This topic describes how to deploy hosts, users, and O&M rules, implement O&M on hosts, and audit O&M sessions after you create a bastion host in Bastionhost V3.2.

The following table describes the steps.

Step Description
Step 1: Synchronize ECS assets The administrator adds the host to be managed to the bastion host. In this step, the administrator can synchronize the Elastic Compute Service (ECS) instances that belong to the current Alibaba Cloud account to the bastion host and create host accounts.
Step 2: Import Alibaba Cloud RAM users The administrator adds users to the bastion host. In this step, the administrator can import Alibaba Cloud RAM users to the bastion host.
Step 3: Create O&M rules The administrator creates O&M rules to authorize specific users to perform O&M operations on specific assets. In this step, the administrator creates O&M rules and authorizes specific users to perform O&M operations on specific hosts and host accounts.
Step 4: Perform O&M operations on hosts Users (O&M personnel) access authorized hosts and perform O&M operations in client/server (C/S) O&M mode.
Step 5: Audit O&M sessions When users log on to the bastion host in SSH, RDP, or SFTP mode to perform O&M operations on authorized hosts, the administrator can view the O&M session details in the console of the bastion host. In this step, the administrator can query and audit O&M operations and block high-risk sessions in the bastion host.

For more information about operations in Bastionhost, such as how to configure user groups or host groups at a time, see User Guide (V3.2).