Merge pull request #273560 from cherylmc/bastion-overview2

Stacyrch140 · web-flow · commit a61014bb9661 · 2024-04-26T19:28:01.000-04:00
bastion diagrams - devsku
diff --git a/articles/bastion/bastion-faq.md b/articles/bastion/bastion-faq.md
@@ -31,12 +31,11 @@ Azure Bastion doesn't move or store customer data out of the region it's deploye
 
 ### <a name="az"></a>Does Azure Bastion support availability zones?
 
-Some regions support the ability to deploy Azure Bastion in an availability zone (or multiple, for zone redundancy).
-To deploy zonally, you can select the availability zones you want to deploy under instance details when you deploy Bastion using manually specified settings. You can't change zonal availability after Bastion is deployed.
+[!INCLUDE [Availability Zones description and supported regions](../../includes/bastion-availability-zones-description.md)]
+
 If you aren't able to select a zone, you might have selected an Azure region that doesn't yet support availability zones.
-For more information about availability zones, see [Availability Zones](../reliability/availability-zones-overview.md?tabs=azure-cli).
 
-[!INCLUDE [Availability Zones region support - Preview](../../includes/bastion-availability-zones-regions.md)]
+For more information about availability zones, see [Availability Zones](../reliability/availability-zones-overview.md?tabs=azure-cli).
 
 ### <a name="vwan"></a>Does Azure Bastion support Virtual WAN?
 
diff --git a/articles/bastion/bastion-overview.md b/articles/bastion/bastion-overview.md
@@ -5,7 +5,7 @@ author: cherylmc
 # Customer intent: As someone with a basic network background, but is new to Azure, I want to understand the capabilities of Azure Bastion so that I can securely connect to my Azure virtual machines.
 ms.service: bastion
 ms.topic: overview
-ms.date: 10/13/2023
+ms.date: 04/26/2024
 ms.author: cherylmc
 ---
 # What is Azure Bastion?
@@ -14,10 +14,6 @@ Azure Bastion is a fully managed PaaS service that you provision to securely con
 
 Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network for which it's provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.
 
-The following diagram shows connections to virtual machines via a Bastion deployment that uses a Basic or Standard SKU.
-
-:::image type="content" source="./media/bastion-overview/architecture.png" alt-text="Diagram showing Azure Bastion architecture." lightbox="./media/bastion-overview/architecture.png":::
-
 ## <a name="key"></a>Key benefits
 
 |Benefit    |Description|
@@ -41,22 +37,31 @@ For more information about SKUs, including how to upgrade a SKU and information
 
 ## <a name="architecture"></a>Architecture
 
-This section applies to all SKU tiers except the Developer SKU, which is deployed differently. Azure Bastion is deployed to a virtual network and supports virtual network peering. Specifically, Azure Bastion manages RDP/SSH connectivity to VMs created in the local or peered virtual networks.
+Azure Bastion offers multiple deployment architectures, depending on the selected SKU and option configurations. For most SKUs, Bastion is deployed to a virtual network and supports virtual network peering. Specifically, Azure Bastion manages RDP/SSH connectivity to VMs created in the local or peered virtual networks.
 
 RDP and SSH are some of the fundamental means through which you can connect to your workloads running in Azure. Exposing RDP/SSH ports over the Internet isn't desired and is seen as a significant threat surface. This is often due to protocol vulnerabilities. To contain this threat surface, you can deploy bastion hosts (also known as jump-servers) at the public side of your perimeter network. Bastion host servers are designed and configured to withstand attacks. Bastion servers also provide RDP and SSH connectivity to the workloads sitting behind the bastion, as well as further inside the network.
 
-Currently, by default, new Bastion deployments don't support zone redundancies. Previously deployed bastions might, or might not, be zone-redundant. The exceptions are Bastion deployments in Korea Central and Southeast Asia, which do support zone redundancies.
+**Diagram: Bastion - Basic SKU and higher**
 
 :::image type="content" source="./media/bastion-overview/architecture.png" alt-text="Diagram showing Azure Bastion architecture." lightbox="./media/bastion-overview/architecture.png":::
 
-This figure shows the architecture of an Azure Bastion deployment. This diagram doesn't apply to the Developer SKU. In this diagram:
-
 * The Bastion host is deployed in the virtual network that contains the AzureBastionSubnet subnet that has a minimum /26 prefix.
 * The user connects to the Azure portal using any HTML5 browser.
 * The user selects the virtual machine to connect to.
 * With a single click, the RDP/SSH session opens in the browser.
+* For some configurations, the user can connect to the virtual machine via the native operating system client.
 * No public IP is required on the Azure VM.
 
+**Diagram: Bastion - Developer SKU**
+
+:::image type="content" source="./media/quickstart-developer-sku/bastion-shared-pool.png" alt-text="Diagram that shows the Azure Bastion developer SKU architecture." lightbox="./media/quickstart-developer-sku/bastion-shared-pool.png":::
+
+[!INCLUDE [Developer SKU](../../includes/bastion-developer-sku-description.md)]
+
+## Availability zones
+
+[!INCLUDE [Availability Zones description and supported regions](../../includes/bastion-availability-zones-description.md)]
+
 ## <a name="host-scaling"></a>Host scaling
 
 Azure Bastion supports manual host scaling. You can configure the number of host **instances** (scale units) in order to manage the number of concurrent RDP/SSH connections that Azure Bastion can support. Increasing the number of host instances lets Azure Bastion manage more concurrent sessions. Decreasing the number of instances decreases the number of concurrent supported sessions. Azure Bastion supports up to 50 host instances. This feature is available for the Azure Bastion Standard SKU only.
diff --git a/articles/bastion/configuration-settings.md b/articles/bastion/configuration-settings.md
@@ -124,6 +124,10 @@ When a user without Azure credentials clicks a shareable link, a webpage opens t
 | --- | --- | --- | --- |
 | Azure portal |Shareable Link  | [Configure](shareable-link.md)| Yes |
 
+## Availability zones
+
+[!INCLUDE [Availability Zones description and supported regions](../../includes/bastion-availability-zones-description.md)]
+
 ## Next steps
 
 For frequently asked questions, see the [Azure Bastion FAQ](bastion-faq.md).
diff --git a/articles/bastion/quickstart-developer-sku.md b/articles/bastion/quickstart-developer-sku.md
@@ -4,7 +4,7 @@ description: Learn how to deploy Bastion using the Developer SKU.
 author: cherylmc
 ms.service: bastion
 ms.topic: quickstart
-ms.date: 04/25/2024
+ms.date: 04/26/2024
 ms.author: cherylmc
 ms.custom: references_regions
 ---
@@ -18,7 +18,7 @@ The following diagram shows the architecture for Azure Bastion and the Developer
 :::image type="content" source="./media/quickstart-developer-sku/bastion-shared-pool.png" alt-text="Diagram that shows the Azure Bastion developer SKU architecture." lightbox="./media/quickstart-developer-sku/bastion-shared-pool.png":::
 
 > [!IMPORTANT]
-> During Preview, Bastion Developer SKU is free of charge. Pricing details will be released at GA for a usage-based pricing model.
+> During Preview, Bastion Developer SKU is free of charge.
 
 [!INCLUDE [regions](../../includes/bastion-developer-sku-regions.md)]
 
@@ -27,11 +27,7 @@ The following diagram shows the architecture for Azure Bastion and the Developer
 
 ## About the Developer SKU
 
-The Bastion Developer SKU is a new [lower-cost](https://azure.microsoft.com/pricing/details/azure-bastion/), lightweight SKU. This SKU is ideal for Dev/Test users who want to securely connect to their VMs if they don't need additional features or scaling. With the Developer SKU, you can connect to one Azure VM at a time directly through the virtual machine connect page.
-
-When you deploy Bastion using the Developer SKU, the deployment requirements are different than when you deploy using other SKUs. Typically when you create a bastion host, a host is deployed to the AzureBastionSubnet in your virtual network. The Bastion host is dedicated for your use. When using the Developer SKU, a bastion host isn't deployed to your virtual network and you don't need an AzureBastionSubnet. However, the Developer SKU bastion host isn't a dedicated resource and is, instead, part of a shared pool.
-
-Because the Developer SKU bastion resource isn't dedicated, the features for the Developer SKU are limited. See the Bastion configuration settings [SKU](configuration-settings.md) section for features by SKU. You can always upgrade the Developer SKU to a higher SKU if you need more features. See [Upgrade a SKU](upgrade-sku.md).
+[!INCLUDE [Developer SKU](../../includes/bastion-developer-sku-description.md)]
 
 ## <a name="prereq"></a>Prerequisites
 
@@ -76,7 +72,7 @@ You can use the following example values when creating this configuration as an
 
 ## <a name="createvmset"></a>Deploy Bastion and connect to VM
 
-These steps help you deploy Bastion using the developer SKU and auotmatically connect to your VM via the portal. To connect to a VM, your NSG rules must allow traffic to ports 22 and 3389 from the private IP address 168.63.129.16.
+These steps help you deploy Bastion using the developer SKU and automatically connect to your VM via the portal. To connect to a VM, your NSG rules must allow traffic to ports 22 and 3389 from the private IP address 168.63.129.16.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. In the portal, go to the VM to which you want to connect. The values from the virtual network in which this VM resides are used to create the Bastion deployment. The VM must be located in a region that supports the Developer SKU.
@@ -85,7 +81,7 @@ These steps help you deploy Bastion using the developer SKU and auotmatically co
 
    :::image type="content" source="./media/quickstart-developer-sku/deploy-bastion-developer.png" alt-text="Screenshot of the Bastion page showing Deploy Bastion." lightbox="./media/quickstart-developer-sku/deploy-bastion-developer.png":::
 
-1. Bastion deploys using the Developer SKU. 
+1. Bastion deploys using the Developer SKU.
 1. The connection to this virtual machine via Bastion will open directly in the Azure portal (over HTML5) using port 443 and the Bastion service. Select **Allow** when asked for permissions to the clipboard. This lets you use the remote clipboard arrows on the left of the screen.
 
    * When you connect, the desktop of the VM might look different than the example screenshot.
diff --git a/includes/bastion-availability-zones-description.md b/includes/bastion-availability-zones-description.md
@@ -0,0 +1,11 @@
+---
+author: cherylmc
+ms.author: cherylmc
+ms.date: 04/26/2024
+ms.service: bastion
+ms.topic: include
+---
+
+Some regions support the ability to deploy Azure Bastion in an availability zone (or multiple, for zone redundancy). To deploy zonally, deploy Bastion using manually specified settings (don't deploy using the automatic default settings). Specify the desired availability zones at the time of deployment. You can't change zonal availability after Bastion is deployed.
+
+[!INCLUDE [Availability Zones region support - Preview](bastion-availability-zones-regions.md)]
diff --git a/includes/bastion-developer-sku-description.md b/includes/bastion-developer-sku-description.md
@@ -0,0 +1,13 @@
+---
+author: cherylmc
+ms.author: cherylmc
+ms.date: 04/26/2024
+ms.service: bastion
+ms.topic: include
+---
+
+The Bastion Developer SKU is a free, lightweight SKU. This SKU is ideal for Dev/Test users who want to securely connect to their VMs, but don't need additional Bastion features or host scaling. With the Developer SKU, you can connect to one Azure VM at a time directly through the virtual machine connect page.
+
+When you deploy Bastion using the Developer SKU, the deployment requirements are different than when you deploy using other SKUs. Typically when you create a bastion host, a host is deployed to the AzureBastionSubnet in your virtual network. The Bastion host is dedicated for your use. When you use the Developer SKU, a bastion host isn't deployed to your virtual network and you don't need an AzureBastionSubnet. However, the Developer SKU bastion host isn't a dedicated resource. Instead, it's part of a shared pool.
+
+Because the Developer SKU bastion resource isn't dedicated, the features for the Developer SKU are limited. See the Bastion configuration settings [SKU](../articles/bastion/configuration-settings.md) section for features by SKU. You can always upgrade the Developer SKU to a higher SKU if you need to support more features. See [Upgrade a SKU](../articles/bastion/upgrade-sku.md).
