Why do we need Bastion Host
- Kind of jump box to connect the VMs that are in the private network
- It eliminates the need to expose VM to the internet to connect
- No need to create a jump box
- Reduce the cost of the jump box
- Using Bastion directly we can connect through a browser from anywhere
Azure Bastion Architecture
Let’s create a private virtual network and VM first. As we are using a private network, VM don’t have any public IP to connect. Later create Bastion and required subnets then connect to VM which is in the private network using Bastion
- Create a VM with a default CIDR range
- example CIDR: 10.0.1.0/16
- Create a Subnet with default CIDR range
- example CIDR: 10.0.1.0/26
- Create a Virtual Machine without public IP
As the VM was created without a public IP, we don’t have the option to connect to the VM directly. To connect to the VM we should have a Jump box or a Bastion host
Create bastion Service
- Navigate to bastion service and click on Create new
- Provide default values like name/region/tier/instance count…etc
- Select the virtual network where the existing VM is present
- Bastion host expects a specific subnet name “AzureBastionSubnet”. It won’t allow any other subnets.
- Create a subnet with the name “AzureBastionSubnet” in the same network.
- Create/existing public IP address
Review and create the bastion host
Connect to VM using Bastion Service
- Go to the Operations section and select the Bastion option
- Provide the required credentials to connect
Note:
make sure your browser allows the popup because it will open a new popup with the machine
