Deploy and configure Azure Bastion Service

Posted on by zeusexam

Deploy and configure Azure Bastion Service
Generally, you connect to remote virtual machines with either RDP or SSH. To do so, you either need to assign a public IP address (with the RDP/SSH port exposed) to the VM to which you are trying to connect, or you need to provision an additional jump server, assign a public IP address to that jump server, and then connect to the other virtual machines using private IP addresses internally.
You can also try implementing network security groups (NSGs) to restrict the source IP addresses and ports allowed for your network traffic. Still, you are exposing RDP/SSH ports to the source servers over the internet, which could be a potential security threat.
To overcome this issue, Microsoft has created a managed PaaS service called Azure Bastion to provide secure connections to Azure VMs using the SSL channel through a browser directly without using any external client. This service helps you limit threats like port scanning and other malware.

The Azure Bastion service is provisioned within a VNet within a separate subnet called AzureBastionSubnet. If you have multiple VNets in your environment, you can deploy the service once in a hub virtual network, and access VMs in other VNets that are peered with the hub. If the VNets are not peered, then each VNet would need its own Bastion subnet and service.
In the following example, it is assumed that you have already created the Exam-Ref-VNet VNet with a subnet named AzureBastionSubnet and with a prefix of at least /27. Refer to Skill 4.1 for detailed instructions on how to create a virtual network and subnet.
To create a Bastion service using the Azure portal, follow these steps:

  1. Search for Bastion. On the Bastion blade, click Create.
  2. On the Create A Bastion blade, provide a name, the subscription where your resources are located, the resource group for the Bastion, and the region (select the supported region).
  3. You also need to select the virtual network and subnet and create a public IP address, as shown in Figure 4-35.

FIGURE 4-35 Creating a Bastion

FIGURE 4-36 Overview blade of the Bastion resource

  1. Once created, the Bastion-eus-vnet overview blade will appear, as shown in Figure 4-36.
  2. To test this Bastion, browse to the overview blade of your VM, click Connect, and click the Bastion tab, as shown in Figure 4-37.

FIGURE 4-37 Connecting to a VM using Azure Bastion

  1. Provide the credentials and click Connect. You will be redirected to the interactive browser session to the VM through Bastion, as shown in Figure 4-38.

FIGURE 4-38 Managing a VM using Bastion

Leave a Reply

Your email address will not be published. Required fields are marked *