Merge pull request #190035 from cherylmc/tutor

update with new graphics and standard SKU

Author: Court72

articles/bastion/TOC.yml

@@ -11,7 +11,7 @@
     href: quickstart-host-portal.md
 - name: Tutorials
   items:
-  - name: Deploy Bastion & connect
+  - name: Deploy Bastion - Portal
     href: tutorial-create-host-portal.md
 - name: Concepts
   items:

articles/bastion/media/tutorial-create-host-portal/bastion-subnet.png

@@ -1,45 +1,50 @@
 ---
-title: 'Tutorial: Deploy Bastion using manual settings: Azure portal'
+title: 'Tutorial: Deploy Bastion: Azure portal'
 description: Learn how to deploy Bastion using manual settings using the Azure portal.
 services: bastion
 author: cherylmc
 ms.service: bastion
 ms.topic: tutorial
-ms.date: 02/25/2022
+ms.date: 02/28/2022
 ms.author: cherylmc
 ms.custom: ignite-fall-2021
 ---
 
 # Tutorial: Deploy Bastion using manual settings: Azure portal
 
-This tutorial shows you how to deploy Azure Bastion to your virtual network from the Azure portal using manual settings that you specify. While you can [deploy Bastion using VM settings](quickstart-host-portal.md), deploying Bastion using manual settings lets you specify granular settings for the bastion host. After you deploy Bastion, the RDP/SSH experience is available to all of the virtual machines in the virtual network. Azure Bastion is a PaaS service that is maintained for you, not a bastion host that you install on one of your VMs. For more information about Azure Bastion, see [What is Azure Bastion?](bastion-overview.md)
+This tutorial helps you deploy Azure Bastion from the Azure portal using manual settings. When you use manual settings, you can specify configuration values such as instance counts and the SKU at the time of deployment. After Bastion is deployed, you can connect (SSH/RDP) to virtual machines in the virtual network via Bastion using the private IP address of the VM. When you connect to a VM, it doesn't need a public IP address, client software, agent, or a special configuration.
 
-In this tutorial, you deploy Bastion using the Standard SKU tier and adjust host scaling (instance count). After the deployment is complete, you connect to your VM via private IP address. The VM you connect to doesn't need a public IP address, client software, agent, or a special configuration. If your VM has a public IP address that you don't need for anything else, you can remove it.
+In this tutorial, you deploy Bastion using the Standard SKU tier and adjust host scaling (instance count). After the deployment is complete, you connect to your VM via private IP address. If your VM has a public IP address that you don't need for anything else, you can remove it.
+
+Azure Bastion is a PaaS service that's maintained for you, not a bastion host that you install on one of your VMs and maintain yourself. For more information about Azure Bastion, see [What is Azure Bastion?](bastion-overview.md)
 
 In this tutorial, you'll learn how to:
 
 > [!div class="checklist"]
-> * Create a bastion host for your VNet.
-> * Connect to a Windows virtual machine.
+> * Deploy Bastion to your VNet.
+> * Connect to a virtual machine.
 > * Remove the public IP address from a virtual machine.
 
 If you don’t have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 
 ## Prerequisites
 
 * A [virtual network](../virtual-network/quick-create-portal.md). This will be the VNet to which you deploy Bastion.
-* A Windows virtual machine in the virtual network. This VM isn't a part of the Bastion configuration and doesn't become a bastion host. You connect to this VM later via Bastion. If you don't have a VM, create one using [Quickstart: Create a VM](../virtual-machines/windows/quick-create-portal.md).
-* The following required roles for your resources:
-   * Required VM roles:
-     * Reader role on the virtual machine.
-     * Reader role on the NIC with private IP of the virtual machine.
+* A virtual machine in the virtual network. This VM isn't a part of the Bastion configuration and doesn't become a bastion host. You connect to this VM later in this tutorial via Bastion. If you don't have a VM, create one using [Quickstart: Create a VM](../virtual-machines/windows/quick-create-portal.md).
+* The following required roles for your resources.
+
+  * Required VM roles:
 
-* Ports: To connect to the Windows VM, you must have the following ports open on your Windows VM:
-  * Inbound ports: RDP (3389)
+    * Reader role on the virtual machine.
+    * Reader role on the NIC with private IP of the virtual machine.
 
+  * Required inbound ports:
 
- >[!NOTE]
- >The use of Azure Bastion with Azure Private DNS Zones is not supported at this time. Before you begin, please make sure that the virtual network where you plan to deploy your Bastion resource is not linked to a private DNS zone.
+    * For Windows VMS - RDP (3389)
+    * For Linux VMs - SSH (22)
+
+ > [!NOTE]
+ > The use of Azure Bastion with Azure Private DNS Zones is not supported at this time. Before you begin, please make sure that the virtual network where you plan to deploy your Bastion resource is not linked to a private DNS zone.
  >
 
 ### <a name="values"></a>Example values
@@ -71,80 +76,79 @@ You can use the following example values when creating this configuration, or yo
 | Public IP address SKU |  Standard  |
 | Assignment  | Static |
 
- >[!IMPORTANT]
- >For Azure Bastion resources deployed on or after November 2, 2021, the minimum AzureBastionSubnet size is /26 or larger (/25, /24, etc.). All Azure Bastion resources deployed in subnets of size /27 prior to this date are unaffected by this change and will continue to work, but we highly recommend increasing the size of any existing AzureBastionSubnet to /26 in case you choose to take advantage of [host scaling](./configure-host-scaling.md) in the future.
+ > [!IMPORTANT]
+ > For Azure Bastion resources deployed on or after November 2, 2021, the minimum AzureBastionSubnet size is /26 or larger (/25, /24, etc.). All Azure Bastion resources deployed in subnets of size /27 prior to this date are unaffected by this change and will continue to work, but we highly recommend increasing the size of any existing AzureBastionSubnet to /26 in case you choose to take advantage of [host scaling](./configure-host-scaling.md) in the future.
  >
 
-## <a name="createhost"></a>Create a bastion host
+## <a name="createhost"></a>Deploy Bastion
 
-This section helps you create the bastion object in your VNet. This is required in order to create a secure connection to a VM in the VNet.
+This section helps you deploy Bastion to your VNet. Once Bastion is deployed, you can connect securely to any VM in the VNet using its private IP address.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Type **Bastion** into the search.
+1. Type **Bastion** in the search.
 1. Under services, select **Bastions**.
 1. On the Bastions page, select **+ Create** to open the **Create a Bastion** page.
-1. On the **Create a Bastion** page, configure a new Bastion resource.
+1. On the **Create a Bastion** page, configure the required settings.
 
-   :::image type="content" source="./media/tutorial-create-host-portal/review-create.png" alt-text="Screenshot of Create a Bastion portal page." lightbox="./media/tutorial-create-host-portal/create.png":::
+   :::image type="content" source="./media/tutorial-create-host-portal/review-create.png" alt-text="Screenshot of Create a Bastion portal page." lightbox="./media/tutorial-create-host-portal/review-create.png":::
 
 ### Project details
 
-* **Subscription**: The Azure subscription you want to use.
+* **Subscription**: Select your Azure subscription.
 
-* **Resource Group**: The Azure resource group in which the new Bastion resource will be created. If you don't have an existing resource group, you can create a new one.
+* **Resource Group**: Select your Resource Group.
 
 ### Instance details
 
-* **Name**: The name of the new Bastion resource.
+* **Name**: Type the name that you want to use for your bastion resource.
 
 * **Region**: The Azure public region in which the resource will be created. Choose the region in which your virtual network resides.
 
-* **Tier:** The tier is also known as the **SKU**. For this tutorial, we select the **Standard** SKU from the dropdown. Selecting the Standard SKU lets you configure the instance count for host scaling. The Basic SKU doesn't support host scaling. For more information about features that require te Standard SKU, see [Configuration settings - SKU](configuration-settings.md#skus).
+* **Tier:** The tier is also known as the **SKU**. For this tutorial, select **Standard**. The Standard SKU lets you configure the instance count for host scaling and other features. For more information about features that require the Standard SKU, see [Configuration settings - SKU](configuration-settings.md#skus).
 
-* **Instance count:** This is the setting for **host scaling** and configured in scale unit increments. Use the slider to configure the instance count. If you specified the Basic tier SKU, you can’t configure this setting. For more information, see [Configuration settings - host scaling](configuration-settings.md#instance). In this tutorial, you can select the instance count you'd prefer, keeping in mind any scale unit [pricing](https://azure.microsoft.com/pricing/details/azure-bastion) considerations.
+* **Instance count:** This is the setting for **host scaling**. It's configured in scale unit increments. Use the slider or type a number to configure the instance count that you want. For this tutorial, you can select the instance count you'd prefer. For more information, see [Host scaling](configuration-settings.md#instance) and [Pricing](https://azure.microsoft.com/pricing/details/azure-bastion).
 
 ### Configure virtual networks
 
-* **Virtual network**: The virtual network in which the Bastion resource will be created. You can create a new virtual network in the portal during this process, or use an existing virtual network. If you're using an existing virtual network, make sure the existing virtual network has enough free address space to accommodate the Bastion subnet requirements. If you don't see your virtual network from the dropdown, make sure you've selected the correct Resource Group.
+* **Virtual network**: Select your virtual network. If you don't see your VNet in the dropdown list, make sure you selected the correct Resource Group and Region in the previous settings on this page.
 
-* **Subnet**: Once you create or select a virtual network, the subnet field appears on the page. This is the subnet in which your Bastion instances will be deployed. The name must be **AzureBastionSubnet**. See the following steps to add the subnet.
+* **Subnet**: Once select a virtual network, the subnet field appears on the page. This is the subnet to which your Bastion instances will be deployed. In most cases, you won't already have the subnet **AzureBastionSubnet** configured. The subnet name must be **AzureBastionSubnet**. See the following steps to add the subnet.
 
 #### Manage subnet configuration
 
-In most cases, you won't already have an AzureBastionSubnet configured. To configure the bastion subnet: 
+To configure the bastion subnet:
 
 1. Select **Manage subnet configuration**. This takes you to the **Subnets** page.
 
-   :::image type="content" source="./media/tutorial-create-host-portal/subnet.png" alt-text="Screenshot of Manage subnet configuration.":::
-1. On the **Subnets** page, select **+Subnet** to open the **Add subnet** page. 
+   :::image type="content" source="./media/tutorial-create-host-portal/subnet.png" alt-text="Screenshot of Manage subnet configuration." lightbox="./media/tutorial-create-host-portal/subnet.png":::
+1. On the **Subnets** page, select **+Subnet** to open the **Add subnet** page.
 
 1. Create a subnet using the following guidelines:
 
    * The subnet must be named **AzureBastionSubnet**.
-   * The subnet must be at least /26 or larger. For the Standard SKU, we recommend /26 or larger to accommodate future additional host scaling instances.
-
-   :::image type="content" source="./media/tutorial-create-host-portal/bastion-subnet.png" alt-text="Screenshot of the AzureBastionSubnet subnet.":::
+   * The subnet must be at least **/26 or larger** (/26, /25, /24 etc.) to accommodate features available with the Standard SKU.
 
-1. You don't need to fill out additional fields on this page. Select **Save** at the bottom of the page to save the settings and close the **Add subnet** page.
+1. You don't need to fill out additional fields on this page. Select **Save** at the bottom of the page to create the subnet.
 
 1. At the top of the **Subnets** page, select **Create a Bastion** to return to the Bastion configuration page.
 
-   :::image type="content" source="./media/tutorial-create-host-portal/create-a-bastion.png" alt-text="Screenshot of Create a Bastion.":::
+   :::image type="content" source="./media/tutorial-create-host-portal/create-a-bastion.png" alt-text="Screenshot of Create a Bastion."lightbox="./media/tutorial-create-host-portal/create-a-bastion.png":::
 
 ### Public IP address
 
-The public IP address of the Bastion resource on which RDP/SSH will be accessed (over port 443). Create a **new public IP address**. The public IP address must be in the same region as the Bastion resource you're creating. This IP address doesn't have anything to do with any of the VMs that you want to connect to. It's the public IP address for the Bastion host resource.
+This is the public IP address of the Bastion host resource on which RDP/SSH will be accessed (over port 443). The public IP address must be in the same region as the Bastion resource you're creating. This IP address doesn't have anything to do with any of the VMs that you want to connect to.
 
-   * **Public IP address name**: The name of the public IP address resource. For this tutorial, you can leave the default.
-   * **Public IP address SKU**: This setting is prepopulated by default to **Standard**. Azure Bastion uses/supports only the Standard public IP SKU.
-   * **Assignment**: This setting is prepopulated by default to **Static**.
+1. Select **Create new**.
+1. For **Public IP address name**, you can leave the default naming suggestion.
+1. For **Public IP address SKU**, this setting is prepopulated by default to **Standard**. Azure Bastion supports only the Standard public IP address SKU.
+1. For **Assignment**, this setting is prepopulated by default to **Static**. You can't change this setting.
 
 ### Review and create
 
-1. When you finish specifying the settings, select **Review + Create**. This validates the values. Once validation passes, you can create the Bastion resource.
-1. Review your settings. 
+1. When you finish specifying the settings, select **Review + Create**. This validates the values. Once validation passes, you can deploy Bastion.
+1. Review your settings.
 1. At the bottom of the page, select **Create**.
-1. You'll see a message letting you know that your deployment is underway. Status will display on this page as the resources are created. It takes about 5 minutes for the Bastion resource to be created and deployed.
+1. You'll see a message letting you know that your deployment is underway. Status will display on this page as the resources are created. It takes about 10 minutes for the Bastion resource to be created and deployed.
 
 ## Connect to a VM
 
@@ -165,7 +169,7 @@ your resources using the following steps:
 
 ## Next steps
 
-In this tutorial, you created a Bastion host and associated it to a virtual network. You then removed the public IP address from a VM and connected to it. You may choose to use Network Security Groups with your Azure Bastion subnet. To do so, see:
+In this tutorial, you deployed Bastion to a virtual network and connected to a VM. You then removed the public IP address from the VM. Next, configure additional Bastion features.
 
 > [!div class="nextstepaction"]
-> [Work with NSGs](bastion-nsg.md)
+> [Bastion features and configuration settings](configuration-settings.md)