Remote control with Azure Bastion Part 1

or do you still need a jumphost? . . .
Recently I worked on a project, where they asked me
“How will I manage my virtual machines in Azure, do i still need a jumphost like in the old world?”
Well , Azure has got a service for that called Azure Bastion.

Why Azure Bastion?
To explain you why to use Azure Bastion , here are some of my key points;
– Your RDP & SSH ports don’t need to be exposed publicly anymore.
– No need to add/attach public IP on your virtual machine
– You can access directly your virtual machines through the Azure portal over SSL
– Helps prevent threats like port scanning and other malware attacks.
– Automatic scale the number of connections to your network(SKU Basic or Standard(public GA)).Basic SKU maximum 2 concurrent connections and with Standard SKU you can upscale and downscale your Bastion connections an maximum of 50 concurrent connections.
– After provisioning , you will have access to all your virtual machines in within the vNet across the subnets.
at this moment you can only login with your on-premises account (hybrid) or local account(mostly used when you spin up a jumphost ) from the jumphost you can login with Azure AD account. (see Azure AD Login Extension for virtual machine)

What is Azure Bastion?
Azure Bastion is a fully managed PaaS service that provides a secure and seamless RDP/SSH access to Azure Virtual Machines.
You can access your virtual machine directly from the Azure Portal over TLS. Without the need of a public ip address, agent or other additional tool on your virtual machine , seamless with one click through Azure Bastion in the Azure Portal, you will have direct access on your virtual machine.

In the next part I’ll explain how to implement and configure Azure Bastion continue here series