Help Center/ Cloud Bastion Host/ Service Overview/ Restrictions on Using CBH
Updated on 2023-04-11 GMT+08:00

Restrictions on Using CBH

To improve the stability and security of the CBH system, there are some restrictions on the use of CBH instances and their mapped CBH systems.

Network Access Restrictions

  • Cross-region resource management is not supported.

    A CBH instance and resources (such as ECSs and cloud databases) managed in the mapped CBH system must be in the same region.

    Although some services such as Cloud Connect (CC) and Virtual Private Network (VPN) can be used to establish VPCs in different regions, using CBH to manage resources across regions is still not recommended because the cross-region network is less stable.

  • Cross-VPC resource management is not supported.

    A CBH instance and resources (such as ECSs and cloud databases) managed in the mapped CBH system must be in the same VPC so that the CBH system can communicate the managed resources directly.

    If they are in different VPCs, use a VPC peering connection to connect two VPCs.

  • Communication between the CBH instance security group and managed resource security group must be allowed.

    The managed resources must be accessible through the security group to which the CBH instance belongs, and the security group to which the resources belong must allow access from the private IP address of the CBH instance.

    If a CBH instance and its managed resources belong to different security groups, no communication between them is established by default. To establish a connection, add an inbound rule to the CBH instance security group.

    The default ports of the security group are ports 443 and 2222, which can be accessed through the web browser and SSH client by default. To use other access methods, manually add the destination port.

  • A CBH system can be logged in only through IP address and port number.

Supported Resources

You can use CBH to manage servers you purchased on other clouds and on-premises servers as long as they can communicate with CBH through protocols supported by CBH and these servers.

  • Supported host types

    CBH allows you to manage Linux or Windows hosts with the SSH, RDP, VNC, Telnet, FTP, SFTP, SCP, or Rlogin protocol configured.

  • Supported database types
    • Relational Database Service (RDS) DB instances
    • Databases on Elastic Cloud Servers (ECSs)
  • Supported database versions
    Table 1 Supported database versions

    Database Engine

    Engine Version

    MySQL

    MySQL 5.5, 5.6, 5.7, and 8.0

    Microsoft SQL Server

    2017

    Oracle

    Oracle 10g, 11g, and 12c

    DB2

    DB2 Express-C

    PostgreSQL

    Not supported

  • Supported application server types and versions
    Only applications on Windows servers and Linux servers can be managed. Table 2 lists the supported operating system versions.
    Table 2 Supported application server types and versions

    OS Type

    Version

    Windows

    Windows Server 2008 R2 or later

    Linux

    CentOS7.9

    Currently, application O&M is available only on the x86 CBH instances.

Supported Third-Party Clients

To perform secure O&M management through CBH, use a third-party client to log in to the CBH system.

Table 3 Clients and versions supported for logging in to the CBH system

Login Type

Supported Client

Version

Logging in to a CBH system from a web browser

Edge

Microsoft Edge 44 or later

NOTE:

When you use Microsoft Edge, the maximum size of a file that can be uploaded to a host is 4 GB.

Google Chrome

Google Chrome 52.0 or later

Safari

Safari 10 or later

Mozilla Firefox

Mozilla Firefox 50.0 or later

Login using an SSH client

SecureCRT

SecureCRT 8.0 or later

Xshell

Xshell 5 or later

Mac Terminal

Mac Terminal 2.0 or later

Table 4 Clients that can be invoked during operation

Operation Method

Resource Protocol Type/Application Type

Supported Client

Database operation

(in the Host Operation module)

MySQL

Navicat 11, 12, 15, and 16

MySQL Administrator 1.2.17

MySQL CMD

SQL Server

Navicat 11, 12, 15, and 16

SSMS 17.6

Oracle

Toad for Oracle 11.0, 12.1, 12.8, and 13.2

Navicat 11, 12, 15, and 16

PL/SQL Developer 11.0.5.1790

DB2

DB2 CMD command line 11.1.0

File Transfer

SFTP

Xftp, WinSCP, and FlashFXP

FTP

Xftp, WinSCP, FlashFXP, and FileZilla

Application operation

MySQL Tool

MySQL Administrator

Oracle Tool

PL/SQL Developer

SQL Server Tool

SSMS

dbisql

dbisql

Google Chrome

Google Chrome

Edge

Edge

Mozilla Firefox

Mozilla Firefox

VNC Client

VNC Viewer

SecBrowser

SecBrowser

VSphere Client

VSphere Client

Radmin

Radmin

Other Constraints

  • The maximum number of resources that can be managed by CBH cannot exceed the number of assets allowed by the instance edition.
  • The maximum number of resources that can be concurrently logged in to through CBH cannot exceed the number of concurrent requests allowed by the CBH instance edition.

The number of assets refers to the number of resources running on a cloud host managed by CBH. One cloud host may have multiple resources, including protocols and applications running on it.

The number of concurrent requests indicates the number of connections established between a managed hosts and the CBH system over all protocols at the same time.

For more details, see Basic Concepts.