All Products
Search
Document Center

Bastionhost:Selection guide

Last Updated:Apr 02, 2026

Bastionhost offers three editions to fit different security requirements, asset scales, and compliance needs. This guide helps you identify the right edition based on your scenario.

For a full feature breakdown, see Feature comparison.

Choose your edition

Ask yourself these three questions to narrow down your choice:

1. Do you need Chinese cryptographic algorithm compliance?

  • Yes → Chinese Cryptographic Algorithm Edition

2. Do you have any of the following requirements?

  • Manage assets across multiple clouds, on-premises data centers, or isolated network domains

  • Manage databases, web applications, or non-host assets

  • Require a Service Level Agreement (SLA) of 99.95% or higher (active-active dual-engine architecture)

  • Manage assets across multiple Alibaba Cloud accounts

Yes → Enterprise Dual-Engine Edition

3. Do you manage fewer than 500 hybrid assets (Linux and Windows host types only) with basic O&M security needs?

  • Yes → Basic Edition

Note

If you're unsure which edition fits, start with the Basic Edition. It covers the O&M security fundamentals for most small and medium-sized businesses and can be upgraded as your needs grow.

Edition comparison

The following table compares all three editions across key capability areas.

Capability Basic Edition Enterprise Dual-Engine Edition Chinese Cryptographic Algorithm Edition
Scale
Recommended asset count 50–500 hybrid assets 500+ assets Same as Enterprise Dual-Engine Edition
Typical industries Small and medium-sized businesses Government, finance, gaming, online education, IT Government, education, and industries requiring Chinese cryptographic compliance
Architecture
Deployment model Single-engine, cloud architecture Dual-engine, active-active Same as Enterprise Dual-Engine Edition
SLA Standard Up to 99.95% Same as Enterprise Dual-Engine Edition
Primary and secondary zones Supported (avoids single point of failure) Supported
Domain name access mode Supported Supported Supported
Server Load Balancer (SLB) integration Supported Supported Supported
Access control
Fine-grained O&M access and behavior authorization Supported Supported Supported
User management (RAM, Active Directory, LDAP) Supported Supported Supported
Multi-account asset management via Resource Directory (RD) Supported Supported
Identity source integration (DingTalk, Lark, Azure AD) via IDaaS Supported Supported
O&M operations
Command whitelist and blacklist Supported Supported Supported
O&M approval for risky commands Supported Supported Supported
Real-time O&M monitoring and blocking Supported Supported Supported
Session audit Supported Supported Supported
Host assets (Linux and Windows) Supported Supported Supported
Database O&M (RDS, self-managed, third-party; MySQL, SQL Server, PostgreSQL, Oracle) Supported Supported
Web application O&M Supported Supported
Application O&M with access whitelist/blacklist Supported Supported
Automation and efficiency
Automated O&M jobs (batch script distribution) Supported Supported
Automatic password and key rotation Supported Supported
Multicloud and hybrid
Cross-network access via network domain proxy Supported Supported
Hybrid cloud deployment (on-premises, other clouds, cross-account) Supported Supported
Compliance
Chinese cryptographic algorithm encryption Supported
Chinese cryptographic two-factor authentication Supported

What's next