Bastionhost has the Basic Edition and HA Edition. This topic describes the differences between these editions.

Background information

Basic Edition

Bastionhost Basic Edition provides basic features, including two-factor authentication, O&M authorization, high-risk command blocking, and O&M audit. These features help small- and medium-sized enterprises ensure basic O&M security and meet the requirements of classified protection.

HA Edition

Bastionhost HA Edition is suitable for the large-sized enterprises or enterprises in the sectors that have high requirements for O&M security, such as the public service, finance, gaming, online education, and technology development sectors.

Bastionhost HA Edition supports the O&M features that are provided by the Basic Edition. Bastionhost HA Edition also provides the following features to meet higher requirements for business O&M security:
  • Higher business stability. Bastionhost HA Edition uses a dual-engine architecture. Both engines are active, which offers a Service Level Agreement (SLA) of 99.95%.
  • Higher processing performance. Bastionhost HA Edition can maintain up to 10,000 hosts. However, Bastionhost Basic Edition can maintain up to 500 hosts.
  • More O&M capabilities. For example, Bastionhost HA Edition allows you to perform O&M operations by using a web terminal and supports automatic password change. You can use automatic password change to regularly rotate passwords, which improves password security.
  • More bandwidth and storage. Bastionhost HA Edition offers you better O&M experience.

Bastionhost features

Note In the following table, a tick (√) indicates that a feature is supported and a cross (×) indicates that a feature is not supported.
Feature Description Basic Edition HA Edition References
Architecture The dual-engine and high-availability architecture ensures business and monitoring stability. × None
Auto scaling You can increase bandwidth and storage based on your business requirements. Billing
Deployment You can deploy a bastion host outside China. You can switch between simplified Chinese, traditional Chinese, and English based on your business requirements. Two-factor authentication supports the mobile phone numbers provided by telecom carriers outside China. Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost?
User and asset management You can assign multiple roles to users. None
You can synchronize users from Resource Access Management (RAM), Active Directory (AD), Lightweight Directory Access Protocol (LDAP), and Azure Active Directory (Azure AD). You can also import multiple users from a file at a time. Add users
You can manage Windows or Linux servers and use the following protocols for O&M: SSH, Remote Desktop Protocol (RDP), and SSH File Transfer Protocol (SFTP). Add hosts
You can import multiple hosts at a time. You can import Alibaba Cloud Elastic Compute Service (ECS) instances by using a file or with a few clicks. Add hosts
You can maintain ApsaraDB for MyBase dedicated clusters, servers that are deployed on the cloud, and servers in data centers. None
You can implement two-factor authentication in multiple regions. Email- and SMS-based two-factor authentication is supported. Enable two-factor authentication
You can verify logons to your bastion host based on dynamic verification codes on apps. None
You can manually change the password of a Linux host account or create an automatic password change task to change the password on a regular basis. × Use the automatic password change feature
O&M management This feature allows you to log on to your bastion host by using a client, such as a Windows Remote Desktop, XShell, SecureCRT, or PuTTY client, to access graphical or character devices. This feature records O&M operations and allows you to play back the recordings. RDP-based O&M and SSH-based O&M
This feature allows you to log on to your bastion host by using a local SFTP client, such as WinSCP, Xftp, and SecureFX, to perform O&M operations. SFTP-based O&M
This feature allows you to maintain servers on a web page. × Use the host O&M feature
This feature monitors O&M sessions in real time and can block O&M sessions. Search for real-time monitoring sessions and view session details and Interrupt sessions
This feature controls the upload and download operations in the RDP clipboard, and mapping operations in RDP. Create a control policy
This feature allows you to block and approve important command policies.
This feature controls the following operations when you perform O&M operations by using a local SFTP client: upload, download, delete, and rename files, and create and delete folders.
Operation audit This feature records operations logs and allows you to audit and play back the recordings. Search for sessions and view session details
This feature allows you to audit the transfer of files.
This feature allows you to generate O&M reports and export O&M reports to PDF, HTML, or Word files. O&M reports
API operation This feature allows you to call API operations. List of operations by function