Menu Close

Azure Bastion (Preview)

The Azure Bastion service is a new PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL. When you connect via Azure Bastion, your virtual machines do not need a public IP address.

So this Azure Bastion service can be deployed in your existing Virtual Network, the result is that you can connect via RDP and SSH to all your Virtual Machines inside the same Virtual Network. The VM’s itself doesn’t need a public IP address anymore and you can connect to the VM’s via the Azure Bastion service via the Azure Portal.

Source: Microsoft

In this post I will show you how to setup the new Azure Bastion service and how to connect to your VM’s via the Bastion service.

How to deploy Azure Bastion (Preview)

Before we begin make sure you installed the Azure PowerShell module, run your Powershell as administrator so you can install the modules. If you don’t know how to install those check out this LINK.

The next step is to connect with you Azure tenant via PowerShell and register an Azure Provider Feature to enable the BastionHost Feature in your tenant.

Login-AzAccount

Register-AzProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network

Register-AzResourceProvider -ProviderNamespace Microsoft.Network

After a few minutes you can use the following command to check whether the feature has been registered. The RegistrationState should be Registered.

Get-AzProviderFeature -ListAvailable | Where-Object {$_.FeatureName  -Like "Bastion"}

First we need to use another link to the azure portal https://aka.ms/BastionHost so we can select this new resource in the portal.

Once logged in click on “Create a resource” and search for bastion.

Azure Bastion (preview)

Click on the Bastion (preview) to begin with the deployment.

Azure Bastion (preview) resource

Click on “Create” to open the Create a bastion page.

On the Create a bastion page specify the configuration settings for your Bastion resource. The resource will be deployed in your Virtual Network, one of the prerequisites is that you will need a subnet with at least a /27 or larger subnet. The subnet must be called AzureBastionSubnet, this will make sure that Azure is deploying the Bastion resource in the correct subnet.

You can create a new Public IP for the Bastion resource or use an existing one. When all the required configurations are in place it’s time to create the Bastion resource. Click on Review + create to validate the values. After the validation succeeded you can click on create to start the deployment.

After the deployment is complete you will find the Bastion service in your Virtual Network.

The Azure Bastion service

Connect to a Windows virtual machine using Azure Bastion (Preview)

Now we successfully deployed the Azure Bastion service it is time to connect to your VM with the use of Bastion.

Make sure your VM is power on and navigate to the Virtual Machine that you want to connect to, then Click on Connect.

Connect to your VM

After you click on connect the side bar will appear with an extra tab, this tab is called Bastion. Fill in your credentials to connect to the VM and click on Connect, the default settings will open a new windows with your session to the selected VM.

Connect to your VM via Bastion

In the new window you connection will be established. Make sure your browser isn’t blocking popups from the Azure Portal, otherwise the new Window will not open.

Connecting to the Bastion Host

If you have configured your VM’s in the past with a Public IP so you could RDP to your VM’s now it’s time to remove those and use Bastion instead!

You can find more information about Azure Bastion on the following site.

https://azure.microsoft.com/en-us/blog/announcing-the-preview-of-microsoft-azure-bastion/

https://azure.microsoft.com/en-us/services/azure-bastion/

https://docs.microsoft.com/en-us/azure/bastion/

Leave a Reply

Your email address will not be published. Required fields are marked *