Skip to content

Azure Bastion + Windows Jump Box - Developer Access

Browser-based secure access to VNet resources

Overview

Loan Defenders uses Azure Bastion with a Windows Server 2022 Jump Box VM for developer access to private VNet resources. This replaces VPN Gateway with a simpler, more cost-effective solution that provides:

  • ✅ Browser-based RDP access (no VPN client installation)
  • ✅ Full Windows environment with browsers for UI testing
  • ✅ Pay-per-use model (stop VM when not in use)
  • ✅ Faster provisioning (10 minutes vs 45 minutes for VPN)
  • ✅ ~$150/month cost savings vs VPN Gateway

Quick Access

Connect to Jump Box VM

  1. Navigate to Azure Portal
  2. Go to your resource group (e.g., ldfdev-rg)
  3. Find the Jump Box VM (e.g., ldfdev-jumpbox-vm)
  4. Click ConnectBastion
  5. Enter credentials and click Connect
  6. Browser-based RDP session opens

Access Application Containers

From the Jump Box VM, open browser and navigate to:

  • UI: http://10.1.0.4:80
  • API: http://10.1.0.4:8000
  • MCP Verification: http://10.1.0.4:8010
  • MCP Documents: http://10.1.0.4:8011
  • MCP Financial: http://10.1.0.4:8012

Cost Management

Stop VM When Not in Use

# Stop VM (deallocates compute, saves ~$70/month)
az vm deallocate -g ldfdev-rg -n ldfdev-jumpbox-vm

# Start VM when needed
az vm start -g ldfdev-rg -n ldfdev-jumpbox-vm

Delete Bastion During Extended Breaks

# Delete Bastion (saves ~$140/month)
az network bastion delete -g ldfdev-rg -n ldfdev-bastion

# Redeploy when needed (10 minutes)
../infrastructure/scripts/deploy-foundation.sh dev

Architecture & Implementation Details

For complete technical details, architecture diagrams, cost analysis, and implementation guide, see:

ADR-050: Azure Bastion Replaces VPN Gateway

What's covered in ADR-050: - Complete architecture diagrams - Detailed cost comparison ($210/month vs $360/month) - Security considerations - Bicep implementation - Windows Jump Box configuration - Troubleshooting guide - Production considerations

Supersedes

This approach supersedes: - VPN Dev Access - VPN Gateway approach (ADR-025) - All VPN-related troubleshooting guides