Jump Host Options to access a VM's Management Web UI

Sandro Bernasconi 0 Reputation points
2023-03-10T14:41:52.32+00:00

A VM Image has an administrator Web-UI (HTTPS). This admin-webinteface shall not be available for everyone over the internet because it only supports single factor authentication.

Instead of access via internet and only allowing certain IP addresses ("Network security group" settings ) i'm checking for other options.

Azure Bastion seems to solve this Administrator Access Topic, but only for SSH and RDP. In my case I need to access the Admin webinterface with HTTP over Port 443. As I understand, Bastion does not support this case directly. So I have to setup an additional VM as a Jump Host. So then the access path is: Azure Portal -> via Bastion to Jump Host -> via JumpHost Browser to Target System. This is quite cumbersome with this extra jump host.

Does anyone know a better approach to solve this "admin access via webinterface" problem?

Many thanks!

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
241 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. TP 74,391 Reputation points
    2023-03-10T14:51:13.7866667+00:00

    Hi,

    You can use Azure AD Application Proxy to make the admin Web-UI available over the internet. That way you can use MFA and Conditional Access policies if desired.

    Remote access to on-premises applications through Azure AD Application Proxy

    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy

    If the above is helpful please click Accept Answer.

    Thanks.

    -TP

    0 comments No comments

  2. msrini-MSFT 9,251 Reputation points Microsoft Employee
    2023-03-12T18:10:45.3+00:00

    Hi,

    Yes, your solution would work. You will have a VM created which can be accessed from Azure Bastion via which you can open up the web UI. Then you will need to add a NSG to block all public access to the UI IP and then allow access from the VM.

    Regards,

    Karthik Srinivas

    0 comments No comments