As Azure Bastion service provides the secured accessibility, is Jump box still required? What are all the scenarios that would require the jump box in Azure?
CodePudding user response:
Scenarios depend on your (or your organizations) fundamental design decisions. The Service Model for Azure Bastion is PaaS where you don't have to manage your infrastructure - whereas the service model for your own Jump Box would be IaaS, which in turn comes with more responsibility.
See the Shared Responsibility Model for details on this.
Furthermore, Azure Bastion is always accessible through a Public IP address and therefore comes with public exposure. If you have security policies in place that disallow such access, then you will probably have to go with your own jump box.
On a technical level there are further differences. Bastion subnets do not support UDRs at this point in time and have certain subnet requirements. It might be worth checking the FAQs on Bastion.
Then pricing is another differentiator. With Bastion you are charged a certain amount based on your SKU by the hour and by network traffic, whereas with your own jump host you will be charged for Compute, Storage and network traffic.