Help Center/ Cloud Bastion Host/ User Guide/ Resource/ Application Resources/ Managing Application Resources Using a Bastion Host

Updated on 2025-09-29 GMT+08:00

View PDF

Managing Application Resources Using a Bastion Host

You can use a bastion host to manage application resources and application accounts on Windows or Linux servers that support remote desktops. To do so, you only need to install clients and browsers on those servers.

After you obtain the permission for application resources, you can access client-based application resources and browser-based application resources via your bastion host. You do not have to manually enter usernames and passwords as the credentials are automatically filled in. A bastion host also records all operations by video. In this way, remote application accounts security is under control, and remote application operations can be auditable.

You can use a bastion host to manage a wide range of application resources, such as Google Chrome, Microsoft Edge, Mozilla Firefox, SecBrowser, Oracle Tool, MySQL, SQL Server Tool, dbisql, VNC Client, vSphere Client and Radmin.

Procedure for Managing Application Resources

You can create an application server in the bastion host instance to interconnect the application client with the bastion host instance, so that you can create and manage application resources in the bastion host instance.

Figure 1 Managing application resources
Click to enlarge

Constraints

The total number of host and application resources to be added cannot exceed the number of assets.
For Windows servers, only applications running on Windows Server 2008 R2 or later can be managed.
For Linux servers, only applications running on Linux CentOS 7.9 servers can be managed.
Port 2376 and ports 35000 to 40000 must be enabled between a Linux server and the bastion host. The port cannot be changed once it is enabled.
Before you add an application resource, ensure that an application server has been added.
Automatic login accounts cannot be configured for Microsoft Edge application resources.
If multiple bastion host instances share one application server, the versions of the bastion host instances must be the same. Otherwise, the application server may be unavailable for the bastion host instances of an earlier version.

Prerequisites

You have all resources ready, such as Windows servers, Linux servers, images, enterprise authorization codes, and client licenses, for deploying an application publishing server.
You have installed the application server. For more details, see Installing Application Publish Server.
You have obtained the permission to manage the AppServer and Application tabs under the Application Publish module.

Adding an Application Server

Log in to your bastion host.
Choose Resource > Application > AppServer.

Click New. In the displayed New AppServer dialog box, complete required parameters.

Creating a Windows application server

**Table 1** Windows application server parameters
Parameter	Description
Server Type	Windows
Server Name	Specifies the name of the application server. The server name must be unique in a bastion host.
Server	Specifies the IP address or domain name of the application server.
Type	Specifies the type of the browser or client tool used to access the application. By default, 14 types are supported, including MySQL Tool, Microsoft Edge, Mozilla Firefox (for Windows servers), Oracle Tool, Google Chrome, VNC Client, SQL Server Tool, SecBrowser, vSphere Client, Radmin, dbisql, Navicat for MySQL, Navicat for PostgreSQL, and Other. By default, each application resource type corresponds to an application program. You can obtain the application name from the default Program Path.
Port	Specifies the port number for accessing the application publish server. The default port 3389 is used for a Windows server.
Account	Specifies the server account used to access the application. If AD domain is configured, the server account is in the format of AD domain name\account name, for example, ad\administrator.
Password	Specifies the password used to access the application resource.
Department Name	Specifies the department of the application server.
Program Path	Specifies the path of the application resource on the application server. Each program type has a default startup path. You can also customize a startup path. For example, to allow a system user to access only Google Chrome from the application server, set Program Path to C:\DevOpsTools\Chrome\chrome.exe. If you select Other, manually configure the corresponding program path.
Remarks	(Optional) Provides the description of the application server.

Creating a Linux application server

**Table 2** Linux application server parameters
Parameter	Description
Server type	Linux
Server Name	Specifies the name of the application server. The server name must be unique in a bastion host.
Server	Specifies the IP address or domain name of the application server.
Type	Specifies the type of the browser or client tool used to access the application. Supported types: DM Tool, KingbaseES Tool, Mozilla Firefox for Linux, and GBaseDataStudio for GBase8a.
Port	Enter the port for accessing the application publish server. The default port 2376 is used for a Linux server.
Password	Contact Huawei Cloud technical support to obtain the password.
Department	Specifies the department the application server belongs to.
Remarks	(Optional) Provides the description of the application server.

Click OK. You can return to the application server list and check the newly added server.

Importing Application Servers from a File

To import application server from a file, the file must be in .csv, .xls, or .xlsx format.

Log in to your bastion host.
Choose Resource > Application > AppServer.
Click Import in the upper right corner of the page.

Figure 2 Import App Server
Click Download to download the template if no template is available locally.
Enter the configuration information of application servers to be imported according to the configuration requirements in the template file.
Click Upload and select the completed template.
(Optional) Configure Override existing appservers. This option is deselected by default.
- If you select this option, an existing application server information will be overwritten by the one being imported when both application servers have the same name.
- If you deselect this option, an existing application server information will be skipped when the one being imported and the existing one have the same name.
Click OK. You can go to the application server list and check the newly imported servers.

Adding an Application Resource

Log in to your bastion host.
Choose Resource > Application > Application.

Click New. In the displayed New application dialog box, complete required parameters.

**Table 3** Parameters for adding an application resource
Parameter	Description
App Name	Specifies the name of an application resource to be added. The App Name of an application resource must be unique in a bastion host. NOTE: The application name must be unique in a bastion host. This means it cannot be the same as the name of any managed hosts or other application resources.
AppServer	Select a created application publishing server.
Department Name	Specifies the department of the application.
App Address	(Optional) Specifies the address of the application. The value can be an IP address or domain name. If the application is released as a browser, enter the URL of the web page. If the address has a corresponding port, enter the address in the format of URL:Port number. If the application is released as a database or client, enter the address of the database server.
APP Port	(Optional) Enter the application access port. If the application is released as a database or client, enter the database access port. Leave this parameter blank if the application is released in other formats except databases.
Param	(Optional) Set application parameters. Enter the database instance name if the application is released as a database. Leave this parameter blank if the application is released in other formats except databases.
Custom Params	(Optional) Set custom application parameters. Fill Node: Enter the selector path of the input box to be filled. For example, #accountNamed > input. For details about how to obtain the selector path, see Obtaining the Selector Path. Fill Content: Enter the text to be filled in. You can use {account} or {password} to replace the application account and password.
Checkbox Recognition	(Optional) If you enable Checkbox Recognition, the system automatically identifies and selects check boxes. This parameter determines whether to identify all check boxes that can be identified on the login page, for example, the user privacy agreement check box of the browser. This parameter is available only when App Server is set to Chrome, Firefox-Windows, or Firefox-Linux.
Checkbox Selector	(Optional) If you enable Checkbox Recognition, you can set Checkbox Selector, which is the selector path of the selected check box. Example: User privacy agreement: .agreement input[type="checkbox"] For details about how to obtain the selector path, see Obtaining the Selector Path. This parameter is available only when App Server is set to Chrome, Firefox-Windows, or Firefox-Linux.
Automatic Logon	(Optional) After this function is enabled, when you log in to a web resource using a browser, you can automatically log in to the resource without manually clicking the login button. This parameter is available only when App Server is set to Chrome, Firefox-Windows, or Firefox-Linux.
Login Button Selector	If you enable Automatic Logon, you must set the selector path of the automatic login button. Example: #login-button For details about how to obtain the selector path, see Obtaining the Selector Path. This parameter is available only when App Server is set to Chrome, Firefox-Windows, or Firefox-Linux.
Options	(Optional) Configure the session window functions that can be used during the O&M. File Manage: This function allows you to manage file or folder permissions, including the permissions to view, delete, and edit files and folders. Uplink Clipboard: This function allows you to copy text through the O&M session RDP clipboard. Downlink Clipboard: This function allows you to paste text through the O&M session RDP clipboard. Keyboard Audit: This function records the information entered through the keyboard. Kiosk: For applications that can be managed through a browser, you can use this function to hide the address bar and disable F12, right-click, and the browser toolbar. You can use F12 instead of Ctrl to implement combined key operations. Kiosk is supported only when App Server is set to Chrome, Firefox-Windows, or Firefox-Linux.
Label	(Optional) You can customize a label or select an existing one.
Remarks	(Optional) Provides the description of the application resource.

Click Next.

**Table 4** Parameters for adding an application resource account
Parameter	Description
Add Account	If you select Rightnow, configure Logon Type and then Account. If you select Afterward, no further configuration is required on the page. You can add the account information later in the resource list or on the resource details page. In this situation, when you click OK, account [Empty] is automatically created. Only one [Empty] account is created for an application resource.
Logon Type	If you select Auto Login, Account and Password must be provided. If you select Manual Login, Account and Password are optional. If no application account is set, the [Empty] account is automatically created.
Account	Account to access the application
Password	Password of the application account
AD Domain	For Radmin application resources, enter the AD domain server address.
Description	Brief description of the account.

When logging in to a managed host using [Empty], manually enter the application account username and password.

Click OK. The application publish list page is displayed. You can check the created application publishing service.

Importing Application Resources from a File

To import application server from a file, the file must be in .csv, .xls, or .xlsx format.

Log in to your bastion host.
Choose Resource > Application > Application.
Click Import in the upper right corner of the page.

Figure 3 Import application
Click Download next to Download template.
Enter the configuration information of application resources to be imported according to the configuration requirements in the template file.
Click Upload and select the completed template.
(Optional) Configure Override existing apps. This option is deselected by default.
- Selected: A managed application resource will be overwritten by the one being imported if both application resources have the same name.
- Deselected: A managed application resource will be skipped when the managed one and the one being imported have the same name.
Click OK. You can go to the new application in the application release service list.

Obtaining the Selector Path

The following describes how to obtain the selector path required in the login button on the bastion host login page.

On the bastion host login page, press F12 to open the browser developer tool.
Click and then click Login.

Figure 4 Querying the login button element

Figure 5 EN
On the Elements tab, right-click the button line and choose Copy > Copy selector from the shortcut menu.

The copied path is the selector path required in the login button.
Figure 6 Querying the selector path

Figure 7 EN