Best practices of hybrid O&M - Best-Practices| Alibaba Cloud Documentation Center

The servers of an enterprise may be deployed on Alibaba Cloud, in data centers, across virtual private clouds (VPCs), or on other cloud platforms. The enterprise wants to manage and maintain these servers in a centralized manner. To meet the enterprise requirements, Bastionhost supports O&M based on leased lines, O&M based on public IP addresses, and centralized O&M based on the proxy modes of the network domain feature. This topic describes centralized O&M based on the proxy modes of the network domain feature.

Background information

In most cases, the servers of an enterprise are deployed in different regions and may fail to communicate with a bastion host. The enterprise uses public IP addresses for O&M because the enterprise has not purchased leased lines or the O&M costs of leased lines are high. However, the exposure of public IP addresses may pose security risks. In this case, we recommend that you use the proxy modes of the network domain feature to maintain the servers that reside on different networks in a centralized manner. The proxy modes are supported by Bastionhost HA. The servers include those in a data center, a heterogeneous cloud, and different VPCs. O&M solution

Centralized O&M based on the proxy modes of the network domain feature

To use the proxy modes of the network domain feature for centralized O&M, configure a proxy server in a network domain. Then, connect the proxy server to the servers that need to be maintained over an internal network and connect the proxy server to your bastion host. This way, you can use your bastion host to maintain the servers that reside on different networks. Both LANs and VPCs are network domains.

Configure proxy servers in different network domains. For more information, see How do I configure a server as an HTTP or SOCKS5 proxy server?.
Create a network domain in the Bastionhost console and connect the network domain to the proxy server.
1. Log on to the Bastionhost console.
2. In the left-side navigation pane, choose Assets > Network Domain.
3. On the Network Domain page, click Create Network Domain.
4. Configure the parameters. After the network domain is created, the system displays a message, indicating that the creation succeeded.
5. Click Associate Host below the message to add the required hosts to the newly created network domain.
For more information, see Use the network domain feature.
Authorize a user to perform O&M operations on one or more hosts or host groups.
1. Log on to the Bastionhost console.
2. In the left-side navigation pane, choose Users > Users.
3. On the Users page, find the required user and click Authorize Hosts or Authorize Host Groups in the Actions column. Then, select one or more hosts or host groups for which you want to authorize the user to perform O&M operations.
For more information, see Authorize a user to manage hosts and Authorize a user to manage host groups.
Use the host O&M feature provided by Bastionhost to maintain the hosts in the network domain.
1. Log on to the Bastionhost console.
2. In the left-side navigation pane, choose O&M > Host O&M.
3. On the Host O&M page, find the required host and click the icon in the Log On column to go to the web page for O&M.
For more information, see Use the host O&M feature.