Bastionhost is a system O&M and security audit platform provided by Alibaba Cloud. It allows you to centrally manage asset permissions and O&M operations, and play back recordings of O&M operations. This way, you can identify the users who perform specific O&M operations in the cloud, manage permissions, and audit O&M operations. Bastionhost makes asset management efficient, O&M responsibilities clear, and O&M events traceable. Bastionhost helps enterprises meet the requirements for classified protection.


Bastionhost provides the following benefits:
  • Unified portal for O&M

    Bastionhost provides a unified portal for you to manage different accounts. You can use single sign-on (SSO) to access a large number of server resources in the backend. This improves O&M efficiency and prevents risks, such as passwords are forgotten or leaked.

  • Two-factor authentication

    Bastionhost provides the two-factor authentication feature. You can use a verification code in a multi-factor authentication (MFA) device or a verification code sent in a text message for identity authentication. This prevents unauthorized users from accessing assets by using leaked accounts and passwords.

  • Fine-grained permission assignment

    Bastionhost allows you to group users and assign permissions to the users at a fine granularity. You can control permissions such as file upload, download, and creation permissions. This helps implement flexible access control based on the principle of least privilege.

  • Automatic blocking of high-risk commands

    Bastionhost automatically blocks the running of high-risk commands, such as rm -rf /* (the command to delete data), and commands to format system disks. This helps prevent accidental deletion operations that may cause serious consequences.

  • Visualized audit for event tracing

    Bastionhost visualizes audit records. It records O&M sessions and allows you to play back the recordings. This way, you can collect evidence and trace security events in an efficient manner.


Bastionhost has the Basic edition and Enterprise edition to meet the requirements of different users.

  • Basic

    Bastionhost Basic Edition provides basic features, including two-factor authentication, O&M authorization, high-risk command blocking, and O&M audit. These features help small- and medium-sized enterprises ensure basic O&M security and meet the requirements of classified protection.

  • Enterprise

    Bastionhost Enterprise Edition is suitable for large-sized enterprises or enterprises in the sectors that have high requirements for O&M security, such as the public service, finance, gaming, online education, and technology development sectors.

    Bastionhost Enterprise Edition supports the O&M features that are provided by Bastionhost Basic Edition. Bastionhost Enterprise Edition also provides the following benefits to meet higher requirements for business security:
    • Higher business stability. Bastionhost Enterprise Edition uses a dual-engine architecture. Both engines are active, which offers a Service Level Agreement (SLA) of 99.95%.
    • Higher processing performance. Bastionhost Enterprise Edition can maintain up to 10,000 hosts. Bastionhost Basic Edition can maintain only up to 500 hosts.
    • More O&M capabilities. For example, Bastionhost Enterprise Edition allows you to perform O&M operations by using a web terminal and supports automatic password change. You can use automatic password change to regularly rotate passwords, which improves password security.
    • More bandwidth and storage. Bastionhost Enterprise Edition offers you better O&M experience.

For more information about the differences between Bastionhost Basic Edition and Bastionhost Enterprise Edition, see Features.