Version describe Bastion machine (basic version, enterprise dual-engine version) Unified operation and maintenance management and control of Alibaba Cloud, heterogeneous cloud and offline hybrid assets, providing one-stop operation and maintenance services, including the management of multiple types of assets such as Linux, Windows and databases. It also supports multiple operation and maintenance access methods such as C/S and B/S, and adopts dual-engine deployment to ensure high stability. Bastion machine (developer version, lightweight version) Provides convenient cloud operation and maintenance experience for Alibaba Cloud ECS assets, lightweight deployment, one-click operation and maintenance of multiple VPCs, deep integration of cloud assets, automatic synchronization of assets and credentials, and intelligent identification of privileged accounts.

Basic Edition, Enterprise Dual Engine Edition

Developer version, lightweight version

Version Scenes Bastion machine (basic version, enterprise dual-engine version) Basic version Suitable for the more professional operation and maintenance experience needs of small and medium-sized enterprise users (50~500 mixed assets), providing more fine-grained operation and maintenance management and control capabilities, such as client operation and maintenance, fine-grained operation and maintenance user access and behavior authorization, risk command automation Interception, high-risk command operation and maintenance approval, real-time operation and maintenance monitoring and blocking, users support RAM, AD or LDAP self-created user management and control, etc., which can meet the basic operation and maintenance security management and control needs of small and medium-sized enterprises. Enterprise Dual Engine Edition It is suitable for enterprises with high security requirements for operation and maintenance business or large business scale, such as government enterprises, finance, games, online education, information technology, etc. In addition to the basic operation and maintenance security capabilities, more sufficient performance and basic configuration of the basic version, the Enterprise Dual Engine Edition can also meet higher business operation and maintenance security requirements. The advantages are as follows: Database operation and maintenance scenarios: Supports operation and maintenance authorization management and control of RDS, self-built databases, and third-party databases, including MySQL, SQL Server, PostgreSQL, and Oracle. Hybrid operation and maintenance scenario: Unified operation and maintenance management and control of assets under offline IDC, other clouds and cross-accounts are realized through the network domain proxy model. High business stability guarantee: It adopts dual-engine architecture, active-active operation, and SLA can reach 99.95%. Other value-added capabilities: In terms of operation and maintenance, it provides Web operation and maintenance portal operation and maintenance, and in terms of asset management, it provides the ability to automatically change passwords of Linux assets, effectively improving password security. Bastion machine (developer version, lightweight version) Developer version It is suitable for individual developers or pure cloud customers of small enterprises (5 to 20 ECS or K8s assets). It has basic administrator unified operation and maintenance, operation and maintenance user access authorization management and control, operation and maintenance audit full recording and other capabilities, and provides Deeper cloud experience, lightweight deployment and activation, multi-VPC intranet access on the cloud, automatic identification of asset accounts, etc. Light version It is suitable for small pure cloud enterprise customers (5~20 ECS or K8s assets). In addition to the basic operation and maintenance requirements of the developer version, it also adds more common operation and management and control capabilities for enterprises, such as file transfer and audit capabilities. Administrators can control command operations for operation and maintenance users, automatically block high-risk commands to ensure operation and maintenance security, and have higher configuration specifications and performance such as 365-day log storage.

Function describe Free version Developer version Light version Basic version Enterprise Dual Engine Edition Architecture Adopt stable architecture deployment to ensure stable operation of business and monitoring. SaaS SaaS SaaS Cloud architecture Cloud dual-engine architecture Cross-domain operation and maintenance Manage assets of multiple VPCs in multiple regions through unified console operation and maintenance. Support intranet one-click access Support intranet one-click access Support self-built network mode Support self-built network mode and network domain proxy mode Privilege management Divide privileged and ordinary permission system accounts, and support quick authorization and management by category. Flexible expansion Supports asset number, storage and other specifications, and can be flexibly expanded according to demand. deploy Adaptable to international scenarios and can be deployed overseas. It supports real-time switching between Simplified Chinese, Traditional Chinese and English scenes, and is adapted to two-factor authentication of overseas mobile phone numbers. User and asset management Supports multi-role division of users. Users support RAM, AD, LDAP, Azure AD synchronization and batch file import. Supports Windows system and Linux system operation and maintenance; supports common operation and maintenance protocols: SSH, RDP. Supports operation, maintenance, control and auditing of MySQL, SQL Server, PostgreSQL, Oracle type RDS and self-built databases. Supports batch import of third-party assets. Supports one-click import of Alibaba Cloud assets. Supports Alibaba Cloud database dedicated clusters, cloud servers, IDC computer room offline servers and other application scenarios. Supports multi-regional SMS dynamic passwords and email two-factor authentication mechanisms. Supports mobile App dynamic password authentication to log in to the bastion host. Supports manual and regular encryption tasks for Linux servers. Operation and maintenance control Support client tools such as Mstsc, Xshell, SecureCRT, Putty, etc. to log into the bastion machine to access graphics or character devices and restore the consistency of the view interface. Use local WinSCP, Xftp, SecureFX and other SFTP client tools to log in to the bastion host for operation and maintenance. Operation and maintenance users can operate and maintain authorized assets on the Web through the operation and maintenance portal, and local users can also log in through OTP token authentication through the operation and maintenance portal. Supports direct operation and maintenance of the server via the Web. Supports real-time monitoring of operation and maintenance sessions and can block sessions. Support real-time monitoring Support real-time monitoring Supports the control of uploading or downloading of RDP pasteboard, disk mapping and other operations. Supports policy blocking and approval of key commands. Support command blocking Supports the control of file upload, download, deletion, renaming, folder creation, deletion and other operations during the operation and maintenance process. Operational audit Supports the recording of operation logs, and supports full audit recording and playback. Supports auditing of file transfers. Supports generating operation and maintenance reports. Reports support export in three formats: PDF, HTML, and WORD. interface Support OpenAPI interface call.