Azure Bastion Hosts?

In the AWS courses (and in vendor-to-client VPN connections I've seen in the wild for on-prem Microsoft environments), connecting to VMs is typically done via a "bastion host" rather than directly opening the VM(s) up to the world. However, a few times in this Azure course I've seen the instructor just opening up VMs to the world. 

There is indeed security via ssh key, but I still got that red flag feeling from opening up a VM to the world like that. 

Question: in the wild, is using a bastion host (or something semantically similar) commonplace/best practice for Azure ecosystems? If so, are we not using one in this course just for simplicity's sake?

Thanks!
  • post-author-pic
    Pawel L
    09-07-2018

    Indeed, it is best practice to use "jumpbox" (your bastion host), instead opening VMs to the world. Your assumption about the simplicity's sake is probably correct.

  • post-author-pic
    Michael H
    09-10-2018

    It is common place to use a bastion host for this scenario with Azure.  And I would say that it is a course decision to open the VM's to the public to make the course simpler.

Looking For Team Training?

Learn More