Features

System user accounts

CBH enables you to grant a unique account with specific permissions to each system user based on their responsibilities. This eliminates security risks resulting from the use of shared accounts, temporary accounts, or privilege escalation.

• Batch importing

  CBH enables you to synchronize users from a third-party server or import users in batches, eliminating the need to create users repeatedly.

• User groups

  CBH allows you to add users of the same type in a group and assign permissions by user group.

• Batch management

  CBH enables you to manage user accounts in batches, including deleting, enabling, and disabling user accounts, resetting user passwords, and modifying basic user configurations.

Managed resource accounts

With a CBH system, you can centrally manage accounts of resources managed in the CBH system through the entire account lifecycle, log in to managed resources by using SSO portal, and seamlessly switch between resource management and O&M.

• Resource types

  CBH supports management of a wide range of resource types, including host (such as Windows and Linux hosts), Windows application, and database (such as MySQL and Oracle) resources.

  • Host resources of the client-server architecture, including hosts configured with the Secure Shell (SSH), Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), Telnet, File Transfer Protocol (FTP), SSH File Transfer Protocol (SFTP), DB2, MySQL, SQL Server, Oracle, Secure Copy Protocol (SCP), or Rlogin protocol.
  • Application resources of the browser-server architecture or the client-server architecture, including more than 12 types of browser- and client-side Windows applications, such as Microsoft Edge, Google Chrome, and Oracle tools.
• Resource management
  • Batch importing

    CBH enables quick auto-discovery, synchronization, and batch importing of cloud resources, such as Elastic Cloud Server (ECS) and Relational Database Server (RDS) DB instances on the cloud for centralized O&M.

  • Account group management

    CBH manages resource accounts by group. By placing resource accounts of the same attribute in the same group, you can assign permissions on a group basis and let accounts inherit the permissions directly from the group to which they belong.

  • Password autofill

    CBH uses the Advanced Encryption Standard (AES) 256-bit encryption technology to encrypt managed resource accounts and uses the password auto-filling technology to encrypt shared accounts, preventing data leakage.

  • Automatic password change of managed resource accounts

    CBH supports password change policies so that you can periodically change account passwords to keep managed accounts secure.

  • Automatic synchronization of managed resource accounts

    CBH allows you to configure account synchronization policies so that you can periodically check and synchronize account information between the CBH system and the managed host resources. When you create, modify, or delete an account on a host, the same operation is performed in CBH.

  • Batch management

    CBH allows you to batch manage information and accounts of managed resources, including deleting a resource, adding a resource label, modifying resource information, verifying a managed account, and deleting a managed account.

CBH system access permission

You can assign permissions to a system user to log in to a CBH system and use different functional modules in the CBH system according to the user's responsibilities.

• System user roles

  CBH supports role-based and module-based permission management so that you can allow a system user to access specific functional modules based on the user's responsibilities.

  You can use default user roles or create custom roles by adding various functional modules.

• Departments

  CBH enables department-based system user management, allowing you to specify departments of different levels for each system user. There are no limits on the number of department levels.

• Login restrictions

  CBH controls system user logins from many dimensions, including login validity period, login duration, multi-factor verification, IP addresses, and MAC addresses.

Managed resource access permission

You can assign permissions for resources by user, user group, account, and account group.

• Access control

  You can control resource access by resource access validity period, access duration, and IP address. CBH also allows you to assign permissions to users for uploading and downloading files, transferring files, and using the clipboard. When an O&M initiates an O&M session, the watermark indicating their identity will be displayed in the background of the session window.

• Two-person authorization

  You can configure multi-level authorization for users, allowing them to access to a specific resource, and thereby safeguard sensitive and mission-critical resources.

• Command interception

  You can set command control policies or database control policies to forcibly block sensitive or high-risk operations on servers or databases, generate alarms, and review such operations. This gives you more control over key operations.

• Batch authorization

  You can grant permissions for multiple resources to multiple users by user group or account group.

O&M using a web browser

By leveraging HTML5 for remote logins, O&M engineers can implement O&M operations such as real-time operation monitoring and file uploading and downloading, without installing a client.

• One-stop O&M

  O&M engineers can complete remote O&M anytime anywhere through Microsoft Edge, Google Chrome, or Mozilla Firefox browsers on Windows, Linux, Android, and iOS operating systems without installing plug-ins.

• Batch login

  CBH supports one-click login to multiple authorized resources, enabling O&M engineers to manage the resources on the same tab page of a browser.

• Collaborative session

  Allows multiple O&M engineers to perform O&M through a shared O&M session. The user who initiates the O&M session can invite other O&M personnel or experts to join the on-going session and locate problems. This greatly improves O&M efficiency when multiple O&M engineers work together.

• File transmission

  CBH uses the WSS-based file management technology to upload, download, and manage files online, enabling file sharing among several hosts.

• Command group-sending

  CBH supports the group sending function for multiple Linux resources. With this function enabled, when a command is executed in a session window, the same operation is performed in other session windows.

Third-party client O&M

CBH enables one-click interconnection with multiple O&M tools, enabling you to perform O&M without changing client usage habits.

• O&M tools

  SecureCRT, Xshell, Xftp, WinSCP, Navicat, and Toad for Oracle

• SSH clients

  For host resources with character protocols configured, O&M engineers can log in to them through SSH clients.

• Database clients

  For database-deployed host resources, O&M engineers can log in to databases using configured SSO tools.

• File transfer clients

  For host resources with file transfer protocols configured, O&M engineers can log in to them through FTP or SFTP client.

Automatic O&M

CBH enables automated O&M to simplify online complex operations, eliminating repetitive manual effort and improving efficiency.

• Script management

  CBH manages offline scripts, including Shell and Python scripts.

• O&M tasks

  CBH automatically executes one or more preset O&M tasks, such as command execution, script execution, and file transfer tasks.