I'm using it for management. It's a management tool. It's like an RDP on HTML. I'm using it to manage virtual machines on Azure.
If you want to manage a server or a virtual machine, you use the remote desktop service to access it. It is on the browser itself. As we are managing Azure Bastion, we have virtual machines, so to access the virtual machines, to avoid having or publishing the RDP port, and to avoid the security breaches on the RDP port, we use the Azure Bastion, which is a managing service on Microsoft.
As an Azure consultant, for me, it is the best way to give the administrator access as you can manage the permission - including who can access Bastion.
It is using something called role-based access control, so you can control permission. The good thing with Bastion is its ability to avoid publishing the virtual machines on Azure using public IPs. You will also avoid attacks as most of the attacks on Azure virtual machines come from the remote desktop port. Therefore, with Azure Bastion you will have a Bastion host that will be secure, of course, as it's a gateway secured on HTTPS traffic.
It's very easy to use as it's in the browser; it is on the menu of the virtual machine, so you just need to type your username and password and you will have a full RDP experience.
It solves many, many, many, many issues for us.
It's like an RDP gateway. It will let you access the virtual machines and have a full RDP experience. It's not full, however, for example, you cannot copy content inside, due to the RDP not being on the browser. It's HTML-based, where you cannot copy, for example, the full RDP experience to copy data from your computer to the server. That is the only limitation on the Azure Bastion.
If we can copy content and drag and drop it on the HTML, this would be helpful.
There's something called UDR on Azure. We cannot apply, as, when you deploy Azure Bastion, the networking part of the Azure Bastion, it needs a separate subnet for it. When you create the Azure Bastion, you need the subnet, like a network range for this subnet. The issue with that is you cannot manage this subnet on a way to control the traffic and to route the traffic from Azure Bastion, for example, to your firewall. Each virtual network should have its own subnet. This is maybe the problem. It's the networking part and applying the routing table on it that is where the issue lies.
If they can make the Azure console, or the VM console, available on the Azure Bastion, so when you reboot the VM, you can still see what's happening during the reboot, maybe it will be better. You could even troubleshoot issues if you have boot issues on the virtual machine, which is not available in Azure Bastion, as Azure Bastion will just give you access when the VM restarts and when you have the login page of Windows. However, when the VM restarts, you will not have this visibility on what's happening on the reboot, and we face many issues in the boot.
When you have a boot issue on Windows, you cannot use Azure Bastion to fix it. You have to use the Azure console or the VM console, and it is very limited. To make Bastion the best product as a management tool or an RDP tool, it will be better to bring the features of the hypervisor, local hypervisor, Hyper-V console, to Azure Bastion.
The solution is stable. There aren't issues with bugs or glitches. It doesn't crash or freeze.
It's not a scalable product. It's a managed service, so you cannot do anything with this service, as this product is managed by Microsoft Azure. You cannot do anything, you just need to deploy it. Therefore, there is no way to make it scalable.
We have many customers using the product. the whole government uses it.
I've never used technical support for this product. At one point I might have contacted them as a service request to ask about something on the networking of Azure Bastion, however, that's about it.
We did not previously use a different product.
The solution is easy to set up. You need to create a subnet for it and then you just create the Azure host and then you can manage the permission. It's easy. It's very easy to use, to deploy it, and to use it.
Deployment takes maybe around one minute to maybe five minutes. It just takes one person to deploy.
We don't need to worry about maintenance as Microsoft handles it. It's a cloud product.
The solution is a platform as a service.
I don't have any visibility on the pricing. It's not an aspect I handle.
We're Microsoft partners.
I'm not working as an administrator. I'm a consultant working with the IT company that is delivering Azure to our customers. I'm deploying Azure Bastion for the customers. I even give some knowledge transfer to the customer, the Azure administrator, to manage their virtual machine using Azure Bastion.
If you have an Azure virtual machine, you have to use the Azure Bastion. We force the customers to use it and avoid mapping public IPs on the VMs.
I'd rate the solution at a seven out of ten.
