JordanHoang-7104 avatar image
0 Votes"
JordanHoang-7104 asked JordanHoang-7104 commented

Secure SSH and RDP access to a Virtual Machine? (Outside of using Azure Bastion)

Hello, I was looking into options for connecting to a Azure VM that has its public endpoints closed (No public IP address).
Outside of Azure Bastion, are there any other options? Is it possible to use private links and private endpoints to set up some sort of
RDP/SSH access to a VM on azure?

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @JordanHoang-7104, Thank you for reaching out. Could you please tell us from where you want to access the VM on Azure? Is it from your on-premise local machine?

0 Votes 0 ·
JordanHoang-7104 avatar image JordanHoang-7104 ChaitanyaNaykodiMSFT-9638 ·

Yes, it is from a local machine I have at home. However.....
I RDP/SSH into a VM I that I need to use GlobalProtect (a VPN) to access.

And from that VPN I need to SSH/RDP into an Azure VM.
Normally we can do this, however I have public IP addresses exposed and that isn't particularly good for security.

So I have been looking for ways to close off the public IP addresses, and still somehow retain the ability to SSH/RDP into the azure dev machines.

I have tried Bastion and it works, I am researching into alternatives and it seems like private links/endpoints work?

(Perhaps I can create a private link/endpoint from GlobalProtect and connect it to Azure?)

0 Votes 0 ·

Do you have any ideas @ChaitanyaNaykodiMSFT-9638 on whether its possible or not to get RDP access with private endpoints?

0 Votes 0 ·

Hello @JordanHoang-7104, apologies about the delayed response here. I do not think it is possible to RDP/SSH into a Azure VM using Azure Private Link as it enables you to access Azure PaaS Services over a private endpoint and private endpoint are supported by these services.

After Azure Bastion the other option will be to RDP/SSH using Azure VPN Gateway as the VM will still have a private IP and it will grant security against port scanning, DDoS attacks. Please let me know if you have any additional concerns/questions. Thank you!

1 Vote 1 ·
JordanHoang-7104 avatar image JordanHoang-7104 ChaitanyaNaykodiMSFT-9638 ·

Thank you for replying!

I appreciate it alot!

1 Vote 1 ·

0 Answers