Hello everyone!!! Today to manage our VMs (Windows/Linux) in Microsoft Azure, we can connect through a VPN or through direct connection to the External IP, using RDP and SSH protocols. Many leave their VMs exposed to the internet, in order to facilitate remote access, but this practice is not recommended, bringing great security risks. Thinking about it, Microsoft made Azure Bastion available, where we can manage our VMs through a Browser using SSL (Secure Sockets Layer). And the coolest thing? No public IP is required for this encrypted access.
See below a step-by-step guide on how to configure Azure Bastion:
- Go to Azure Marketplace and search for “Bastion”
- When creating “Bastion” on your VNET, it will indicate that it needs a specific subnet for it, called “AzureBastionSubnet”:
- Below I show how to create the subnet required for “Azure Bastion”, remembering that it must be at least /27:
- After all prerequisites are checked, just create the new resource:
- With “Bastion” created, just go to one of the VMs that are in the same VNET and click Connect:
- A third tab called “Bastion” will appear, where you will need to enter the user and password configured on the VM, which can be opened in the same window or in a different window:
- After the previous step, the machine login is performed and access is granted as shown in the image below:
Very easy to set up, isn’t it?
Hugs and until next time!!!