Overview

Bastionhost enables you to manage asset O&M permissions in a centralized manner, monitor all O&M operations, and reproduce O&M scenarios in real time to facilitate identity authentication, access control, and operation audit. You can use Bastionhost to troubleshoot issues, such as difficulties in the management of various assets, unclear responsibilities and authorities, and difficulties in the backtracking of O&M events.

• Efficient O&M Bastionhost provides a centralized portal to access server resources. Bastionhost provides single sign-on to allow O&M personnel to manage and maintain all server assets, facilitating centralized asset management. Furthermore, Bastionhost supports password-free logon for asset O&M. It manages accounts and passwords in a centralized manner to simplify account management.
• Security Control Bastionhost supports fine-grained user permission assignment to allow different users to perform operations based on the permissions assigned to them. This helps implement security and access control based on the principle of least privilege. In addition, unauthorized and high-risk operations are blocked to protect asset security.
• Ease of Use You can activate the service with a few clicks, dynamically upgrade service specifications, and manage assets in different environments such as data centers and heterogeneous clouds in a centralized manner. The service allows you to synchronize assets such as ECS instances and databases with a few clicks. It also supports different types of O&M users, including local users, RAM users, and AD-authenticated or LDAP-authenticated users.

Features

Centralized Management Manages different accounts in a centralized manner. You can access a huge number of server resources at the backend with single sign-on to Bastionhost. This improves your O&M efficiency and helps you avoid risks, such as difficulties in remembering different resource access accounts and passwords and leak-prone password information that many people know. Identity Authentication Provides the two-factor authentication feature. This feature sends a one-time passcode or an SMS verification code during the user logon to verify the identity of the user. This prevents third parties from accessing assets with the accounts and passwords that they steal. Permission Assignment Assigns fine-grained permissions to user groups, such as the file upload, download, and creation permissions. This helps implement security and access control based on the principle of least privilege. High-risk Command Blocking Automatically blocks high-risk commands that are run to perform highly sensitive operations, such as deleting data (rm -rf /*) and formatting system disks. This helps prevent accidental operations that may cause serious consequences. Audit and Backtracking Provides visual audit records. Bastionhost records and broadcasts O&M sessions to reproduce the whole operation process. This helps efficiently collect evidence and track security events.