Share via

Azure Bastion not automatically deleting old sessions

Kent Nordström 0 Reputation points
2024-10-30T09:31:52.2633333+00:00

We have a situation where our bastion just keeps adding to the number of active sessions and not deleting the sessions no longer used. This goes on until the limit for our size is hit and we need to kill it and start over. Currently it shows 40+ active sessions when I know there is only 1-2 active sessions used.

User's image

I'm not sure if it's related but most of our users use "az network bastion" to connect using either RDP or SSH sessions using the Bastion... Maybe the ending of thoose sessions are not properly handed by Bastion and the sessions remains "active" in Bastion context.

Has anyone seen similar behaviour or have clue how we should handle this?

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
268 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Patapati 2,590 Reputation points Microsoft Vendor
    2024-10-30T11:44:21.1933333+00:00

    Hello Kent Nordström,

    Greetings,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    The issue you're experiencing with Azure Bastion not properly cleaning up inactive sessions, especially when it leads to hitting session limits.

    Session count

    • You can view the count of active sessions per bastion instance, aggregated across each session type (RDP and SSH). Each Azure Bastion can support a range of active RDP and SSH sessions. Monitoring this metric helps you to understand if you need to adjust the number of instances running the bastion service. For more information about the session count Azure Bastion can support, please refer the below Azure Bastion FAQ.

     Refer: https://learn.microsoft.com/en-us/azure/bastion/howto-metrics-monitor-alert

    The recommended values for this metric's configuration are:

    1. Aggregation: Avg
    2. Granularity: 5 or 15 minutes
    3. Splitting by instances is recommended to get a more accurate count
    4. Screenshot showing session count.

     How to view metrics

    To view metrics, go to your bastion host.

    • From the Monitoring list, select Metrics. 
    • Select the parameters. If no metrics are set, click Add metric, and then select the parameters.
    • Scope: By default, the scope is set to the bastion host.
    • Metric Namespace: Standard Metrics.
    • Metric: Select the metric that you want to view.

    Once a metric is selected, the default aggregation will be applied. Optionally, you can apply splitting, which will show the metric with different dimensions.

    Further,

    • Proper Session Termination: Users should properly terminate their RDP or SSH sessions. For RDP, they should log out instead of just closing the window. For SSH, they should use the exit command.
    • Connection Handling: If users frequently disconnect without properly terminating sessions, consider implementing a policy or guidance on how to handle connections effectively.

    Whatever you mentioned in the comment is correct, where the bastion does not automatically terminate the session.

    NOTE: I would suggest you to please Provide product feedback for this feature.

    Hope this clarifies.

    Thanks,

    Ganesh

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.