Azure Bastion

  • Author: Ronald Fung

  • Creation Date: May 11, 2023

  • Next Modified Date: May 11, 2024

A. Introduction

Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly over TLS from the Azure portal or via native client. When you connect via Azure Bastion, your virtual machines don’t need a public IP address, agent, or special client software.

Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.

B. How is it used at Seagen

As a biopharma research company using Microsoft Azure, you can use Azure Bastion to securely connect to your virtual machines (VMs) and manage them through the Azure portal. Here are some ways you can use Azure Bastion:

  1. Secure remote access: Azure Bastion provides a secure way to connect to your VMs over Remote Desktop Protocol (RDP) or Secure Shell (SSH) without exposing your VMs to the public internet. This can help you to reduce the risk of cyber attacks and improve your overall security posture.

  2. Simplified access management: Azure Bastion integrates with Azure Active Directory (AD) to provide role-based access control (RBAC) for your VMs. This can help you to simplify access management and ensure that only authorized users can access your VMs.

  3. Centralized management: Azure Bastion allows you to manage your VMs through the Azure portal, which can help you to simplify management and reduce the need for multiple tools and interfaces.

  4. Improved compliance: Azure Bastion provides audit logs that can help you to meet compliance requirements and ensure that your VMs are being accessed and managed in a secure and compliant manner.

  5. Reduced infrastructure costs: Azure Bastion eliminates the need for a jump box or VPN gateway, which can help you to reduce infrastructure costs and simplify your network architecture.

Overall, Azure Bastion can help your biopharma research company to securely connect to your VMs and manage them through the Azure portal. With secure remote access, simplified access management, centralized management, improved compliance, and reduced infrastructure costs, Azure Bastion can help you to improve your overall security posture, simplify management, and reduce costs.

C. Features

Azure Bastion has two available SKUs, Basic and Standard. For more information, including how to upgrade a SKU, see the Configuration settings article.

D. Where implemented

LeanIX

E. How it is tested

Testing Azure Bastion involves ensuring that the service is functioning correctly, securely, and meeting the needs of all stakeholders involved in the project. Here are some steps to follow to test Azure Bastion:

  1. Define the scope and requirements: Define the scope of the project and the requirements of all stakeholders involved in the project. This will help ensure that Azure Bastion is designed to meet the needs of all stakeholders.

  2. Develop test cases: Develop test cases that cover all aspects of Azure Bastion functionality, including deployment, management, and security. The test cases should be designed to meet the needs of the organization, including scalability and resilience.

  3. Conduct unit testing: Test the individual components of Azure Bastion to ensure that they are functioning correctly. This may involve using tools like PowerShell or Azure CLI for automated testing.

  4. Conduct integration testing: Test Azure Bastion in an integrated environment to ensure that it works correctly with other systems and applications. This may involve testing Azure Bastion with different operating systems, browsers, and devices.

  5. Conduct user acceptance testing: Test Azure Bastion with end-users to ensure that it meets their needs and is easy to use. This may involve conducting surveys, interviews, or focus groups to gather feedback from users.

  6. Automate testing: Automate testing of Azure Bastion to ensure that it is functioning correctly and meeting the needs of all stakeholders. This may involve using tools like Azure DevOps to set up automated testing pipelines.

  7. Monitor performance: Monitor the performance of Azure Bastion in production to ensure that it is meeting the needs of all stakeholders. This may involve setting up monitoring tools, such as Azure Monitor, to track usage and identify performance issues.

  8. Address issues: Address any issues that are identified during testing and make necessary changes to ensure that Azure Bastion is functioning correctly and meeting the needs of all stakeholders.

By following these steps, you can ensure that Azure Bastion is tested thoroughly and meets the needs of all stakeholders involved in the project. This can help improve the quality of Azure Bastion and ensure that it functions correctly in a production environment.

F. 2023 Roadmap

????

G. 2024 Roadmap

????

H. Known Issues

There are several known issues that can impact Azure Bastion. Here are some of the most common issues to be aware of:

  1. Connectivity issues: Azure Bastion requires a stable and reliable internet connection to function correctly. Connectivity issues can cause problems with accessing virtual machines through Azure Bastion.

  2. Configuration issues: Configuration issues can arise when setting up Azure Bastion. It is important to ensure that all configurations are set up correctly to avoid issues with deployment, management, and security of the service.

  3. Performance issues: If the system is not properly sized, it can impact performance and availability, causing issues with the speed and reliability of Azure Bastion. Integration issues: Integration issues can arise when integrating Azure Bastion with other systems and applications. It is important to ensure that Azure Bastion is designed to work seamlessly with other systems and applications to avoid integration issues.

  4. Security issues: Security is a critical concern when it comes to Azure Bastion. It is important to ensure that Azure Bastion is secured and that access to the service is restricted to authorized personnel.

  5. Accuracy issues: In some cases, Azure Bastion may not be accurate or may not apply to a specific use case. It is important to review Azure Bastion carefully and validate it before taking action.

  6. Compatibility issues: Azure Bastion may not be compatible with all virtual machine environments or platforms. It is important to ensure that Azure Bastion is compatible with the organization’s existing infrastructure before implementation.

Overall, Azure Bastion requires careful planning and management to ensure that it is functioning correctly and meeting the needs of all stakeholders involved in the project. By being aware of these known issues and taking steps to address them, you can improve the quality of Azure Bastion and ensure the success of your project.

[x] Reviewed by Enterprise Architecture

[x] Reviewed by Application Development

[x] Reviewed by Data Architecture