Bastionhost is available in the Basic edition and Enterprise edition. This topic describes the differences between these editions.
Background information
Bastionhost Basic Edition provides basic features, including two-factor authentication, O&M authorization, high-risk command blocking, and O&M audit. These features help small- and medium-sized enterprises ensure basic O&M security and meet the requirements of classified protection.
Bastionhost Enterprise Edition is suitable for large-sized enterprises or enterprises in the sectors that have high requirements for O&M security, such as the public service, finance, gaming, online education, and information technology sectors. Bastionhost Enterprise Edition supports the O&M features that are provided by Bastionhost Basic Edition. Bastionhost Enterprise Edition also provides the following features to meet higher requirements for business O&M security:
- More O&M functionality. For example, Bastionhost Enterprise Edition allows you to perform O&M operations on databases by using a web terminal. Bastionhost Enterprise Edition also supports automatic password change. You can use automatic password change to rotate passwords at regular intervals, which improves password security.
- Higher business stability. Bastionhost Enterprise Edition uses a dual-engine architecture. Both engines are active, which offers a Service Level Agreement (SLA) of 99.95%.
- Higher processing performance. Bastionhost Enterprise Edition can maintain up to 10,000 hosts. Bastionhost Basic Edition can maintain only up to 500 hosts.
- More bandwidth and storage. Bastionhost Enterprise Edition offers you better O&M experience.
Bastionhost features


Feature | Description | Basic | Enterprise | References |
---|---|---|---|---|
Architecture | The dual-engine and high-availability architecture ensures business and monitoring stability. | ![]() |
![]() |
Benefits |
Auto scaling | You can increase bandwidth and storage based on your business requirements. | ![]() |
![]() |
Billing |
Deployment | You can deploy a bastion host outside China. You can switch between simplified Chinese, traditional Chinese, and English based on your business requirements. Two-factor authentication supports the mobile phone numbers that are provided by telecom carriers outside China. | ![]() |
![]() |
Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost? |
User and asset management | You can assign multiple roles to users. | ![]() |
![]() |
None |
You can synchronize users from Resource Access Management (RAM), Active Directory (AD), Lightweight Directory Access Protocol (LDAP), and Azure Active Directory (Azure AD). You can also import multiple users from a file at a time. | ![]() |
![]() |
Manage users | |
You can manage Windows or Linux servers and use the following protocols for O&M: SSH, Remote Desktop Protocol (RDP), and SSH File Transfer Protocol (SFTP). | ![]() |
![]() |
Add hosts | |
You can perform O&M and audit operations on ApsaraDB RDS for MySQL instances, ApsaraDB RDS for SQL Server instances, ApsaraDB RDS for PostgreSQL instances, and self-managed databases. | ![]() |
![]() |
Use the database management feature | |
You can import multiple hosts at a time. You can import Alibaba Cloud Elastic Compute Service (ECS) instances by using a file or with a few clicks. | ![]() |
![]() |
Add hosts | |
You can perform O&M operations on hosts of ApsaraDB MyBase dedicated clusters, servers that are deployed on the cloud, and servers in data centers. | ![]() |
![]() |
None | |
You can implement two-factor authentication in multiple regions. Email- and SMS-based two-factor authentication is supported. | ![]() |
![]() |
Enable two-factor authentication | |
You can verify logons to your bastion host based on dynamic verification codes on apps. | ![]() |
![]() |
Enable two-factor authentication | |
You can manually change the password of a Linux host account or create an automatic password change task to change the password on a regular basis. | ![]() |
![]() |
Use the automatic password change feature | |
O&M management | This feature allows you to log on to your bastion host by using a client, such as a Windows Remote Desktop, XShell, SecureCRT, or PuTTY client, to access graphical or character devices. This feature records O&M operations and allows you to play back the recordings. | ![]() |
![]() |
RDP-based O&M and SSH-based O&M |
This feature allows you to log on to your bastion host by using a local SFTP client, such as WinSCP, Xftp, and SecureFX, to perform O&M operations. | ![]() |
![]() |
Perform SFTP-based O&M | |
This feature allows you to log on to the O&M portal to maintain assets on which you have permissions on a web page. You can also use a one-time password (OTP) token to log on to the O&M as a local user. | ![]() |
![]() |
O&M overview | |
This feature allows you to maintain servers on a web page. | ![]() |
![]() |
Use the host O&M feature | |
This feature monitors O&M sessions in real time and can block O&M sessions. | ![]() |
![]() |
Search for real-time monitoring sessions and view session details and Block sessions | |
This feature controls the upload and download operations in the RDP clipboard, and mapping operations in RDP. | ![]() |
![]() |
Create a control policy | |
This feature allows you to block and approve important command policies. | ![]() |
![]() |
||
This feature controls the following operations when you perform O&M operations by using a local SFTP client: upload, download, delete, and rename files, and create and delete folders. | ![]() |
![]() |
||
Operation audit | This feature records operations logs and allows you to audit and play back the recordings. | ![]() |
![]() |
Search for sessions and view session details |
This feature allows you to audit the transfer of files. | ![]() |
![]() |
||
This feature allows you to generate O&M reports and export O&M reports to PDF, HTML, or Word files. | ![]() |
![]() |
View the O&M information on the O&M Reports page and export an O&M report | |
API operation | This feature allows you to call API operations. | ![]() |
![]() |
List of operations by function |