Managing Host or Database Resources with a Bastion Host

Constraints

• The total number of host and application resources to be added cannot exceed the number of assets.
• The combination of Protocol, Host Address, and Port must be unique in a bastion host system. This means the host resources to be managed must be unique. Otherwise, when you create a host resource with the same configuration, an error message will be displayed, indicating that the host resource already exists.
• To set Department to a superior department for a host resource, you must have management permissions for the Department module. For details about how to edit the role permissions of a user, see Editing Role Information.

Prerequisites

You have the operation permissions for the Host module.

Adding a Host or Database Resource

1. Log in to your bastion host.
2. Choose Resource > Host in the navigation pane on the left.
3. Click New in the upper right corner of the page.
   Enter the required network information and basic information of the host resource you want to add.

   Table 1 Parameters for adding a resource

   Parameter	Description
   Host Name	Custom name of the host resource. A host name must be unique in a bastion host.
   Protocol	Type of the protocol configured for the host. Supported protocols: SSH, RDP, VNC, Telnet, FTP, SFTP, SCP, and Rlogin
   Host Address	Host IP address that can be used to establish connection with your bastion host. Select the EIP or private IP address of the host. Private IP addresses are recommended. By default, the IPv4 address of the host is used. After an IPv6 address is enabled for a host, select either the IPv4 address or IPv6 address. NOTE: A private IP address on the same VPC network recommended. The network stability and proximity will affect the O&M activities through a bastion host. The external access port of the private IP address is not restricted by the network security (security group and ACL) policies. While the port for external access over an EIP is restricted by network security policies. So a managed host resource may become inaccessible over an EIP through the bastion host. So we recommend private IP addresses.
   Port	Port number of the host.
   OS Type	(Optional) Type of the host OS or device OS. The default value is empty. You need to select an OS type based on the type of the added resources. Multiple default OS types are provided. The system administrator admin can customize OS types. For details, see OS Types.
   Terminal Speed	If you select Rlogin for Protocol, you can select different terminal speed.
   Encode	If you select SSH or TELNET for Protocol, you can use Chinese O&M page. The options are UTF-8, Big5, and GB18030.
   Terminal Type	If you select SSH or TELNET for Protocol, you can specify the O&M terminal you want. You can select Linux or Xterm.
   Options	(Optional) Select File Manage, X11 forward, Uplink Clipboard, Keyboard Audit, and/or Downlink Clipboard. File Manage: This option is supported only by SSH, RDP, and VNC hosts. Clipboard: This option is supported only by SSH, RDP, and Telnet hosts. X11 forward: This option is supported only by SSH hosts. Keyboard Audit: Only RDP, VNC, and protocol hosts can be configured.
   Department Name	Department to which the host resource belongs.
   Label	(Optional) You can customize a label or select an existing one.
   Remarks	(Optional) Provides the description of the host resource.

4. Click Next and start to add resource accounts.

   Table 2 Parameters of managed host accounts

   Parameter	Description
   Add Account	When to add the account. The options are Rightnow and Afterward. If you select Rightnow, continue the configuration on the page to add the account immediately. If you select Afterward, no further configuration is required on the page. You can add the account information later in the resource list or on the resource details page.
   Login Type	Login method. You can select Auto Login, Manual Login, Sudo Login, or CSMS Credentials Login. If you select Auto Login, Account and Password are mandatory. If you select Manual Login, Account and Password are optional. If you select CSMS Credentials Login, make sure you have available credentials. If you select Sudo Login, a password is mandatory. NOTE: If you select the key pair automatic login mode, select Allow to change the SSH Key when creating a password rule, or manual password change may fail.
   Account	Account username of the managed host. NOTE: If the AD domain service is installed on the host, the added account is Domain name\Host account name, for example, ad\administrator.
   Password	Password of the account being added. By default, Verify is selected. After the account is added, the system automatically verifies the status of the account. NOTE: Verification succeeded. After the account is verified, the host resource information is saved. Verification failed If the system prompts that the account verification times out, return to the configuration window and modify the resource information. If the root account is used, ensure that the root login permission has been enabled on the host. If the system prompts that the account password is incorrect, return to the configuration window and change the account password.
   SSH Key	Authentication method that can be configured for host resources using the SSH protocol. After the configuration, an SSH key is preferentially used to log in to a related host resource.
   Passphrase	Private key sequence corresponding to the SSH key. This parameter is optional. You do not need to enter the password for logging in to the host when no private key password is generated. You need to enter the private key password each time you log in to the host when the private key password is generated.
   Description	Brief description of the account.

   

   If no accounts are configured for the managed hosts, account [Empty] is generated by default. When you log in to the managed host through a bastion host for operations, select [Empty] and enter the username and password of an account of the host.

5. Click OK. After the account is verified, you can then view the new host resource under the Host tab.

Automatically Discovering Host or Database Resources

With the Auto Discover function, you can use Nmap to scan for hosts in a specific IP address or IP address range.

Host resources can be automatically discovered only when the hosts and your bastion host are in the same VPC and the network connection is normal.

1. Log in to your bastion host.
2. Choose Resource > Host in the navigation pane on the left.
3. Click Auto Discover in the upper right corner of the page.
4. Enter the IP address and port number of host resources to be imported.

   The default ports are 21, 22, 23, 3389, and 5901. You can also add other ports or port ranges.

5. Click OK to start the auto discovery.
6. Select the host resources to be imported.
   • Enter a host name. If you do not enter the host name, the default host name is the IP address of the host.
   • A protocol type is set automatically for the host based on default port. If the host does not match the default port, manually select a protocol type.

7. Select the discovered hosts and click Add.

   Click Return or Close to return to the host resource list page and view the newly added host resources.

Cloning Host or Database Resources

If you want to add a host as many types of resources to your bastion host, you can add other types of host resources by just modifying configurations of a certain type you have added to CBH.

1. Log in to your bastion host.
2. Choose Resource > Host in the navigation pane on the left.
3. In the Operation column of an added host resource, choose More > Clone.
4. Modify information of the host resource and add accounts for the new host resource.

   To complete the host clone, modify at least one of the following parameters of the host resource you select: Protocol, Host Address, and Port.

5. Click OK. The host list page is displayed. You can check the new host resource on the displayed page.