Simplifying Azure Bastion - 8 Managing Azure Bastion - Session Management, Monitoring and Alerting

@20aman    Apr 24, 2021

This blog is a part of the Azure Bastion series. You can find the Index of this series here: Azure Bastion Series.

In the previous few posts, we looked at various aspects of the Azure Bastion service. In this post, we will look at various monitoring and alerting capabilities related to Azure Bastion.

Monitoring remote sessions

You can monitor all the remote sessions being facilitated by Azure Bastion. To do this navigate to the Azure Bastion host. Click on the "Sessions" under settings. On the right side, you will be able to view all the active sessions. Click on the Refresh button to update the list with any added or removed session.

Note that in the list you will see many pieces of valuable information. Few important ones are:

  1. Target Host Name - Hostname of the VM that has an active session.
  2. UserName - User name that was used to connect to the VM.
  3. Protocol - RDP or SSH protocol, that is used to connect to the target VMs (by the Bastion host). It is ssh for Linux and RDP for Windows VMs.
Monitoring remote sessions

Managing remote sessions - Deleting the sessions

If required, you can delete any session from the list of active sessions. To do this simply right-click on the session name in the list and click on the Delete in the pop-up menu.

Option to delete a session

The person connected to the VM via Azure Bastion will see a prompt similar to the below. Even after a reconnection attempt from this prompt the connection won't be successful. If the end-user wants to connect again then they will have to initiate the connection again from the Azure portal.

Disconnected session

Monitoring Azure Bastion

The monitoring capabilities are integrated with Azure Monitor. Navigate to the Monitor service in the Azure portal and then click on the "Metrics" option in the left settings pane. On the right side, set the Scope to the Azure Bastion host, that you want to monitor. Next, select one of the available metrics from the list of Metric dropdown.

The options available for Metric are:

  1. Availability - Bastion communication status
  2. Saturation - Total memory
  3. Saturation - Used CPU
  4. Saturation - Used memory
  5. Traffic - Session count

The one shown in the screenshot below is for "Traffic - Session count".

Metrics for Bastion Monitoring

Creating Alerts on Azure Bastions

From the Monitor, you can also create Alerts related to Azure Bastion. This experience is also similar to creating an alert for any other service in Azure. To create a new alert, click on the "+ New alert rule" button under the Alert section.

In the "Create alert rule", select the scope and set it to the Azure Bastion service. Then click on the "Add condition" button. This will bring a pop-up blade to "Configure signal logic". This is the condition on which the alert will be triggered. Check all the signals available here.

Additionally, you can select or create an Action Group to send notifications and take actions whenever an alert is triggered.

Alerts for Bastion

Comments powered by Disqus