Cloud Bastion Host
Cloud Bastion Host
- What's New
- Function Overview
- Service Overview
-
Billing
- Overview
- Billing Modes
- Billing Items
- Billing Examples
- Renewing Your Subscription
- About Bills
- About Arrears
- Billing Termination
- Cost Management
-
Billing FAQs
- How Do I Renew a CBH Instance and Update the Mapped System Authorization?
- How Is CBH Billed?
- Can I Unsubscribe from a CBH Instance?
- How Is a CBH Instance Billed After I Change Specifications of the Instance?
- Will I Be Billed for Upgrading the CBH Software Version?
- How Do I Increase the CBH Instance Quota?
- Getting Started
-
User Guide
- Creating a User and Granting Permissions for CBH Instances to It
- Buying a CBH Instance
- Allowing Access to Cloud Assets
-
Managing Instances
- Checking Instance Details
- Changing Specifications of a CBH Instance
- Increasing Instance Storage
- Resetting the Login Method for User admin
- Resetting the Password of User admin
- Changing an Instance from Single-Node to Primary/Standby Deployment
- Upgrading the Instance Version
- Starting a CBH Instance
- Stopping a CBH Instance
- Restarting a CBH Instance
- Changing a VPC for a CBH Instance
- Changing Security Groups
- Binding an EIP to a CBH Instance
- Unbinding an EIP from a CBH Instance
- Managing Tags
- Resource Management
- Renewing a CBH Instance
- Release
- Key CBH Instance Operations Recorded by CTS
- Logging In to a Bastion Host Instance
- User and Resource Account
- Resource
- Policy
-
Resource Operation
-
Host Resource Operation
- Viewing the Host Resource List and Setting Resource Labels
- Logging In to Managed Resources Using a Web Browser for O&M
- Logging In to Resources Using an SSH Client for O&M
- Logging In to File Transfer Resources Using an FTP or SFTP Client
- Logging In to and Maintaining Database Resources Using an SSO Client
- Logging In to Hosts in Batches for O&M
- File Transmission
- Cooperation
- Enabling Forcible RDP Connections
- Application Resource Operation
- Cloud Service Operation
- Operation Script Management
- Fast Operation
- OM Task
-
Host Resource Operation
- Ticket
- Audit
- Authentication Configuration
-
Login Security Configuration
- Configuring User Login Lockout
- Configuring the Login Password Policies
- Configuring Web Login Timeout and Authentication
- Updating a System Web Certificate
- Configuring the Mobile OTP Type
- Configuring the USB Key Vendor
- Configuring Policies to Disable Certain Users (Available in V3.3.30.0 and Later)
- Configuring the RDP Resource Client Proxy (Available in 3.3.26.0 and Later Versions)
- Enabling API Configuration (Included in V3.3.34.0 and Later Versions Only).
- Configuring Automatic Inspection (Available in V3.3.36.0 and Later)
- Configuring a Resource Account
- Configuring Client Login
- Configuring a User Expiration Reminder
- Configuring Session Limit
- Instance Configuration
- Basic Instance Information Management
- Department Management
- Maintenance Management
- Installing an Application Server
- Permissions Management
- Monitoring
- Sharing
-
Best Practices
- Change CBH Instance Specifications
- Secondary Authorization for High-Risk Database Operations
- CBH for DJCP (or MLPS)
- Cross-Cloud, Cross-VPC O&M for Resources On and Off the Cloud
- How Can We Use CBH to Locate Incident Causes?
-
API Reference
- Before You Start
- Calling APIs
-
API Description
- Querying AZs
- Quota Management
- Specifications Management
-
Operation Management
- Obtaining the CBH Instance List
- Obtaining the Status of a CBH Instance
- Starting a CBH Instance
- Stopping a CBH Instance
- Restarting a CBH Instance
- Upgrading a CBH Instance
- Log In to a CBH Instance Console as an IAM User
- Resetting the admin Password of a CBH Instance
- Resetting the Login Mode for User Admin for a CBH Instance
- Obtaining an O&M URL
- Deleting a Faulty CBH Instance
- Changing a CBH Instance
- Rolling Back a CBH Instance
- Logging In to a CBH Instance Console as User admin
- Changing the Type of a Single-Node CBH Instance
- Lifecycle Management
- Network Management
- Agency Authorization
- Label Management
- Appendixes
-
FAQs
-
Product Consulting
- What Are the Differences Between a CBH Instance and a CBH System?
- Which Security Hardening Measures Does CBH Provide?
- What Is the Number of Assets?
- What Is the Number of Concurrent Requests?
- Does CBH Support IAM Fine-Grained Management?
- Can I Use a CBH System to Centrally Manage My Cloud ERP or SAP Services?
- What Does Automatic O&M Include?
- How Do I Obtain an Enterprise Agreement Number?
- How Can I Configure Ports for a Bastion Host?
- Can CBH Manage Resources Under Multiple Subnets?
- Which Types of Databases Can I Manage in a CBH System?
- Regions and AZs
- About Purchase
- License
-
About Backup, Specification Change, and Upgrade
- Which Types of System Data Can Be Backed Up in the CBH System?
- How Do I Back Up Data in a CBH System Before Upgrading the System Version?
- Will Audit Data Be Lost If I Change Instance Specifications or Upgrade a CBH Instance?
- Why Does FTP/SFTP Remote Backup Fail?
- How Do I Import Backup Data to a Primary/Standby CBH Instance?
-
About File Transfer
- What File Transfer Methods Can be Used in a CBH System?
- How Do I Use FTP/SFTP to Transfer Files to or From an SSH Host?
- How Do I Upload or Download Files When I Log In to Managed Hosts Using a Web Browser?
- What Is the Netdisk of a CBH System?
- Why Does File Upload to or Download from a Managed Host Fail?
- How Do I Clear the Personal Net Disk Space?
- Why Is File Transfer Not Supported When I Use a Web Browser for Resource O&M?
- Why Does the File List Cannot Be Loaded After I Click File Transfer When I Log In to CBH Through a Web Browser?
- How Do I Configure File Management Permissions?
- Does CBH Check Security of Uploaded Files?
-
Billing, Renewals, and Unsubscriptions
- How Do I Renew a CBH Instance and Update the Mapped System Authorization?
- How Is CBH Billed?
- Can I Unsubscribe from a CBH Instance?
- How Is a CBH Instance Billed After I Change Specifications of the Instance?
- Will I Be Billed for Upgrading the CBH Software Version?
- How Do I Increase the CBH Instance Quota?
- How Do I Purchase a CBH Instance When the System Prompts that Resources Are Sold Out?
-
About CBH System Login
- Login Methods and Password Issues
-
Multifactor Verification
- How Can I Install an OTP Authentication Application on the Mobile Phone?
- Why Does the Mobile OTP Application Binding Operation Fail?
- How Do I Enable Mobile SMS Authentication For Logging In to the CBH System?
- How Do I Cancel Mobile SMS Authentication?
- How Can I Cancel Mobile OTP Authentication If No Mobile OTP Application is Bound to My Account?
- Why Does Login Fail When an Account That Has Mobile OTP Application Bound Is Used to Log In?
- Login Security Management
-
User, Resource, and Policy Configuration in a CBH System
- Users
-
Adding Resources to a CBH System
- How Can I Start Database Maintenance in a CBH System?
- How Do I Use CBH to Manage RDS Databases?
- How Do I Change the Password of a Managed Resource Account?
- How Do I Set a Sudo Privilege Escalation Account for the Managed Resource?
- How Do I Add a Label to Resources Managed in a CBH System?
- How Do I Import or Export Information of Host Resources in Batches?
- What Are the AK and SK of an Imported Host? How Can I Obtain Them?
- What Are the Statuses of a Managed Resource Account in a CBH System?
- Can I Share Labels of Managed Resources with Other System Users?
- Can I Manually Enter a Password to Log In to a Managed Resource Through the CBH System?
- Why Does the CBH System Fail to Identify Hosts Imported in Batches?
- How Do I Access Services Provided by the Intranet Through a CBH Instance?
- Policy Management
- System Configuration
-
Resources Managed in a CBH System
- Operation Management
-
O&M Operations
- What Login Methods Does CBH Provide?
- How Do I Create a Collaborative O&M Session?
- How Do I Use Resource Labels in the CBH System?
- How Do I Set the Resolution of the O&M Session Window When I Use a Web Browser for O&M?
- How Can I Use Shortcut Keys to Copy and Paste Text When a Web Browser Is Used for O&M?
- What Are the Shortcut Keys for O&M in CBH?
- Why Is the File List Not Displayed During O&M Using a Web Browser?
-
O&M Log Audit
- What Audit Logs Does CBH Provide?
- Can I Download Operation Recordings?
- Can I Delete CBH O&M Data for a Specific Day?
- Can I Back Up System Audit Logs to an OBS Bucket?
- How Long Can I Store Audit Logs in the CBH System?
- How Are Audit Logs in the CBH System Processed?
- Why Is the Playable Duration Shorter Than the Total Duration of a Session?
- Why Is There No Login Record in History Sessions While I Received a Resource Login Message?
-
Troubleshooting
-
CBH System Login Failures
- How Do I Handle Login Exceptions?
- Why Is the IP Address or MAC Address Blocked When I Log In to the CBH System?
- Why Am I Seeing Error Code 404 When I Log In to the CBH System?
- Why Am I Seeing Error Code 499 When I Log In to the CBH System?
- What Are Possible Faults If I Log In to the CBH System as an Intranet User?
- Why Is a Host Inaccessible Through CBH?
- Why Does CBH Login Fail Through an ECS in a New VPC Connected with the VPC Where CBH Is via VPN or a VPC Peering Connection
-
CBH Managed Resource Login Failures
- Why Does an Exception Occur When I Log In to My Resources Managed in CBH?
- Why Am I Seeing Login Errors of Code: T_514 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: T_1006 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: C_515 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: C_519 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: C_769 When I Use a Web Browser for Resource O&M?
- Why Cannot I See the Accessible Resources in the Resource List?
- Why Does the Session Page Fail to Load When I Log In to the Managed Host Using a Web Browser?
- Why Is the Application Resource Inaccessible through CBH?
- Why Are Databases Managed in CBH Inaccessible with an SSO Tool?
- Why Does the Number of Concurrent Sessions Reach the Limit When I Use CBH to Log In to a Host Resource?
- Why a Black Block Is Displayed on the Mouse When the MSTSC Client Is Used to Access a Server Resource?
- Why Am I Seeing User Creation Failure Message When Accessing a Windows Application Publishing Server?
-
Maintenance Issues
- Why Does SMS Verification Code Fail to Send When I Log In to a CBH Instance?
- Why Am I Seeing a Message Indicating that the Number of Resources Has Reached the Limit When I Add a Resource to CBH?
- Why Does Verification of An Account for a Managed Host Fail?
- Why Am I Seeing Garbled Characters When I Open a System Data File?
- Why Does Login Timeout Frequently Occur During an O&M Session?
- Why Does the PL/SQL Client Display Garbled Characters During Application O&M?
- Why Is the Requested Session Denied After I Log In to a Managed Host?
- Why Does the CBH Traffic Bandwidth Exceed the Threshold?
- Why Text Cannot Be Copied When I Perform O&M Through a Web Browser?
- Which Types of Failures May Occur During the O&M?
- What Do I Do If an Exception Occurs When I Enter Chinese Characters Using WPS During the O&M of a Windows Server?
- I Mapped My CBH Instance IP Address to a Domain Name, and Added the Domain Name to WAF. Why Does the Domain Name Become Inaccessible?
- Why Is LTS Still Disabled After It Is Configured for a CBH Instance?
- Why Is the Connection Disconnected After I Log In to CBH to Manage an Application?
- Why My Certificate Becomes Abnormal After a Cross-Version Upgrade?
-
SSO O&M Faults
- Configuring a Customized Driver for DBeaver to Connect to GaussDB Databases
- Configuring the Connection Between DBeaver and GaussDB
- Message "1251-lost connection to mysql server during query" Displayed While Backing Up MySQL Database Tables
- Message "1251-Client does not support authentication protocol requested by server" Reported While Managing MySQL Database Through Host Operation
- Error Message "2013-Lost connection to MySQL server at waiting for initial communication packet', system error:0" Reported While Connecting to MySQL Databases
- Error Message "ORA-12537_TNS_Connection closed" Reported While Connecting to Oracle Databases
- Error Message "ORA-12637_Packet Receive Failed" Reported While Connecting to Oracle Databases
- Error Message "ORA 12170 TNS Connect Timeout" Reported While Connecting Oracle Databases through Host Operation in the Bastion Host
- Failed to Establish a Connection between DBeaver and PostgreSQL Databases
- SSO Failed as JRE Is Missing in the Running Environment
-
CBH System Login Failures
-
Product Consulting
- Videos
-
More Documents
-
User Guide (Kuala Lumpur Region)
- Service Overview
-
Instances
- Permissions Management
- Checking CBH Instance Details
- Resetting the Login Method for User admin
- Resetting the Password of User Admin
- Upgrading the CBH System Version
- Starting a CBH Instance
- Stopping a CBH Instance
- Restarting a CBH Instance
- Changing a VPC for a CBH Instance
- Changing Security Groups
- Binding an EIP to a CBH Instance
- Unbinding an EIP from a CBH Instance
- Key CBH Instance Operations Recorded by CTS
-
Logging In to the CBH System
- Overview
- Using a Web Browser to Log In to a CBH System
- Using a Client to Log In to a CBH System
- Configuring Multifactor Verification
-
Managing Login Security
- Configuring User Login Lockout
- Configuring the Login Password Policies
- Configuring Login Timeout and Login Authentication
- Updating a System Web Certificate
- Configuring the Mobile OTP Type
- Configuring the USB Key Vendor
- Configuring Policies to Disable Zombie Users (Available in V3.3.30.0 and Later Versions)
- Configuring the RDP Resource Client Proxy (Available in 3.3.26.0 and Later Versions)
- Enabling API Configuration (Included in V3.3.34.0 and Later Versions Only).
- Configuring Automatic Inspection (Available in V3.3.36.0 and Later)
- Configuring a Resource Account
- Configuring Client Login
- Configuring a User Expiration Reminder
- Configuring Session Limit
- Dashboard of the CBH System
- Department
- User
- Resource
- Policy
- Ticket
-
Operation
-
Host Operation
- Viewing the Host Resource List and Setting Resource Labels
- Logging In to Managed Resources Using a Web Browser for O&M
- Logging In to Resources Using an SSH Client for O&M
- Logging In to File Transfer Resources Using an FTP or SFTP Client
- Logging In to Hosts in Batches for O&M
- File Transmission
- Cooperation
- Enabling Forcible RDP Connections
- Application Operation
- Script Management
- Fast O&M
- OM Task
-
Host Operation
- Audit
- System Management
-
FAQs
-
Product Consulting
- What Are the Differences Between a CBH Instance and a CBH System?
- Which Security Hardening Measures Does CBH Provide?
- What Is the Number of Assets?
- What Is the Number of Concurrent Requests?
- Does CBH Support IAM Fine-Grained Management?
- Can I Use a CBH System to Centrally Manage My Cloud ERP or SAP Services?
- What Does Automatic O&M Include?
- How Do I Obtain an Enterprise Agreement Number?
- How Can I Configure Ports for a CBH Instance?
- Can CBH Manage Resources Under Multiple Subnets?
- Which Types of Databases Can I Manage in a CBH System?
- About Instance Request
-
About File Transfer
- What File Transfer Methods Can be Used in a CBH System?
- How Do I Use FTP/SFTP to Transfer Files to or From an SSH Host?
- How Do I Upload or Download Files When I Log In to Managed Hosts Using a Web Browser?
- What Is the Netdisk of a CBH System?
- Why Does File Upload to or Download from a Managed Host Fail?
- How Do I Clear the Personal Net Disk Space?
- Why Is File Transfer Not Supported When I Use a Web Browser for Resource O&M?
- Why Does the File List Cannot Be Loaded After I Click File Transfer When I Log In to CBH Through a Web Browser?
- How Do I Configure File Management Permissions?
- Does CBH Check Security of Uploaded Files?
-
About CBH System Login
-
Login Methods and Password Issues
- Can I Use a Domain Name to Log In to a CBH System?
- What Login Methods Does CBH Provide?
- Which Login Authentication Methods Are Available in a CBH System?
- What Is the Initial Password for Logging In to a CBH System?
- How Do I Reset the User Password for Logging In to the CBH System?
- How Do I Use IAM to Log In to a CBH Instance?
-
Multifactor Verification
- How Can I Install an OTP Authentication Application on the Mobile Phone?
- Why Does the Mobile OTP Application Binding Operation Fail?
- How Do I Enable Mobile SMS Authentication For Logging In to the CBH System?
- How Do I Cancel Mobile SMS Authentication?
- How Can I Cancel Mobile OTP Authentication If No Mobile OTP Application is Bound to My Account?
- Why Does Login Fail When an Account That Has Mobile OTP Application Bound Is Used to Log In?
- Login Security Management
-
Login Methods and Password Issues
-
User, Resource, and Policy Configuration in a CBH System
- Users
-
Adding Resources to a CBH System
- How Do I Change the Password of a Managed Resource Account?
- How Do I Set a Sudo Privilege Escalation Account for the Managed Resource?
- How Do I Add a Label to Resources Managed in a CBH System?
- How Do I Import or Export Information of Host Resources in Batches?
- What Are the AK and SK of an Imported Host? How Can I Obtain Them?
- What Are the Statuses of a Managed Resource Account in a CBH System?
- Can I Share Labels of Managed Resources with Other System Users?
- Can I Manually Enter a Password to Log In to a Managed Resource Through the CBH System?
- Why Does the CBH System Fail to Identify Hosts Imported in Batches?
- How Do I Access Services Provided by the Intranet Through a CBH Instance?
- How Do I Add a Server with an IPv6 Address to a CBH Instance?
- What is an Empty Account?
- System Configuration
-
Resources Managed in a CBH System
- Operation Management
-
O&M Operations
- What Login Methods Does CBH Provide?
- How Do I Create a Collaborative O&M Session?
- How Do I Use Resource Labels in the CBH System?
- How Do I Set the Resolution of the O&M Session Window When I Use a Web Browser for O&M?
- How Can I Use Shortcut Keys to Copy and Paste Text When a Web Browser Is Used for O&M?
- What Are the Shortcut Keys for O&M in CBH?
-
O&M Log Audit
- What Audit Logs Does CBH Provide?
- Can I Download Operation Recordings?
- Can I Delete CBH O&M Data for a Specific Day?
- Can I Back Up System Audit Logs to an OBS Bucket?
- How Long Can I Store Audit Logs in the CBH System?
- How Are Audit Logs in the CBH System Processed?
- Can I Audit User Operations If a User Logs In to Server A Through the CBH System and Then Logs In to Server B from Server A?
- Why Is the Playable Duration Shorter Than the Total Duration of a Session?
- Why Is There No Login Record in History Sessions While I Received a Resource Login Message?
-
Troubleshooting
-
CBH System Login Failures
- How Do I Handle Login Exceptions?
- Why Is the IP Address or MAC Address Blocked When I Log In to the CBH System?
- Why Am I Seeing Error Code 404 When I Log In to the CBH System?
- Why Am I Seeing Error Code 499 When I Log In to the CBH System?
- What Are Possible Faults If I Log In to the CBH System as an Intranet User?
- Why Is a Host Inaccessible Through CBH?
- Why Does CBH Login Fail Through an ECS in a New VPC Connected with the VPC Where CBH Is via VPN or a VPC Peering Connection
-
CBH Managed Resource Login Failures
- Why Does an Exception Occur When I Log In to My Resources Managed in CBH?
- Why Am I Seeing Login Errors of Code: T_514 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: T_1006 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: C_515 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: C_519 When I Use a Web Browser for Resource O&M?
- Why Am I Seeing Login Errors of Code: C_769 When I Use a Web Browser for Resource O&M?
- Why Cannot I See the Accessible Resources in the Resource List?
- Why Does the Session Page Fail to Load When I Log In to the Managed Host Using a Web Browser?
- Why Is the Application Resource Inaccessible through CBH?
- Why Are Databases Managed in CBH Inaccessible with an SSO Tool?
- Why Does the Number of Concurrent Sessions Reach the Limit When I Use CBH to Log In to a Host Resource?
- Why a Black Block Is Displayed on the Mouse When the MSTSC Client Is Used to Access a Server Resource?
-
Maintenance Issues
- Why Does SMS Verification Code Fail to Send When I Log In to a CBH Instance?
- Why Does Verification of An Account for a Managed Host Fail?
- Why Am I Seeing Garbled Characters When I Open a System Data File?
- Why Does Login Timeout Frequently Occur During an O&M Session?
- Why Does the PL/SQL Client Display Garbled Characters During Application O&M?
- Why Is the Requested Session Denied After I Log In to a Managed Host?
- Why Does the CBH Traffic Bandwidth Exceed the Threshold?
- Why Text Cannot Be Copied When I Perform O&M Through a Web Browser?
- Which Types of Failures May Occur During the O&M?
- What Do I Do If an Exception Occurs When I Enter Chinese Characters Using WPS During the O&M of a Windows Server?
-
CBH System Login Failures
-
Product Consulting
- Change History
-
User Guide (Kuala Lumpur Region)
- General Reference
On this page
Copied.
Overview
Based on Resource Access Manager (RAM), resource owners can configure the sharing permissions based on the least privilege principle and different usage requirements. Resource users can only access resources within their permissions, improving resource management security and user experience. For more information about RAM, see What Is RAM?
If your account is managed by Huawei Cloud organizations, you can enable this function to share resources more easily. If your account is in an organization, you can share resources with a specified account or all accounts in the organizations, needless to select all accounts one by one. For details, see Enabling Sharing with Organizations.
Constraints
- You must own the KMS key resources. You cannot share the KMS key resources that have been shared with you.
- If you need to share KMS key resources with your organization, enable this function. For more information, see Enabling Sharing with Organizations.
Key Owner and Recipient Permissions
Key owners can perform all operations on keys, while recipients can only perform certain operations. For details, see Table 1.
|
Role |
Allowed Operation |
Description |
|---|---|---|
|
Recipient |
kms:cmk:get |
Access through the console or API |
|
kms:cmk:createDataKey |
Access through API only |
|
|
kms:cmk:createDataKeyWithoutPlaintext |
Access through API only |
|
|
kms:cmk:encryptDataKey |
Access through API only |
|
|
kms:cmk:decryptDataKey |
Access through API only |
|
|
kms:cmk:encryptData |
Access through the console or API |
|
|
kms:cmk:decryptData |
Access through the console or API |
|
|
kms:cmk:sign |
Access through API only |
|
|
kms:cmk:verify |
Access through API only |
|
|
kms:cmk:generateMac |
Access through API only |
|
|
kms:cmk:verifyMac |
Access through API only |
|
|
kms:cmk:getPublicKey |
Access through the console or API |
|
|
kms:cmk:getRotation |
Access through the console or API |
|
|
kms:cmk:getTags |
Access through the console or API |
Supported Resource Types and Regions
The following table lists the resource types and regions can be shared in DEW.
|
Cloud Service |
Resource Type |
Supported Region |
|---|---|---|
|
KMS |
CMK |
CN North-Beijing1 CN North-Beijing4 CN East-Shanghai1 CN East-Shanghai2 CN South-Shenzhen CN Southwest-Guiyang1 CN South-Guangzhou |
Billing
For details about KMS billing, see .
Owners of shared keys need to pay for the key instance and API calling fees, that is, only the resource owner will be charged for shared resources.
Parent topic: Sharing Resources
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
