsoft has recently announced the public preview of Azure Bastions service, Azure bastions allow a secure RDP and SSH access to a VM configured with a private IP address. In this blog post, we will discuss the configuration and features of Azure bastion.

Azure Bastions Architecture

Considerations for Azure Bastion 

Since Azure bastion is in preview, there are few limitations and considerations we need to be aware of

  • Azure Bastion is only available through the preview portal 
  • it requires a dedicated Subnet named “AzureBastionSubnet” with CIDR /27
  • Currently, Azure bastion can only connect the VMs deployed in the VNET  where Azure bastions are configured. in preview, Azure bastions  can’t access the resources deployed in peered VNETs
  • Azure bastion is a PaaS service, You can’t connect and manage bastion host like typical windows/Linux jumbox, which means you can’t install any client or connectivity software on it.
  • Access to any VM through Azure Bastion requires, access to Azure portal.

How to get started with Azure Bastion

Currently, Azure Bastion can only be enabled from the following URL – 

All Services > Bastions > Add 

Create a Bastion Host

When you click on a VM available in the same VNET where Azure bastion is configured,  you will see Bastion as an option after you click on connect 

Supply user name and password of the VM to connect to the VM. 

VM will be connected in the browser over HTTPS and can be fully managed from here.