Bastionhost:FAQ related to scenarios

How do I manage third-party hosts in the Bastionhost console?

• If you want to import hosts from a third party or a data center and the hosts can communicate with your bastion host, you can create hosts by using your bastion host to import the hosts. Then, you can perform O&M operations on the hosts over the Internet. For more information, see Add hosts.

• If you want to manage hosts that belong to different virtual private clouds (VPCs) or accounts and the networks are not connected by using Express Connect, you can use the network domain feature of Bastionhost. For more information, see Best practices of hybrid O&M.

Am I able to perform O&M operations on assets across VPCs and accounts in Bastionhost?

How do I perform O&M operations on assets located in a classic network?

To perform O&M operations on Alibaba Cloud Elastic Compute Service (ECS) instances that are deployed in the classic network, you must connect the classic network to the VPC of the bastion host by using ClassicLink. For more information about the ClassicLink feature, see Overview.

How do I configure a server as an HTTP or SOCKS5 proxy server?

To configure a server as an HTTP or SOCKS5 proxy server, see the following example. An ECS instance that runs CentOS 8.3 is used in the example.

1. Log on to the ECS instance.

2. Run the yum install 3proxy command to install 3proxy.

3. Run the vim /etc/3proxy.cfg command to modify the configuration file.

   • Configure the username and password of the proxy server.

   • Configure access control parameters.

   • Enable HTTP and SOCKS5 proxies and specify the listening port and the source IP address that is used to access the proxy server.

4. Run the systemctl start 3proxy.service command to enable the proxies.

5. Run the iptables -F command to disable the firewall of the server to ensure that the server can be accessed.

6. Create a security group rule for the server. For more information, see Add a security group rule.

   Important

   When you create a security group rule, set Port Range to the listening port that is specified in Step 3 and Authorization Object to the egress IP addresses of your bastion host. To obtain the egress IP addresses, find your bastion host on the Instances page of the Bastionhost console and click Egress IP.

   After you create the security group rule for the server, the proxy server is configured.

Am I able to perform O&M operations on databases in Bastionhost?

Which assets am I able to perform O&M operations on?

You can perform O&M operations on Linux hosts, Windows hosts, ApsaraDB RDS for MySQL instances, ApsaraDB RDS for SQL Server instances, and ApsaraDB RDS for PostgreSQL instances. You can import ECS and ApsaraDB RDS instances, and batch import hosts deployed in a data center or on a heterogeneous cloud. For more information, see O&M overview.

Is data that is transmitted and stored in Bastionhost encrypted?

Yes, data transmission and storage are encrypted in Bastionhost. Multiple mainstream encryption protocols are supported during data transmission, such as HTTPS (TLS), RDP, and SSH. This ensures the data security during transmission and storage.