A jump server is an intermediary server through which you can access a server behind a firewall. It provides information needed to communicate with the target device. You can connect using either a private key or username and password.
Let us assume you have an environment with several virtual machines. You can connect them with either Secure Shell or Remote Desktop Protocol (RDP). You can do so by opening ports 22 and 3389 to your entire network. Instead of allowing direct access, you can use a specific VM (or jump server) that sits in a controlled subnet. You can use it as an entry point and then can jump to other VMs on the network.
However, deploying jump servers on-premises can be a potential risk in a network’s design. Consequently, enterprises are switching to cloud-based solutions to provide secure user access to infrastructure. In this article, let us explore how to set up a jump server in Azure.
Why Use Jump Server in Azure?
Many enterprises have vendor devices/applications running in their corporate network. These may require the use of separate security zones with controlled access to resources. While Azure Bastion can protect resources within a vNET, other workloads in the perimeter network may still require a jump server. With jump servers on Azure, end-users can remotely access information with administrative privileges in the network.
What is Required for Setting Up Jump Server in Azure?
To set up a jump server, you need the following:
- First, you need to have an Azure subscription.
- Credentials, so you can access the cloud infrastructure.
- If using A VPN software, install appropriate binaries.
Steps to Setup A Jump Server in Azure
There are the following steps to set up a jump host in Azure.
- First, you need to log in to the Azure portal and select virtual machines.
- On the next screen, click “Add” to create a new virtual machine.
- Select the appropriate subscription and select “Create New” to create a new Resource Group.
- In the next window, you need to enter a name for the group. It would be best if you chose an appropriate name for the virtual machine, so you can easily distinguish it from others. For example, if you have “ABC company,” then you should choose a name such as “ABCJH” or “Remote JS,” so you can know that it is the jump host.
- In the next step, you must select the region and the image to use. If it is an enterprise, then select Windows 10 Enterprise.
- Now, you must allocate memory and CPU to the virtual machine. How much resources you should allocate depends on the workload? In most cases, we create one with two VCPUs and 8 GB of RAM, which is enough to perform administrative tasks.
- In the next step, you need to select the VM Size. After that, the cost per month will be displayed. Keep in mind that it is based on running the VM. You need to start the VM when you need remote access so that the cost will be significantly lower than the estimation.
- Provide username and password for the jump host.
- In the next step, you need to define inbound port tiles. Select RDP (3389) and allow selected ports. It will show you the warning, but you do not need to worry as it is temporary. You also need to select a license. If you already have, then select “Yes.”
- In the next step, you must select “Disk Type.” You can choose SSD or HDD. In this case, a normal SSD will do.
- On the next screen, you need to set up a network security group and dedicated network. Choose appropriate settings, and then on the next screen, you need to configure Management options for monitoring.
- As you will need this server at specific times, it is better to configure Auto Shutdown and hit “Next.”
- On the next screen, you can see advanced options for the jump host. It would be best if you made sure that the defender is enabled and configured. So, install the Microsoft Antimalware extension and then hit “Create.”
- Configure Just in Time access in the Azure Security Center or manually enable/disable port 3389 access before accessing the jump host.
By following these steps, you can easily create and deploy a jump server in Azure. The process explained above is for creating a Windows jump server. You can deploy a Linux jump server as well.
Apps4Rent Can Help with Cloud Security
With this method of setting up a jump host running in Azure, enterprises can provide a secure environment for external users to access their IT infrastructure using a browser. However, it is advisable to migrate the entire infrastructure to Azure for more scalability, security, and management options.
As a Tier 1 Microsoft CSP, Apps4Rent provides managed Azure services to help enterprises with their digital transformation. Contact our Azure security experts, available 24/7 via phone, chat, and email for assistance.