locked
Architecture Design - Azure Bastion Service RRS feed

  • Question

  • Hi,

    Seeking some guidance/advice on my planned architecture. I have put together a 3 tier architecture plan with the new Azure Bastion service managing access to my VMs. I have a couple of questions that I hope the community can help me with.

    Access to my VMs works really nicely using the Bastion, easy to configure and appears quite secure.

    Question 1: Is there a way to allow PCs on-premise to connect to the VMs in Azure, via the Bastion. (I think not)

    Question 2: If not, what is currently the best way to provide this access?

    Question 3: Also, what would be the best way to allow Azure VMs behind the Bastion to connect to an on-premise network?

    My organisation is not terribly mature in the Azure space which is why I am seeking a secure way to do this, but also one that does not require a lot of maintenance.

    Appreciate your help.

    Regards

    Monday, September 9, 2019 4:56 AM

All replies

  • Hi, 

    As long as your users in On-Premises have access to the Azure Portal, they can access Azure VM via Bastion. 

    Do you want them to connect over Private IP?

    If, yes, you need to go with Azure VPN gateway and create a Site to Site tunnel between On-Premises and Azure. 

    Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

    Regards, 

    Msrini

    Monday, September 9, 2019 5:03 AM
  • Thanks Msrini. My internal users have access to the Azure Portal so they can access the VMs using the bastion. This part works very well. My uncertainty lies around what is the best way to allow three additional things. For context we want to have company applications and customer applications hosted in our Azure environment.

    1) allow some of my internal developers to connect their on-premise machines to VMs in our Azure subscription.

    2) allow our Azure VMs to access a customer's on-premise applications

    and finally

    3) allow my Azure VMs to access some of my on-premise applications

    This seems like a lot but would appreciate your guidance.

    Regards


    Monday, September 9, 2019 10:57 PM
  • Hi, 

    Azure Bastion is just a RDP/SSH service.

    You need to go with Site to Site / Point to Site to achieve your ask. You need to create a VPN gateway and you can connect to On-Premises via Site to Site VPN tunnel. For that you need to have a VPN device in On-Premises as well. 

    Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal 

    Regards, 

    Msrini

    Tuesday, September 10, 2019 5:06 AM
  • Hi, 

     

    Just checking in if you have had a chance to see the previous response. If this answers your query, do click “Mark as Answer” and Up-Vote for the same.

    Regards, 

    Msrini

    Friday, September 13, 2019 12:21 PM
  • Hi, 

    Do you have any update on this issue?

    Regards, 

    Msrini

    Thursday, September 26, 2019 8:35 PM