Hey Guys
For securing Access to azure vm,which one is better azure bastion or azure vpn point-on-site?
Hey Guys
For securing Access to azure vm,which one is better azure bastion or azure vpn point-on-site?
Hello @SudeshSharma-8729 ,
It depends on your requirement.
The Azure Bastion service is a new fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines do not need a public IP address. Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH. With Azure Bastion, you connect to the virtual machine directly from the Azure portal. You don't need an additional client, agent, or piece of software.
Reference : https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference.
With Point-to-Site, you can have other features/options such as connecting to a peered Vnet without an additional gateway, App service Vnet Integration, use Azure Private link to access services running in Azure from on-premises over the VPN tunnel etc.
Reference : https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet
https://docs.microsoft.com/en-us/azure/private-link/private-link-overview
However, if your end goal is just to access your resources deployed in Azure, you could use Azure Bastion solution, instead of VPN connection to get secure shell access (RDP or SSH) without requiring public IPs on the VMs being accessed.
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.
Hello @SudeshSharma-8729 ,
Any update on this post?
If the suggested response helped you resolve your issue, please don't forget to "Accept the answer" for the benefit of other community members.
Thanks,
Gita
Hello @SudeshSharma-8729 ,
Any update on this post?
If the suggested response helped you resolve your issue, please don't forget to "Accept the answer" for the benefit of other community members.
Thanks,
Gita
From security perspective, which one is more secure? Bastion or VPN?
If using Bastion, do we need to open 3389 RDP port? Just 443?
Thank you.
Hy, If want to connect to Linux VM you can try Cloud Shell deployment on Vnet, this solution is based on Azure Replay tech, that can be very usefull.
https://docs.microsoft.com/en-us/azure/cloud-shell/private-vnet
About the Azure Bastion depending of you security requiriments, you maybe need add "jump point VM's" in DMZ to access the VM, otherwise you will expose internal VM direct from a public address.
"...This is often due to protocol vulnerabilities. To contain this threat surface, you can deploy bastion hosts (also known as jump-servers) at the public side of your perimeter network..."
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
2 people are following this question.