Azure Bastion has been out in preview for a few weeks now. So I thought now that the dust has settled I will share my thoughts about it. I was going to do a blog post on how to set it up, but the Microsoft docs and a lot of bloggers have done such a good job I did not see the need.
First off, what is Azure Bastion? Well, Azure Bastion is a new PaaS offering that is designed to provide secure and seamless RDP and SSH access to your virtual machines from within the Azure Portal and your browser. A lot of people already run a Bastion or as most people know it a jump box. In fact, Remote Desktop Gateway does this very well already. The thing with running RD gateway is, you need to look after it and secure it. This can be a lot of work. With Azure Bastion, Microsoft does this for you!
Below is a diagram from Microsoft so you can see how it all connects together.
So, does it work?
Yes, it does and it works well considering it’s still in preview. I feel like it came out of private preview a bit too early. It seems some videos got published a bit early, which forced the public preview out. This is only my opinion and may not be true.
At the time of writing it is not very featured rich. It does have a clipboard feature that can be accessed by clicking on the icon on the left-hand side of the RDP window, its in the middle. Here you can copy text from your host machine to the VM you have connected to. Resizing of the window works well too.
So, What’s missing?
For me, a few things are missing. It would be nice if this worked via vNet peering. At the time of writing this, it does not. Hopefully, it will come. I would also like to see the ability to connect to Virtual Machine Scale Sets. I have provided this feedback, so fingers crossed it will come.
File transfer would be a nice feature to have also, but It would need to have the ability to turn it off. In some secure environments, this could be bad.
I feel that this service could benefit more if it had the ability to record the sessions and then store them in Blob storage. This storage would then need to be secured using RBAC.
There are probably more features that are missing, but as of now I can see promise in this service.
I am really impressed with what Microsoft has done so far with this new offering and I am excited to see what comes at GA. Hopefully, we will have the ability to login with Azure AD, Multifactor login and maybe even the ability to use the RDP client from your computer rather than having to sign into the Azure Portal. I personally can not wait for GA so I can start using in retire some jump boxes and use this service.
If you want to read more about Azure Bastion then why not head to the announcement page: https://azure.microsoft.com/en-us/blog/announcing-the-preview-of-microsoft-azure-bastion/
I am guessing by now you have read enough and want to start testing. Well then why not head over to the Microsoft Docs page: https://docs.microsoft.com/en-gb/azure/bastion/bastion-create-host-portal
If you have any feedback let me know and I will get it to the right people.
Thanks for reading and if you have any questions please reach out via social media or leave a comment below.