Help Center> Cloud Bastion Host> User Guide> Resource> Adding Accounts of Managed Host or Application Resources into CBH
Updated on 2024-04-11 GMT+08:00
View PDF

Adding Accounts of Managed Host or Application Resources into CBH

A host or application resource may have multiple accounts configured. Each account of a managed host or application resource is considered as a managed resource account. You do not need to enter the username or password when you log in to a managed host using its managed resource accounts.

If no account is added for a host or application resource in the CBH system, the Empty account is generated by default. In this situation, when you log in to the host or application resource through CBH, a username and password is required.

This topic describes how to add a managed resource account after resources are managed in CBH.

Constraints

  • Automatic login accounts cannot be configured for Microsoft Edge application resources.
  • If the AD domain service is installed on the managed resources, the account to be added is Domain name\Host account username, for example, ad\administrator.

Prerequisites

  • You have the operation permissions for the Account module.
  • You have added host or application resources.

Adding an Account for a Resource

  1. Log in to the CBH system.
  2. Choose Resource > Account in the navigation pane.
  3. Click New. In the dialog box displayed, configure resource account attributes.

    Figure 1 New account of managed resources
    Table 1 Parameters for new managed resource accounts

    Parameter

    Description

    Resource

    Host or application resource to be related to the account.

    Logon Type

    Login mode. You can select Manual Login, Auto Login, or Sudo Login.

    • If you select Auto Login, Account and Password are mandatory.
    • If you select Manual Login, you can configure Account.
    • If you select CSMS Credentials Login, you can configure CSMS Credentials and Remarks.
    • Sudo Login is valid only for SSH hosts. If Sudo Login is selected, Switch From and Switch Command are mandatory.

    Accounts

    Account name of the managed resource. The value of Account must be unique in a CBH system and cannot be changed after it is created.

    If you select IS sudo, the account is identified as a sudo account for managing resources and has the password change permission.

    Password

    Password of the account being added

    By default, Verify is selected. After the account is added, the system automatically verifies the status of the account.
    • After the account is verified, the resource information is saved.
    • If the verification fails, modify the configuration as prompted.

      If the system prompts that the account verification times out, modify the resource configuration.

      If the system prompts that the account password is incorrect, return to the configuration window and change the account password.

    SSH Key

    Authentication method that can be configured for host resources using the SSH protocol.

    After the configuration, an SSH key is preferentially used to log in to a related host resource.

    Passphrase

    Private key corresponding to the SSH key configured for an SSH host.

    Switch From

    For an SSH host, select a configured account and set it to a sudo account.

    Switch command

    Switchover command for an SSH host, for example, su root.

    CSMS Credentials

    (This parameter is available only when login mode is CSMS credential login.) Select the CSMS credential to be managed.

    Description

    Brief description of the account.

  4. Click OK. The newly created account will be displayed in the account list.

Batch Importing Accounts of Managed Resources into CBH

To import application server from a file, the file must be in .csv, .xls, or .xlsx format.

  1. Log in to the CBH system.
  2. Choose Resource > Account in the navigation pane.
  3. Click Import in the upper right corner of the page.

    Figure 2 Import Account

  4. Click Download to download the template if no template is available locally.
  5. Enter the information of accounts according to the configuration requirements in the template file.

    Table 2 Template parameters

    Parameter

    Description

    Account

    (Mandatory) Enter the username of the managed resource account.

    Logon Type

    Method to log in to the resource.

    • This parameter can be set to Auto Login, Manual Login, or Sudo Login.

    IS Sudo

    Whether to set the account as a sudo account.

    • This parameter can be set to Yes or No.

    Password

    Password of the account for logging in to the resource.

    SSH Key

    Authentication method that can be configured for SSH hosts.

    After the configuration, an SSH key is preferentially used to log in to a related host resource.

    Passphrase

    Private key sequence mapped to the SSH key.

    Oracle Param

    This parameter is mandatory for Oracle hosts.

    • This parameter can be set to SERVICE_NAME or SID.
    • Separate multiple parameter values with commas (,).

    SERVICE_NAME or SID

    This parameter is mandatory for Oracle hosts.

    • Separate multiple parameter values with commas (,).

    Login Role

    This parameter is mandatory for Oracle hosts.

    • This parameter can be set to normal, sysdba, or sysoper.
    • Separate multiple parameter values with commas (,).

    Database Name

    This parameter is mandatory for the DB2 databases.

    • Select the database name or instance name.
    • Separate multiple parameter values with commas (,).

    Instance Name

    This parameter is mandatory for the DB2 databases.

    • Select the database name or instance name.
    • Separate multiple parameter values with commas (,).

    Switch From

    Sudo account of the host resource.

    Switch command

    The command to switch over between accounts.

    AD Domain

    For Radmin application resources, enter the AD domain address.

    Description

    Brief description of the managed resource account.

    Resource

    Enter the name of the resource that has been added to the host list or application list.

    IP address/domain name

    For associated host resources, enter the IP address or domain name of the host resource.

    Type

    (Mandatory) Enter the protocol type of the host resource or the application type of the application resource.

    • Supported host protocols: SSH, RDP, VNC, Telnet, FTP, SFTP, DB2, MySQL, SQL Server, Oracle, SCP, and Rlogin.
    • Application resource types:
      • Windows servers: MySQL Tool, Microsoft Edge, Mozilla Firefox for Windows, Oracle Tool, Google Chrome, VNC Client, SQL Server Tool, SecBrowser, vSphere Client, Radmin, dbisql, Navicat for MySQL, Navicat for PostgreSQL and Other.
      • Linux servers: DM Tool and Mozilla Firefox for Linux

    Port

    This parameter is mandatory for host resources. Enter the IP address or domain name of the host resource.

    Account Group

    The account group to which the managed resource account belongs.

    • A managed resource account can belong to multiple account groups in the same department. Use a comma (,) to separate every two account groups.
    • Only the account group that has been created in the CBH system can be entered.

  6. Click Upload and select the completed template.
  7. (Optional) Configure Override existing accounts, which is deselected by default.

    • Selected: A managed resource account will be overwritten by the one being imported if both accounts have the same name.
    • Deselected: A managed resource account will be skipped when the one being imported and the managed resource account have the same name.

  8. (Optional) Configure Verify Account, which is selected by default.

    • Selected: The account status is verified when it is imported.
    • Deselected, the account status will not be verified when it is imported.

  9. Click OK.
Parent topic: Resource