Get started with Azure Bastion

Microsoft’s SSL connections to Azure make it easier to manage Windows and Linux virtual machines

As the public cloud matures, it’s becoming clear that we need a new tier of systems and application management tools. Clouds, whether public, private, or hybrid, depend on one thing: the abstraction of the application layer away from the underlying physical infrastructure. Applications don’t need to consider the underlying physical hardware anymore; all that’s necessary is either a managed PaaS environment or an application-specific virtual infrastructure.

That change has already happened, and those new management tools are starting to arrive. Alongside basic management, they deliver a new set of questions: Who are they for and how do we build them into our workflows? They’re important issues, which seem to suggest a new role in our devops teams. It’s one we don’t have a name for yet, a role that lies between the new infrastructure operators and the applications teams, one that’s responsible for managing the PaaS and the virtual infrastructure, more closely aligned with the applications than traditional system administrators.

Virtual infrastructures are a significant problem, as they require as much management and monitoring as an on-premises infrastructure. On-premises you’re able to go down into the data center and use an in-rack KVM switch to quickly hook a keyboard and screen to a server or use built-in lights-out management tools to quickly access your server’s configuration. You may even have a dedicated management network with servers configured to only allow terminal access to users inside your organization.

How do we securely manage Azure infrastructures?

In a public cloud like Azure those tools are no longer available. Your entire infrastructure is virtual machines and virtual appliances. The Azure Portal gives you some management capabilities, with remote desktop access to servers in the browser when you need to quickly manage a single virtual server. At a larger scale, you can use Azure’s VNet tool to get access to your servers, but there’s always the risk of accidentally exposing a public IP address for a management VPN or for SSL access to Windows Server or Linux management tooling.

To continue reading this article register now