Bastionhost offers three editions to fit different security requirements, asset scales, and compliance needs. This guide helps you identify the right edition based on your scenario.
For a full feature breakdown, see Feature comparison.
Choose your edition
Ask yourself these three questions to narrow down your choice:
1. Do you need Chinese cryptographic algorithm compliance?
Yes → Chinese Cryptographic Algorithm Edition
2. Do you have any of the following requirements?
Manage assets across multiple clouds, on-premises data centers, or isolated network domains
Manage databases, web applications, or non-host assets
Require a Service Level Agreement (SLA) of 99.95% or higher (active-active dual-engine architecture)
Manage assets across multiple Alibaba Cloud accounts
Yes → Enterprise Dual-Engine Edition
3. Do you manage fewer than 500 hybrid assets (Linux and Windows host types only) with basic O&M security needs?
Yes → Basic Edition
Note: If you're unsure which edition fits, start with the Basic Edition. It covers the O&M security fundamentals for most small and medium-sized businesses and can be upgraded as your needs grow.
Edition comparison
The following table compares all three editions across key capability areas.
| Capability | Basic Edition | Enterprise Dual-Engine Edition | Chinese Cryptographic Algorithm Edition |
|---|---|---|---|
| Scale | |||
| Recommended asset count | 50–500 hybrid assets | 500+ assets | Same as Enterprise Dual-Engine Edition |
| Typical industries | Small and medium-sized businesses | Government, finance, gaming, online education, IT | Government, education, and industries requiring Chinese cryptographic compliance |
| Architecture | |||
| Deployment model | Single-engine, cloud architecture | Dual-engine, active-active | Same as Enterprise Dual-Engine Edition |
| SLA | Standard | Up to 99.95% | Same as Enterprise Dual-Engine Edition |
| Primary and secondary zones | — | Supported (avoids single point of failure) | Supported |
| Domain name access mode | Supported | Supported | Supported |
| Server Load Balancer (SLB) integration | Supported | Supported | Supported |
| Access control | |||
| Fine-grained O&M access and behavior authorization | Supported | Supported | Supported |
| User management (RAM, Active Directory, LDAP) | Supported | Supported | Supported |
| Multi-account asset management via Resource Directory (RD) | — | Supported | Supported |
| Identity source integration (DingTalk, Lark, Azure AD) via IDaaS | — | Supported | Supported |
| O&M operations | |||
| Command whitelist and blacklist | Supported | Supported | Supported |
| O&M approval for risky commands | Supported | Supported | Supported |
| Real-time O&M monitoring and blocking | Supported | Supported | Supported |
| Session audit | Supported | Supported | Supported |
| Host assets (Linux and Windows) | Supported | Supported | Supported |
| Database O&M (RDS, self-managed, third-party; MySQL, SQL Server, PostgreSQL, Oracle) | — | Supported | Supported |
| Web application O&M | — | Supported | Supported |
| Application O&M with access whitelist/blacklist | — | Supported | Supported |
| Automation and efficiency | |||
| Automated O&M jobs (batch script distribution) | — | Supported | Supported |
| Automatic password and key rotation | — | Supported | Supported |
| Multicloud and hybrid | |||
| Cross-network access via network domain proxy | — | Supported | Supported |
| Hybrid cloud deployment (on-premises, other clouds, cross-account) | — | Supported | Supported |
| Compliance | |||
| Chinese cryptographic algorithm encryption | — | — | Supported |
| Chinese cryptographic two-factor authentication | — | — | Supported |
What's next
Feature comparison — Full feature-level detail across all editions
Benefits — Architecture and non-functional advantages by edition
Functional scenarios — Real-world use cases for each edition