A “Bastion Host” in Azure is a dedicated virtual machine that serves as a secure gateway for connecting to other virtual machines within an Azure Virtual Network. It plays a crucial role in enhancing the security and control of remote access to your Azure resources.
- A bastion host acts as a shield between your local computer and Azure VMs, reducing the exposure of VMs to potential security threats from the public internet. This intermediary approach adds an extra layer of security.
- Typically, the bastion host is placed in a separate subnet within your Azure Virtual Network. This subnet is isolated from the public internet and other subnets, creating a secure environment.
Reduced Public IP Exposure:
- Bastion host enables you to reduce the need for public IP addresses on your VMs, further minimizing potential attack vectors.
- Azure Bastion supports both Windows and Linux VMs, ensuring a consistent experience for connecting to VMs regardless of the operating system.
Step 1 : Here currently we have two Virtual Machines in a Resource group.
Virtual Machine 1 – Windows VM
Virtual Machine 2 – Linux VM
Step 2 : Lets create Bastion service to connect to the two Virtual Machines we have.
Select the virtual network in which the two Virtual Machines are placed.
But here we will not be able to add the same Subnet, this is because a Bastion resides in a separate subnet. therefore we have to create a separate subnet for Bastion service
Step 3 : Create a subnet for Bastion in the Virtual network in which the Virtual machines are created.
Note: The name of the subnet should me as “AzureBastionSubnet“.
Step 4 : Now we a have a separate Subnet for Bastion. Lets add the subnet and create a Bastion.
Step 5 : We don’t need a Public IP to connect to the Virtual Machines. So we can Disassociate the Public IP.
Step 6 : Now lets connect to the Windows Virtual Machine. Click on connect and select Bastion.
Step 7 : Fill out the required credentials and click connect to login to the Windows Virtual machine.
Step 8 : Connection to Linux Virtual machine. We don’t need a Public Ip to connect to the Virtual Machines, so lets disassociate them.
Step 9 : Click on Connect and select Bastion. Now for Linux Virtual Machine browse for the Private Key and click on Connect.