- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
-
Instances
- Permissions Management
- Assigning Permissions Using IAM
- Creating a CBH Instance
- Checking Instance Details
- Resetting the Login Method for User admin
- Resetting the Password of User Admin
- Upgrading the CBH System Version
- Starting a CBH Instance
- Stopping a CBH Instance
- Restarting a CBH Instance
- Changing a VPC for a CBH Instance
- Changing Security Groups
- Binding an EIP to a CBH Instance
- Unbinding an EIP from a CBH Instance
- Allowing Access to Cloud Assets
- Managing Tags
- Key CBH Instance Operations Recorded by CTS
-
Logging In to the CBH System
- Overview
- Using a Web Browser to Log In to Your Bastion Host
- Using a Client to Log In to Your Bastion Host
- Configuring Multifactor Verification
-
Managing Login Security
- Configuring User Login Lockout
- Configuring the Login Password Policies
- Configuring Web Login Timeout and Authentication
- Updating a System Web Certificate
- Configuring the Mobile OTP Type
- Configuring the USB Key Vendor
- Configuring Policies to Disable Zombie Users (Available in V3.3.30.0 and Later Versions)
- Configuring the RDP Resource Client Proxy (Available in 3.3.26.0 and Later Versions)
- Enabling API Configuration (Included in V3.3.34.0 and Later Versions Only).
- Configuring Automatic Inspection (Available in V3.3.36.0 and Later)
- Configuring a Resource Account
- Configuring Client Login
- Configuring a User Expiration Reminder
- Configuring Session Limit
- Dashboard of the CBH System
- Department
- User
- Resource
- Policy
- Ticket
-
Operation
-
Host Operation
- Viewing the Host Resource List and Setting Resource Labels
- Logging In to Managed Resources Using a Web Browser for O&M
- Logging In to Resources Using an SSH Client for O&M
- Logging In to File Transfer Resources Using an FTP or SFTP Client
- Logging In to and Maintaining Database Resources Using an SSO Client
- Logging In to Hosts in Batches for O&M
- File Transmission
- Cooperation
- Enabling Forcible RDP Connections
- Application Operation
-
Host Operation
- Audit
- System Management
- Installing an Application Server
- Monitoring
-
Instances
- API Reference
- Best Practices
-
FAQs
-
Product Consulting
- What Are the Differences Between a CBH Instance and a CBH System?
- Which Security Hardening Measures Does CBH Provide?
- What Is the Number of Assets?
- What Is the Number of Concurrent Requests?
- Can I Use a CBH System to Centrally Manage My Cloud ERP or SAP Services?
- What Does Automatic O&M Include?
- How Do I Obtain an Enterprise Agreement Number?
- How Can I Configure Ports for a CBH Instance?
- Can CBH Manage Resources Under Multiple Subnets?
- Which Types of Databases Can I Manage in a CBH System?
- Regions and AZs
- About Purchase
- License
- About Backup, Specification Change, and Upgrade
-
About File Transfer
- What File Transfer Methods Can be Used in a CBH System?
- How Do I Use FTP/SFTP to Transfer Files to or From an SSH Host?
- How Do I Upload or Download Files When I Log In to Managed Hosts Using a Web Browser?
- What Is the Netdisk of a CBH System?
- How Do I Clear the Personal Net Disk Space?
- How Do I Configure File Management Permissions?
- Does CBH Check Security of Uploaded Files?
-
Billing, Renewals, and Unsubscriptions
- How Do I Renew a CBH Instance and Update the Mapped System Authorization?
- How Is CBH Billed?
- Can I Unsubscribe from a CBH Instance?
- How Is the CBH Instance Billed After I Change Specifications of the Instance?
- Will I Be Billed for Upgrading the CBH Software Version?
- How Do I Increase the CBH Instance Quota?
- How Do I Purchase a CBH Instance When the System Prompts that Resources Are Sold Out?
-
About CBH System Login
- Login Methods and Password Issues
-
Multifactor Verification
- How Can I Install an OTP Authentication Application on the Mobile Phone?
- Why Does the Mobile OTP Application Binding Operation Fail?
- How Do I Enable Mobile SMS Authentication For Logging In to the CBH System?
- How Do I Cancel Mobile SMS Authentication?
- How Can I Cancel Mobile OTP Authentication If No Mobile OTP Application is Bound to My Account?
- Why Does Login Fail When an Account That Has Mobile OTP Application Bound Is Used to Log In?
- Login Security Management
-
User, Resource, and Policy Configuration in a CBH System
- Users
-
Adding Resources to a CBH System
- How Do I Change the Password of a Managed Resource Account?
- How Do I Set a Sudo Privilege Escalation Account for the Managed Resource?
- How Do I Add a Label to Resources Managed in a CBH System?
- How Do I Import or Export Information of Host Resources in Batches?
- What Are the AK and SK of an Imported Host? How Can I Obtain Them?
- What Are the Statuses of a Managed Resource Account in a CBH System?
- Can I Share Labels of Managed Resources with Other System Users?
- Can I Manually Enter a Password to Log In to a Managed Resource Through the CBH System?
- Why Does the CBH System Fail to Identify Hosts Imported in Batches?
- How Do I Access Services Provided by the Intranet Through a CBH Instance?
- How Do I Add a Server with an IPv6 Address to a CBH Instance?
- What is an Empty Account?
- Policy Management
- System Configuration
-
Resources Managed in a CBH System
- Operation Management
-
O&M Operations
- What Login Methods Does CBH Provide?
- How Do I Create a Collaborative O&M Session?
- How Do I Use Resource Labels in the CBH System?
- How Do I Set the Resolution of the O&M Session Window When I Use a Web Browser for O&M?
- How Can I Use Shortcut Keys to Copy and Paste Text When a Web Browser Is Used for O&M?
- What Are the Shortcut Keys for O&M in CBH?
-
O&M Log Audit
- What Audit Logs Does CBH Provide?
- Can I Download Operation Recordings?
- Can I Delete CBH O&M Data for a Specific Day?
- Can I Back Up System Audit Logs to an OBS Bucket?
- How Long Can I Store Audit Logs in the CBH System?
- How Are Audit Logs in the CBH System Processed?
- Can I Audit User Operations If a User Logs In to Server A Through the CBH System and Then Logs In to Server B from Server A?
- Why Is the Playable Duration Shorter Than the Total Duration of a Session?
- Why Is There No Login Record in History Sessions While I Received a Resource Login Message?
-
Troubleshooting
-
CBH System Login Failures
- What Does a Login Exception Occur?
- Why Is the IP Address or MAC Address Blocked When I Log In to the CBH System?
- Why Am I Seeing Error Code 404 When I Log In to the CBH System?
- Why Am Seeing Error Code 499 When I Log In to the CBH System?
- What Are Possible Faults If I Log In to the CBH System as an Intranet User?
- Why Is a Host Inaccessible Through CBH?
- Why Does CBH Login Fail Through an ECS in a New VPC Connected with the VPC Where CBH Is via VPN or a VPC Peering Connection
-
CBH Managed Resource Login Failures
- Why Does an Exception Occur When I Log In to My Resources Managed in CBH?
- Why Am I Seeing Login Errors of Code: T_514 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: T_1006 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: C_515 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: C_519 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: C_769 When I Use a Web Browser for Resource O&M?
- Why Cannot I See the Accessible Resources in the Resource List?
- Why Does the Session Page Fail to Load When I Log In to the Managed Host Using a Web Browser?
- Why Is the Application Resource Inaccessible through CBH?
- Why Are Databases Managed in CBH Inaccessible with an SSO Tool?
- Why Does the Number of Concurrent Sessions Reach the Limit When I Use CBH to Log In to a Host Resource?
- Why a Black Block Is Displayed on the Mouse When the MSTSC Client Is Used to Access a Server Resource?
-
Maintenance Issues
- Why Does SMS Verification Code Fail to Send When I Log In to a CBH Instance?
- Why Am I Seeing a Message Indicating that the Number of Resources Has Reached the Limit When I Add a Resource to CBH?
- Why Does Verification of An Account for a Managed Host Fail?
- Why Am I Seeing Garbled Characters When I Open a System Data File?
- Why Does Login Timeout Frequently Occur During an O&M Session?
- Why Does the PL/SQL Client Display Garbled Characters During Application O&M?
- Why Is the Requested Session Denied After I Log In to a Managed Host?
- Why Does the CBH Traffic Bandwidth Exceed the Threshold?
- Why Text Cannot Be Copied When I Perform O&M Through a Web Browser?
- Which Types of Failures May Occur During the O&M?
- What Do I Do If an Exception Occurs When I Enter Chinese Characters Using WPS During the O&M of a Windows Server?
-
CBH System Login Failures
-
Product Consulting
- Videos
Show all
Function Overview
-
CBH Instances
-
CBH is a unified security management and control platform. It provides account, authorization, authentication, and audit management services that enable you to centrally manage cloud computing resources. You can manage CBH instances in the CBH console. Each CBH instance maps to an independent CBH system, and you can configure a CBH instance to deploy the CBH system. A CBH system environment is managed independently to ensure system security.
-
-
CBH System Login and Authentication
-
Login Methods
You can log in to your CBH system from a web browser, MSTSC client, or SSH client.
Web browser login: In this method, you can use the system management and resource O&M modules in CBH. This method is recommended for system user admin or administrators to manage the CBH system and assign O&M permissions.
SSH client login: You can manage resources without changing your SSH client habits. You can use an SSH client to log in directly to the CBH system for resource O&M.
MSTSC client login: With CBH, your current MSTSC-based O&M experience is still useful. You can use an MSTSC client to log in directly to the CBH system for resource O&M.
Authentication MethodsCBH uses multi-factor authentication and remote authentication technologies to enhance O&M security.
CBH authenticates users by mobile one-time passwords (OTPs), SMS messages, USB keys, and/or OTP tokens. This allows you to mitigate O&M risks caused by leaked credentials.
CBH interconnects with third-party authentication services or platforms for remote account authentication to prevent credential leakage, and to ensure secure O&M. Currently, Active Directory (AD), Remote Authentication Dial-In User Service (RADIUS), Lightweight Directory Access Protocol (LDAP), and Azure AD remote authentication are available. CBH allows you to synchronize users from the AD domain server without modifying the user directory structure
-
-
System Account Management
-
You can use CBH to centrally manage system users (system accounts you create using the admin user), resources, and accounts for managed resources. This helps you build a visible, controllable, and manageable O&M system for the entire lifecycle of system accounts.
-
-
Resource Management
-
CBH enables fine-grained permissions management so that you have complete control over access to the CBH system and managed resources.
-
-
O&M Audits
-
In a CBH system, each system user has a unique identifier. After a system user logs in to the CBH system, the CBH system logs their operations and monitors and audits their operations on managed resources based on the unique identifier so that any security events can be discovered and reported in real time.
Linux command audits: For command operations through character-oriented protocols (such as SSH and Telnet), CBH records the entire O&M process, parses commands, reproduces the commands used, and quickly locates and replays operations using keywords in input and output results.
Windows OS audits: For operations on terminals and applications through graphics-oriented protocols (such as RDP and VNC), CBH records all remote desktop operations, including keyboard actions, function key operations, mouse operations, window instructions, window switchover, and clipboard usage.
Database command audits: For command operations through database-oriented protocols (such as DB2, MySQL, Oracle, and SQL Server), CBH records the entire process from single sign-on (SSO) to database command operations, parses database operation instructions, and reproduces all operating instructions.
File transfer audits: For file transfer operations through file transfer protocols (such as FTP, SFTP, and SCP), CBH audits the entire file transfer process on web browsers or clients, and records the names and destination paths of transferred files.
OCR audits: CBH uses Optical Character Recognition (OCR) through protocols (such as RDP and VNC) to convert images generated for O&M operations into text files so that you can quickly audit images.
-
-
O&M Features
-
O&M Using a Web Browser
By leveraging HTML5 for remote logins, you can implement O&M operations, such as real-time operation monitoring and file uploading and downloading, without installing a client.
One-stop O&M: you can complete remote O&M anytime anywhere through Internet Explorer, Google Chrome, or Mozilla Firefox browsers on Windows, Linux, Android, and iOS operating systems without installing plug-ins.
Batch login: CBH allows you to log in to multiple authorized resources in just one click and manage them through the same browser window.
Collaborative session: CBH allows multiple O&M engineers to perform O&M through a shared O&M session. The user who initiates the O&M session can invite other O&M personnel or experts to join the on-going session to help out with troubleshooting. This greatly improves O&M efficiency when multiple O&M engineers work together.
File transmission: CBH uses the WSS-based file management technology so you can upload, download, and manage files online and share files with multiple hosts.
Command group-sending: You can execute an O&M command for a group of Linux servers at the same time. When a command is executed in a session window, the same operation is performed in all the session windows.
Third-party Client O&MCBH enables one-click interconnection with multiple O&M tools, enabling you to perform O&M without changing client usage habits.
O&M tools: SecureCRT, Xshell, Xftp, WinSCP, Navicat, and Toad for Oracle
SSH clients: For host resources with character-oriented protocols configured, you can log in to them through SSH clients.
Database clients: For database-deployed host resources, you can log in to databases using configured SSO tools.
File transfer clients: For host resources with file transfer protocols configured, you can log in to them through FTP, SFTP, or SCP clients.
Automatic O&MCBH enables automated O&M to simplify complex online operations, eliminating repetitive manual tasks and improving efficiency.
Script management: You can upload offline scripts to CBH for centralized management, including Shell and Python scripts.
O&M tasks: You can configure automated O&M tasks to let CBH automatically execute one or more preset O&M tasks, such as command execution, script execution, and file transfers.
-
-
CBH Ticket Management
-
During the O&M, if a CBH system user does not have the required permissions for a certain resource, they can submit a ticket to apply for them.
O&M PersonnelYou can manually or automatically trigger the ticket system and submit access approval tickets, command approval tickets, and database approval tickets.
You can submit, query, cancel, delete, and send reminders for approving tickets.
CBH System AdministratorsYou can customize approval processes, including multi-level approval processes.
You can approve one or more tickets at a time, as well as reject, cancel, query, and delete tickets.
-
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.