Tutorial: Securely Access Remote Instances with a Bastion Host

5 min read

By: Frederic Lavigne

A new tutorial on deploying a bastion host to securely access remote instances within a virtual private cloud

When designing a solution on the cloud, no application architecture is complete without a clear understanding of potential security risks and how to protect against such threats. As you design the network architecture, you want to limit the entry points into your system—only open the minimum required set of ports on your servers, hide the servers from the public Internet, implement firewall, intrusion detection system, etc.

We have added a new tutorial to the IBM Cloud documentation where we look at how you can administer remote instances within a virtual private cloud while limiting their exposure to the outside world.

private cloud

The first in a series of tutorials on virtual private cloud

This tutorial is the first in a series of tutorials on virtual private cloud. It walks you through the deployment of a bastion host to securely access remote instances within a virtual private cloud. A bastion host is an instance that is provisioned in a public subnet and can be accessed via SSH. Once set up, the bastion host acts as a jump server, allowing secure connection to instances provisioned in a private subnet.

Administrative tasks on the individual servers are going to be performed using SSH, proxied through the bastion. Access to the servers and regular internet access from the servers (e.g., for software installation) will only be allowed with a special maintenance security group attached to those servers.

View the tutorial

Comments, suggestions, and ideas for future tutorials

The tutorials section has a feedback form on the side where you can comment on the content. If you have suggestions on the existing tutorials or ideas for future additions, please submit your feedback.

Be the first to hear about news, product updates, and innovation from IBM Cloud