As most of you know, it’s possible to provide a virtual machine in Azure with a public IP address. This IP address can then be used to build a connection to, for example, RDP or SSH.
This way of connecting takes place over the Internet, which entails a great security risk. In many environments we see jumpbox or stepping stone servers, which are placed in the DMZ. These servers can be accessed from the Internet, and from these servers a connection can be made to a server or multiple servers on the internal network.
Such an arrangement is not safe, unmanageable and vulnerable. Azure Bastion is a great addition to facilitate a secure connection to a virtual machine in Azure. Azure Bastion integrates into the Azure portal, requiring multi-factor authentication. The virtual machines do not need to have a public IP address, so they are not accessible directly from the Internet.
Azure Bastion is a fully managed, autoscaling and hardened PaaS service, to provide you secure RDP and SSH connectivity. It is easy to configure in just a few steps. By using virtual network peering, it’s possible to easily add Azure Bastion to an existing configuration in Azure.
- Configure a new virtual network for Azure Bastion
- Create a new subnet named ‘AzureBastionSubnet’ required for Azure Bastion
- Configure virtual network peering to your other networks
- Create an Azure Bastion host
- Login in the VM through the Azure portal using Azure Bastion
- See the list of active sessions in the Azure Bastion Host properties
Now you can securely connect through Azure Bastion to a virtual machine running RDP or SSH. As you can see, the virtual machine I’m connecting to has no public IP address, only a internal IP address.
Just like every Microsoft Ignite, the book of news is announced! It is your digital guide to all the new announcements Microsoft is making, including all the details. It presents news about Microsoft Azure, Security, Microsoft 365, Power Platform and more.
Do you want to know all the ins and outs about cloud computing. What is the cloud? What is Azure? What kind of functionalities and concepts are available within this cloud?
You’ll find all the answers in this great free ebook ‘Azure for Architecs’.
Download the free ebook here.
Azure Backup now has even greater support and functionality for Azure VM backups:
- Azure Backup is introducing restoring Unmanaged VMs/Disks as Managed VMs/Disks to provide the benefit of Managed disks for customers who are currently backing up their unmanaged disks.
For more details, please read our documentation
- Azure Backup now supports Replace existing disks as an option for VMs that have Managed Service Identities (MSI) Both User assigned Identities and System assigned Identities.
For more details, please read our documentation.
All the above features are generally available in all Azure regions.
Azure Accelerated Networking is a new option for Azure Infrastructure as a Service (IaaS) Virtual Machine (VM) on the NIC level providing several benefits by enabling single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the datapath, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types. You would typically use this feature with heavy workloads that need to send or receive data at high speed with reliable streaming and lower CPU utilization. It will enable speeds of up to 25Gbps per Virtual Machine. Best of all, it’s free!
How to Enable Accelerated Networking:
You can enable this feature during initial creation of the VM, on the networking tab, you will see “Enable Accelerated Networking”. If you are unable to enable, then it is not compatible on your chosen Azure VM size. If you need to enable this feature after VM creation you will require to do so through powershell as it is not yet supported in the portal. You can do this simply with the below commands after deallocating the Virtual Machine.
$nic = Get-AzureRmNetworkInterface -ResourceGroupName “YourResourceGroupName” -Name “YourNicName”
$nic.EnableAcceleratedNetworking = $true
$nic | Set-AzureRmNetworkInterface
Then proceed to start the Virtual Machine and Accelerated Networking will be enabled.
Many system administrators have been working with on-premises infrastructure for their whole careers so moving to a cloud-based environment can feel like a leap of faith. However, making the leap to Azure doesn’t have to be daunting. With the right preparation it can be a smooth transition, consistent with your current on-premises configuration.
This free eBook written by veteran IT consultant and Microsoft Certified trainer Paul Schnakenberg covers all aspects of setting up and maintaining a high-performing Azure IaaS environment. It starts from the very basics, introducing key terms and features you need to get started, including migration, and goes on to explain everyday maintenance and best practices before covering more advanced features.
To get the best results from this eBook, it is recommended to follow along with the step-by-step tutorials using your own Azure subscription. If you don’t currently have access, the eBook explains how to set up a free 30-day trial alongside $200 worth of Azure resources to use and 12 months of additional free resources!
Altaro consistently delivers high-quality eBooks that are packed full of valuable guidance for system administrators and this latest eBook is no exception. If you currently use Azure IaaS or are planning to use it, this is an awesome free resource that you definitely should not miss.
Download your free eBook today
Download the free e-book about ‘Inside Azure Management’ right now. The Preview release of Inside Azure Management is now available, with more than 500 pages covering many of the latest monitoring and management features in Microsoft Azure!
Last week I’ve visited Microsoft Ignite The Tour in Amsterdam. Two realy great days with a lot of new information, presentations and knowledge. There also where a couple of new announcements from Microsoft.
My focus was Azure IaaS, security, governance and cost control within Azure. Of course there was a lot more to see, but this event was only 2 days, so I’ve had to make choices!
Microsoft has published the slide decks online, so you can download these now! (click)
Hoppefully I’ll be present the next year at this great event!!