Best practices of hybrid O&M - Bastionhost - Alibaba Cloud Documentation Center

The servers of an enterprise may be deployed on Alibaba Cloud, in data centers, across virtual private clouds (VPCs), or on other cloud platforms. The enterprise wants to manage and perform O&M operations on these servers in a centralized manner. To meet the enterprise requirements, Bastionhost supports O&M based on leased lines, O&M based on public IP addresses, and centralized O&M based on the proxy modes of the network domain feature. This topic describes how to configure and use the proxy modes of the network domain feature.

Background information

In most cases, the servers of an enterprise are deployed in different regions and may fail to communicate with a bastion host. The enterprise uses public IP addresses for O&M because the enterprise has not purchased leased lines or the O&M costs of leased lines are high. However, the exposure of public IP addresses may pose security risks. In this case, we recommend that you use the proxy modes of the network domain feature to perform O&M operations on the servers that reside on different networks. The proxy modes are supported by Bastionhost Enterprise Edition. The servers include those in a data center, a heterogeneous cloud, and different VPCs. O&M solution

O&M based on the proxy modes of the network domain feature

To use the proxy modes of the network domain feature for O&M, configure a proxy server in a network domain. Then, connect the proxy server to the servers on which you want to perform O&M operations over an internal network and connect the proxy server to your bastion host. This way, you can use your bastion host to perform O&M operations on the servers that reside on different networks. Both LANs and VPCs are network domains.

Configure proxy servers in different network domains.
- For more information about how to configure proxy servers, see How do I configure a server as an HTTP or SOCKS5 proxy server? .
- For more information about the recommended configurations of proxy servers, see Recommended configurations for proxy servers.
Create a network domain in the Bastionhost console and connect the network domain to the proxy server.
1. Log on to the console of a bastion host.
2. In the left-side navigation pane, choose Assets > Network Domain.
3. On the Network Domain page, click Create Network Domain. In the Create Network Domain panel, specify the Network Domain, Remarks, and Connection Mode parameters. After the parameters are configured, click Create Network Domain.
4. Click Add Host to add the required hosts to the newly created network domain.
For more information, see Use the network domain feature.
Authorize a user to perform O&M operations on one or more hosts or asset groups.
1. Log on to the console of the bastion host.
2. In the left-side navigation pane, choose Users > Users.
3. On the Users page, find the required user and click Authorize Hosts or Authorize User to Manage Asset Groups in the Actions column. Then, select one or more hosts or asset groups for which you want to authorize the user to perform O&M operations.
For more information, see Authorize a user to manage hosts and Authorize a user to manage host groups.
Use the host O&M feature provided by Bastionhost to perform O&M operations on the hosts in the network domain.
1. Log on to the console of the bastion host.
2. In the left-side navigation pane, choose O&M > Host O&M.
3. On the Host O&M page, find the required host and click the icon in the Log On column to go to the web page for O&M.
For more information, see Use the host O&M feature.