System user accounts

CBH enables you to grant a unique account of certain permissions to an individual system user based on their duties to eliminate security risks resulted from use of shared accounts, temporary accounts, or privilege escalation.

• Batch importing

  CBH enables you to synchronize system users from a third-party server or import system users in batches, eliminating the need to create system users repeatedly.

• User groups

  CBH allows you to add users of the same type in a group and assign permissions by user group.

• Batch management

  CBH enables you to manage user accounts in batches, including deleting, enabling, and disabling user accounts, resetting user passwords, and modifying basic user configurations.

Managed resource accounts

With a CBH system, you can centrally manage accounts of resources managed in the CBH system through the entire account lifecycle, log in to managed resources by Single Sign-On (SSO) tool, and seamlessly switch over between resource management and O&M.

• Resource types

  CBH supports management of a wide range of resource types, including host (such as Windows and Linux hosts), Windows application, and database (such as MySQL and Oracle) resources.

  • Host resources of the client-server architecture, including hosts with the Secure Shell (SSH), Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), Telnet, File Transfer Protocol (FTP), SSH File Transfer Protocol (SFTP), DB2, MySQL, SQL Server, Oracle, Secure Copy Protocol (SCP), or Rlogin protocol configured.
  • Application resources of the browser-server architecture or the client-server architecture, including more than 12 types of browser- and client-side Windows applications, such as Internet Explorer, Google Chrome, and Oracle tools.
• Resource management
  • Batch importing

    CBH enables quick auto-discovery, synchronization, and bulk importing of cloud resources, such as Elastic Cloud Server (ECS) and Relational Database Server (RDS) DB instances on the cloud for centralized O&M.

  • Account group management

    CBH manages resource accounts by group. By placing resource accounts of the same attribute in the same group, you can assign permissions on a group basis and let accounts inherit such permissions directly from the group they belong to.

  • Password autofill

    CBH uses the Advanced Encryption Standard (AES) 256-bit encryption technology to encrypt managed resource accounts and uses the password auto-filling technology to encrypt shared accounts to prevent account leakage risks.

  • Automatic password change of managed resource accounts

    CBH supports password change policies so that you can periodically change account passwords to keep managed accounts secure.

  • Automatic synchronization of managed resource accounts

    CBH allows you to configure account synchronization policies so that you can periodically check and synchronize accounts information between the CBH system and the managed host resources, including creating, deleting, and modifying managed accounts. In this way, you can ensure that only healthy accounts are used.

  • Batch management

    CBH allows you to batch manage information and accounts of managed resources, including deleting a resource, adding a resource label, modifying resource information, verifying a managed account, and deleting a managed account.

CBH system access permission

You can assign permissions to a single system user to log in to a CBH system and use different functional modules in the CBH system according to their duties.

• System user roles

  CBH supports role-based and module-based permission management so that you can allow an individual system user to access specific functional modules based on their duties.

  You can use default user roles or customize diversified roles by adding different functional modules to them.

• Departments

  CBH enables department-based system user management so that you can specify departments of different levels for individual system users. There are no limits on the number of department levels.

• Login restrictions

  CBH controls system user logins from many dimensions, including login validity period, login duration, multi-factor verification, IP addresses, and MAC addresses.

Managed resource access permission

You can assign permissions for resources by user, user group, account, and account group.

• Access control

  You can control resource access by resource access validity period, access duration, and IP address. CBH also allows you to assign permissions to different system users for file uploading and downloading, file transfer, and clipboard. A watermark of authorized system user will be displayed on the O&M session.

• Two-person authorization

  You can configure multi-level authorization for different system users to access a specific resource, safeguarding sensitive and mission-critical resources.

• Command interception

  You can set command control policies or database control policies to forcibly block sensitive or high-risk operations on servers or databases, generate alarms, and review such operations. This enhances control over key operations.

• Batch authorization

  You can grant permissions for multiple resources to multiple system users by user group or account group.

O&M using a web browser

By leveraging HTML5 for remote logins, O&M engineers can implement O&M such as real-time operation monitoring and file uploading and downloading without having to install a client.

• One-stop O&M

  O&M engineers can complete remote O&M anytime anywhere through Internet Explorer, Google Chrome, or Mozilla Firefox browsers on Windows, Linux, Android, and iOS operating systems without having to install plug-ins.

• Batch login

  CBH supports one-click login to multiple authorized resources so that O&M engineers can manage those resources on the same tab page of a browser.

• Collaborative session

  Allows multiple participants to perform O&M through a shared O&M session. The user who initiates the O&M session can invite other O&M personnel or experts to join in the on-going session to locate problems together. This can greatly improve O&M efficiency when multiple O&M engineers work together.

• File transmission

  CBH uses the wss-based file management technology to upload, download, and manage files online, enabling file sharing among several hosts.

• Command group-sending

  CBH supports the group sending function for multiple Linux resources. With this function enabled, when a command is executed in a session window, the same operation is performed in other session windows.

Third-party client O&M

CBH enables one-click interconnection with multiple O&M tools so that you can perform O&M without having to change the original client usage habits.

• O&M tools

  SecureCRT, Xshell, Xftp, WinSCP, Navicat, and Toad for Oracle

• SSH clients

  For host resources with character protocols configured, O&M engineers can log in to them through SSH clients.

• Database clients

  For database-deployed host resources, O&M engineers can log in to databases using configured SSO tools.

• File transfer clients

  For host resources with file transfer protocols configured, O&M engineers can log in to them through FTP, SFTP, or SCP client.

Automatic O&M

CBH enables automated O&M to simplify online complex operations, eliminating repetitive manual workloads and improving efficiency.

• Script management

  CBH manages offline scripts, including Shell and Python scripts.

• O&M tasks

  CBH automatically executes one or more preset O&M tasks, such as command execution, script execution, and file transfer tasks.