If you want to centrally maintain the servers that reside on different networks but cannot communicate with bastion hosts in virtual private clouds (VPCs), we recommend that you use the network domain feature of Bastionhost. You can configure a proxy server for these servers, create a network domain in the Bastionhost console, and then connect the network domain to the proxy server. This way, you can use the proxy server to maintain other servers. This topic describes how to use the network domain feature.

Background information

The network domain feature provides the optimal O&M solutions for hybrid cloud scenarios. For example, you can use the feature to maintain servers across data centers, heterogeneous clouds, and VPCs. In most cases, the servers of an enterprise are deployed in different regions and may fail to communicate with a bastion host. To address this issue, you can use public IP addresses or leased lines to connect to the servers. However, public IP addresses may pose security risks while leased lines cause high network costs. In this case, we recommend that you use the proxy modes of the network domain feature to centrally maintain the servers that reside on different networks. The proxy modes are supported by Bastionhost HA Edition. The servers include those in a data center, a heterogeneous cloud, and different VPCs.

Limits

  • Only Bastionhost HA Edition supports the proxy modes of the network domain feature.
  • The network domain feature supports SSH, HTTP, and SOCKS5 proxies.

Create a network domain

To use your bastion host to maintain multiple servers in a network domain, you must create a network domain for the bastion host and connect the network domain to a proxy server.

  1. Log on to the Bastionhost console.
  2. In the left-side navigation pane, choose Assets > Network Domain.
  3. On the Network Domain page, click Create Network Domain.
  4. In the Create Network Domain panel, configure the following parameters.
    Parameter Description
    Network Domain Name The name of the network domain.
    Proxy Type The mode of the proxy. Valid values:
    • Direct Connection
    • SSH Proxy
    • HTTP Proxy
    • SOCKS5 Proxy
    Server Address The address of the proxy server.
    Server Port The port of the proxy server.
    Host Account The account of the proxy server.
    Password The password of the account for the proxy server.
    Remarks The remarks of the network domain.
    Note Bastionhost Basic Edition and HA Edition support different connection modes.
    • Bastionhost Basic Edition supports only the direct connection mode.
    • Bastionhost HA Edition supports the direct connection, SSH proxy, HTTP proxy, and SOCKS5 proxy modes.
  5. In the lower part of the Create Network Domain panel, click Test Connection.
    If you set Proxy Type to Direct Connect in Step 4, skip this step and go to Step 6.
    Note If the connectivity test fails, check whether the parameters are correctly configured.
  6. Click Create Network Domain. The system displays the message "The network domain translation is created."
    You can click Associate Host below the message to add the hosts that you want to maintain to the network domain. For more information, see Add hosts. Network domain created

Add hosts

After you create a network domain, you can add hosts to the network domain.

  1. Log on to the Bastionhost console.
  2. In the left-side navigation pane, choose Assets > Network Domain.
  3. On the Network Domain page, find the network domain to which you want to add hosts.
  4. Click Add Host in the Actions column.
  5. In the Add Host dialog box, find the host that you want to add to the network domain and click Add Host in the Actions column.
    You can also select multiple hosts that you want to add to the network domain and click Add Host below the host list to add the selected hosts at a time.

Edit a network domain

You can edit the basic information of a network domain. You can also add hosts to or delete hosts from a network domain.

  1. Log on to the Bastionhost console.
  2. In the left-side navigation pane, choose Assets > Network Domain.
  3. On the Network Domain page, find the network domain whose information you want to edit.
  4. Click Edit in the Actions column.
  5. On the Network Domain Details page, edit the information on the Basic Info and Host tabs.
    • On the Basic Info tab, you can change the values of parameters, including Network Domain Name, Proxy Type, Server Address, Server Port, Host Account, and Password.
    • On the Host tab, you can add or delete hosts.

What to do next

After you connect your bastion host to the servers in a network domain by using the network domain feature, you must authorize hosts for your bastion host to maintain the servers in the network domain.