This topic describes the features supported by Bastionhost Basic Edition and Bastionhost Enterprise Edition and the differences of the features between the editions.
Background information
The following section describes the scenarios in which the Basic and Enterprise editions are used and the advantages of different editions:
Bastionhost Basic Edition is suitable for small and medium-sized enterprises that own 50 to 500 different types of assets and require professional O&M. This edition provides fine-grained O&M capabilities, such as client-based O&M, fine-grained access control and authorization for O&M users, automatic high-risk command blocking, and real-time O&M session monitoring and blocking. Resource Access Management (RAM) users, Active Directory (AD)-authenticated users, and Lightweight Directory Access Protocol (LDAP)-authenticated users can be added to Bastionhost Basic Edition for management. Bastionhost Basic Edition can help small and medium-sized enterprises ensure basic O&M security.
Bastionhost Enterprise Edition is suitable for large-sized enterprises and enterprises in sectors that have high requirements for O&M security, such as public service, finance, gaming, online education, and information technology sectors. Bastionhost Enterprise Edition supports the O&M features provided by Bastionhost Basic Edition. Bastionhost Enterprise Edition also provides the following features to meet higher requirements for O&M security. Bastionhost Enterprise Edition provides the following advantages:
Database O&M: O&M and authorization management is supported for ApsaraDB RDS instances, and self-managed databases and third-party databases that run MySQL, SQL Server, PostgreSQL, and Oracle.
Hybrid O&M: centralized O&M is supported in scenarios that involve different types of assets, such as assets in data centers, assets in third-party clouds, and cross-account assets.
Higher business stability: Bastionhost Enterprise Edition uses a dual-engine architecture. Both engines are active, which offers a Service Level Agreement (SLA) of 99.95%.
Other value-added capabilities: O&M portal-based O&M is supported. Automatic password change is supported for Linux assets, which improves password security.
Bastionhost features
The following table describes the features supported by Bastionhost Basic Edition and Bastionhost Enterprise Edition, and the differences in features between the editions.
In the following table, a cross (
Parameter | Description | Basic | Enterprise | References |
Architecture | Uses a dual-engine and high-availability architecture to ensure stability of business and monitoring operations. | Cloud architecture. | Cloud-based dual-engine architecture. | |
Cross-domain O&M | You can manage assets across multiple virtual private clouds (VPCs) in multiple regions in a single console. | Self-managed networks are supported. | Self-managed networks and network domain proxies are supported. | None |
Elastic scaling | You can upgrade configurations such as the number of assets and storage capacity based on your business requirements. |
|
| |
Deployment | You can deploy a bastion host outside the Chinese Mainland. You can switch language between simplified Chinese, traditional Chinese, and English based on your business requirements. Two-factor authentication supports mobile phone numbers that are provided by telecom carriers outside China. |
|
| Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost? |
User and asset management | You can assign multiple roles to users. |
|
| None |
You can synchronize users from RAM, AD, LDAP, and Azure Active Directory (Azure AD). You can also import multiple users from a file at a time. |
|
| ||
You can manage Windows and Linux servers and use the following protocols for O&M: SSH, Remote Desktop Protocol (RDP), and SSH File Transfer Protocol (SFTP). |
|
| ||
You can perform O&M and audit operations on ApsaraDB RDS for MySQL instances, ApsaraDB RDS for SQL Server instances, ApsaraDB RDS for PostgreSQL instances, and self-managed databases. |
|
| ||
You can import multiple third-party assets at a time. |
|
| ||
You can import multiple Alibaba Cloud Elastic Compute Service (ECS) instances at a time. |
|
| ||
You can perform O&M operations on hosts of ApsaraDB MyBase dedicated clusters, servers that are deployed on the cloud, and servers in data centers. |
|
| None | |
You can implement two-factor authentication in multiple regions. Email-based and SMS-based two-factor authentication is supported. |
|
| ||
You can verify logons to your bastion host based on dynamic verification codes on apps. |
|
| ||
You can manually change the password of a Linux host account or create an automatic password change task to change the password on a regular basis. |
|
| ||
O&M management | This feature allows you to log on to your bastion host by using a client, such as a Windows Remote Desktop, XShell, SecureCRT, or PuTTY client, to access graphical or character devices. This feature records O&M operations and allows you to play back the recordings. |
|
| |
This feature allows you to log on to your bastion host by using a local SFTP client, such as WinSCP, Xftp, and SecureFX, to perform O&M operations. |
|
| ||
This feature allows you to log on to the O&M portal to maintain assets on which you have permissions on a web page. You can also use a one-time password (OTP) token to log on to the O&M as a local user. |
|
| ||
This feature allows you to maintain servers on a web page. |
|
| ||
This feature monitors O&M sessions in real time and can block O&M sessions. |
|
| Search for real-time monitoring sessions and view session details and Interrupt sessions | |
This feature controls the upload and download operations in the RDP clipboard, and mapping operations in RDP. |
|
| ||
This feature allows you to block and approve important command policies. |
|
| ||
This feature controls the following operations when you perform O&M operations: uploading, downloading, deleting, and renaming files and creating and deleting folders. |
|
| ||
Operation audit | This feature records operations logs and allows you to audit and play back the recordings. |
|
| |
This feature allows you to audit the file transfer. |
|
| ||
This feature allows you to generate O&M reports and export the reports to PDF, HTML, or Word files. |
|
| View the O&M information on the O&M Reports page and export an O&M report | |
API operations | This feature allows you to call API operations. |
|
|
