Azure Bastion
Arpio replicates Azure Bastion Hosts, enabling secure RDP/SSH access to virtual machines to be restored in recovery environments without exposing those VMs to the public internet.
Bastion Host
Arpio replicates Bastion Hosts with their IP configurations, scale unit count, and feature settings (tunneling, IP-based connect, copy/paste, shareable links). At recovery time, the Bastion is recreated in the recovery virtual network with its public IP address and subnet references translated to the recovery environment. Private IP addresses within the Bastion's IP configurations are renumbered based on the recovery VNet's address space.
The following attributes are translated during replication:
| Attribute | Translation Method |
|---|---|
| Virtual Network | Reference translated to recovery VNet |
Subnet (AzureBastionSubnet) |
Reference translated to recovery subnet |
| Public IP Address | Reference translated to recovery public IP |
| Private IP Address | Renumbered based on recovery VNet address space |
| DNS Name | CNAME references to the Bastion translated to the recovery DNS name |
The following resources are automatically selected into recovery points when a Bastion Host is selected:
- Virtual network containing the
AzureBastionSubnet - Public IP address attached to the Bastion's IP configuration
Limitations
- DNS name changes in recovery — Azure assigns the Bastion's
*.bastion.azure.comDNS name dynamically, so the recovered Bastion will have a different DNS name than the source. Arpio translates CNAME references that point at the source Bastion's DNS name, but external clients or scripts that hard-code the source DNS name must be updated after recovery.