Security aspect of Azure Bastion
ฝัง
- เผยแพร่เมื่อ 22 ส.ค. 2024
- pachehra.blogs...
/ arun-pachehra
learn.microsof...
Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP (Remote Desktop Protocol) and SSH (Secure Shell) access to virtual machines directly through the Azure Portal. Azure Bastion is provisioned directly within your virtual network, providing an additional layer of security by allowing RDP/SSH access without exposing the virtual machines to the public internet.
It provides secure and seamless RDP/SSH connectivity to your virtual machines directly over TLS from the Azure portal or via native client. When you connect via Azure Bastion, your virtual machines don't need a public IP address, agent, or special client software.
Key Features of Azure Bastion
1. No Public IP Required for VMs: Virtual machines do not require a public IP address to be accessible over RDP/SSH. This minimizes the exposure of your virtual machines to potential attacks.
2. Secure and Seamless Connectivity: Azure Bastion uses SSL to encrypt the RDP and SSH traffic, traveling through the Bastion service to your VMs, ensuring secure communications without the need for any additional VPN.
3. Integration with Azure Portal: RDP and SSH sessions can be initiated directly from within the Azure portal using a web browser, providing a seamless and integrated management experience.
4. Scale and Availability: Azure Bastion is a managed service, which means it's automatically scaled and highly available within the region it is deployed, ensuring consistent service performance and reliability.
5. Remote Session Logging and Auditing: Provides detailed logging and auditing capabilities that can be integrated with Azure Monitor and Azure Security Center for enhanced monitoring and compliance.
6. Support for VNet Peering and Transit Connectivity: Azure Bastion can be accessed across VNets through VNet peering, and it also supports connectivity via Azure ExpressRoute or VPN, making it flexible in terms of network architecture.
7. Your VMs are protected against port scanning by rogue and malicious users because you don't need to expose the VMs to the internet.
8. Azure Bastion sits at the perimeter of your virtual network, so you don’t need to worry about hardening each of the VMs in your virtual network. The Azure platform protects against zero-day exploits by keeping the Azure Bastion hardened and always up to date for you.
• Terraform with Azure :...
• Terraform with Azure :...
• Terraform with Azure :...
• Terraform with Azure ...
• Video
• Video
• AZ-300 Introductory Video
• AZ-300 Configure Diagn...
• AZ-300 Create Action G...
• AZ-300 Alerts and base...
My name is Arun Pachehra and i am an IT Professional & a fitness enthusiast. Its been more than 16 years working with various technologies and now i am planning to share with you all. As per plan i am going to publish the entire Az 303 series first and if things would go as planned then a lot of stuff would come your way including Q&A , Production issues and various interesting stuff.
