I am starting my 2020 year with the review of Azure Bastion Host.
It was welcoming to see Microsoft introducing the Azure Bastion Host. It allows you to connect to your VMs without having public IP configured on the VM. I had reviewed the preview of this in my blog last year. I suggest you read the my blog and other Microsoft articles to get the details of that as I am not explaining that in this blog.
I noticed Microsoft have added below features with GA.
- Extended to few more regions
- Integrated with Log analytics that provides audit logs.
However, I do not see some of the key features required today with GA. As per Microsoft, they are working on those and will be part of it soon but there is no time commitment at this moment. I see some of the below features are in their roadmap as per their blog comments.
- vNET peering support. (need this ASAP)
- Stop/Start options in Bastion Host. ( (need this ASAP )
- Secondary option to connect to Bastion without using the Azure portal. ( (need this ASAP )
- Integration with JIT.
- Remote App Streaming with Azure Bastion Host.
- Private IP on Bastion Host instead of Public IP now.
Without vNET peering support, it does not make attractive to me today. Most of the customers go with Hub and Spoke model and it is the recommended architecture from Microsoft.
It is important to bring an option to connect to the VM without connecting to the Azure portal. I think that would help admin to provide access to application team/ End users without providing access to the portal.
Obviously, we need to save the cost by powering off the Bastion Host. I think rest of the features could wait.
Please review my previous blog on this subject for the details.