Hands-On Azure Labs: Building Redundant Cloud Solutions

Lab Overview

In this lab, you will deploy Azure Bastion into your West US network, enabling secure, browser-based remote access (RDP/SSH) to virtual machines in both West US and East US—thanks to the vNet peering established in the previous lab. Rather than assigning public IP addresses and exposing ports on each VM, Azure Bastion ensures that all administrative traffic remains within Azure’s private backbone network, dramatically reducing the attack surface of your environment.

Learning Objectives

By completing this lab, you will be able to:

• • Deploy an Azure Bastion host in vNet-West and associate it with the required subnet.
  • Configure Bastion so that it can securely manage virtual machines in both regions, leveraging the peered vNets.
  • Understand how a single Bastion deployment can provide remote access across multiple virtual networks.
  • Follow best practices for reducing internet-exposed endpoints and enhancing network security posture.

Exam Relevance

These deployment and security skills apply to:

• • AZ-104 (Azure Administrator): Validates your understanding of secure remote connectivity and Azure Bastion services.
  • AZ-305 (Azure Solutions Architect): Demonstrates your ability to design highly secure and centrally managed remote-access strategies across Azure regions.