![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 74%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
293 questions
Hi,
Please go through the learn module on Azure Bastion as this will assist you to understand the concept.
Here is a quick diagram on the flow.
You connect to a VM in the Azure portal. In the Azure portal, on the VM overview page, select Connect > Bastion > Use Bastion. Then enter your credentials for the VM.
Browser connects to the Azure Bastion host. The browser connects to Azure Bastion over the internet by using Transport Layer Security (TLS) and the public IP of the Azure Bastion host. Azure Gateway Manager manages portal connections to the Azure Bastion service on port 443 or 4443.
Bastion connects to the VM by using RDP or SSH. Azure Bastion is deployed in a separate subnet called AzureBastionSubnet within the virtual network. You create the subnet when you deploy Azure Bastion. The subnet can have address spaces with a /27 subnet mask or larger. Don't deploy other Azure resources to this subnet or change the subnet name.
Bastion streams the VM to the browser. Azure Bastion uses an HTML5-based web client that's automatically streamed to your local device. The Azure Bastion service packages the session information by using a custom protocol. The packages are transmitted through TLS.
Hope this helps.
JS
==
Please Accept the answer if the information helped you. This will help us and others in the community as well.
