4.8 KiB
| type | title | excerpt | tags | share | date | |
|---|---|---|---|---|---|---|
| post | Tip 346 - How to use Azure Bastion to access virtual machines | Learn how to use Azure Bastion to access virtual machines |
|
true | 2021-12-15 08:00:00 |
::: tip
🔥 Checkout the Azure Developer page at azure.com/developer.
💡 Learn more : Virtual Machines in Azure overview.
📺 Watch the video : How to use Azure Bastion to access virtual machines.
:::
How to use Azure Bastion to access virtual machines
Easy and secure connections to Azure VMs
You can connect to Azure Virtual Machines in several ways. You can use RDP or SSH, and also Azure Bastion. Bastion doesn't require the VM to have a public IP address, as it connects to your VM using the RDP or SSH protocol over TLS, using your VMs private IP address. All you need is an Azure Bastion resource and an HTML5 capable web client. Because you do not need to expose your Virtual Machines to the public Internet, your VMs are protected against port scanning by rogue and malicious users located outside your virtual network.
In this post, we'll connect to an Azure Virtual Machine using Azure Bastion.
Prerequisites
If you want to follow along, you'll need the following:
- An Azure subscription (If you don't have an Azure subscription, create a free account before you begin)
- A Virtual Machine in Azure
Use Azure Bastion
Connecting to an Azure VM with Azure Bastion is very straightforward:
- Go to the Azure portal
- Navigate to the Virtual Machine that you want to connect to
- In the VM overview blade, click Connect and select Bastion
(Connect to a VM with Bastion from the Azure portal)
- When you use Bastion for the first time for a VM, you need to follow some steps. The first step is to expand the VMs address space, if needed
- Step two is to create the Bastion subnet
- Choose an Address space. You can leave the default settings if you want
- Optionally, you can select a Network security group
- Click Create Subnet
(Create the Bastion subnet)
- Next, we need to create an Azure Bastion resource
- Fill in a Name for the bastion
- Pick a Pricing Tier for the Bastion
- If you picked the Standard tier, you can select the amount of Bastion instances. This determines how many users can connect to the VM with Bastion at the same time
- Leave the settings for the Public IP address as they are
- Select a Resource group
- Click Create Azure Bastion using defaults. This will create the Bastion and will take a few minutes. Alternatively, you can create an Azure Bastion without the defaults with the button "I want to configure Azure Bastion on my own"
(Create an Azure Bastion resource)
When the Bastion resource is created, you can use it to connect to the VM. Just enter the VM administrator credentials and click Connect.
(Log in to an Azure VM using Azure Bastion)
This opens the VM session in a browser window. You can use the VM through this secure connection, just like you would through an RDP or SSH client. If you want, you can now remove the Public IP address from the VM.
(The VM session in a browser)
Conclusion
It is important to keep your Azure VMs secure. A great way to do that is to remove them from the public internet. And when you do, you can use Azure Bastion to connect to them in a secure way, in a browser. Go and check it out!