This topic introduces the basic concepts related to Bastionhost.

Bastionhost administrator

A user who has full permissions on Bastionhost. The permissions of a Bastionhost administrator include the permissions to manage assets and users and audit sessions.
Note A Resource Access Management (RAM) user must be created before you can grant the Bastionhost administrative rights to the RAM user. For more information about how to create a RAM user, see Create a RAM user.

Bastionhost O&M administrator

A user who has the permissions to log on to a bastion host and perform O&M operations on assets.

Bastionhost auditor

A user who has the permissions to view Bastionhost audit data. A Bastionhost auditor can block real-time sessions.
Note A RAM user must be created before you can grant the Bastionhost auditor permissions to the RAM user. For more information about how to create a RAM user, see Create a RAM user.

Bastionhost read-only permissions

The permissions to view all the features and configurations of Bastionhost. Users who have read-only permissions can only view the features and configurations of Bastionhost but cannot modify the features and configurations.
Note A RAM user must be created before you can grant the Bastionhost read-only permissions to the RAM user. For more information about how to create a RAM user, see Create a RAM user.

number of assets

The number of assets managed by a bastion host.

concurrency

The number of O&M sessions that are established on Bastionhost at the same time. For example, if 10 users simultaneously use Bastionhost to perform O&M operations on their assets and each user establishes five connections on average by using protocols, such as SSH and Remote Desktop Protocol (RDP), the concurrency is 50.

Client/Server O&M

A user uses an RDP or SSH client, such as Remote Desktop Connection (MSTSC) or Xshell, and enters the required information to log on to a bastion host and perform O&M operations on authorized assets. The information includes the username, password, O&M URL, and port number of the bastion host.

web terminal-based O&M

A RAM user is used to perform O&M operations on the authorized assets on a web page.

real-time monitoring

Real-time video recording of O&M operations that happen during a session.

session audit

Video playback of O&M operations that happen during a session.

credential hosting

Credentials are the passwords or keys of the accounts that are created for hosts. Credential hosting indicates that an administrator manages the passwords or keys of host accounts in Bastionhost.
Note If a user wants to use Bastionhost to perform O&M operations on a host after the administrator authorizes the hosted credentials to the user, the user can directly log on to the host by using the credentials hosted on Bastionhost.

host fingerprint

A unique identifier that Bastionhost uses to identify a Linux host.

public key of a user

A public key in a key pair. Private and public keys are used for asymmetric encryption. A public key and a private key compose a key pair. A public key is used to encrypt data and is published by the owner of a key pair to users. Data that is encrypted by using the public key can be decrypted only by using the private key. A private key is used to decrypt the data that is encrypted by using the public key. It is owned by the owner of a key pair and cannot be published.
Note A user can use a key pair to log on to a bastion host. After the public key is hosted on Bastionhost, the user can use the private key to log on to the bastion host.

network domain

LANs and virtual private clouds (VPCs) are network domains. If a network domain cannot communicate with the VPC in which your bastion host resides, you can specify a server in the network domain as a proxy server. Then, you can connect your bastion host to the proxy server to perform O&M operations on other servers in the network domain.