Bastionhost (Basic Edition, Enterprise Edition, and SM Edition) is an operations and maintenance (O&M) and security audit platform provided by Alibaba Cloud. It enables centralized management of O&M permissions and operations, and allows playback of O&M operation recordings. This helps you identify users who perform specific O&M operations, manage permissions, and audit O&M activities. Bastionhost enhances asset management efficiency, clarifies O&M responsibilities, and ensures O&M events are traceable, helping enterprises meet classified protection requirements.
Benefits
Bastionhost provides the following benefits:
Unified portal for O&M
Bastionhost provides a unified portal for asset access, reducing the attack surface. Users can access multiple server resources in the backend through Bastionhost. This improves O&M efficiency and helps administrators organize asset access permissions, reducing management costs.
Two-factor authentication
Bastionhost supports two-factor authentication methods such as text messages, emails, DingTalk work messages, OTP tokens, and SM USB keys for secondary authentication. This prevents unauthorized access to assets through leaked accounts and passwords, effectively reducing security risks caused by password leakage and brute-force attacks.
Fine-grained permission assignment
Bastionhost supports centralized management of user, asset, and account permissions. After you authorize users to access specific assets and asset accounts, users can access only the authorized assets by using the authorized accounts. This effectively prevents unauthorized access.
Security protection for asset credentials
Bastionhost can protect asset security through automatic password rotation and enable password-free logon through credential hosting. This reduces the exposure of passwords to O&M personnel, lowers the risk of password leakage, and enables efficient O&M while protecting asset credentials.
Continuous monitoring of O&M operations
Bastionhost can intercept high-risk operations in real time, such as database deletion (
rm -rf /*) and formatting. It can also restrict operations such as file uploads and downloads. For business-sensitive assets, you can enable secondary approval for O&M operations to maximize control over O&M behavior and prevent O&M risk events.Visualized audit for event tracing
Bastionhost supports session recordings and text-based audit records to provide detailed audits of O&M event procedures. Bastionhost can display the entire operation process through videos. This helps efficiently track O&M events.