Automatic Creation and Destruction of Azure Bastion

Azure Bastion is a solution that is far more secure than direct public IP access to a server or session host. However, at over $100 a month without easy way to create and destroy, it requires an investment. I'd propose addition to NMM of a feature like the way that premium disks are automatically scaled down to standard HDD when not used that will involve Bastion. It would automatically provision an Azure Bastion for say a day, and then destroy it at end of day when admins don't need it (or some other amount of time). I wonder if it would  let partners be able to use this more secure way of administrative login to servers at a more cost effective manner.

4

Comments (2 comments)

Avatar
DStephenson
(Edited )

I think I heard talk of Nerdio releasing a remote control solution in the not too distant future where we wouldn't need Bastion.
But, that may not be readily approved by internal security teams.

Maybe the Nerdio team could add the ability to deploy Bastion to an account (based on the desired SKU (see Pricing - Azure Bastion | Microsoft Azure))
By default it could use the Azure Bastion Developer SKU (see Quickstart: Deploy Bastion using the Developer SKU: Azure portal | Microsoft Learn) which is free so it wouldn't incur any extra costs.

1
Avatar
Jim-Barry Behar

Jacob Reinhardt given the JIT (just-in-time) IP-address restricted nature of the already built-in function to RDP to a machine, why would this even be necessary? It's secured to the requester's IP address, and for a limited amount of time only, and even spawns a new public IP on the fly if needed for that endpoint.

Or with almost any RMM tool you're likely to deploy, you're likely already able to connect remotely.

0

Please sign in to leave a comment.