Tag: SSL

Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.



ThomasMaurer HTTPS

ThomasMaurer.ch now forcing https SSL encryption

Well this time it is just a small post about this blog here. ThomasMaurer.ch is available using SSL encryption (https) for quite a while, it was available for most of the content but it was not forced and not all of the content was available through SSL. This has changed a couple of days ago. ThomasMaurer.ch is now not only reachable using https, it is also forced to use https://www.thomasmaurer.ch.

This has several reasons, but mostly it should protect your data while visiting my website.

Since this was not as easy as you might think, there could be still some issues with the site. If you find any issues or have any problems accessing the site, leave a comment or use the contact form to contact me.



www.thomasmaurer.ch

You can now use thomasmauer.ch with https

This is a short blog post about some changes about my blog. Some weeks ago I enabled SSL on my blog and you can now use https://www.thomasmaurer.ch to get a secure connection to my blog. However, the default for the site still is http until everything works definitely with https. With this, have fun and enjoy my blog using https:

Switch to HTTPS

Another thing I added is the possiblity to subscribe my blog with your email address, with that you will always get notifya new email when I release a new blog post.

Subcribe my Blog

 



How to redirect sites to HTTPS in IIS 7.5

This little guide shows you how you can redirect http request to the https website using IIS Settings. You can do the same on other versions of IIS slightly different.

  1. First set “require SSL” under the SSL Settings from the Website
    SSL Settings
  2. Under the Error Page Settings edit the 403 Error Page
    Error Page Settings
  3. mark the Setting “Respond with a 302 redirect” and add the https URL
    Respond with a 302 redirect