Azure Bastion

Quick look into Azure Bastion Developer SKU

by Posted on

Couple of months back Microsoft announced Azure Bastion Developer SKU. In the past we have had Basic and Standard SKUs and I have nearly always recommended using the latter. Let’s look quickly into this new Developer SKU to see what it is and how it differs from the two other ones.

What is Azure Bastion?

To start, let’s quickly go through what Azure Bastion is.

Azure Bastion is a fully managed PaaS service that resides inside your virtual network. It can be deployed with just a few clicks after which you are able to establish RDP or SSH connections to your virtual machines securely over SSL without never needing to expose your virtual machines to e.g. public internet. All of this can be done in Azure Portal without any additional software, agents or clients.

Azure Bastion Developer SKU

Developer SKU is new lightweight and low-cost alternative for dev/test usage. If you need to have multiple users connecting VMs within Azure or need more advanced features then this is not something you want to use.

In a nutshell:

  • Developer SKU is NOT deployed within your existing virtual network
  • Developer SKU is part of a shared pool of Bastion instances
  • Connect to one (1) VM at a time
  • Vnet peering is not currently supported
  • Can be updated to Basic/Standard SKU

As Azure Bastion Developer SKU is in public preview it’s free to use and there is no info about pricing as of yet. Pricing will be available once it is generally available (GA). Also, Developer SKU is only supported on selected regions and thus can only be deployed in Central US, East US 2, West Central US, North Central US, West US and North Europe. As vnet peering is not supported, Bastion can only access virtual machines that are in the associated network.

Setting it up

First, of course, we login to Azure portal and check that we have a subscription and a resource group to which deployments can be made. Then we search for Azure Bastion. Then at the screen we can click “Create” on the top left corner.

Right away we can see that there is no need to configure subnet or public IP address for Bastion as we are using Developer tier. Also, instance count is not showing as that cannot be set.

On Advanced tab there is no passibility to change anything apart from Copy and paste as these are features for higher SKUs.

Other than that the process is straight forward and once deployment is completed virtual machines in associated virtual network can be connected by going to VM’s page and selecting Bastion from the left side under Operations.

Final thoughts

Azure Bastion Developer SKU seems to be a good addition next to Basic and Standard SKUs and I’m eager to see how it will develop before it is hitting GA. There are bunch of limitations but if you just need to access one VM sometimes it can be a good alternative (and if your environment is in the currently supported regions). I wouldn’t recommend using it in production scenarios or if there is need to have multiple people connecting multiple VMs at the same time or if you need some of the other features that are only supported on higher tiers. All in all it is a good addition and definitely something that is good to have in your toolbox for certain scenarios.

References:
https://learn.microsoft.com/en-us/azure/bastion/configuration-settings
https://learn.microsoft.com/en-us/azure/bastion/quickstart-developer-sku
https://azure.microsoft.com/en-us/blog/introducing-azure-bastion-developer-secure-and-cost-effective-access-to-your-azure-virtual-machines/

Published by jukka