Azure Azure Bastion

Azure Bastion: Configuring and utilizing the Bastion Developer SKU

by wmatthyssen
Comment 1


This blog post will walk you through configuring and utilizing the Azure Bastion Developer SKU (Preview).

On October 30, 2023, Microsoft announced the public preview of the Azure Bastion Developer SKU.

As many know, Azure Bastion, previously available only with Basic and Standard SKUs, is an Azure PaaS service deployed within a virtual network (VNet), typically the HUB VNet. It offers a secure way to connect to your Azure virtual machines (VMs) through RDP or SSH directly from the Azure portal over SSL, eliminating the need for VMs to have a Public IP address (PIP), agent, or specialized client software.

With the availability of the Bastion Developer SKU, deploying and using Bastion is now more streamlined for specific scenarios. This SKU allows users to connect to a single VM at a time and removes the complexities of configuring the required subnet (AzureBastionSubnet).

However, it’s important to note that the Developer SKU bastion host isn’t a dedicated resource, as with other SKUs; instead, it operates as part of a shared pool.

It is designed to meet the needs of dev/test users who want easy access to their VMs through the connect experience on the VM blade, without the need for extra features, scalability, or the hassle of managing Azure networking and subnet configuration. It’s noteworthy that you can choose to upgrade to a higher SKU if necessary.

Therefore, this SKU will be very useful in sandboxed or test environments within Azure, providing a straightforward, cost-effective, and trouble-free way to secure connections to Azure VMs in these environments.

In this blog post, I’ll guide you through setting up the Azure Bastion Developer SKU and demonstrate how easy it is to use.

*During the public preview, the Bastion Developer SKU is only available in the following regions: Central US EUAP, East US 2 EUAP, West Central US, North Central US, West US, and North Europe. Additionally, it currently does not support VNet peering.
Table of Contents


Table of Contents


Prerequisites

  • An Azure subscription, preferably a sandboxed or dev/test subscription, or a subscription without a connection to an existing Azure Bastion host.
  • An existing VNet in that subscription (in a supported Azure region). It’s important to note that this particular VNet doesn’t need the AzureBastionSubnet.
  • An existing Azure VM (Linux or Windows) connected to a subnet in the existing VNet.
  • An Azure Administrator account (preferably a Microsoft Entra group) with the required RBAC roles, including, at the very least, the Reader role for both the Azure VM and the network interface (NIC) linked to the VM’s private IP.









Deploy the Azure Bastion Developer SKU

Logon to the Azure Portal and enter the “virtual” into the global search bar or , then select “Virtual machines” from the search results.


On the Virtual Machines page, locate the VM you wish to connect to, and then select it.


On the page for your VM, click on “Bastion” in the left menu under the Connect section.


For a quick deployment of your developer Bastion host, just click on “Deploy Bastion Developer” on the Bastion page to use the default deployment settings. If, like me, you prefer more control over the Bastion name, resource group, and tags, click the downward arrow next to “Dedicated Deployment Options.” Then, choose “Configure manually“.



When on the Create a Bastion page, be sure to enter, choose, or create the correct resource names in the required fields, including resource group, name, region, and virtual network. Importantly, make sure to select “Developer” in the Tier field. Then, proceed by clicking “Next: Tags >“.


On the Tags page, complete all the necessary tag names and values. Then click “Next: Advanced >” to proceed.


On the Advanced page, you will see that the Bastion Developer SKU allows for the “Copy and paste” feature. Move forward by clicking “Next: Review + create >“.


On the last page, simply click “Create” to start the deployment.



Once the deployment is complete, click “Go to resource” to verify that your Bastion host has been successfully deployed with all the specified parameters.






Connect to a Windows Azure VM via the Azure Bastion Developer SKU

If the Bastion host deployment in the previous step went as expected, return to the Virtual Machine page of the VM you want to connect to, and once again, choose “Bastion” from the connect section.

Following that, choose the authentication type. Depending on the type selected, either input your authentication credentials or choose the appropriate secret from an Azure Key Vault in the Connecting Settings section. Then, click Connect.


The connection to this virtual machine via Bastion will open directly in a new browser tab. Grant permission to use the clipboard by selecting Allow, which allows you to utilize the remote clipboard arrows on the left side of the screen.



Connect to a Linux Azure VM via the Azure Bastion Developer SKU

Go to the Virtual Machine page of the Linux Azure VM you want to connect to, and once again, choose “Bastion” from the connect section.

Just like with the Windows VM, select the authentication type. Depending on your choice, enter authentication credentials or choose the suitable secret or SSH Private Key from an Azure Key Vault or Local File in the Connecting Settings section. Finally, click Connect.



Conclusion

In addition to the Azure Bastion Basic and Standard SKUs, you now have the option  to make use of  the Developer SKU. This SKU proves especially beneficial in dev/test scenarios, such as in an Azure sandbox subscription,  where you need to connect to your Azure VMs without requiring extensive features and scalability.

In this blog post, I’ll walk you through the process of setting up the Azure Bastion Developer SKU and demonstrate how easy it is to use.

If you have any questions or suggestions regarding this blog post or Azure Arc, please feel free to reach out to me via my X handle (@wmatthyssen) or leave a comment. I’m more than happy to help.

Tags

About wmatthyssen

Wim is an Azure Technical Advisor and Trainer with over fifteen years of Microsoft technology experience. As a Microsoft Certified Trainer (MCT), his strength is assisting companies in the transformation of their businesses to the Cloud by implementing the latest features, services, and solutions. Currently, his main focus is on the Microsoft Hybrid Cloud Platform, and especially on Microsoft Azure and the Azure hybrid services.   Wim is also a Microsoft MVP in the Azure category and a founding board member of the MC2MC user group. As a passionate community member, he regularly writes blogs and speaks about his daily experiences with Azure and other Microsoft technologies.

wmatthyssen.wordpress.com

1 comment on “Azure Bastion: Configuring and utilizing the Bastion Developer SKU

  1. Pingback: Azure Bastion: Configuring and utilizing the Bastion Developer SKU – Stack IT News

Leave a comment