What is Azure Bastion
Azure Bastion is a fully managed service that provides more secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs) without any exposure through public IP addresses.
Why do we need azure bastion
Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.
Key benefits :
- RDP and SSH directly in Azure portal
- Remote Session over TLS and firewall traversal for RDP/SSH
- No Public IP required on the Azure VM
- No hassle of managing Network Security Groups (NSGs)
- Protection against port scanning
- Protect against zero-day exploits. Hardening in one place only
Architecture
This figure shows the architecture of an Azure Bastion deployment. In this diagram:
The Bastion host is deployed in the virtual network that contains the AzureBastionSubnet subnet that has a minimum /26 prefix.
The user connects to the Azure portal using any HTML5 browser.
The user selects the virtual machine to connect to.
With a single click, the RDP/SSH session opens in the browser.
No public IP is required on the Azure VM.
How does Azure Bastion work?
Links to configure bastion :