Remote control with Azure Bastion Part 2

In the first part of this series I have explained how Azure Bastion works high-over under the hood, in this part I’ll explain how you can easily install Azure Bastion within your Azure environment.

How?

There are different ways to provision bastion, so to keep it simple, you can use sample code (github) so you can deploy it fast.
Or you can always use the portal, at the end we will have to login into the portal anyway ;), in this example we will deploy the bastion instance within the Azure Portal
For this example I use, please make sure you have deployed the following resources:
– Provisioned Virtual Machine
– Virtual Network
– Subnet within your vNet address space with a subnet mask /26 or larger.
– Name of the subnet must be AzureBastionSubnet, otherwise it will not work.

Step 1.
Login into the Azure Portal. Click on the search and fill in Bastion.
You will see, as below shown in the illustration, the bastion panel to create a new Bastion instance.

Step 2.
Click on the Create button and follow the Bastion Wizard, you can leave everything as default, except for Configure virtual networks. If you have already an existing virtual network you can select it by the drop down menu, and also the Subnet, for the Azure bastion subnet.

Step 3.

When the Bastion instance has been successfully deployed, you can go to your Virtual Machine . In the main panel of your virtual machine resource you click on the Connect button then click on Bastion .

Step 4.

Then click on Use Bastion

fill in your username and password (local) or if your virtual machine is a member of a domain, your domain user credentials and click on Connect.

Results
After you have been successfully authenticated , you are finally logged on, secure and safe within the Azure Portal with Azure Bastion.

Summary
What we have done is , deployed easily Azure Bastion instance and enabled remote logon within the Azure Portal with Azure Bastion. Also we have seen that we need an separate subnet for using Azure Bastion. The minimum connection instances with Basic SKU is 2 concurrent connections. Note that this is the amount of “network connections”. Under the hood Azure Bastion will use an IP address from its own subnet so you will be able to create an connection to the target VM.

In my next article I will explain how you can login with your on-premises and/or Azure Identity with Azure Bastion. . .

If you like to read more of my articles, you can check my page here https://joetahsin.medium.com