Azure Jumpbox πŸ˜‡

Introduction

 
In this article, you will learn about Azure Jumpbox.
 

Prerequisites

  
Before we start with the understanding of what Azure Jumpbox is, we should have a:

What is Jumpbox and what does it do?

 
When we create a virtual machine in the Azure cloud. This virtual machine is on the virtual network on the Azure cloud. We can connect to this virtual machine using PowerShell or remote desktop connection (RDP). When we connect to the Azure virtual machine then it connects your on-premise network to Azure virtual network using site-to-site virtual network or express route. We connect to the dynamic IP address of the Azure virtual machine. The jump box is given a public IP address allowing it to be accessed from the internet. If we do not have connectivity to the virtual network from the on-premise network, then we need to create endpoints/NAT rules to VM to get connectivity from the internet. However, this will expose a lot of VM’s directly to the VM. In this situation, the Azure Jumpbox helps us. By this approach, we will enable only one VM in Azure to enable connectivity over the internet. This VM is called Jumpbox also named as Jump server. Then, by using this VM, we can connect to the other Azure VM’s using dynamic IP.
 
Jump box prevents all Azure VM’s to expose to the public. This means that this will be our entry point connecting via Remote Desktop Protocol (RDP) from our on-premise network. It also helps us to open only one port instead of several ports to connect different virtual machines present in the Azure cloud. Additionally, we can keep this jump box inside a specific subnet (Jumpbox Subnet) with high monitoring capabilities as a security improvement. We can add role assignment, permission groups, role-based access security features linked with jump box from permission management perspectives. Jump box can be set-up easily using an ARM template. We can do monitoring and logging on a single box. We can easily turn the ON/OFF remote desktop connectivity feature. By using the network security group, we can restrict the IP addresses to communicate with the Jump box. We can block the public IP address associated with the VM. It helps to improve security.
 
On the other side, with a recent announcement by Microsoft, it announced one more service like Jumpbox with additional capabilities named Azure Bastion. It is a platform-managed PaaS service provided in the Azure.  By using Azure Bastion, organizations do not require to expose virtual machines using public IP Addresses. Azure bastion has the capability to take Remote Desktop Protocol (RDP) and Secure Shell (SSH) inside a web browser itself. Azure bastion can be configured so fast with few clicks only instead of managing the whole network configurations. It is easy to initiate a remote Azure Bastion session directly from the Azure portal.  Azure Bastion is a more secure way for RDP/SSH session to the target virtual machines in the virtual network. For Azure bastion, no public IP address is required on Azure Virtual Machines. Using a bastion host can help limit threats such as port scanning and other types of malware targeting your VMs. Azure Bastion is now generally available in six Azure regions — West U.S., East U.S., West Europe, South Central U.S., Australia East, and Japan East.

Conclusion

 
In this article, we have learned an overview of Azure Jumpbox.