The servers of an enterprise may be deployed on Alibaba Cloud, in data centers, across
virtual private clouds (VPCs), or on other cloud platforms. The enterprise wants to
manage and perform O&M operations on these servers in a centralized manner. To meet
the enterprise requirements, Bastionhost supports O&M based on leased lines, O&M based
on public IP addresses, and centralized O&M based on the proxy modes of the network
domain feature. This topic describes how to configure and use the proxy modes of the
network domain feature.
Background information
In most cases, the servers of an enterprise are deployed in different regions and
may fail to communicate with a bastion host. The enterprise uses public IP addresses
for O&M because the enterprise has not purchased leased lines or the O&M costs of
leased lines are high. However, the exposure of public IP addresses may pose security
risks. In this case, we recommend that you use the proxy modes of the network domain
feature to perform O&M operations on the servers that reside on different networks.
The proxy modes are supported by Bastionhost Enterprise Edition. The servers include those in a data center, a heterogeneous cloud, and different
VPCs.
O&M based on the proxy modes of the network domain feature
To use the proxy modes of the network domain feature for O&M, configure a proxy server
in a network domain. Then, connect the proxy server to the servers on which you want
to perform O&M operations over an internal network and connect the proxy server to
your bastion host. This way, you can use your bastion host to perform O&M operations
on the servers that reside on different networks. Both LANs and VPCs are network domains.
- Configure proxy servers in different network domains.
- Create a network domain in the Bastionhost console and connect the network domain
to the proxy server.
- Log on to the console of a bastion host.
- In the left-side navigation pane, choose .
- On the Network Domain page, click Create Network Domain. In the Create Network Domain panel, specify the Network Domain, Remarks, and Connection Mode parameters. After
the parameters are configured, click Create Network Domain.
- Click Add Host to add the required hosts to the newly created network domain.
- Authorize a user to perform O&M operations on one or more hosts or asset groups.
- Log on to the console of the bastion host.
- In the left-side navigation pane, choose .
- On the Users page, find the required user and click Authorize Hosts or Authorize User to Manage Asset Groups in the Actions column. Then, select one or more hosts or asset groups for which you want to authorize
the user to perform O&M operations.
- Use the host O&M feature provided by Bastionhost to perform O&M operations on the
hosts in the network domain.
- Log on to the console of the bastion host.
- In the left-side navigation pane, choose .
- On the Host O&M page, find the required host and click the
icon in the Log On column to go to the web page for O&M.