Bastionhost is a system O&M and security audit platform provided by Alibaba Cloud. It allows you to centrally manage O&M permissions and operations, and play back recordings of O&M operations. This way, you can identify the users who perform specific O&M operations, manage permissions, and audit O&M operations. Bastionhost makes asset management efficient, O&M responsibilities clear, and O&M events traceable, helping enterprises meet the requirements for classified protection.


Bastionhost provides the following benefits:
  • Unified portal for O&M

    Bastionhost provides a unified portal for you to manage different accounts. You can use single sign-on (SSO) to access a large number of server resources in the backend. This improves O&M efficiency and prevents risks, for example, passwords are forgotten or leaked.

  • Two-factor authentication

    Bastionhost provides the two-factor authentication feature. You can use a verification code in a multi-factor authentication (MFA) device or a verification code sent in a text message for identity authentication. This prevents unauthorized access to assets by using leaked accounts and passwords.

  • Fine-grained permission assignment

    Bastionhost allows you to group users and assign permissions to the users at a fine granularity. You can control permissions such as file upload, download, and creation permissions. This helps implement flexible access control based on the principle of least privilege.

  • Automatic blocking of high-risk commands

    Bastionhost automatically blocks the running of high-risk commands, such as rm -rf /* (the command to delete data), and commands to format system disks. This helps prevent accidental deletion operations that may cause serious consequences.

  • Visualized audit for event tracing

    Bastionhost visualizes audit records. It records O&M sessions and allows you to play back the recordings. This way, you can collect evidence and trace security events in an efficient manner.


Bastionhost is available in the following editions to meet the needs of different users: Basic,and Enterprise. For more information, see Functions and features.