All Products
Search

This Product

    Bastionhost:Automatic O&M

    Document Center

    Bastionhost:Automatic O&M

    Last Updated:Apr 02, 2026

    Automatic O&M lets you run shell scripts on managed hosts on a schedule — or on demand — without manual SSH sessions. Use it to automate recurring maintenance tasks across a fleet of hosts: patch software, rotate logs, check service health, run configuration audits, or collect diagnostic information at scale.

    Automatic O&M is available only in Bastionhost Enterprise Edition. To get started, see Purchase a bastion host. If you already have a Basic Edition instance, see Upgrade a bastion host.

    Prerequisites

    Before you begin, make sure you have:

    • Imported the target hosts into your bastion host

    • Created a user and authorized them to manage those hosts and host accounts

    • At least one credential (password, SSH private key, or shared key) stored on the bastion host for each host account you want to target

    For setup instructions, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.

    Limitations

    • A single O&M task runs for a maximum of 24 hours. The connection closes automatically when this limit is reached.

    • A single O&M task can target a maximum of 200 host accounts.

    • The total number of tasks and the maximum number of concurrently running tasks depend on your bastion host specification:

    Assets Total tasks Max concurrent tasks
    50 200 200
    100
    200
    500 1,000 500
    1,000
    2,000
    5,000 2,000 1,000
    10,000
    20,000 5,000 2,000
    Tasks in all states — Pending Approval, Running, and Successful — count toward the total task limit.

    Create an O&M task

    Where you create O&M tasks depends on your account type:

    • Resource Access Management (RAM) users: Use the Bastionhost console.

    • Non-RAM users: Use the O&M portal of your bastion host.

    RAM users: create a task in the console

    1. Log on to the Bastionhost console. In the top navigation bar, select the region where your bastion host resides.

    2. In the bastion host list, find your bastion host and click Manage.

    3. In the left-side navigation pane, choose Asset O&M > O&M Tasks.

    4. (Optional) Create a reusable O&M script.

      1. On the Script Management tab, click Create O&M Script.

      2. In the Create O&M Script panel, enter a name and the script content, then click Create O&M Script.

      Script names must be 1–128 characters, can contain letters, periods (.), underscores (_), hyphens (-), and spaces, and cannot start with a special character. Scripts are limited to 64 KB and support shell commands only. O&M engineers can create private scripts only; contact an administrator to create public scripts.

    5. On the O&M Tasks tab, click Create O&M Task.

    6. On the Create O&M Task page, configure the following parameters, then click Create O&M Task.

    Parameter Description
    Task Name A globally unique name for the task. Must be 1–128 characters, can contain letters, periods (.), underscores (_), hyphens (-), and spaces, and cannot start with a special character.
    Execution Method How the task runs: Manual (start on demand), Periodic (repeat at a set frequency — 1–720 hours or 1–30 days, starting from the date and time set in Executed At), or Scheduled (run once at the date and time set in Executed At). Manually started tasks take priority over Periodic and Scheduled tasks.
    Script Content The shell script to run. Enter the content directly, or select a saved public or private script. Scripts are limited to 64 KB and support shell commands only.
    Associate Host Account The host accounts to target. Only accounts you are authorized to manage are available. Each account must have at least one credential stored on the bastion host: password, SSH private key, or shared key.

    After creation, the task enters Pending Approval status. An administrator must approve it before it runs — after approval, the status changes to Pending. If the administrator has enabled Automatic Approval of O&M Tasks, the task is approved immediately. To learn about the approval flow, see Review tasks. To enable automatic approval, see Configure O&M settings.

    Non-RAM users: create a task in the O&M portal

    1. Log on to the O&M portal of your bastion host. For instructions, see Log on to the O&M portal.

    2. In the left-side navigation pane, click O&M Tasks.

    3. (Optional) Create a reusable O&M script.

      1. On the Script Management tab, click Create O&M Script.

      2. In the Create O&M Script panel, enter a name and the script content, then click Create O&M Script.

      Script names must be 1–128 characters, can contain letters, periods (.), underscores (_), hyphens (-), and spaces, and cannot start with a special character. Scripts are limited to 64 KB and support shell commands only. O&M engineers can create private scripts only; contact an administrator to create public scripts.

    4. On the O&M Tasks tab, click Create O&M Task.

    5. On the Create O&M Task page, configure the parameters described in the table in the previous section, then click Create O&M Task.

    After creation, the task enters Pending Approval status. An administrator must approve it before it runs — after approval, the status changes to Pending. If the administrator has enabled Automatic Approval of O&M Tasks, the task is approved immediately. To learn about the approval flow, see Review tasks. To enable automatic approval, see Configure O&M settings.

    What's next

    • Approve tasks (administrator): Review and approve pending O&M tasks. To enable automatic approval for all tasks, see Review tasks and Configure O&M settings.

    • View task results and manage tasks (administrator): Check execution status, view task output, stop running tasks, delete tasks, and create public O&M scripts. See Manage O&M tasks.