Update 2 on 01/12/2021
Microsoft has changed the #AzureBastion minimum subnet size from /27 to /26. Installed #Azure Bastion are unaffected, but new deployments require the new subnet size. Please remember this. https://docs.microsoft.com/en-us/azure/bastion/bastion-faq#subnet
Update – 12/2020
Azure Bastion is now available in West Germany Central.
Azure Bastion is a service to avoid deployment own Jumphosts and reach Azure VMs over the Management Ports (SSH and RDP) in a secure way without the need to assign Public IPs directly to Azure VMs.
Azure Bastion got a really big improvement and now supports Azure VNET Peering. This includes all VNET peering models, inside a single subscription and VNET peering across different subscriptions.
This makes the service more useful and cheaper. Now we no longer need to have an Azure Bastion host in each VNET. It is possible to deploy the Azure Bastion Service in the Hub Network and reach all additional VMs in the Spoke VNET that peered to the Hub network.
This makes the service more useful and cheaper and is a must have to avoid the management of own Jumphosts.
To learn all about the service and the benefits take a look at my article Azure Bastion – Secure access Azure VMs via RDP/SSH wihtout public IPs or view the Azure Advent Calendar session from last year.
What if the Hub is a Virtual Wan Hub?
Hi,
this is a good question. I do not test it yet, but from my perspective it also works in Virtual WAN architecutre inside the Hub and Spoke design they exist in the same region.
I will take a look at this.
Greetings
Gregor
Also wondering about vwan support – I cannot get it to detect the Bastion host deployed in another spoke.
So:
Spoke with VM —> Peered to vwan hub —-> Peered to another spoke with Bastion host.
I cannot deploy Bastion in the hub itself because this doesnt even have (nor require) a VNET.
Hi Maickel,
you can enable Azure Bastion in a HUB VNET and connect via the Bastionhost directly peered VNETs. I think, using Azure Bastion over VWAN will currently not work.
The support is only given for directly connected VNETs over VNET Peering.
I am not sure, if Bastion support for VWAN is planned or coming.
Greetings
Gregor