Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Hello, Siberians. Welcome to this lesson on Azure bash in
00:04
this lesson is part of the top Madu. Off the is at 500 Microsoft Azure Security technologies costs
00:12
quick information on what will be covering in this lesson.
00:15
We'll start out by looking at the risk associated with public virtual machines.
00:19
Well, then, this caused the azure bastion service what it is and what it does.
00:25
And finally, I'll show you a demonstration of deploying the azure bastion service on user needs to connect Street private v him. Let's get into this
00:35
Exports in our virtual mission management parts to the Internet carries with it some in event risks. For example, the veteran machines I exposed to trade such as pots, cannon
00:46
vulnerabilities, canning on brute force attacks from malicious host on the Internet
00:52
to contend the traits that we're talking about
00:54
we could deploy jump post on the public side of a perimeter network.
00:59
What is does is it creates extra management overhead as we have toe update, backup and trouble shoot the jump box going forward.
01:07
This is where a service like as your passion can help us as your passion provides a way for us to seamlessly connects to our private V hams using Rdp an SS age off my Web browser that is the your pato.
01:23
Now in the diagram on the rights
01:26
the user connects to Azure Bastion. So the your Pato
01:30
bashing service then provides that private rdp an ssh connection toe are vehemence.
01:38
The result off this is that RV ham Stones needs toe. Have public I p addresses. Assigns to them.
01:45
How are DP on? Ssh connections are contained within a customer's network when we use the bastion service.
01:53
The connections are also secured, using TLS to prevent man in the middle attacks
01:57
on the bashing service itself. It's a fully managed service provided by Microsoft, even though it's deployed in a network. We don't needs to manage infrastructure or software updates and patches.
02:12
So what resources can we connects to Using the azure bash in service
02:16
support and resources includes virtual machines and networks. Veteran mission scare sets on day after slaps
02:25
now to the demonstration, their trade tasks that I'm going to be completed.
02:30
The first task will be to create on as your bastion sub net in my private network.
02:37
How then deploy bash in host into the bastions of net.
02:40
And finally, our verify that I can connect to my private windows for him, using our DP through the bastion service in the azure Pato.
02:51
In the first ask are we creating and as your Russian sub net in my virtual network?
02:57
So yes, a visual representation off. What are between? I have this current set up. What I was simply do is create a new sub net with high P address range off $10 1 that five slash 20 Fall on this is the submits that the bastion was to be deployed into.
03:13
So I am in the agile photo. What I'll Do is how school on the left hand side and ugly convention networks.
03:20
I have my single virtual network here are quiet and selects that,
03:23
and I'll click on Submit
03:25
on Under Sub Net are go ahead and had a new sub net, which is on the revenge off my virtual network range.
03:32
How call That's the Asia
03:36
bastion
03:38
sub nets just exactly the way I've named that year.
03:42
So for the i P address range, I'll give that a range of 10.1 dot five, as we mentioned live all of the settings as default on I'll click OK to that.
03:53
So that's created my subbed and I can move to the next task.
03:58
So in the next, ask how be deploying a bastion host into the sub nets that I just created?
04:04
Yes, official representation off what are between? I have my sub nets and I'll be deploying the service into that.
04:11
So I'm back in the other pod. Oh, what about this? Outlook on Creative is us,
04:15
and I'll type in Bastion
04:18
and I'll select Combustion Service Day.
04:20
How quiet and click on Create
04:25
on. I'll specify the same this article that I've been using so far
04:29
for the name our type in
04:31
UK South. I think
04:35
question
04:36
and for the region are puts that in the UK South region, which is where my veteran, it's Rockies
04:42
on our quiet and select my virtual network. So that's my virtual network. There are selects that you consider it automatically detected the bastion submitted I created earlier
04:53
now for the public I p address our Larry to create a new one. Only that are rename it a little bit.
05:04
How quiet and click on review plus creates
05:09
and I'll go ahead and click on Creates.
05:12
Now give it a few minutes to do weights Gonna dough which would be deploying the service and wanted fully deployed our reason to record in
05:19
So the bastion service successfully got the plight so we can move on to the next task
05:27
in the final task have verified that I can connection my private windows VM using rdp through the bastion service in the azure portal
05:36
aan s official representation of what are we doing?
05:40
How connected the azure pato on the connection uses TLS
05:46
how they'll access my private VM True the bash in service
05:50
So I'm back in the house You're Pato
05:53
What are do is I'll go on the left hand side and click on virtual machines
05:58
after clicking off veteran machines I have my windows vm here and remember that it is private It has no public i p
06:04
how quiet and click on my windows Virtual machine
06:08
On on the left Inside Outlook for the bastion options are wide and click on that option.
06:15
Now you can see that it's prompting me to put in the user name on the password for my windows Vetra machine in a pato so guide and type those information in
06:30
on our right and click on connects.
06:34
Now if I go ahead and click on allowed to that.
06:38
As you can see, the Bastion Service has now connected me to my private Windows virtual machine. It's using Rdp for the connection in the back end, but that's all contained within my virtual network. So now I have connectivity without having to issue a public i p address to this van.
06:57
Here's a summary off what we covered in this lesson.
07:00
We started out by looking at the risk. Associate it with public GM's.
07:04
What end is caused the azure bastion service Whitey's on. Why does?
07:09
And finally I showed you a demonstration of Arthur creates the Azure bastion service on now to use it to connect story private factual machine.
07:17
Thanks very much for watching, and I'll see you in the next lesson.

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor