Managing Application Servers Using a Bastion Host
You can use a bastion host to manage application resources and application accounts on Windows or Linux servers that support remote desktops. To do so, you only need to install clients and browsers on those servers.
After you obtain the permission for application resources, you can access client-based application resources and browser-based application resources via your bastion host. You do not have to manually enter usernames and passwords as the credentials are automatically filled in. A bastion host also records all operations by video. In this way, remote application accounts security is under control, and remote application operations can be auditable.
You can use a bastion host to manage a wide range of application resources, such as Google Chrome, Microsoft Edge, Mozilla Firefox, SecBrowser, Oracle Tool, MySQL, SQL Server Tool, dbisql, VNC Client, vSphere Client and Radmin.
This topic describes how to use a bastion host to centrally manage application resources. This topic covers how to add an application server, import an application server from a file, add an application resource, and import application resources from a file to a bastion host.
Constraints
- The total number of host and application resources to be added cannot exceed the number of assets.
- For Windows servers, only applications running on Windows Server 2008 R2 or later can be managed.
- For Linux servers, only applications running on Linux CentOS 7.9 servers can be managed.
- Only the Mozilla Firefox browser applications and Dameng data management tool V8 can be invoked for Linux servers.
- Port 2376 and ports 35000 to 40000 must be enabled between a Linux server and the bastion host. The port cannot be changed once it is enabled.
- Contact Huawei Cloud technical support to obtain the password for logging in to a Linux server.
- Before you add an application resource, ensure that an application server has been added.
- Automatic login accounts cannot be configured for Microsoft Edge application resources.
Prerequisites
- You have all resources ready, such as Windows servers, Linux servers, images, enterprise authorization codes, and client licenses, for deploying an application publishing server.
- You have installed the application server. For more details, see Installing Application Publish Server.
- You have obtained the permission to manage the AppServer and Application tabs under the Application Publish module.
Adding an Application Server
- Log in to your bastion host.
- Choose Resource > Application > AppServer.
- Click New. In the displayed New AppServer dialog box, complete required parameters.
Figure 1 New AppServer
- Click OK.
Importing Application Servers from a File
To import application server from a file, the file must be in .csv, .xls, or .xlsx format.
- Log in to your bastion host.
- Choose Resource > Application > AppServer.
- Click Import in the upper right corner of the page.
Figure 2 Import App Server
- Click Download to download the template if no template is available locally.
- Enter the configuration information of application servers to be imported according to the configuration requirements in the template file.
- Click Upload and select the completed template.
- (Optional) Configure Override existing appservers. This option is deselected by default.
- If you select this option, an existing application server information will be overwritten by the one being imported when both application servers have the same name.
- If you deselect this option, an existing application server information will be skipped when the one being imported and the existing one have the same name.
- Click OK.
Adding an Application Resource
- Log in to your bastion host.
- Choose Resource > Application > Application.
- Click New. In the displayed New application dialog box, complete required parameters.
Figure 3 New application
Table 2 Parameters for adding a new application resource Parameter
Description
App Name
Specifies the name of an application resource to be added. The App Name of an application resource must be unique in a bastion host.
NOTE:The application name must be unique in a bastion host. This means it cannot be the same as the name of any managed hosts or other application resources.
AppServer
Select a created application publishing server.
Department Name
Specifies the department of the application.
APP Address
(Optional) Specifies the address of the application. The value can be an IP address or domain name.
- If the application is released as a browser, enter the URL of the web page. If the address has a corresponding port, enter the address in the format of URL:Port number.
- If the application is released as a database or client, enter the address of the database server.
APP Port
(Optional) Enter the application access port.
- If the application is released as a database or client, enter the database access port.
- Leave this parameter blank if the application is released in other formats except databases.
Param
(Optional) Set application parameters.
- Enter the database instance name if the application is released as a database.
- Leave this parameter blank if the application is released in other formats except databases.
Options
(Optional) Select File Manage, Uplink Clipboard, Keyboard Audit, and/or Downlink Clipboard.
Label
(Optional) You can customize a label or select an existing one.
Remarks
(Optional) Provides the description of the application resource.
- Click Next.
Table 3 Parameters for adding accounts for an application resource Parameter
Description
Add Account
- If you select Rightnow, configure Logon Type and then Account.
- If you select Afterward, no further configuration is required on the page. You can add the account information later in the resource list or on the resource details page.
In this situation, when you click OK, account [Empty] is automatically created. Only one [Empty] account is created for an application resource.
Logon Type
- If you select Auto Login, Account and Password must be provided.
- If you select Manual Login, Account and Password are optional.
If no application account is set, the [Empty] account is automatically created.
Account
Account to access the application
Password
Password of the application account
AD Domain
For Radmin application resources, enter the AD domain server address.
Description
Brief description of the account.
When logging in to a managed host using [Empty], manually enter the application account username and password.
- Click OK.
Importing Application Resources from a File
To import application server from a file, the file must be in .csv, .xls, or .xlsx format.
- Log in to your bastion host.
- Choose Resource > Application > Application.
- Click Import in the upper right corner of the page.
Figure 4 Import application
- Click Download next to Download template.
- Enter the configuration information of application resources to be imported according to the configuration requirements in the template file.
- Click Upload and select the completed template.
- (Optional) Configure Override existing apps. This option is deselected by default.
- Selected: A managed application resource will be overwritten by the one being imported if both application resources have the same name.
- Deselected: A managed application resource will be skipped when the managed one and the one being imported have the same name.
- Click OK.
Batch Exporting Application Server List
Click in the upper right corner of the list to export all data in the list.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.