Updated on 2024-06-28 GMT+08:00

Edition Differences

Currently, CBH provides standard and professional editions. The standard edition provides the following asset specifications: 10, 20, 50, 100, 200, 500, 1,000, 2,000, 5,000, and 10,000. The professional edition provides the following asset specifications: 10, 20, 50, 100, 200, 500, 1,000, 2,000, 5,000, and 10,000.

For more details, see What Are Editions Available in CBH?

Differences on Specifications

CBH provides the following asset specifications: 10, 20, 50, 100, 200, 500, 1,000, 2,000, 5,000, and 10,0000. For details about specifications, see Table 1 Configuration of different specifications.

Table 1 Configuration of different specifications

Asset Quantity

Max. Concurrent Connections

CPUs

Memory

System Disk

Data Disk

10

10

4 cores

8 GB

100 GB

200 GB

20

20

4 cores

8 GB

100 GB

200 GB

50

50

4 cores

8 GB

100 GB

500 GB

100

100

4 cores

8 GB

100 GB

1000 GB

200

200

4 cores

8 GB

100 GB

1000 GB

500

500

8 cores

16 GB

100 GB

2,000 GB

1,000

1,000

8 cores

16 GB

100 GB

2,000 GB

2,000

1,500

8 cores

16 GB

100 GB

2,000 GB

5,000

2,000

16 cores

32 GB

100 GB

3,000 GB

10,000

2,000

16 cores

32 GB

100 GB

4,000 GB

The number of concurrent connections in Table 1 includes only connections established by O&M clients that use character-based protocols (such as SSH or MySQL client). Connections established by O&M clients that use graphic-based protocols (such as H5 web and RDP client) is not included, which is only one third of this number.

Edition Difference

Both editions provide identity authentication, permission control, account management, and operation audit. Apart from those functions, the enhanced edition also provides automatic O&M and database O&M audit.

For details about functions supported by different editions, see Table 2 Functions of different editions.

Table 2 Functions of different editions

Function

Description

Standard edition

Professional edition

Identity authentication

Two-factor authentication for user accounts

CBH allows you to configure multi-factor authentication, such as mobile phone one-time passwords (OTPs), mobile phone SMS messages, USB keys, and dynamic OTP tokens to authenticate user identities.

Supported

Supported

Remote authentication for user accounts

CBH also allows you to authenticate user identities through AD, RADIUS, LDAP, Azure AD, and SAML remote authentication.

Supported

Supported

Permission control

System access permission

CBH allows you to configure department- and role-based permission control so that you can allow a specific system user to access a specific module in a given CBH system.

Supported

Supported

Resource access permission

CBH allows you to configure resource access control policies based on users, user groups, managed accounts, and account groups to limit what resources can be assessed. You can also configure two-person authorization policies and command control policies to limit what operations are allowed on a certain resource.

Supported

Supported

Two-person authorization

CBH allows you to configure two- or multi-person authorization for core sensitive resources.

Supported

Supported

Character command interception

CBH allows you to configure command control policies to dynamically authorize key operations on character protocol resources.

Supported

Supported

Database command interception

CBH allows you to configure database control policies to precisely restrict and re-review sensitive and risky database operations.

NOTE:

This function applies to cloud databases as well as self-built databases.

Not supported

Supported

Account management

User lifecycle management

  • CBH allows you to create a single user account, import user accounts in batches, manage user accounts in batches, and manage user groups.

Supported

Supported

Resource account lifecycle management

  • CBH allows you to add resources and their accounts one by one or in batches, and classify added accounts into different groups for management.

Supported

Supported

Host resource management

  • CBH allows you to manage Linux or Windows hosts with the SSH, RDP, VNC, Telnet, FTP, SFTP, DB2, MySQL, SQL Server, Oracle, SCP, or Rlogin protocol configured.

Supported

Supported

Application resource management

  • If you set Server type to Windows:

    By default, 14 types are supported, including MySQL Tool, Microsoft Edge, Mozilla Firefox (for Windows servers), Oracle Tool, Google Chrome, VNC Client, SQL Server Tool, SecBrowser, vSphere Client, Radmin, dbisql, Navicat for MySQL, Navicat for PostgreSQL and Other.

  • If you set Server type to Linux:

    Supported types: DM Tool, KingbaseES Tool, Mozilla Firefox for Linux, and GBaseDataStudio for GBase8a.

Supported

Supported

Database resource management

  • CBH allows you to manage DB2, MySQL, SQL Server, and Oracle databases.

Not supported

Supported

Automatic password change for managed accounts

  • CBH allows you to configure password change policies to let the system periodically change passwords of managed accounts.

Supported

Supported

Automatic synchronization of managed resource accounts

  • CBH allows you to configure account synchronization policies to let the system detect zombie accounts or unmanaged accounts in a timely manner.

Not supported

Supported

Operation audit

System login and operation logging

  • CBH allows you to export system logs, generate system reports, and configure alarm notifications.

Supported

Supported

Resource O&M audit

  • CBH allows you to audit the entire O&M process through multiple audit methods, such as monitoring on-going sessions, generating videos for history sessions, exporting text reports, and remote log backup.

Supported

Supported

Database operation audit

  • CBH allows you to audit the entire database O&M process based on operation commands.

Not supported

Supported

Efficient O&M

One-stop web browser O&M

  • CBH allows you to remotely log in to resources without having to install a client with integrated functions, such as batch login, collaborative session, file transfer, and command group sending.

Supported

Supported

Third-party client O&M

  • CBH can interconnect with multiple O&M tools with just a few clicks, including SSH, FTP, and SFTP client.

Supported

Supported

Database O&M

  • CBH allows you to log in to the target databases using the single sign-on (SSO) tool with just a few clicks.

Not supported

Supported

Automatic O&M

  • CBH allows you to manage scripts online and let the system periodically execute preset O&M tasks.

Not supported

Supported

Ticket application

Access and command authorization ticket application

  • CBH allows you to obtain the resource control permissions by manually or automatically triggering a system ticket and submitting the ticket to the system administrator for approval.

Supported

Supported

Database authorization ticket application

  • CBH automatically generates an authorization ticket for each sensitive operation from a system user. The system user then needs to submit the ticket to the administrator for approval. The sensitive operation can be resumed only after the application is approved.

Not supported

Supported