Microsoft Azure Bastion and VNet Peering- A Guide

Introduction

Microsoft Azure is one of the leading cloud service providers, and it comes with numerous services and features. This article will discuss how we can leverage Azure Bastion Host to securely access the Azure VM’s hosted in different VNet’s using the global VNet peering approach.   

Learn more about our Azure DevOps services

Azure Bastion

Azure Bastion can securely access the Azure VMs in the browser using a secure link without publishing RDP or SSH ports over the internet.  The Azure Bastion service is a PaaS (Platform-as-a-Service) that we provision inside our virtual network. Virtual machines connected through Bastion service use secure RDP/SSH service over TLS. When we connect via Azure Bastion, our virtual machines do not need a public IP address, which acts as a virtual IP. RDP/SSH will access virtual machines that use bastion service over port number 443. 

VNet Peering

VNet Peering is used to enable communication with other virtual networks in Azure. VNet Peering allows us to set up communication between two virtual networks hosted in any region and any subscription.  

Read more: Simplify your Azure Infrastructure with Azure Blueprints

Enhance your Azure Network Security!

Want to secure your Azure VMs without compromising on accessibility? Learn how Azure Bastion and VNet Peering can fortify your cloud environment with AlphaBOLD.

Request a Consultation

Scenarios

  • Create a Hub-and-Spoke Topology on Microsoft Azure with Virtual Network Peering and Azure Bastion.
  • To connect VMs hosted in different virtual networks, we either need to provision an Azure Bastion host for each Virtual Network or leverage Virtual network Peering to use a single Bastion host to access VM’s hosted in other Virtual networks.
  • Navigate to Virtual Networks and add the virtual network name as VNet-Hub for Azure Bastion.
  • Adding subnet (AzureBastionSubnet)10.0.0.0/24 to VNet-Hub and create VNet. 
  • Now, your VNet-Hub deployment has been completed. 
  • After the deployment, you must navigate to Azure Bastion and add the bastion name as AzureBastionService.
  • Once the name is created, you must review and create Azure Bastion.
  • This will complete the Azure Bastion Service deployment.
  • In the next step, you must create a Virtual Network for Spoke1 titled Spoke1-VNet1.
  • Now, you will add subnet (default) 10.1.0.0/24 to the VNet-Hub to create it.
  • As you can see, the Soke1-VNet1 deployment has been completed.
  • Let’s provide a virtual machine in Spoke1-VNet1 named VM-WindowsServer2019.
  • Adding credentials for accessing the VM.
  • Add VM to the Spoke1-VNet1.
  • VM-WindowsServer2019 deployment has been completed.
  • Now, create a Virtual Network for Spoke2 named Spoke2-VNet2.
  • Adding subnet (default) 10.2.0.0/24 to VNet-Hub and creating VNet.
  • Soke2-VNet2 deployment has been completed.
  • Let’s provide a virtual machine in Spoke2-VNet2 named VM-Linux.
  • Adding credentials for accessing the VM.
  • Add VM to the Spoke2-VNet2.
  • VM-Linux deployment has been completed.
  • Navigate to VNet-Hub, where Bastion has deployed, go to peering, and add peering for connectivity to other VNets.
  • Add peering for Spoke1-VNet1.
  • The same process is followed to add Spoke2-Vnet2 peering in VNet-Hub. Both VNets with virtual machines are connected with Hub V-Net, which has an Azure Bastion host.
  • Navigate to the VM-WindowsServer2019 and click on connect through Bastion. Now connect by adding the credentials.
  • The VM-WindowsServer2019 is successfully connected through Bastion and runs over SSL/TLS on port 443.
  • Similarly, you must navigate to the VM-Linux and click Connect through Bastion. Add the credentials to proceed.
  • The VM-Linux is successfully connected through Bastion and runs over SSL/TLS on port 443. 

Read more: Optimizing Business Strategy and Technical Implementation with DataDevOps on Azure

Elevate your Cloud Experience!

Ready to elevate your Azure cloud experience with enhanced security and connectivity? Explore the possibilities of Azure Bastion and VNet Peering with AlphaBOLD. Begin your journey to a more secure and connected cloud.

Request a Consultation

Conclusion

Azure Bastion provides a secure way to access Azure VMs without exposing VM’s RDP or SSH port over the internet or requiring a Public IP address for each VM. With Global VNet Peering, we can significantly reduce the cost and complexity and use a single bastion host to access VM’s across different virtual networks.

Explore Recent Blog Posts