Saturday, 4 November 2023

Introducing Azure Bastion Developer: Secure and cost-effective access to your Azure Virtual Machines

Microsoft Azure is constantly evolving to meet the needs of its growing user base. In response to the feedback and requirements of developers, we have announced a new SKU for Azure Bastion: Bastion Developer. This service, now in public preview, will be a game-changer for developers seeking secure, cost-effective, and hassle-free connectivity to their Azure Virtual Machines. In this blog post, we’ll explore what Azure Bastion Developer is, the problems this new SKU addresses, and why it’s a must-try solution for developers.

What is Azure Bastion Developer?


Azure Bastion Developer is a new low-cost, zero-configuration, always-on SKU of the Azure Bastion service. Its primary mission is to provide secure-by-default Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Azure Virtual Machines, allowing users to establish secure connections to a single Virtual Machine at a time without the need for additional network configurations or public IP addresses on Virtual Machines. This service is designed to simplify and enhance the process of accessing your Azure Virtual Machines by eliminating the complexities, high costs, and security concerns often associated with alternative methods.

Addressing developer pain points


Azure Bastion Developer has been developed with the aim of addressing three common issues that developers encounter when connecting to Azure Virtual Machines:

1. Discovery

When developers create standalone Virtual Machines, they may not actively seek out Azure Bastion, and it might not be readily apparent during the Virtual Machine creation process. While IT professionals are familiar with the concept of a bastion host or jump-box server, the average Azure user may not be. This could lead to the use of less secure public IP-based access methods. Azure Bastion Developer solves this problem by providing secure and seamless access directly in the Virtual Machine blade. In the coming months, Bastion Developer will populate as the recommended connectivity option in the Virtual Machine connect experience for available regions.

2. Usability

Setting up Azure Bastion has traditionally required users to deploy a new resource and follow a series of configuration steps, including the creation of a dedicated subnet. While these steps might be manageable for technically savvy users, they can be complex and time-consuming for many. Azure Bastion Developer simplifies the process by offering an easy-to-use, zero-configuration solution. Users can opt-in to use it during Virtual Machine connection, making secure access a breeze.

3. Cost

Azure Bastion Basic, while a powerful tool, may be a potentially expensive choice for developers who spend a few hundred dollars or less in Azure each month, leading them to connect with less secure public IP based options. Azure Bastion Developer addresses this concern by providing an option that comes at a more affordable price point than public IP. This cost-effective pricing will make Azure Bastion Developer the default private connectivity option in Azure, enabling developers to enjoy secure access without breaking the bank. The public preview of Bastion Developer will be free with more details on pricing when generally available.

Connectivity Options with Azure Bastion Developer


1. Portal-based access (public preview). Bastion Developer will offer support for RDP connections for Windows Virtual Machines and SSH connections for Linux Virtual Machines in the Azure portal.

2. Native client-based access for SSH (roadmap). Bastion Developer will offer support for SSH connections for Linux Virtual Machines via Azure Command Line Interface (CLI) in the coming months.

Feature comparison of Azure Bastion offerings


Bastion Developer will be a lightweight SKU of the Bastion service, allowing a single connection per user directly through the Virtual Machines connect experience. Bastion Developer is ideal for Dev/Test users who want to securely connect to their Virtual Machines without the need for additional features or scaling. The feature matrix below outlines the differences between Bastion Developer and Bastion Basic and Standard SKUs.

Features Developer  Basic  Standard 
Private connectivity to Virtual Machines Yes Yes  Yes 
Dedicated host agent  No Yes  Yes 
Support for multiple connections per user  No  Yes Yes 
Linux Virtual Machine private key in AKV   No  Yes  Yes 
Support for Network Security Groups   No  Yes Yes 
Audit logging   No  Yes  Yes 
Kerberos support   No  Yes  Yes 
VNET peering support   No  Yes  Yes
Host scaling (2-50 instances)   No  No  Yes
Custom port and protocol No  No  Yes 
Native SSH support via Azure CLI   Roadmap Roadmap  Yes 
Native RDP support via Azure CLI   No  No  Yes 
Azure Active Directory login for RDP/SSH via native client  No  No  Yes 
IP-based connection   No  No  Yes 
Shareable links   No  No  Yes 

How to get started


We invite you to preview Azure Bastion Developer in your cloud environment.

1. Navigate to the Azure portal.
2. Deploy a Windows or Linux Virtual Machine in one of the regions below. Note that Bastion Developer is currently only available in the following regions:
  1. Central United States EUAP
  2. East United States 2 EUAP
  3. West Central United States
  4. North Central United States
  5. West United States
  6. North Europe
3. Navigate to the Bastion tab in the Virtual Machine blade and click Deploy Bastion Developer. (Bastion Basic and Standard deployments will be moved under “Dedicated Deployment Options”).
4. Once your Bastion Developer resource is deployed, enter your Virtual Machine username and password and select Connect to securely connect to your Virtual Machine in the browser.

Introducing Azure Bastion Developer: Secure and cost-effective access to your Azure Virtual Machines

Introducing Azure Bastion Developer: Secure and cost-effective access to your Azure Virtual Machines

Related Posts

0 comments:

Post a Comment