Bastionhost eliminates the need to manage SSH keys, configure jump servers, or maintain bastion infrastructure—giving your team secure, auditable access to cloud assets without operational overhead. The Enterprise Edition backs this with a 99.95% Service Level Agreement (SLA) and a dual-engine, active-active architecture that eliminates single points of failure.
Secure and reliable cloud architecture
Bastionhost deploys servers, Logstores, and distributed databases independently, achieving physical isolation and resource decoupling between core components. A failure in one component does not cascade to others.
Bastionhost is closed-source, which means adversaries cannot analyze implementation details to craft targeted exploits—removing the need to patch or harden an open-source codebase yourself.
Dual-engine active-active architecture
Bastionhost Enterprise Edition runs on a dual-engine, active-active architecture backed by a 99.95% SLA.
In normal operation, intelligent load balancing distributes traffic across both engines, optimizing resource use and operations and maintenance (O&M) efficiency. If a channel or node fails, the system automatically switches to the healthy engine with no interruption to sessions or monitoring data. This design eliminates single points of failure (SPOFs) and meets the high reliability and stability requirements of enterprises across industries.
Flexible deployment and resource management
Bastionhost uses cloud-native resource orchestration to remove the complexity of traditional bastion host deployments. Spin up a Bastionhost instance with a few clicks and adjust resource specifications, bandwidth, and storage capacity on demand.
Release idle resources during off-peak hours to reduce costs, and scale back up when workloads increase. This elasticity lets you match capacity to actual demand rather than provisioning for peak load at all times.
Intuitive management console
Administrators manage the full O&M workflow—asset onboarding, access policy configuration, and risk detection—through a graphical user interface (GUI) without writing scripts or editing configuration files.
Bastionhost is available in three editions:
| Edition | Best for |
|---|---|
| Basic Edition | Standard environments and general O&M scenarios |
| Enterprise Edition | High-availability workloads requiring dual-engine architecture and 99.95% SLA |
| SM Edition | Environments with SM cryptography compliance requirements |
Global deployment
Bastionhost is available across Alibaba Cloud regions in Asia Pacific, Americas, Europe, and Middle East. The product provides an English web UI and has been deployed in international enterprise environments worldwide.
For global teams, Bastionhost supports two-factor authentication using mobile phone numbers from countries and regions outside China, and integrates with enterprise identity authentication systems outside China to support cross-border secure access to your assets.