Microsoft has released a public preview of Azure Bastion Service, which aims to provide secure offline access to virtual machines (VMs). The new service is available now in wide preview after its public launch on June 18.
Microsoft has named the new Azure service after Bastion hosts. These a specially built computers that operate on a network level to prevent attacks. In a blog post, Corporate Vice President of Azure Networking Yousef Khalidi, says Azure Bastion Services provides off-internet VM security.
Azure Bastion is a platform as a service (PaaS) that gives Microsoft's cloud customers access to RDP and SSH connectivity to VMs through the Secure Socket Layer (SSL). Khalidi says access is delivered without exposing data to public IPs.
“Bastion provisions directly in your Azure Virtual Network, providing bastion host or jump server as-a-service and integrated connectivity to all virtual machines in your virtual networking using RDP/SSH directly from and through your browser and the Azure portal experience. This can be executed with just two clicks and without the need to worry about managing network security policies.”
During the development of Bastion, Microsoft says it partnered with “hundreds” of Azure customers to help ensure Bastion's security abilities.
Microsoft officials said they've been working with “hundreds” of customers leading up to the preview. Customers wanted an easy way “to deploy, run and scale jump-servers or bastion hosts within our Azure infrastructure,” Khalidi adds.
By leveraging Bastion, users can start SSH and RDP sessions from within Azure. When using Azure virtual machines, customers will not need a public IP, so their exposure to risks and attack is lessened.
Microsoft has wider plans for Azure Bastion, including direct integration with Azure Active Directory. Adding the service to AAD will allow single sign-in and Multi-Factor Authentication for RDP and SSH sessions.