Azure Bastion

Some connection types support connecting through a Azure Bastion Gatewway.

Usage of Azure Bastion

The Azure Bastion Gateway can be used to access Azure computers with private IP addresses through a tunnel (port forwarding). Azure CLI tools including the Bastion extension is required to be installed on the system.

Once you created and set up an Azure Bastion Gateway, you can assign it on the Secure Gateway page of a Terminal (SSH) connection or Remote Desktop connection. Simply specify the resource ID in the Computer Name field or the private IP address if your Azure Bastion is configured to allow IP-based connections.

Requirements

Azure Bastion

An Azure Bastion must be deployed with the following configuration:

  • The SKU / Tier must be Standard
  • Native client support must be enabled

Local Machine

  • The Azure CLI tools must be installed (az commands).
  • The bastion extenstion for the Azure CLI must be installed.
  • az login may be required to be called to authenticate your Azure account before you can use the Azure Bastion integration.
Important

After installing the Azure CLI tools and the bastion extension, make sure you close and restart Royal TS.

At the core, Royal TS will use the installed Azure CLI to open a web socket with local portforwarding by calling the az network bastion tunnel command.

Note

Be aware that using the Azure Bastion and switching the SKU to Standard comes with higher monthly costs in addition to bandwidh costs from the Azure side. Make sure you check the Azure pricing page for more information. Deploying a Royal Server or an SSH server (Secure Gateway) may be more cost effective.

Azure CLI Configuration

Since Azure CLI Version 2.61.0, Microsoft changed a couple of things related to az login command. Make sure you read the following and configure the CLI to avoid additional interaction in the CLI:

Object Properties

The Azure Bastion Properties dialog is shown:

  • for a new Azure Bastion object by clicking the Azure Bastion command in the Add group on the Edit ribbon tab.
  • for an existing Azure Bastion objects by selecting an Azure Bastion object and clicking on the Properties command in the Edit group on the Home ribbon tab.
  • as a bulk-edit dialog when multiple Azure Bastion objects were selected in the Folder / Document Dashboard and the Properties command in the Edit group on the Home ribbon tab is clicked. See also: Bulk Operations

Azure Bastion Properties

The Azure Bastion page allows you to configure the name, subscription and resource group of the Azure Bastion Resource.

Display Name (required)

Enter a display name for object.

Color

Click the color picker button in the display name text box to select a color. In the User Interface settings you can configure to show the color in the navigation tree, the connection tab or as connection border.

Icon

Click the icon picker button next in the display name text box to select and assign a custom icon to the object.

Bastion Name

Enter the name of the Azure Bastion resource.

Subscription

Optionally specify the name or ID of your Azure subscription.

Resource Group

Optionally specify the resource group.

Description

Enter a description for the object.

Advanced

You can use this page to change advanced settings for the Azure Bastion Gateway.

Azure Configuration Directory

The Azure configuration directory (AZURE_CONFIG_DIR environment variable) to use for this Bastion Gateway. If not specify (empty), Royal TS will use the default directory: %USERPROFILE%\.azure

Note

Environment variables and replacement tokens are supported.

Additional Tunnel Arguments

Additional arguments to be passed on to the az CLI when the tunnel is created.

Notes

The Notes page allows you to enter notes for the selected object with HTML formatting, links and embedded images. You can also configure the notes to be inherited from the parent folder.

Use Notes from the parent folder

When selected, Royal TS will display the notes from the parent folder in the notes panel. This option is not available on the document level.

Tip

To embed images, drag them into the editor using drag & drop.

Custom Properties

The Custom Properties page allows you to enter and store additional information for the object. Various data formats are available, including protected fields. You can also group properties by using Header.

Inherit from Parent

When checked, the properties configured on the parent folder are shown but are read-only.

Custom Properties

Use the '+' icon to add a header or a Field or multiple fields based on a template. Click on the label to name the field and enter a value. Click the 'Gear' icon to remove a field or header. The 'Gear' icon also shows additional options, like moving a field up or down.

Custom Fields

The Custom Fields page allows you to enter and store additional information for the object. Custom fields can be used in tasks and templates to inject values from the context connection.

Standard custom fields are also shown in the folder dashboard views and in the properties panel. Protected custom fields can be used to store confidential data (for example when you need an additional password in a task). If you make use of protected custom fields, make sure you encrypt and password protect your document.

Note

Custom fields can be used in Tasks and in the Properties Panel. You can put web page URLs (like an iLO management address) or command lines (such as programs or batch files) in the custom fields and execute them using tasks or directly from the properties panel. Each individual custom field can also be configured to be inherited from the parent folder.

Parent Folder

The Parent Folder page allows you to view or change the parent folder of the selected object. To move multiple objects to another folder use the parent folder page in bulk-edit mode or use the move to command from the Edit tab (see Working with Connections).

Important

You cannot create connections in the Application document. Moving a folder containing connections to a folder in the Application document will fail.