Try our new research platform with insights from 80,000+ expert users
reviewer1754877 - PeerSpot reviewer
Senior Microsoft System Engineer at a tech vendor with 201-500 employees
Real User
Easy to use and manage permissions but if you have boot issues, you can't use Bastion to fix them
Pros and Cons
  • "As an Azure consultant, for me, it is the best way to give the administrator access as you can manage the permission - including who can access Bastion."
  • "When you have a boot issue on Windows, you cannot use Azure Bastion to fix it. You have to use the Azure console or the VM console, and it is very limited."

What is our primary use case?

I'm using it for management. It's a management tool. It's like an RDP on HTML. I'm using it to manage virtual machines on Azure.

If you want to manage a server or a virtual machine, you use the remote desktop service to access it. It is on the browser itself. As we are managing Azure Bastion, we have virtual machines, so to access the virtual machines, to avoid having or publishing the RDP port, and to avoid the security breaches on the RDP port, we use the Azure Bastion, which is a managing service on Microsoft. 

What is most valuable?

As an Azure consultant, for me, it is the best way to give the administrator access as you can manage the permission - including who can access Bastion. 

It is using something called role-based access control, so you can control permission. The good thing with Bastion is its ability to avoid publishing the virtual machines on Azure using public IPs. You will also avoid attacks as most of the attacks on Azure virtual machines come from the remote desktop port. Therefore, with Azure Bastion you will have a Bastion host that will be secure, of course, as it's a gateway secured on HTTPS traffic. 

It's very easy to use as it's in the browser; it is on the menu of the virtual machine, so you just need to type your username and password and you will have a full RDP experience. 

It solves many, many, many, many issues for us.

What needs improvement?

It's like an RDP gateway. It will let you access the virtual machines and have a full RDP experience. It's not full, however, for example, you cannot copy content inside, due to the RDP not being on the browser. It's HTML-based, where you cannot copy, for example, the full RDP experience to copy data from your computer to the server. That is the only limitation on the Azure Bastion.

If we can copy content and drag and drop it on the HTML, this would be helpful.

There's something called UDR on Azure. We cannot apply, as, when you deploy Azure Bastion, the networking part of the Azure Bastion, it needs a separate subnet for it. When you create the Azure Bastion, you need the subnet, like a network range for this subnet. The issue with that is you cannot manage this subnet on a way to control the traffic and to route the traffic from Azure Bastion, for example, to your firewall. Each virtual network should have its own subnet. This is maybe the problem. It's the networking part and applying the routing table on it that is where the issue lies.

If they can make the Azure console, or the VM console, available on the Azure Bastion, so when you reboot the VM, you can still see what's happening during the reboot, maybe it will be better. You could even troubleshoot issues if you have boot issues on the virtual machine, which is not available in Azure Bastion, as Azure Bastion will just give you access when the VM restarts and when you have the login page of Windows. However, when the VM restarts, you will not have this visibility on what's happening on the reboot, and we face many issues in the boot.

When you have a boot issue on Windows, you cannot use Azure Bastion to fix it. You have to use the Azure console or the VM console, and it is very limited. To make Bastion the best product as a management tool or an RDP tool, it will be better to bring the features of the hypervisor, local hypervisor, Hyper-V console, to Azure Bastion. 

What do I think about the stability of the solution?

The solution is stable. There aren't issues with bugs or glitches. It doesn't crash or freeze. 

Buyer's Guide
Azure Bastion
November 2024
Learn what your peers think about Azure Bastion. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.

What do I think about the scalability of the solution?

It's not a scalable product. It's a managed service, so you cannot do anything with this service, as this product is managed by Microsoft Azure. You cannot do anything, you just need to deploy it. Therefore, there is no way to make it scalable.

We have many customers using the product. the whole government uses it. 

How are customer service and support?

I've never used technical support for this product. At one point I might have contacted them as a service request to ask about something on the networking of Azure Bastion, however, that's about it.

Which solution did I use previously and why did I switch?

We did not previously use a different product.

How was the initial setup?

The solution is easy to set up. You need to create a subnet for it and then you just create the Azure host and then you can manage the permission. It's easy. It's very easy to use, to deploy it, and to use it.

Deployment takes maybe around one minute to maybe five minutes. It just takes one person to deploy.

We don't need to worry about maintenance as Microsoft handles it. It's a cloud product.

What's my experience with pricing, setup cost, and licensing?

The solution is a platform as a service.

I don't have any visibility on the pricing. It's not an aspect I handle. 

What other advice do I have?

We're Microsoft partners.

I'm not working as an administrator. I'm a consultant working with the IT company that is delivering Azure to our customers. I'm deploying Azure Bastion for the customers. I even give some knowledge transfer to the customer, the Azure administrator, to manage their virtual machine using Azure Bastion.

If you have an Azure virtual machine, you have to use the Azure Bastion. We force the customers to use it and avoid mapping public IPs on the VMs.

I'd rate the solution at a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user