Bastionhost provides features such as operation audit, access control, security authentication, and efficient O&M.
Bastionhost records all operations performed by O&M personnel to support backtracking and failure analysis.
- O&M operation recording: records all operations, including misoperations, malicious operations, and unauthorized operations in detail.
- Linux command audit: extracts and audits commands and allows you to play back the commands from a specific point in time.
- Windows operation recording: records remote desktop operations, such as mouse actions, and window operations.
- File transfer audit: audits files that are transferred by using Remote Desktop Protocol (RDP) or Secure File Transfer Protocol (SFTP).
Bastionhost offers account and permission management features to enable you to implement access control for personnel and assets.
- Account management: provides a unique O&M account to prevent the issues caused by account sharing, temporary accounts, and permission abuse.
- Permission management: allows you to set up an authorization system to manage personnel duties and resource allocation by person, department, or resource group.
Bastionhost supports two-factor authentication. Technologies such as SMS authentication and dynamic tokens are used to prevent account and password leakage. You can synchronize your AD authentication or LDAP authentication users to Bastionhost with one click and retain the original user deployment mode.
Bastionhost provides the following O&M benefits:
- Supports client/server architecture-based access over SSH, RDP, or SFTP for O&M.
- Supports various clients such as PuTTY, SecureCRT, XShell, WinSCP, and MSTSC.
- Synchronizes ECS instances with one click.
- Synchronizes RDS dedicated cluster hosts with one click.