Efficient and Secure O&M
Bastionhost enables you to manage asset O&M permissions in a centralized manner, monitor all O&M operations, and reproduce O&M scenarios in real time to facilitate identity authentication, access control, and operation audit. You can use Bastionhost to troubleshoot issues, such as difficulties in the management of various assets, unclear responsibilities and authorities, and difficulties in the backtracking of O&M events.
Bastionhost provides a centralized portal to access server resources. Bastionhost provides single sign-on to allow O&M personnel to manage and maintain all server assets, facilitating centralized asset management.
Furthermore, Bastionhost supports password-free logon for asset O&M. It manages accounts and passwords in a centralized manner to simplify account management.
Bastionhost supports fine-grained user permission assignment to allow different users to perform operations based on the permissions assigned to them. This helps implement security and access control based on the principle of least privilege. In addition, unauthorized and high-risk operations are blocked to protect asset security.
Ease of Use
Bastionhost can manage both cloud and on-premises assets. It can synchronize ECS instances, RDS dedicated clusters, and RAM users under an Alibaba Cloud account. It can also synchronize AD and LDAP users with a few clicks.
Manages different accounts in a centralized manner. You can access a huge number of server resources at the backend with single sign-on to Bastionhost. This improves your O&M efficiency and helps you avoid risks, such as difficulties in remembering different resource access accounts and passwords and leak-prone password information that many people know.
Provides the two-factor authentication feature. This feature sends a one-time passcode or an SMS verification code during the user logon to verify the identity of the user. This prevents third parties from accessing assets with the accounts and passwords that they steal.
Assigns fine-grained permissions to user groups, such as the file upload, download, and creation permissions. This helps implement security and access control based on the principle of least privilege.
High-risk Command Blocking
Automatically blocks high-risk commands that are run to perform highly sensitive operations, such as deleting data (rm -rf /*) and formatting system disks. This helps prevent accidental operations that may cause serious consequences.
Audit and Backtracking
Provides visual audit records. Bastionhost records and broadcasts O&M sessions to reproduce the whole operation process. This helps efficiently collect evidence and track security events.
• Messy O&M entrance • Difficult management • Hard to identify who shall be liable for accidents that occur
• Unified entrance • Centralized management • Convenient O&M audit
Synchronize assets such as ECS instances for O&M.
Import user accounts such as RAM users for O&M.
Create an authorization connection between users and assets and create O&M rules.
Perform O&M on Assets
Use Bastionhost to perform O&M on assets.
Audit O&M operations in real time.
References: We recommend that you select the specifications based on a reasonable estimate of the maximum numbers of your assets and concurrent sessions. Bastion hosts of different specifications have the same features.
Assets: the number of server assets that Bastionhost can manage.
Concurrent Sessions: the number of O&M sessions that O&M personnel can initiate in Bastionhost. O&M sessions refer to SSH- and RDP-based remote connections. Assume 20 O&M personnel. Each of them initiates five sessions on average. A total of 100 concurrent sessions are created. This example is only for reference. The actual number of concurrent sessions must be calculated based on specific conditions.
Example: An enterprise has 50 assets and 100 concurrent sessions. Another enterprise has 80 assets and 50 concurrent sessions. The minimum specifications for both of these enterprises are 100 assets and 100 concurrent sessions.
|Assets||Concurrent Sessions||Internet Bandwidth (Mbit/s)||Price Per Month (USD)||Billing Cycle|
Supported billing cycles:
One month, three months, and six months
One year, two years, and three years
Upgraded Support For You
1 on 1 Presale Consultation, 24/7 Technical Support, Faster Response, and More Free Tickets.