Bastionhost

A unified, efficient, and secure platform that provides cloud-based O&M, access control, and operation audit.

Efficient and Secure O&M

Bastionhost enables you to manage asset O&M permissions in a centralized manner, monitor all O&M operations, and reproduce O&M scenarios in real time to facilitate identity authentication, access control, and operation audit. You can use Bastionhost to troubleshoot issues, such as difficulties in the management of various assets, unclear responsibilities and authorities, and difficulties in the backtracking of O&M events.

Efficient O&M

Bastionhost provides a centralized portal to access server resources. Bastionhost provides single sign-on to allow O&M personnel to manage and maintain all server assets, facilitating centralized asset management.
Furthermore, Bastionhost supports password-free logon for asset O&M. It manages accounts and passwords in a centralized manner to simplify account management.

Security Control

Bastionhost supports fine-grained user permission assignment to allow different users to perform operations based on the permissions assigned to them. This helps implement security and access control based on the principle of least privilege. In addition, unauthorized and high-risk operations are blocked to protect asset security.

Ease of Use

Bastionhost can manage both cloud and on-premises assets. It can synchronize ECS instances, RDS dedicated clusters, and RAM users under an Alibaba Cloud account. It can also synchronize AD and LDAP users with a few clicks.

New Version: HA Architecture + Elastic Bandwidth Package

Features

Centralized Management

Manages different accounts in a centralized manner. You can access a huge number of server resources at the backend with single sign-on to Bastionhost. This improves your O&M efficiency and helps you avoid risks, such as difficulties in remembering different resource access accounts and passwords and leak-prone password information that many people know.

Identity Authentication

Provides the two-factor authentication feature. This feature sends a one-time passcode or an SMS verification code during the user logon to verify the identity of the user. This prevents third parties from accessing assets with the accounts and passwords that they steal.

Permission Assignment

Assigns fine-grained permissions to user groups, such as the file upload, download, and creation permissions. This helps implement security and access control based on the principle of least privilege.

High-risk Command Blocking

Automatically blocks high-risk commands that are run to perform highly sensitive operations, such as deleting data (rm -rf /*) and formatting system disks. This helps prevent accidental operations that may cause serious consequences.

Audit and Backtracking

Provides visual audit records. Bastionhost records and broadcasts O&M sessions to reproduce the whole operation process. This helps efficiently collect evidence and track security events.

Without/With Bastionhost

• Messy O&M entrance • Difficult management • Hard to identify who shall be liable for accidents that occur

• Unified entrance • Centralized management • Convenient O&M audit

Product Launch - Alibaba Cloud Bastionhost for FinTech

View Now

Quick Start

1

Synchronize Assets

Synchronize assets such as ECS instances for O&M.
Learn More

2

Import Users

Import user accounts such as RAM users for O&M.
Learn More

3

Authorize Users

Create an authorization connection between users and assets and create O&M rules.
Learn More

4

Perform O&M on Assets

Use Bastionhost to perform O&M on assets.
Learn More

5

Audit Sessions

Audit O&M operations in real time.
Learn More

Scenarios

Pricing

References: We recommend that you select the specifications based on a reasonable estimate of the maximum numbers of your assets and concurrent sessions. Bastion hosts of different specifications have the same features.
Assets: the number of server assets that Bastionhost can manage.
Concurrent Sessions: the number of O&M sessions that O&M personnel can initiate in Bastionhost. O&M sessions refer to SSH- and RDP-based remote connections. Assume 20 O&M personnel. Each of them initiates five sessions on average. A total of 100 concurrent sessions are created. This example is only for reference. The actual number of concurrent sessions must be calculated based on specific conditions.
Example: An enterprise has 50 assets and 100 concurrent sessions. Another enterprise has 80 assets and 50 concurrent sessions. The minimum specifications for both of these enterprises are 100 assets and 100 concurrent sessions.

Assets Concurrent Sessions Internet Bandwidth (Mbit/s) Price Per Month (USD) Billing Cycle
50 50 8 400 Supported billing cycles:
One month, three months, and six months
One year, two years, and three years
100 100 600
200 100 700
500 500 16 1,100
1,000 1,000 1,500
2,000 1,000 1,800
5,000 2,000 32 2,300

Upgraded Support For You

1 on 1 Presale Consultation, 24/7 Technical Support, Faster Response, and More Tickets.

1 on 1 Presale Consultation

Consulting by experienced cloud experts.Learn More

24/7 Technical Support

Extended service time from 10 hours 5 days a week to 24/7. Learn More

6 Free Tickets per Quarter

The number of free tickets doubled from 3 to 6 per quarter. Learn More

Faster Response

Shorten after-sale response time from 36 hours to 18 hours. Learn More

Start Your Efficient and Secure O&M Channel Now

Learn More

Documentation