There is lots of confusion between virtual machines and bastion hosts. Most of the people didn’t understand the difference between these two clearly.
Here are the key differences between VMs and bastion hosts in Google Cloud Platform (GCP).
- Purpose: VMs are general compute instances used to run applications and workloads. Bastion hosts are special secure instances used to manage/access other VMs securely.
- Access: VMs can be accessed directly or indirectly. Bastion hosts are used as the only way to access other VMs indirectly in a secure manner.
- Security: VMs have regular security. Bastion hosts have hardened security, restricted permissions, and access monitoring.
- Number: Many VMs can be created. Usually only 1 bastion host is created per environment/VPC.
- Connectivity: VMs connect to backend services or databases. Bastion hosts connect to VMs.
- Usage: VMs do the main work. Bastion hosts manage and access other VMs.
In summary, bastion hosts act as secure gateways to access and manage VMs safely without exposing them directly to external networks. VMs do the actual compute workloads.