All Products
Search
Document Center

Bastionhost:Release notes

Last Updated:Feb 28, 2024

This topic describes the release notes for Bastionhost and provides links to the relevant references.

Release notes for 2023

Version

Feature

Type

Description

Involved edition

Release date

References

V3.2.39

IDaaS authentication

New

Identity as a Service (IDaaS)-authenticated users can log on to the O&M portal.

Note

Alibaba Finance Cloud and Alibaba Gov Cloud are not supported.

Enterprise

2024-02-26

None

Third-party assets

New

Azure assets can be imported.

Basic and Enterprise

None

Control policies

New

A switch is supported. If you turn on the switch, keyboard operations that are performed during Remote Desktop Protocol (RDP)-based O&M can be audited on the Graphic Text tab.

Basic and Enterprise

Search for sessions and view session details

API

New

The API operations that are related to O&M tokens are supported.

Basic and Enterprise

None

User password security settings

Optimized

The historical password check policy can be configured. The policy specifies the number of previous passwords that cannot be used by a user when the user resets a password.

Basic and Enterprise

Configure the parameters on the User Settings tab

User management

Optimized

  • Mobile phone numbers and email addresses of RAM users can be synchronized.

  • The validity period of multiple users can be modified at a time.

  • Policies are provided when you import users to Bastionhost from a file and users that have the same names exist.

Basic and Enterprise

None

Assets

Optimized

Manual check for the status of Elastic Compute Service (ECS) and ApsaraDB RDS instances is supported.

Basic and Enterprise

Manage hosts

V3.2.38

Control policies

New

Fine-grained control policies can be associated with asset accounts.

Basic and Enterprise

2023-12-06

Configure a control policy

User management

New

Users who have not logged on to bastion hosts for a long period of time can be automatically locked.

Asset management

New

Passwords and keys of asset accounts can be exported and imported.

Client-based O&M

Optimized

The search feature of SSH-based O&M clients is optimized. You can filter search results and sort the results by specified parameters.

None

Management of AD-authenticated users and LDAP-authenticated users

Optimized

The synchronization logic of mobile phone numbers of Active Directory (AD)-authenticated users and Lightweight Directory Access Protocol (LDAP)-authenticated users is optimized. You can configure whether to synchronize mobile phone numbers of AD-authenticated users and LDAP-authenticated users.

Configure AD authentication or LDAP authentication

Authorization

Optimized

The account authorization for asset groups is optimized. Existing accounts are automatically displayed for you to select.

Authorize a user to manage asset groups

Session audit

Optimized

The search feature on the Session Audit page is optimized to support fuzzy match.

None

Basic

Switch to a different zone

New

A vSwitch can be switched to a different zone. This prevents the bastion host from being inaccessible if the current zone becomes unavailable.

Basic

2023-09-18

Switch to a different zone

V3.2.37.1

O&M on PolarDB clusters

New

O&M on PolarDB clusters is supported.

Enterprise

2023-08-30

User list export

New

The user list can be exported. The user list contains usernames, email addresses, mobile phone numbers, and creation time of users.

Basic and Enterprise

Manage users

O&M token

Optimized

The management and control mechanism of O&M tokens is optimized. You can configure the validity period and number of usage times of O&M tokens. O&M engineers can renew O&M tokens.

Basic and Enterprise

Update of API operations

Optimized

The O&M review and command review API operations are available.

Basic and Enterprise

None

Asset network check

Optimized

  • The asset network check feature can be manually enabled and disabled.

  • The check interval and time can be configured for the asset network check feature.

Basic and Enterprise

Diagnose network issues

O&M duration limit

Optimized

The maximum duration of a single O&M session can be configured. The maximum duration of a single O&M session is seven days.

Basic and Enterprise

Configure O&M setting

Real-time database O&M connections

Optimized

When O&M engineers use O&M tokens to access databases, the computing of real-time database O&M connections is optimized. This improves audit accuracy.

Enterprise

None

V3.2.36

Stability optimization

Optimized

Overload protection is optimized and component stability is improved.

Basic and Enterprise

2023-07-18

None

V3.2.35

Multi-zone configuration

New

Zones can be configured for vSwitchs.

Enterprise

2023-05-30

Configure a bastion host

Notification

New

The following notifications are supported:

  • Notifications for user password expiration.

  • Notifications for the end of user validity periods.

Basic and Enterprise

Use the notification feature

Two-factor authentication

New

The mobile phone numbers in Thailand (+66), Vietnam (+84), and Cambodia (+855) are supported by the two-factor authentication feature.

Basic and Enterprise

Enable two-factor authentication

Asset authorization process

Optimized

After you grant permissions on assets to users, you are redirected to the page on which you can grant permissions on asset accounts to the users.

Basic and Enterprise

None

Snapshot synchronization of AD and LDAP-authenticated users

Optimized

AD-authenticated users and LDAP-authenticated users can be synchronized on a regular basis.

Basic and Enterprise

Configure AD authentication or LDAP authentication

V3.2.33

Connectivity test

New

The connectivity diagnostics feature is provided. You can use the feature to troubleshoot issues that are related to O&M connections between a client and a bastion host and between a bastion and an asset.

Basic and Enterprise

2023-02-21

None

Asset risk monitoring

New

The asset risk monitoring feature is provided. The feature displays information about asset risks that are detected by Security Center. The information includes the alerts, vulnerabilities, and baseline risks that are detected on assets and the numbers of the alerts, vulnerabilities, and baseline risks. You can go to the Security Center console to handle the asset risks in a convenient manner.

Basic and Enterprise

None

Release notes for 2022

Version

Feature

Type

Description

Involved edition

Release date

References

V3.2.31

Oracle database O&M

New

O&M operations can be performed on Oracle databases.

Enterprise

2022-12-22

O&M overview

Management of third-party asset sources

Optimized

Third-party asset sources, such as Amazon Web Services (AWS) and Tencent Cloud, can be imported and managed.

Basic and Enterprise

Manage third-party asset sources

Optimization of the O&M portal

Optimized

The O&M portal can be used by local users, AD-authenticated users, and LDAP-authenticated users to modify keys and user information.

Basic and Enterprise

Security policies for O&M administrators

Asset connectivity check

New

The asset connectivity is automatically checked. The status of the asset connectivity is updated every 4 hours.

Basic and Enterprise

Manage hosts

Management of AD and LDAP settings

Optimized

AD and LDAP settings can be cleared.

Basic and Enterprise

Configure AD authentication or LDAP authentication

Update of API operations

Optimized

An API operation is released to manage the public key of a user. When a user is created or edited, the following settings can be configured: user's validity period, two-factor authentication, and whether the user must reset the password upon the next logon.

Basic and Enterprise

None

Host key

New

ED25519 keys can be used as host keys.

Basic and Enterprise

None

V3.2.30

O&M application review

New

The O&M application review feature is supported. After the feature is enabled, an O&M engineer can log on to the required assets and perform O&M operations only after the Bastionhost administrator approves the O&M application submitted by the O&M engineer.

Basic and Enterprise

2022-11-21

Configure a control policy

Host O&M token

New

O&M tokens can be obtained on the Host O&M page. You can use an O&M token to perform client-based O&M.

Basic and Enterprise

None

Notification

New

Text messages and emails are supported as notification methods. In addition to internal messages, you can receive text messages and emails that notify you of O&M address changes and alerts that are triggered by command execution and storage usage.

Basic and Enterprise

Use the notification feature

Asset monitoring

New

Assets on which no O&M operations are performed for the last seven or 30 days can be filtered.

Basic and Enterprise

None

User logon settings

New

Users can be configured to use only key pairs for authentication when they log on to a bastion host.

Basic and Enterprise

Configure the parameters on the User Settings tab

Two-factor authentication

New

The mobile phone numbers in Saudi Arabia (+966) are supported by the two-factor authentication feature.

Basic and Enterprise

Enable two-factor authentication

Settings for two-factor authentication

Optimized

Two-factor authentication settings for multiple users can be modified at a time on the Users page.

Basic and Enterprise

Enable two-factor authentication

Control policies

Optimized

The logic for creating control policies is optimized.

Basic and Enterprise

Configure a control policy

User status monitoring

Optimized

Tags are added for deleted RAM users.

Basic and Enterprise

Manage users

Stability optimization

Optimized

The overload protection mechanism is supported to improve the stability of O&M sessions.

Basic and Enterprise

None

V3.2.28

Database O&M and audit

New

Database O&M and audit are supported. You can perform O&M and audit operations on ApsaraDB RDS for MySQL instances, ApsaraDB RDS for SQL Server instances, ApsaraDB RDS for PostgreSQL instances, and self-managed databases.

Enterprise

2022-07-27

Use the database management feature

O&M portal

New

The O&M portal is added. You can log on to the O&M portal to maintain assets on which you have permissions on a web page. You can also use a one-time password (OTP) token to log on to the O&M portal as local user.

Basic and Enterprise

O&M overview

OTP tokens for local users to implement two-factor authentication

New

OTP tokens are provided for local users to implement two-factor authentication. Local users can scan the quick response (QR) code that is displayed in the O&M portal to implement two-factor authentication.

Basic and Enterprise

Enable two-factor authentication

Custom ports for hosts

New

Custom ports are supported for hosts. If you import multiple hosts by using an Excel file, you can specify custom ports for the hosts.

Basic and Enterprise

Change the service port of a host

V3.2.26

Management of third-party asset sources

New

Third-party asset sources can be managed. You can import assets from third-party asset sources.

Basic and Enterprise

2022-04-06

Add hosts

Verification codes of two-factor authentication

New

Verification codes can be sent by using notifications in DingTalk during two-factor authentication. You can select Chinese or English in which you want to send a verification code.

Basic and Enterprise

Enable two-factor authentication

User settings for two-factor authentication

New

Two-factor authentication can be configured for a single user.

Basic and Enterprise

Manage users

API operations

New

API operations are released to configure AD authentication, two-factor authentication, and shared keys.

Basic and Enterprise

Search conditions for password change tasks

Optimized

Host IP addresses and host names can be used to search for password change tasks.

Enterprise

None

Text messages for two-factor authentication

New

The mobile phone numbers in Poland (+48) and Spain (+34) are supported by the two-factor authentication feature.

Basic and Enterprise

Which countries and regions support the text message-based two-factor authentication feature of Bastionhost?

Regular updates of the configurations and status of AD-authenticated and LDAP-authenticated users

Iterated

The configurations and status of AD-authenticated and LDAP-authenticated users can be regularly updated.

Basic and Enterprise

Configure the parameters on the User Settings tab

Release notes for 2021

Version

Feature

Type

Description

Involved edition

Release date

References

V3.2.22

Authorization rules

New

Authorization rules can be created. You can create authorization rules to authorize multiple users to manage assets. You can also specify a validity period for an authorization rule.

Basic and Enterprise

2021-11-22

Create an authorization rule and Manage an authorization rule

Import and export of bastion host configurations

New

The import and export of bastion host configurations are supported. You can export the configurations of a bastion host and import the exported configurations for use on other bastion hosts.

Basic and Enterprise

Use the configuration backup feature

Proxy mode of the network domain feature

New

The proxy mode of the network domain feature is supported by Bastionhost Enterprise Edition. This allows you to configure a secondary proxy server in a network domain. If an error occurs on the primary proxy server, the secondary proxy server is automatically connected to your bastion host.

Enterprise

Use the network domain feature

Network domains

New

Internal messages are supported to notify you of network domain errors.

Enterprise

Use the notification feature

Personalized desktops

New

Personalized desktops can be enabled when you configure O&M settings. Users can use Windows personalized desktops.

Basic and Enterprise

Configure O&M setting

Password reset upon next logon

New

When you create a local user, you are allowed to specify whether the user must reset the password upon the next logon.

Basic and Enterprise

Manage users

V3.2.20

Asset access by using proxies

New

Proxies can be used to access assets. SSH, SOCKS5, and HTTP proxies are supported.

Enterprise

2021-07-22

Use the network domain feature

Global configuration item for host fingerprint verification

New

A global configuration item is added to verify host fingerprints.

Basic and Enterprise

Configure O&M setting

Access control on logon accounts

Optimized

Access control on logon accounts is optimized. A switch is added to control whether empty accounts are visible.

Basic and Enterprise

Configure O&M setting

Backup and export of O&M logs

New

O&M logs can be backed up and exported.

Basic and Enterprise

Use the log backup feature

Internal messages

New

Internal messages are supported in the following scenarios:

  • Command approval and rejection

  • Password change

  • Storage alerts

  • Weekly O&M reports

  • Expired shared keys

Basic and Enterprise

Use the notification feature

Text messages for two-factor authentication

New

The mobile phone numbers in France (+33), Israel (+972), and Italy (+39) are supported by the two-factor authentication feature.

Basic and Enterprise

Which countries and regions support the text message-based two-factor authentication feature of Bastionhost?

V3.2.18

Export of the host list

New

The host list can be exported.

Basic and Enterprise

2021-04-21

Export the host list with a few clicks

Use the key management feature

New

The key management feature is released. This feature allows you to bind a key to multiple host accounts at a time.

Basic and Enterprise

Use the shared key feature

Marking of users

Optimized

Users can be marked as inactive based on the time range you specify.

Basic and Enterprise

None

Import of AD-authenticated or LDAP-authenticated users

Optimized

Keywords of usernames can be used to search for the AD-authenticated or LDAP-authenticated users that you want to import.

Basic and Enterprise

Manage users

Control policies

New

The access control feature is updated. You can specify time ranges to allow user access to a host.

Basic and Enterprise

Configure a control policy

Two-factor authentication

New

Emails can be used to receive verification codes during two-factor authentication. You can specify the number of days a user can skip the two-factor authentication after the user enters the correct verification code.

Basic and Enterprise

Enable two-factor authentication

Password validity period for local users

New

The password validity period of a local user can be configured.

Basic and Enterprise

Configure the parameters on the User Settings tab

V3.2.17

Password change tasks

New

A task can be created to change the passwords of different Linux host accounts at a time.

Enterprise

2021-03-15

Use the automatic password change feature

Clearance of the fingerprints on multiple hosts at a time

New

Fingerprints on multiple hosts can be cleared at a time.

Basic and Enterprise

Clear host fingerprints

Searching for hosts, host groups, users, and user groups

Optimized

  • Names can be used to search for hosts or host groups.

  • Names can be used to search for users or user groups.

Basic and Enterprise

None

Text messages for two-factor authentication

New

The mobile phone numbers in the Republic of Korea (+82), the Philippines (+63), Taiwan (China) (+886), Switzerland (+41), and Sweden (+46) are supported by the two-factor authentication feature.

Basic and Enterprise

Which countries and regions support the text message-based two-factor authentication feature of Bastionhost?

User logon prohibition

Iterated

The session interruption feature is released to prohibit users from accessing hosts.

Basic and Enterprise

Interrupt sessions

Adding users

New

A user validity period can be configured when you create a local user or import an AD-authenticated or LDAP-authenticated user.

Basic and Enterprise

Manage users

O&M reports

New

The O&M report feature is released. This feature allows you to export reports to Word, PDF, or HTML files.

Basic and Enterprise

View the O&M information on the O&M Reports page and export an O&M report

Extended storage plans for audit videos

Iterated

Extended storage plans can be purchased to store audit videos.

Basic and Enterprise

Purchase a bastion host

Host O&M by using a web terminal

New

O&M operations can be performed on hosts in the console of a bastion host by using a web terminal.

Enterprise

Perform O&M on hosts

Idle duration for O&M and total O&M duration

Iterated

Idle duration for O&M and total O&M duration can be configured.

Basic and Enterprise

Configure O&M setting

API operations

New

API operations are released to manage users, user groups, hosts, host groups, host accounts, and host authorization.

Basic and Enterprise

Hosts (available only for bastion hosts that run V3.2.17 and later versions)

Release notes in 2020

Version

Feature

Type

Description

Involved edition

Release date

References

V3.2.13

Release of Bastionhost Enterprise Edition

New

Bastionhost Enterprise Edition is released.

Basic and Enterprise

2020-11-16

Billing

Wizard

New

A wizard is provided to walk you through how to use Bastionhost. To use the wizard, you can click Wizard in the upper-right corner in the console of a bastion host.

Basic and Enterprise

None

Marking of released Elastic Compute Service (ECS) instances

Optimized

Released ECS instances can be marked.

Basic and Enterprise

None

User settings

New

User groups can be selected when you create a user.

Basic and Enterprise

Manage users

Text messages for two-factor authentication

New

The mobile phone numbers in Germany (+49), Australia (+61), the United States (+1), Dubai (+971), Japan (+81), the United Kingdom (+44), India (+91), and Macao (China) (+853) are supported by the two-factor authentication feature.

Basic and Enterprise

Which countries and regions support the text message-based two-factor authentication feature of Bastionhost?

Network diagnostics

New

The network diagnostics feature is released.

Basic and Enterprise

Diagnose network issues