Introducing Azure Bastion Developer: Secure and cost-effective access to your Azure Virtual Machines

Microsoft Azure is constantly evolving to meet the needs of its growing user base. In response to the feedback and requirements of developers, we have announced a new SKU for Azure Bastion: Bastion Developer. This service, now in public preview, will be a game-changer for developers seeking secure, cost-effective, and hassle-free connectivity to their Azure Virtual Machines. In this blog post, we’ll explore what Azure Bastion Developer is, the problems this new SKU addresses, and why it’s a must-try solution for developers.

What is Azure Bastion Developer?

Azure Bastion Developer is a new low-cost, zero-configuration, always-on SKU of the Azure Bastion service. Its primary mission is to provide secure-by-default Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Azure Virtual Machines, allowing users to establish secure connections to a single Virtual Machine at a time without the need for additional network configurations or public IP addresses on Virtual Machines. This service is designed to simplify and enhance the process of accessing your Azure Virtual Machines by eliminating the complexities, high costs, and security concerns often associated with alternative methods.

Addressing developer pain points

Azure Bastion Developer has been developed with the aim of addressing three common issues that developers encounter when connecting to Azure Virtual Machines:

1. Discovery

When developers create standalone Virtual Machines, they may not actively seek out Azure Bastion, and it might not be readily apparent during the Virtual Machine creation process. While IT professionals are familiar with the concept of a bastion host or jump-box server, the average Azure user may not be. This could lead to the use of less secure public IP-based access methods. Azure Bastion Developer solves this problem by providing secure and seamless access directly in the Virtual Machine blade. In the coming months, Bastion Developer will populate as the recommended connectivity option in the Virtual Machine connect experience for available regions.

2. Usability

Setting up Azure Bastion has traditionally required users to deploy a new resource and follow a series of configuration steps, including the creation of a dedicated subnet. While these steps might be manageable for technically savvy users, they can be complex and time-consuming for many. Azure Bastion Developer simplifies the process by offering an easy-to-use, zero-configuration solution. Users can opt-in to use it during Virtual Machine connection, making secure access a breeze.

3. Cost

Azure Bastion Basic, while a powerful tool, may be a potentially expensive choice for developers who spend a few hundred dollars or less in Azure each month, leading them to connect with less secure public IP based options. Azure Bastion Developer addresses this concern by providing an option that comes at a more affordable price point than public IP. This cost-effective pricing will make Azure Bastion Developer the default private connectivity option in Azure, enabling developers to enjoy secure access without breaking the bank. The public preview of Bastion Developer will be free with more details on pricing when generally available.

Connectivity Options with Azure Bastion Developer

  1. Portal-based access (public preview).Bastion Developer will offer support for RDP connections for Windows Virtual Machines and SSH connections for Linux Virtual Machines in the Azure portal.
  2. Native client-based access for SSH (roadmap).Bastion Developer will offer support for SSH connections for Linux Virtual Machines via Azure Command Line Interface (CLI) in the coming months.

Feature comparison of Azure Bastion offerings

Bastion Developer will be a lightweight SKU of the Bastion service, allowing a single connection per user directly through the Virtual Machines connect experience. Bastion Developer is ideal for Dev/Test users who want to securely connect to their Virtual Machines without the need for additional features or scaling. The feature matrix below outlines the differences between Bastion Developer and Bastion Basic and Standard SKUs.

Features Developer Basic Standard
Private connectivity to Virtual Machines Yes Yes Yes
Dedicated host agent No Yes Yes
Support for multiple connections per user No Yes Yes
Linux Virtual Machine private key in AKV No Yes Yes
Support for Network Security Groups No Yes Yes
Audit logging No Yes Yes
Kerberos support No Yes Yes
VNET peering support No Yes Yes
Host scaling (2-50 instances) No No Yes
Custom port and protocol No No Yes
Native SSH support via Azure CLI Roadmap Roadmap Yes
Native RDP support via Azure CLI No No Yes
Azure Active Directory login for RDP/SSH via native client No No Yes
IP-based connection No No Yes
Shareable links No No Yes

How to get started

We invite you to preview Azure Bastion Developer in your cloud environment.

  1. Navigate to the Azure portal.
  2. Deploy a Windows or Linux Virtual Machine in one of the regions below. Note that Bastion Developer is currently only available in the following regions:
    1. Central United States EUAP
    2. East United States 2 EUAP
    3. West Central United States
    4. North Central United States
    5. West United States
    6. North Europe
  3. Navigate to the Bastion tab in the Virtual Machine blade and click Deploy Bastion Developer. (Bastion Basic and Standard deployments will be moved under “Dedicated Deployment Options”).
  4. Once your Bastion Developer resource is deployed, enter your Virtual Machine username and password and select Connect to securely connect to your Virtual Machine in the browser.

Image showing screenshot of Virtual Machine blade in Azure Portal. Under Connect group, Bastion is selected. Screen shows text “Azure Bastion protects your virtual machines by providing lightweight, browser-based connectivity without the need to expose them through public IP addresses. Deploying will automatically create a Bastion host on a subnet in your virtual network. Learn more.” Under text, there is a button “Deploy Basiton Developer” and a dropdown “Dedicated Deployment Options”. Image showing screenshot of Virtual Machine blade in Azure Portal. Under Connect group, Bastion is selected. Screen shows text “Azure Bastion protects your virtual machines by providing lightweight, browser-based connectivity without the need to expose them through public IP addresses. Deploying will automatically create a Bastion host on a subnet in your virtual network. Learn more.” Under text, there is text “Please enter username and password to your virtual machine to connect using Bastion.” Below that shows connection settings with input for username, authentication type, and Virtual Machine password. Below input fields is a Connect button.

Learn to configure Bastion Developer.

Learn more about Azure Bastion Developer

Azure Bastion Developer is a groundbreaking solution that simplifies secure access to Virtual Machines for developers. By addressing the common issues of discovery, usability, and cost, Microsoft Azure is once again demonstrating its commitment to user satisfaction and innovation. With Azure Bastion Developer, you can enjoy secure-by-default access to your Azure Virtual Machines without the complexity and high costs associated with traditional solutions. Try it out today and experience a new level of convenience and security in your Azure development workflow.

Source