In June, Microsoft announced the public preview of Azure Bastion. This new introduced service lets you manage your Azure Resources through SSH and RDP directly via your Browser on a very high security level.
What is a Bastion Host?
A Jump Host, or Bastion Host is “a special-purpose computer on a network specifically designed and configured to withstand attacks“. It is often used to access and manage devices in a separate security zone. The access to this special zone is only provided via this Jump Host/Bastion Host. You control the complete permissions on this server. Reverse Proxies are a kind of Bastion Host which let you access applications through this service only.
Azure Bastion
Microsoft started the development of an out-of-the-box PaaS Solution to provide a fully managed and high secure Jump Host to Azure administrators.
First you deploy the Bastion Host directly to your network in Azure. Afterwards you can start using the service. It makes it possible, that you access your other Azure services directly through the Azure Portal via your browser via SSH or RDP.
If you want to start with Azure Bastion, you need to enable the Preview Features in your Azure Subscription.
#Register Bastion Provider
Register-AzProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
#Register Network Provider
Register-AzResourceProvider -ProviderNamespace Microsoft.Network
#Verify Provder Registration
Get-AzProviderFeature -ProviderNamespace Microsoft.Network
Preview Functionalities
During the preview, the following key-features are available in Azure Bastion:
- RDP & SSH from the Azure Portal
- Secure Remote Session over SSH & RDP
- No Public IP requirement anymore for Azure Virtual Machines
The Azure Team will add more features soon. You can also request features through the Azure Community. You can find the documentation in the Azure Docs.