The servers of an enterprise may be deployed on Alibaba Cloud, in data centers, on other cloud platforms, across virtual private clouds (VPCs), and across accounts. The enterprise wants to manage and perform O&M operations on these servers in a centralized manner. To meet the requirements, Bastionhost supports O&M based on leased lines, O&M based on public IP addresses, and centralized O&M based on the proxy mode of the network domain feature. This topic describes how to configure and use the proxy mode of the network domain feature.
Background information
In most cases, the servers of an enterprise are deployed in different regions and may fail to communicate with a bastion host. The enterprise uses public IP addresses for O&M because the enterprise has not purchased leased lines or the O&M costs of leased lines are high. However, the exposure of public IP addresses may pose security risks. In this case, we recommend that you use the proxy mode of the network domain feature to perform O&M operations on the servers that reside on different networks. The proxy mode is supported by Bastionhost Enterprise Edition. The servers include those in a data center, a heterogeneous cloud, and different VPCs.
O&M based on the proxy mode of the network domain feature
To use the proxy mode of the network domain feature for O&M, configure a proxy server in each network domain. Then, connect the proxy servers to the servers on which you want to perform O&M operations over an internal network and connect the proxy servers to your bastion host. This way, you can use your bastion host to perform O&M operations on the servers that reside on different networks. Both LANs and VPCs are network domains. To do this, perform the following steps.
Step 1: Configure a proxy server in each network domain
For more information about how to configure proxy servers, see How do I configure a server as an HTTP or SOCKS5 proxy server?
For more information about the recommended configurations of proxy servers, see Recommended configurations for proxy servers.
Step 2: Create a network domain in the Bastionhost console and add hosts to the network domain
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Network Domain page, click Create Network Domain. In the Create Network Domain panel, configure the Network Domain, Remarks, and Connection Mode parameters. After the parameters are configured, click Create Network Domain.
Click Add Host to add the required hosts to the newly created network domain.
For more information, see Use the network domain feature.
Step 3: Authorize a user to perform O&M operations on one or more hosts or host groups
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, find the required user and click Authorize Hosts or Authorize User to Manage Asset Groups in the Actions column. Then, select one or more hosts or host groups for which you want to authorize the user to perform O&M operations.
For more information, see Authorize a user to manage hosts and Authorize a user to manage host groups.
Step 4: Use the host O&M feature to perform O&M operations on the hosts in the network domain
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Host O&M page, find the required host and click the
icon in the Log On column to go to the web page for O&M.
For more information, see Use the host O&M feature.