Bastionhost is a system O&M and security audit platform provided by Alibaba Cloud. It allows you to centrally manage asset permissions and O&M operations, and play back recordings of O&M operations. This way, you can identify the users who perform specific O&M operations in the cloud, manage permissions, and audit O&M operations. Bastionhost makes asset management efficient, O&M responsibilities clear, and O&M events traceable. Bastionhost helps enterprises meet the requirements for classified protection.
- Unified portal for O&M
Bastionhost provides a unified portal for you to manage different accounts. You can use single sign-on (SSO) to access a large number of server resources in the backend. This improves O&M efficiency and prevents risks, such as passwords are forgotten or leaked.
- Two-factor authentication
Bastionhost provides the two-factor authentication feature. You can use a verification code in a multi-factor authentication (MFA) device or a verification code sent in a text message for identity authentication. This prevents unauthorized users from accessing assets by using leaked accounts and passwords.
- Fine-grained permission assignment
Bastionhost allows you to group users and assign permissions to the users at a fine granularity. You can control permissions such as file upload, download, and creation permissions. This helps implement flexible access control based on the principle of least privilege.
- Automatic blocking of high-risk commands
Bastionhost automatically blocks the running of high-risk commands, such as rm -rf /* (the command to delete data), and commands to format system disks. This helps prevent accidental deletion operations that may cause serious consequences.
- Visualized audit for event tracing
Bastionhost visualizes audit records. It records O&M sessions and allows you to play back the recordings. This way, you can collect evidence and trace security events in an efficient manner.
Bastionhost has the Basic Edition and HA Edition to meet the requirements of different users.
- Basic Edition
Bastionhost Basic Edition provides basic features, including two-factor authentication, O&M authorization, high-risk command blocking, and O&M audit. These features help small- and medium-sized enterprises ensure basic O&M security and meet the requirements of classified protection.
- HA Edition
Bastionhost HA Edition is suitable for the large-sized enterprises or enterprises in the sectors that have high requirements for O&M security, such as the public service, finance, gaming, online education, and technology development sectors.Bastionhost HA Edition supports the O&M features that are provided by the Basic Edition. Bastionhost HA Edition also provides the following features to meet higher requirements for business O&M security:
- Higher business stability. Bastionhost HA Edition uses a dual-engine architecture. Both engines are active, which offers a Service Level Agreement (SLA) of 99.95%.
- Higher processing performance. Bastionhost HA Edition can maintain up to 10,000 hosts. However, Bastionhost Basic Edition can maintain up to 500 hosts.
- More O&M capabilities. For example, Bastionhost HA Edition allows you to perform O&M operations by using a web terminal and supports automatic password change. You can use automatic password change to regularly rotate passwords, which improves password security.
- More bandwidth and storage. Bastionhost HA Edition offers you better O&M experience.
For more information about the differences between Bastionhost Basic Edition and Bastionhost HA Edition, see Functions and features.