Azure Bastion 常见问题解答Azure Bastion FAQ

这是 Azure Bastion 的常见问题解答。This is the FAQ for Azure Bastion.

面向哪些区域提供?Which regions are available?

备注

我们正在努力添加其他区域。We are working hard to add additional regions. 添加区域时,我们会将其添加到此列表中。When a region is added, we will add it to this list.

Azure 中国云Azure China Cloud

  • 中国东部 2China East 2
  • 中国北部 2China North 2

我是否需要在虚拟机上有一个公共 IP?Do I need a public IP on my virtual machine?

使用 Azure Bastion 连接到 VM 时,不需要在要连接到的 Azure 虚拟机上有一个公共 IP。When you connect to a VM using Azure Bastion, you do NOT need a public IP on the Azure Virtual Machine that you are connecting to. Bastion 服务会通过虚拟网络中的虚拟机的专用 IP 打开到虚拟机的 RDP/SSH 会话/连接。The Bastion service will open the RDP/SSH session/connection to your virtual machine over the private IP of your virtual machine, within your virtual network.

是否支持 IPv6?Is IPv6 supported?

目前不支持 IPv6。At this time, IPv6 is not supported. Azure Bastion 仅支持 IPv4。Azure Bastion supports IPv4 only.

是否需要 RDP 或 SSH 客户端?Do I need an RDP or SSH client?

无需 RDP 或 SSH 客户端即可在 Azure 门户中访问 RDP/SSH 来连接到 Azure 虚拟机。You do not need an RDP or SSH client to access the RDP/SSH to your Azure virtual machine in your Azure portal. 使用 Azure 门户 能够直接在浏览器中通过 RDP/SSH 来访问虚拟机。Use the Azure portal to let you get RDP/SSH access to your virtual machine directly in the browser.

是否需要在 Azure 虚拟机中运行代理?Do I need an agent running in the Azure virtual machine?

无需在浏览器或 Azure 虚拟机上安装代理或任何软件。You don't need to install an agent or any software on your browser or your Azure virtual machine. Bastion 服务没有代理,不需要任何其他软件即可使用 RDP/SSH。The Bastion service is agentless and does not require any additional software for RDP/SSH.

每个 Azure Bastion 支持多少个并发 RDP 和 SSH 会话?How many concurrent RDP and SSH sessions does each Azure Bastion support?

RDP 和 SSH 都是基于使用率的协议。Both RDP and SSH are a usage-based protocol. 会话的使用率高将导致堡垒主机支持的会话总数较少。High usage of sessions will cause the bastion host to support a lower total number of sessions. 下面的数字假设采用了标准的日常工作流。The numbers below assume normal day-to-day workflows.

资源Resource 限制Limit
并发 RDP 连接数Concurrent RDP connections 25*25*
并发 SSH 连接数Concurrent SSH connections 50**50**

*可能因其他正在进行的 RDP 会话或其他正在进行的 SSH 会话而有所不同。*May vary due to other on-going RDP sessions or other on-going SSH sessions.
**如果存在现有的 RDP 连接或通过其他正在进行的 SSH 会话使用,则可能会有所不同。**May vary if there are existing RDP connections or usage from other on-going SSH sessions.

RDP 会话支持哪些功能?What features are supported in an RDP session?

目前仅支持文本复制/粘贴。At this time, only text copy/paste is supported. 不支持文件复制等功能。Features such as file copy are not supported. 请随时在 Azure Bastion 反馈页上分享有关新功能的反馈。Please feel free to share your feedback about new features on the Azure Bastion Feedback page.

支持哪些浏览器?Which browsers are supported?

使用 Windows 上的 Microsoft Edge 浏览器或 Google Chrome。Use the Microsoft Edge browser or Google Chrome on Windows. 对于 Apple Mac,可使用 Google Chrome 浏览器。For Apple Mac, use Google Chrome browser. Windows 和 Mac 上也支持 Microsoft Edge Chromium。Microsoft Edge Chromium is also supported on both Windows and Mac, respectively.

Azure Bastion 将客户数据存储在何处?Where does Azure Bastion store customer data?

Azure Bastion 不会将客户数据移出部署的区域或存储到部署区域以外的区域。Azure Bastion doesn't move or store customer data out of the region it is deployed in.

是否需要通过角色来访问虚拟机?Are any roles required to access a virtual machine?

需要使用以下角色进行连接:In order to make a connection, the following roles are required:

  • 虚拟机上的读者角色Reader role on the virtual machine
  • NIC 上的读者角色(使用虚拟机的专用 IP)Reader role on the NIC with private IP of the virtual machine
  • Azure Bastion 资源上的读者角色Reader role on the Azure Bastion resource

定价是多少?What is the pricing?

有关详细信息,请参阅定价页For more information, see the pricing page.

Azure Bastion 是否需要 RDS CAL 才能在 Azure 托管的 VM 上实现管理目的?Does Azure Bastion require an RDS CAL for administrative purposes on Azure-hosted VMs?

不需要,通过 Azure Bastion 访问 Windows Server VM 时,不需要 RDS CAL(如果仅用于管理目的)。No, access to Windows Server VMs by Azure Bastion does not require an RDS CAL when used solely for administrative purposes.

Bastion 远程会话期间支持哪些键盘布局?What keyboard layouts are supported during the Bastion remote session?

Azure Bastion 目前在 VM 内支持 en-us-qwerty 键盘布局。Azure Bastion currently supports en-us-qwerty keyboard layout inside the VM. 对其他区域设置的键盘布局的支持尚在开发中。Support for other locales for keyboard layout is work in progress.

Azure Bastion 子网是否支持用户定义的路由 (UDR)?Is user-defined routing (UDR) supported on an Azure Bastion subnet?

不是。No. Azure Bastion 子网不支持 UDR。UDR is not supported on an Azure Bastion subnet. 对于在同一虚拟网络中同时包含 Azure Bastion 和 Azure 防火墙/网络虚拟设备 (NVA) 的方案,无需强制流量从 Azure Bastion 子网发往 Azure 防火墙,因为 Azure Bastion 与 VM 之间的通信是专用的。For scenarios that include both Azure Bastion and Azure Firewall/Network Virtual Appliance (NVA) in the same virtual network, you don't need to force traffic from an Azure Bastion subnet to Azure Firewall because the communication between Azure Bastion and your VMs is private. 有关详细信息,请参阅通过 Bastion 访问 Azure 防火墙后的 VMFor more information, see Accessing VMs behind Azure Firewall with Bastion.

为什么在 Bastion 会话启动前收到了“你的会话已过期”的错误消息?Why do I get "Your session has expired" error message before the Bastion session starts?

会话只能从 Azure 门户启动。A session should be initiated only from the Azure portal. 登录到 Azure 门户,并重新开始会话。Sign in to the Azure portal and begin your session again. 如果直接从另一个浏览器会话或选项卡转到 URL,则会出现此错误。If you go to the URL directly from another browser session or tab, this error is expected. 它有助于确保会话更安全,并且该会话只能通过 Azure 门户来访问。It helps ensure that your session is more secure and that the session can be accessed only through the Azure portal.

如何处理部署失败?How do I handle deployment failures?

查看任何错误消息并根据需要在 Azure 门户中提出支持请求Review any error messages and raise a support request in the Azure portal as needed. Azure 订阅限制、配额和约束可能会导致部署失败。Deployment failures may result from Azure subscription limits, quotas and constraints. 具体来说,客户可能会遇到对每个订阅允许的公共 IP 地址数的限制,这会导致 Azure Bastion 部署失败。Specifically, customers may encounter a limit on the number of public IP addresses allowed per subscription that causes the Azure Bastion deployment to fail.