question

JevonDavis-1810 avatar image
0 Votes"
JevonDavis-1810 asked JevonDavis-1810 commented

Azure Virtual Desktop and Bastion

I am playing around with my setup and currently have a Azure Virtual Desktop Environment setup. There are concurrent sessions setup on our Windows 10 instances as to facilitate staff working. I am looking to make it more secure and include Bastion in the process. Does Bastion facilitate multiple concurrent user sessions or is it restricted to one user per VM? I am trying to weigh the pros and cons of it

azure-virtual-machinesazure-virtual-desktopazure-bastion
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PierreLucGiguere-5297 avatar image
1 Vote"
PierreLucGiguere-5297 answered JevonDavis-1810 commented

Hi Davis,

It can support multiple connections to the same host.

Bastion connectivity to Azure Virtual Desktop is not supported.

Source: https://docs.microsoft.com/en-us/azure/bastion/bastion-faq#peering

Bastion is aimed toward administration of IaaS VMs and not to facilitate end users work.

When you configure Azure Bastion using the Basic SKU, two instances are created. If you use the Standard SKU, you can specify the number of instances. [...] Each instance can support 10-12 concurrent RDP/SSH connections. The number of connections per instances depends on what actions you are taking when connected to the client VM. For example, if you are doing something data intensive, it creates a larger load for the instance to process. Once the concurrent sessions are exceeded, an additional scale unit (instance) is required.

source: https://docs.microsoft.com/en-us/azure/bastion/configuration-settings#instance

I do not believe that this is the product you are looking for.

You might want to consider using Azure Firewall and App Locker. May I suggest an excellent Learning Path : Deliver remote desktops and apps with Azure Virtual Desktop

https://docs.microsoft.com/en-us/learn/paths/m365-wvd/

Don't forget to mark this answer if it helped you.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you! The alternative is welcomed also. Also is load balancers the nest option for my Virtual Machines within AVD to have one public IP? Trying to just use the private IPs for connections.

0 Votes 0 ·
AlanKinane avatar image AlanKinane JevonDavis-1810 ·

Take a look at RDP Shortpath for AVD, still in preview currently however. https://docs.microsoft.com/en-us/azure/virtual-desktop/shortpath

1 Vote 1 ·

Thanks! This helps

0 Votes 0 ·
AlanKinane avatar image
2 Votes"
AlanKinane answered

Azure Bastion is only used for administrative purposes, you can't use it to provide user access to Azure Virtual Desktop - https://docs.microsoft.com/en-us/azure/bastion/bastion-faq#does-bastion-support-connectivity-to-azure-virtual-desktop

In terms of administrative access, you can have 10-12 concurrent sessions per instance of Azure Bastion across all of your VMs - https://docs.microsoft.com/en-us/azure/bastion/configuration-settings#instance

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.