Shulou(Shulou.com)06/03 Report--

What is Azure Bastion? How do I use it? If you happen to have the same confusion, refer to this article. Reading the complete article, I believe you have a certain understanding of Azure Bastion.

First of all, let's take a look at the introduction of Azure Bastion. Azure Bastion mainly provides the following services

Connect directly with RDP and SSH in the Azure portal: you can have RDP and SSH sessions directly in the Azure portal with a seamless click.

RDP/SSH remote sessions through SSL and firewall traversal: Azure Bastion uses a HTML5-based Web client, which automatically streams to the local device, allowing you to conduct RDP/SSH sessions through SSL on port 443, supporting secure traversal of the corporate firewall.

Azure VM does not require public IP: Azure Bastion uses a dedicated IP on VM to open a RDP/SSH connection to the Azure virtual machine. No public IP is required for virtual machines.

Easy to manage NSG: Azure Bastion is a platform PaaS service provided by Azure that is hardened internally to provide secure RDP/SSH connectivity. There is no need to apply any NSG on the Azure Bastion subnet. Because Azure Bastion connects to the virtual machine through a dedicated IP, NSG can be configured to allow only RDP/SSH from Azure Bastion. This eliminates the hassle of managing NSG every time you need to connect securely to a virtual machine.

Port scan protection: because there is no need to expose virtual machines to the public Internet, VM can be protected from port scanning by malicious users outside the virtual network.

Prevent zero-day loopholes. Enhanced in only one place: Azure Bastion is a platform PaaS service. Because it is located on the periphery of the virtual network, you do not have to worry about how to enhance each virtual machine in the virtual network. The Azure platform prevents zero-day vulnerabilities by keeping Azure Bastion enhanced and always up-to-date.

From a functional point of view, Azure Bastion does not provide much, at least compared with the third-party fortress machine, the function is still poor, but its advantages are also obvious, without complex configuration, it can be well integrated with the cloud platform, these are its advantages, as for whether to use it or not, it is a matter of opinion.

Next, let's take a look at the architecture of Azure Bastion. We can see that the architecture of Azure Bastion is simple and clear, and basically does not require any customer's own configuration.

Let's try the deployment and use of Bastion.

First find the Bastion service, and then create a new Bastion

As can be seen from the list, there are not many region that support Azure Bastion.

Bastion needs a subnet of at least 27 bits, and the name of this subnet must be AzureBastionSubnet, which is similar to other services.

The deployment of Bastion is very simple and can be used directly after creation. Take a Linux machine as an example. To connect to VM using Azure Bastion, you do not need any RDP or SSH clients, and the connection protocol is not RDP and SSH, but through HTTPS connection. When accessing, you only need to log in to Portal, and then directly connect.

You can see that you can connect to VM in the browser and do what we need!

This is actually quite convenient, and the connected VM does not need to have any public network IP.

After reading the above, do you have any further understanding of Azure Bastion? If you want to know more about it, you are welcome to follow the industry information channel. Thank you for reading.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.