Securing Azure network hybrid connectivity
Exposing our VM management ports to the public internet carries with it some inherent risks; for example, the VMs are exposed to threats such as port scanning, vulnerability scanning, and brute-force attacks from malicious hosts on the internet (Figure 7.34):
Figure 7.34 – Threats to publicly exposed virtual network workloads
To contain this threat surface, we could deploy a jump box at the public side of our perimeter network, but this creates extra management overhead as we have to update, back up, and troubleshoot the jump box going forward. This is where Azure Bastion can help us. In the next section, we will introduce Azure Bastion and explain how to implement it.
Implementing Azure Bastion
So, what is Azure Bastion? It is a fully managed service that provides a way for us to seamlessly connect to our private VMs using RDP and SSH over a web browser (using the Azure portal). In Figure 7.35, the...
