Azure Bastion

This pattern will demonstrate a simple VNet configuration with an Azure Bastion as the only way to access a Linux VM.

Categories:

Patterns

2 minute read

In today’s cloud-centric world, securing access to virtual machines (VMs) is paramount. This design pattern demonstrates a streamlined Azure Virtual Network (VNet) configuration, utilizing Azure Bastion as the exclusive access point to a Linux VM. By avoiding direct RDP or SSH access and leveraging Azure Bastion, you can significantly enhance security and user experience. This pattern features a simple VNet setup with two subnets and Network Security Groups (NSGs)—one dedicated to Azure Bastion and the other to the Linux VM. Users need at least a reader role in Azure to connect to the VM via Azure Bastion.

Alt Text — *The topology of the Azure Bastion*

Key Details for This Design

The Azure Bastion subnet must exist and be configured exactly as described.
This Bastion subnet must have an NSG attached, again, exactly as described.
The VM subnet NSG must allow the AzureBastionSubnet CIDR inbound on 22/TCP or 3389/TCP.

Step-by-Step Guide

Create the VNet: Set up a VNet with two subnets—one for Azure Bastion and one for the Linux VM.
Configure NSGs: Attach NSGs to both subnets, ensuring the Azure Bastion subnet NSG allows inbound traffic on the required ports.
Deploy Azure Bastion: Deploy Azure Bastion in the designated subnet.
Assign Roles: Ensure users have at least a Reader role in Azure to access the VM via Azure Bastion.
Connect to the VM: Use the Azure Bastion service to securely connect to the Linux VM via SSH.

Best Practices

Avoid direct RDP or SSH access to VMs hosted in the cloud.
Use Azure Bastion to offload RDP and SSH connections, enhancing security and user experience.
Regularly review and update NSG rules to maintain a secure environment.

Use Cases

This pattern is ideal for scenarios where secure access to VMs is critical, such as in production environments or when handling sensitive data. By using Azure Bastion, organizations can ensure that their VMs are protected from unauthorized access while providing a seamless user experience.

References and Links

Azure Bastion documentation

Virtual Network documentation

Grinntec: Azure Bastion

Feedback

Was this page helpful?

Glad to hear it!

Sorry to hear that.

Last modified January 16, 2025: Update docker-swarm.md (1519d6d)