Bastionhost is available in the Basic edition and Enterprise edition. This topic describes the differences between these editions.
Bastionhost Basic Edition provides basic features, including two-factor authentication, O&M authorization, high-risk command blocking, and O&M audit. These features help small- and medium-sized enterprises ensure basic O&M security and meet the requirements of classified protection.
Bastionhost Enterprise Edition is suitable for large-sized enterprises or enterprises in the sectors that have high requirements for O&M security, such as the public service, finance, gaming, online education, and information technology sectors. Bastionhost Enterprise Edition supports the O&M features that are provided by Bastionhost Basic Edition. Bastionhost Enterprise Edition also provides the following features to meet higher requirements for business O&M security:
- More O&M functionality. For example, Bastionhost Enterprise Edition allows you to perform O&M operations on databases by using a web terminal. Bastionhost Enterprise Edition also supports automatic password change. You can use automatic password change to rotate passwords at regular intervals, which improves password security.
- Higher business stability. Bastionhost Enterprise Edition uses a dual-engine architecture. Both engines are active, which offers a Service Level Agreement (SLA) of 99.95%.
- Higher processing performance. Bastionhost Enterprise Edition can maintain up to 10,000 hosts. Bastionhost Basic Edition can maintain only up to 500 hosts.
- More bandwidth and storage. Bastionhost Enterprise Edition offers you better O&M experience.
|Architecture||The dual-engine and high-availability architecture ensures business and monitoring stability.||Benefits|
|Auto scaling||You can increase bandwidth and storage based on your business requirements.||Billing|
|Deployment||You can deploy a bastion host outside China. You can switch between simplified Chinese, traditional Chinese, and English based on your business requirements. Two-factor authentication supports the mobile phone numbers that are provided by telecom carriers outside China.||Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost?|
|User and asset management||You can assign multiple roles to users.||None|
|You can synchronize users from Resource Access Management (RAM), Active Directory (AD), Lightweight Directory Access Protocol (LDAP), and Azure Active Directory (Azure AD). You can also import multiple users from a file at a time.||Manage users|
|You can manage Windows or Linux servers and use the following protocols for O&M: SSH, Remote Desktop Protocol (RDP), and SSH File Transfer Protocol (SFTP).||Add hosts|
|You can perform O&M and audit operations on ApsaraDB RDS for MySQL instances, ApsaraDB RDS for SQL Server instances, ApsaraDB RDS for PostgreSQL instances, and self-managed databases.||Use the database management feature|
|You can import multiple hosts at a time. You can import Alibaba Cloud Elastic Compute Service (ECS) instances by using a file or with a few clicks.||Add hosts|
|You can perform O&M operations on hosts of ApsaraDB MyBase dedicated clusters, servers that are deployed on the cloud, and servers in data centers.||None|
|You can implement two-factor authentication in multiple regions. Email- and SMS-based two-factor authentication is supported.||Enable two-factor authentication|
|You can verify logons to your bastion host based on dynamic verification codes on apps.||Enable two-factor authentication|
|You can manually change the password of a Linux host account or create an automatic password change task to change the password on a regular basis.||Use the automatic password change feature|
|O&M management||This feature allows you to log on to your bastion host by using a client, such as a Windows Remote Desktop, XShell, SecureCRT, or PuTTY client, to access graphical or character devices. This feature records O&M operations and allows you to play back the recordings.||RDP-based O&M and SSH-based O&M|
|This feature allows you to log on to your bastion host by using a local SFTP client, such as WinSCP, Xftp, and SecureFX, to perform O&M operations.||Perform SFTP-based O&M|
|This feature allows you to log on to the O&M portal to maintain assets on which you have permissions on a web page. You can also use a one-time password (OTP) token to log on to the O&M as a local user.||O&M overview|
|This feature allows you to maintain servers on a web page.||Use the host O&M feature|
|This feature monitors O&M sessions in real time and can block O&M sessions.||Search for real-time monitoring sessions and view session details and Block sessions|
|This feature controls the upload and download operations in the RDP clipboard, and mapping operations in RDP.||Create a control policy|
|This feature allows you to block and approve important command policies.|
|This feature controls the following operations when you perform O&M operations by using a local SFTP client: upload, download, delete, and rename files, and create and delete folders.|
|Operation audit||This feature records operations logs and allows you to audit and play back the recordings.||Search for sessions and view session details|
|This feature allows you to audit the transfer of files.|
|This feature allows you to generate O&M reports and export O&M reports to PDF, HTML, or Word files.||View the O&M information on the O&M Reports page and export an O&M report|
|API operation||This feature allows you to call API operations.||List of operations by function|