You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/bastion/cost-optimization.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ services: bastion
5
5
author: AbdullahBell
6
6
ms.service: azure-bastion
7
7
ms.topic: concept-article
8
-
ms.date: 11/13/2025
8
+
ms.date: 11/20/2025
9
9
ms.author: abell
10
10
# Customer intent: As a cloud architect or IT administrator, I want to optimize costs for Azure Bastion, so that I can maintain secure remote access to virtual machines while controlling expenses and maximizing return on investment.
11
11
---
@@ -51,12 +51,13 @@ Azure Bastion offers multiple SKU tiers with different feature sets and cost str
51
51
52
52
| Recommendation | Benefit |
53
53
|---|---|
54
-
|**Start with Bastion Developer** for development and test environments where you need basic secure access without advanced features. | Bastion Developer is free with no hourly charges or data transfer costs, providing secure connectivity for individual VM connections in dev/test scenarios. This eliminates all Bastion-related costs for noncritical environments while maintaining security standards. To configure Bastion Developer, see [Connect with Azure Bastion Developer](quickstart-developer.md). |
55
-
|**Choose Basic SKU** when you need dedicated Bastion deployment with essential features like virtual network peering support and Kerberos authentication. | Basic SKU provides cost-effective dedicated deployment for production environments that don't require advanced features. You get predictable pricing with essential capabilities for most common remote access scenarios. To configure Basic SKU, see [Deploy Bastion using specified settings](tutorial-create-host-portal.md). |
56
-
|**Choose Standard SKU**when you require features like host scaling, shareable links, native client support, or IP-based connections. | Standard SKU offers the best value for comprehensive remote access scenarios requiring advanced features. You can scale instances based on concurrent session needs and support diverse connection methods. To configure Standard SKU, see [Deploy Bastion with default settings](quickstart-host-portal.md). |
57
-
|**Choose Premium SKU**only when you specifically need session recording or private-only deploymentcapabilities. | Premium SKU provides specialized features for compliance and advanced security requirements. Use this tier only when you have specific regulatory or security mandates requiring these capabilities to avoid unnecessary costs. To configure Premium SKU features, see [Configure session recording](session-recording.md) and [Deploy private-only Bastion](private-only-deployment.md). |
54
+
|**Use Bastion Developer** for development and test environments only. Not suitable for production workloads. | Bastion Developer is free (lowest cost) with no hourly charges or data transfer costs, providing secure connectivity for one VM at a time in dev/test scenarios. This tier is designed exclusively for nonproduction environments and eliminates all Bastion-related costs while maintaining security standards. To configure Bastion Developer, see [Connect with Azure Bastion Developer](quickstart-developer.md). |
55
+
|**Choose Basic SKU** when you need dedicated Bastion deployment with essential features like virtual network peering support and Kerberos authentication. | Basic SKU (moderate cost) provides cost-effective dedicated deployment for production environments that don't require advanced features. Supports 2 instances with up to 40 concurrent RDP sessions and 80 concurrent SSH sessions. You get predictable pricing with essential capabilities for most common remote access scenarios. To configure Basic SKU, see [Deploy Bastion using specified settings](tutorial-create-host-portal.md). |
56
+
|**Choose Standard SKU**for production workloads requiring advanced features like host scaling, shareable links, native client support, or IP-based connections. | Standard SKU (moderate-to-higher cost) offers comprehensive remote access capabilities with support for 2-50 instances. At maximum scale, supports up to 1,000 concurrent RDP sessions and 2,000 concurrent SSH sessions. You can scale instances based on concurrent session needs and support diverse connection methods. To configure Standard SKU, see [Deploy Bastion with default settings](quickstart-host-portal.md). |
57
+
|**Choose Premium SKU (recommended)**for production workloads requiring session recording, private-only deployment, or to future-proof your deployment for upcoming advanced capabilities. | Premium SKU (higher cost with marginal difference from Standard) provides specialized features for compliance and advanced security requirements. Supports 2-50 instances with the same concurrency as Standard (up to 1,000 RDP and 2,000 SSH sessions at maximum scale). The cost difference from Standard is minimal, and upcoming roadmap features will be added to this tier, making it the recommended choice for production deployments. To configure Premium SKU features, see [Configure session recording](session-recording.md) and [Deploy private-only Bastion](private-only-deployment.md). |
58
58
|**Develop phased deployment plans** that prioritize business-critical virtual networks while considering budget constraints and required feature sets. | This systematic approach ensures immediate secure access for essential networks while managing costs. You can expand deployments based on risk assessment, available budget, and feature requirements to prevent over-spending on unnecessary capabilities. |
59
59
60
+
60
61
## Design for architecture efficiency
61
62
62
63
Optimize your architecture to maximize the value of each Bastion deployment while maintaining security and functionality. Your architectural decisions directly impact ongoing costs. For architectural guidance, see [Azure Well-Architected Framework](/azure/well-architected/) and [Bastion design and architecture](design-architecture.md).
0 commit comments