Search This Blog

Monday, August 5, 2019

Azure Bastion

Since we now have Azure Bastion in preview it’s time to take a closer look.

Azure Bastion will allow us to have private RDP and SSH access to our Virtual Machines from a HTML5 Web Browser over SSL.

We can do this without using public IP address on the VM.

Today we often connect to our virtual machines, either by exposing the virtual machines to the public Internet or by deploying a jump-host/server.

For this test we will use the following test setup.

image

First go to https://aka.ms/BastionHost, select All services and search for Bastion, then we can add Bastions to our favorites.

image

Select Bastions from our favorites.

image

Select Create Bastion.

image

Lets create a new resource group for this test.

image

Name the resource group.

image

Name the bastion instance, select Region and then create a new virtual network.

image

We need to create a subnet for our VM’s and a dedicated subnet with the name AzureBastionSubnet.

I will choose 10.10.100.0/24 for the Azure BastionSubnet and 10.10.10.0/24 for the VM subnet (LabSubnet)

image

We the select the AzureBastionSubnet as subnet and create a new public IP address, finally we click Review + create.

image

Select Create.

image

Deployment will then start, and we will have to wait until deployment is complete.

2019-07-29 11_09_54-LAB-DC01 on PCP70 - Virtual Machine Connection

Deployment is now complete.

2019-07-29 11_12_07-LAB-DC01 on PCP70 - Virtual Machine Connection

In order for this test to work we also need to deploy a virtual machine. Go to Virtual Machines  and Create Virtual machine.

image

We select our Subscription and the Resource group we already created, then we give the VM a name, select region, image type and size.

image

We will use our newly created Virtual network and VM subnet, and no public IP.

image

And the create the virtual machine.

image

Deployment will then start, and again we will have to wait until deployment is complete.

image

Deployment is now complete, lets Go to resource.

image

The VM has no public IP as shown, lets Connect.

image

It will automatically open the Bastion tab, enter Username, Password and connect.

image

You will need to allow popup from Azure.

image

and we are connected to the VM.

image

For browsers that support the advanced Clipboard API access, you will be able to use copy and paste but only text, the browser might prompt you to allow access.

image

For other browsers, you can use the Bastion clipboard tool.

2019-07-29 11_37_12-LAB-DC01 on PCP70 - Virtual Machine Connection

Now test in your own environment.

No comments:

Post a Comment