You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/bastion/bastion-overview.md
+14-27Lines changed: 14 additions & 27 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,60 +24,47 @@ Azure Bastion is available in four SKUs: Developer, Basic, Standard, and Premium
24
24
25
25
Azure Bastion provides the following benefits:
26
26
27
-
***Secure connectivity over TLS**: Connect to VMs using RDP/SSH over TLS on port 443, enabling traffic to traverse firewalls securely. All sessions are encrypted and don't require public IP addresses on your VMs.
28
-
***Protection from external threats**: Your VMs are protected from port scanning and zero-day exploits because RDP/SSH ports aren't exposed to the internet. Azure keeps Bastion hardened and up to date.
29
-
***No bastion host management**: Azure Bastion is a fully managed platform PaaS service. You don't need to deploy, maintain, or harden a separate bastion host VM.
30
-
***Microsoft Entra ID authentication**: Supports identity-based authentication for both portal and native client connections, eliminating the need for local authentication methods.
31
-
***Simplified NSG management**: Configure your NSGs to allow RDP/SSH from Azure Bastion only, centralizing security at the network perimeter rather than on each VM.
32
-
***Reduced management overhead**: Single deployment serves multiple virtual networks, reducing costs and administrative complexity.
27
+
***Secure connectivity over TLS**: Connect to VMs using RDP/SSH over TLS on port 443. Learn more about [connection methods](vm-about.md) and [Kerberos authentication](kerberos-authentication-portal.md).
28
+
***Protection from external threats**: Your VMs are protected from port scanning. Deploy with [availability zones](configuration-settings.md#az) for additional resilience.
29
+
***Scalability and flexibility**: Configure [host scaling](configuration-settings.md#instance), use [shareable links](shareable-link.md), and connect via [IP address](connect-ip-address.md).
30
+
***Reduced management overhead**: Deploy once and use [virtual network peering](vnet-peering.md) to serve multiple networks.
31
+
***Compliance and audit**: Use [session recording](session-recording.md) for compliance requirements (Premium SKU).
33
32
34
33
## <aname="sku"></a>SKUs
35
34
36
35
Azure Bastion offers four SKU tiers:
37
36
38
-
***Developer**: Free tier using shared infrastructure for development and testing. Supports one VM at a time. Available in select regions.
39
-
***Basic**: Dedicated deployment with fixed capacity for production environments with moderate connection requirements.
37
+
***Premium**: Includes all Standard features plus session recording for compliance and private-only deployment.
40
38
***Standard**: Includes all Basic features plus scalability and advanced features (native client, shareable links, IP-based connections, custom ports, file transfer).
41
-
***Premium**: Includes all Standard features plus session recording for compliance and private-only deployment (no public IP on bastion host).
39
+
***Basic**: Dedicated deployment with fixed capacity for production environments with moderate connection requirements.
40
+
***Developer**: Free tier using shared infrastructure recommended for development and testing. Supports one VM at a time. Available in select regions.
42
41
43
42
For a complete feature comparison and capacity details, see [Choose the right Azure Bastion SKU](bastion-sku-comparison.md).
44
43
45
44
## <aname="architecture"></a>Architecture
46
45
47
46
Azure Bastion offers three deployment architectures:
48
47
49
-
**Developer**: Shared infrastructure for development and testing environments.
48
+
**Private-only deployment**: Premium SKU without public IP address for enhanced security.
For detailed information about each architecture, deployment requirements, and network topology options, see [Bastion design and architecture](design-architecture.md).
52
53
53
54
**Dedicated deployment**: Basic, Standard, and Premium SKUs deployed to your virtual network.
**Developer**: Shared infrastructure for development and testing environments.
60
59
61
-
For detailed information about each architecture, deployment requirements, and network topology options, see [Bastion design and architecture](design-architecture.md).
Deployment requirements vary by SKU. Developer uses shared infrastructure with no virtual network required. Basic, Standard, and Premium require a dedicated subnet (AzureBastionSubnet) and public IP address. Premium supports private-only deployment without a public IP.
66
65
67
66
For complete requirements including subnet sizing and NSG rules, see [About Bastion configuration settings](configuration-settings.md).
68
67
69
-
## Key features
70
-
71
-
Azure Bastion includes the following key features:
72
-
73
-
***[Virtual network peering](vnet-peering.md)**: Connect to VMs across peered virtual networks from a single bastion deployment.
74
-
***[Host scaling](configuration-settings.md#instance)**: Scale bastion instances to support your concurrent connection needs.
75
-
***[Session recording](session-recording.md)**: Capture all sessions for compliance and audit (Premium SKU).
76
-
***[Kerberos authentication](kerberos-authentication-portal.md)**: Authenticate to domain-joined Windows VMs.
77
-
***[Availability zones](configuration-settings.md#az)**: Deploy across availability zones for high availability.
78
-
***[Shareable links](shareable-link.md)**: Allow VM access without Azure portal login.
79
-
***[IP-based connections](connect-ip-address.md)**: Connect using IP address instead of VM name.
0 commit comments