Cloud Bastion Host

Cloud Bastion Host is a tool for managing and auditing O&M permissions and behaviors of cloud servers, cloud databases, network devices, and more. It facilitates violation prevention and audit of the O&M process, and addresses issues occur during cloud operations including account reuse, data leakage, unclear permissions or process.
  • Product Advantages
  • Features
  • Scenarios

Product Advantages

Comprehensive O&M protocols

Supports diverse O&M access protocols including character-oriented protocols, graphics protocols, file transfer protocols, and database access.

Meticulous audit

Supports the audit of both character-oriented protocol and file transfer protocol, and the correlation searching and playback of command audit and video audit.

Rigorous control

Supports command restrictions and review, O&M account IP restrictions, MAC restrictions, and more, to ensure a standard O&M process.

Easy to use

Provides various features to ensure the automation and agility of the O&M process, for example, a C/S client is provided to avoid the tedious installation and debugging steps.

Features
Account Management Account management includes cloud bastion host O&M account and O&M asset account. The O&M account supports identity verification and lifecycle management, and the O&M asset account supports centralized management and password changing. All asset accounts are associated with the main account to ensure the consistency of all O&M behavior audit records.
Unified Authentication Login authentication is the primary and most important part of the whole operation and maintenance process. Cloud bastion host provides two-factor authentication to ensure login security. Single sign-on (SSO) is also supported so that O&M staff can access the assets after authentication without entering the account and password again.
Centralized Authorization Through centralized and unified access control and fine-grained command-level authorization policy, CBH ensures that each O&M user has the appropriate permissions required to complete their task. Separated controls of the access policy, command policy, restriction based on the time period and IP segment, and protocol function are supported.
Resource Management Supports user asset management, including basic information entry, asset import and export, asset movement, and more. You will also be able to add asset service name, service type, port, and code, and configure the password policy to manage the asset password regularly.
Behavior Audit Monitors operations in real time, so that all session connections remotely accessing the target server session connection can be monitored. The review of special command execution can automatically detect events like unauthorized access or operation.
Audit Reports Our audit report function comes equipped with built-in security audit report templates that can meet different audit requirements, and supports automatic or manual generation of O&M reports, making it easy for administrators to analyze O&M compliance. Reports in html or csv formats can be exported, or you can customize your own audit reports.

Scenarios

< >
  • Enterprise O&M Accounts Management
  • Excessive Permission Scope
  • Operation Supervision
Applicable Scenario
  • In enterprise O&M, one staff is usually in charge of several servers and systems, and needs to switch between multiple server systems and manage different accounts and passwords. This may lead to lower efficiency and more mistakes, or even affect the service of the IT system.
Issues to Address
  • Account Management
  • You will be able to use CBH O&M accounts, which support identity verification and lifecycle management, and O&M asset accounts, which support centralized management and password changing.
  • Resource Management
  • Supports user asset management, service management, sub-account management, and sub-account password management.