![]() Today we look at building a central and secured Bastion solution in an Azure VWAN environment. But it is not complete or perfect yet, and RDGW/NPS remains the most complete and especially the more end user-friendly solution. Those two features, combined with native client support, allow Azure Bastion to become better at providing a full-fledged alternative to the RDGW/NPS solution. That was addressed over time via VNet peering support and IP-based connection support. We now even have Kerberos support in the works! The biggest challenge in the early days with Azure Bastion was that it seemed to be a point solution which forced us to deploy it many times per environment and forced many people to the RDGW/NPS solution mentioned above. On top of that, you need much exposure, which means time, to gain a better understanding and more profound knowledge required for troubleshooting when needed.Īzure Bastion was not perfect from day one but has improved significantly. But of the new talent entering the IT world, few are trained in on-prem skills. My on-premises skills remain and are maintained next to my Azure skill set. Tell me, when was the last time you upgraded such a solution from, let’s say, Windows Server 2016 to Windows Server 2019 or Windows 2022? How often do you upgrade the NPS extension or renew the certificates? I’ve done it a lot and still do that. Read more about this solution in these two articles: Transition a Highly Available RD Gateway to Use the NPS Extension for Azure MFA – Phase I and Transition a highly available RD Gateway to use the NPS Extension for Azure MFA – Phase II.īut it requires Windows Server, RDGW, Radius/NPS, load balancer skills, and time and effort to design, deploy, maintain, and support it. In addition, you can isolate this solution from the rest of the network while sending traffic over a firewall for granular access control. And yes, you can also use the NPS extension to provide MFA for SSH. ![]() It has long been my favorite, providing a more user-friendly and complete solution for RDP than Azure Bastion. That made up for its drawbacks.įigure 1: Azure Bastion – secured access to your VMs (Photo by Richard Clark on Unsplash)Ī highly available Remote Desktop Gateway (RDGW) solution protected via a redundant RADIUS/Network Policy Server (NPS) deployment that runs the NPS Extension for Azure MFA to provide multi-factor authentication (MFA) does the job excellently. ![]() In addition, since it is a platform resource, you don’t need to worry about maintaining it beyond the actual deployment, and there is minimal configuration involved. Since its inception, Azure Bastion has been a practical, affordable, and secure way to offer connectivity to Azure virtual machines without setting up another secured solution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |