Connecting to Azure VNET

Learn how to connect to Azure resources privately from a DevBox.

In this guide you will know how to setup a Bastion Host on Azure Infrastructure. This Bastion Host will allow you to connect to Private Azure services and use them directly from your DevBox.

If you're more of a visual learner, check out the video tutorial!

Step 1: Create a VNET

In this step, you will be creating a VNET. This will house all of your resources together including the bastion host.

  1. Go to Home > Virtual Networks > Create Virtual Network.

  2. Under the Basics section, enter the Resource group name.

you can select an existing Resource Group or create a new Resource Group by clicking on create new.

  1. Enter the Virtual Network name and the desired region of deployment.

  2. After setting up the Basics, navigate to the IP Addresses Section and create a Public subnet by entering the subnet name and Starting address of the subnet.

  3. To make a private subnet in Azure, you just need to check the Enable private subnet (no default outbound access) checkbox under the Private Subnet section while creating the subnet.

  4. After everything is setup, you can navigate to the Review + Create section and click on Create.

Step 2: Create a Bastion Host

Now you need to create and setup a Virtual Machine which you would be using as the Bastion Host.

  1. Go to Home > Virtual Machines > Create a virtual machine.

  2. In the Basics section, choose the same resource group which you chose for your VNET.

  3. Then input your VM name, region and image.

you can view the available VM images here.

  1. Enter your desired username and select the allow selected ports for the Public inbound ports option.

  2. Go to the Networking section and enter your Virtual Network (VNET). Remember to choose the public IP option as you need to configure this virutal machine to access private azure services.

  3. Select the Basic option for NIC network security group, it would create a security group for you which allows port access for SSH.

  4. Click on Review + Create and click on Create.

  5. Download the SSH private key when prompted, this will help you SSH into the Bastion Host later on.

Step 3: Connect to DevZero Network

Now you just need to install DevZero CLI and enable IP forwarding to access the private resources.

  1. SSH into your Bastion Host and install the DevZero CLI:

curl -fsSL https://get.devzero.io | sh

  1. Log into your account by executing:

sudo dz auth login && sudo dz net connect

  1. Enable IP forwarding to access resources on private subnets:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf

  1. Now you need to advertise your VNET route to connect to DevZero network:

sudo dz net connect --ssh --advertise-routes=<VNET-cidr>

  1. Verify that the machine is connected to your DevZero network:

dz net status

You should see the Azure machine hostname.

  1. You should now be able to ping or ssh private Azure resources from your DevBox:

ping <ip_address>

Video Walkthrough

PreviousConnecting to AWS VPCNextConnecting to GCP VPC

Last updated