Azure Bastion host is a PaaS service that allows the customers to SSH/RDP to there VM in a secure and seamless way. If the VM is a private VM and doesn’t have access to public using public IP, we can use Azure Bastion to RDP or SSH without having a IP address attached to the VM.
Architecture of Azure Bastion Hosts
Azure Bastion Host is deployed in to the virtual network, VMs are running. This is provide the ability to access the VMs using SSH/RDP securely. With this deployment customers can access every VM in that virtual network, Bastion Hosts is deployed.
Above Diagram explains following
- The Bastion host is deployed in the virtual network.
- The user connects to the Azure portal using any HTML5 browser.
- The user selects the virtual machine to connect to.
- With a single click, the RDP/SSH session opens in the browser.
- No public IP is required on the Azure VM.
- RDP and SSH directly in Azure portal
- Remote Session over SSL and firewall traversal for RDP/SSH
- No Public IP required on the Azure VM
- No hassle of managing NSGs
- Protection against port scanning
- Protect against zero-day exploits. Hardening in one place only
Following demo shows how we can configure Azure Bastion Host – Preview