How do you normally connect to your Azure Virtual Machines?
Normally users connect to their Virtual Machines in the Azure portal using an RDP session, which requires the opening of port 3389 in your NSG.
What other options for connecting to Virtual Machines have been introduced recently?
Azure Bastion service is a new feature in the Azure portal.
Let me explain a little more about it.
What is it?
Azure Bastion is a service that is deployed into a Virtual Network that lets you connect to your Virtual Machines using either your internet browser or the Azure portal. It provides secure RDP/SSH connectivity to your VM without the need for assigning a public IP address, this stops your VM from exposing the normal RDP port (3389) to the outside world.
Azure Bastion key benefits:-
- RDP and SSH directly in Azure portal
- No Public IP required on the Azure VM
- No hassle of managing Network Security Groups (NSGs)
- Protection against port scanning
- Host scaling
So to sum up, Azure Bastion or RDP?
RDP – Public IP address and port 3389 needed.
NSG configuration needed
Azure Bastion – More secure
No NSG configuration needed.
No ports or Public IP’s needed
Only one needed per Subscription