Bastionhost has the Basic Edition and HA Edition. This topic describes the differences between these editions.
Bastionhost Basic Edition provides basic features, including two-factor authentication, O&M authorization, high-risk command blocking, and O&M audit. These features help small- and medium-sized enterprises ensure basic O&M security and meet the requirements of classified protection.
Bastionhost HA Edition is suitable for the large-sized enterprises or enterprises in the sectors that have high requirements for O&M security, such as the public service, finance, gaming, online education, and technology development sectors.
- Higher business stability. Bastionhost HA Edition uses a dual-engine architecture. Both engines are active, which offers a Service Level Agreement (SLA) of 99.95%.
- Higher processing performance. Bastionhost HA Edition can maintain up to 10,000 hosts. However, Bastionhost Basic Edition can maintain up to 500 hosts.
- More O&M capabilities. For example, Bastionhost HA Edition allows you to perform O&M operations by using a web terminal and supports automatic password change. You can use automatic password change to regularly rotate passwords, which improves password security.
- More bandwidth and storage. Bastionhost HA Edition offers you better O&M experience.
|Feature||Description||Basic Edition||HA Edition||References|
|Architecture||The dual-engine and high-availability architecture ensures business and monitoring stability.||×||√||None|
|Auto scaling||You can increase bandwidth and storage based on your business requirements.||√||√||Billing|
|Deployment||You can deploy a bastion host outside China. You can switch between simplified Chinese, traditional Chinese, and English based on your business requirements. Two-factor authentication supports the mobile phone numbers provided by telecom carriers outside China.||√||√||Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost?|
|User and asset management||You can assign multiple roles to users.||√||√||None|
|You can synchronize users from Resource Access Management (RAM), Active Directory (AD), Lightweight Directory Access Protocol (LDAP), and Azure Active Directory (Azure AD). You can also import multiple users from a file at a time.||√||√||Add users|
|You can manage Windows or Linux servers and use the following protocols for O&M: SSH, Remote Desktop Protocol (RDP), and SSH File Transfer Protocol (SFTP).||√||√||Add hosts|
|You can import multiple hosts at a time. You can import Alibaba Cloud Elastic Compute Service (ECS) instances by using a file or with a few clicks.||√||√||Add hosts|
|You can maintain ApsaraDB for MyBase dedicated clusters, servers that are deployed on the cloud, and servers in data centers.||√||√||None|
|You can implement two-factor authentication in multiple regions. Email- and SMS-based two-factor authentication is supported.||√||√||Enable two-factor authentication|
|You can verify logons to your bastion host based on dynamic verification codes on apps.||√||√||None|
|You can manually change the password of a Linux host account or create an automatic password change task to change the password on a regular basis.||×||√||Use the automatic password change feature|
|O&M management||This feature allows you to log on to your bastion host by using a client, such as a Windows Remote Desktop, XShell, SecureCRT, or PuTTY client, to access graphical or character devices. This feature records O&M operations and allows you to play back the recordings.||√||√||RDP-based O&M and SSH-based O&M|
|This feature allows you to log on to your bastion host by using a local SFTP client, such as WinSCP, Xftp, and SecureFX, to perform O&M operations.||√||√||SFTP-based O&M|
|This feature allows you to maintain servers on a web page.||×||√||Use the host O&M feature|
|This feature monitors O&M sessions in real time and can block O&M sessions.||√||√||Search for real-time monitoring sessions and view session details and Interrupt sessions|
|This feature controls the upload and download operations in the RDP clipboard, and mapping operations in RDP.||√||√||Create a control policy|
|This feature allows you to block and approve important command policies.||√||√|
|This feature controls the following operations when you perform O&M operations by using a local SFTP client: upload, download, delete, and rename files, and create and delete folders.||√||√|
|Operation audit||This feature records operations logs and allows you to audit and play back the recordings.||√||√||Search for sessions and view session details|
|This feature allows you to audit the transfer of files.||√||√|
|This feature allows you to generate O&M reports and export O&M reports to PDF, HTML, or Word files.||√||√||O&M reports|
|API operation||This feature allows you to call API operations.||√||√||List of operations by function|