Function Overview
-
CBH Instances
-
CBH is a unified security management and control platform. It provides account, authorization, authentication, and audit management services that enable you to centrally manage cloud computing resources. You can manage CBH instances in the CBH console. Each CBH instance maps to an independent CBH system, and you can configure a CBH instance to deploy the CBH system. A CBH system environment is managed independently to ensure system security.
-
-
CBH System Login and Authentication
-
Login Methods
You can log in to your CBH system from a web browser, MSTSC client, or SSH client.
Web browser login: In this method, you can use the system management and resource O&M modules in CBH. This method is recommended for system user admin or administrators to manage the CBH system and assign O&M permissions.
SSH client login: You can manage resources without changing your SSH client habits. You can use an SSH client to log in directly to the CBH system for resource O&M.
MSTSC client login: With CBH, your current MSTSC-based O&M experience is still useful. You can use an MSTSC client to log in directly to the CBH system for resource O&M.
Authentication MethodsCBH uses multi-factor authentication and remote authentication technologies to enhance O&M security.
CBH authenticates users by mobile one-time passwords (OTPs), SMS messages, USB keys, and/or OTP tokens. This allows you to mitigate O&M risks caused by leaked credentials.
CBH interconnects with third-party authentication services or platforms for remote account authentication to prevent credential leakage, and to ensure secure O&M. Currently, Active Directory (AD), Remote Authentication Dial-In User Service (RADIUS), Lightweight Directory Access Protocol (LDAP), and Azure AD remote authentication are available. CBH allows you to synchronize users from the AD domain server without modifying the user directory structure
-
-
System Account Management
-
You can use CBH to centrally manage system users (system accounts you create using the admin user), resources, and accounts for managed resources. This helps you build a visible, controllable, and manageable O&M system for the entire lifecycle of system accounts.
-
-
Resource Management
-
CBH enables fine-grained permissions management so that you have complete control over access to the CBH system and managed resources.
-
-
O&M Audits
-
In a CBH system, each system user has a unique identifier. After a system user logs in to the CBH system, the CBH system logs their operations and monitors and audits their operations on managed resources based on the unique identifier so that any security events can be discovered and reported in real time.
Linux command audits: For command operations through character-oriented protocols (such as SSH and Telnet), CBH records the entire O&M process, parses commands, reproduces the commands used, and quickly locates and replays operations using keywords in input and output results.
Windows OS audits: For operations on terminals and applications through graphics-oriented protocols (such as RDP and VNC), CBH records all remote desktop operations, including keyboard actions, function key operations, mouse operations, window instructions, window switchover, and clipboard usage.
Database command audits: For command operations through database-oriented protocols (such as DB2, MySQL, Oracle, and SQL Server), CBH records the entire process from single sign-on (SSO) to database command operations, parses database operation instructions, and reproduces all operating instructions.
File transfer audits: For file transfer operations through file transfer protocols (such as FTP, SFTP, and SCP), CBH audits the entire file transfer process on web browsers or clients, and records the names and destination paths of transferred files.
OCR audits: CBH uses Optical Character Recognition (OCR) through protocols (such as RDP and VNC) to convert images generated for O&M operations into text files so that you can quickly audit images.
-
-
O&M Features
-
O&M Using a Web Browser
By leveraging HTML5 for remote logins, you can implement O&M operations, such as real-time operation monitoring and file uploading and downloading, without installing a client.
One-stop O&M: you can complete remote O&M anytime anywhere through Internet Explorer, Google Chrome, or Mozilla Firefox browsers on Windows, Linux, Android, and iOS operating systems without installing plug-ins.
Batch login: CBH allows you to log in to multiple authorized resources in just one click and manage them through the same browser window.
Collaborative session: CBH allows multiple O&M engineers to perform O&M through a shared O&M session. The user who initiates the O&M session can invite other O&M personnel or experts to join the on-going session to help out with troubleshooting. This greatly improves O&M efficiency when multiple O&M engineers work together.
File transmission: CBH uses the WSS-based file management technology so you can upload, download, and manage files online and share files with multiple hosts.
Command group-sending: You can execute an O&M command for a group of Linux servers at the same time. When a command is executed in a session window, the same operation is performed in all the session windows.
Third-party Client O&MCBH enables one-click interconnection with multiple O&M tools, enabling you to perform O&M without changing client usage habits.
O&M tools: SecureCRT, Xshell, Xftp, WinSCP, Navicat, and Toad for Oracle
SSH clients: For host resources with character-oriented protocols configured, you can log in to them through SSH clients.
Database clients: For database-deployed host resources, you can log in to databases using configured SSO tools.
File transfer clients: For host resources with file transfer protocols configured, you can log in to them through FTP, SFTP, or SCP clients.
Automatic O&MCBH enables automated O&M to simplify complex online operations, eliminating repetitive manual tasks and improving efficiency.
Script management: You can upload offline scripts to CBH for centralized management, including Shell and Python scripts.
O&M tasks: You can configure automated O&M tasks to let CBH automatically execute one or more preset O&M tasks, such as command execution, script execution, and file transfers.
-
-
CBH Ticket Management
-
During the O&M, if a CBH system user does not have the required permissions for a certain resource, they can submit a ticket to apply for them.
O&M PersonnelYou can manually or automatically trigger the ticket system and submit access approval tickets, command approval tickets, and database approval tickets.
You can submit, query, cancel, delete, and send reminders for approving tickets.
CBH System AdministratorsYou can customize approval processes, including multi-level approval processes.
You can approve one or more tickets at a time, as well as reject, cancel, query, and delete tickets.
-
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.