Help Center/ Cloud Bastion Host/ User Guide (Kuala Lumpur Region)/ Resource/ Adding Accounts of Managed Host or Application Resources into CBH
Updated on 2024-06-12 GMT+08:00

Adding Accounts of Managed Host or Application Resources into CBH

A host or application resource may have multiple accounts configured. Each account of a managed host or application resource is considered as a managed resource account. You do not need to enter the username or password when you log in to a managed host using its managed resource accounts.

If no account is added for a host or application resource in the CBH system, the Empty account is generated by default. In this situation, when you log in to the host or application resource through CBH, a username and password is required.

This topic describes how to add a managed resource account after resources are managed in CBH.

Constraints

  • Automatic login accounts cannot be configured for Microsoft Edge application resources.
  • If the AD domain service is installed on the managed resources, the account to be added is Domain name\Host account username, for example, ad\administrator.

Prerequisites

  • You have the operation permissions for the Account module.
  • You have added host or application resources.

Adding an Account for a Resource

  1. Log in to the CBH system.
  2. Choose Resource > Account in the navigation pane.
  3. Click New. In the dialog box displayed, configure resource account attributes.

    Table 1 Parameters for new managed resource accounts

    Parameter

    Description

    Resource

    Host or application resource to be related to the account.

    Logon Type

    Login mode. You can select Manual Login, Auto Login, or Sudo Login.

    • If you select Auto Login, Account and Password are mandatory.
    • If you select Manual Login, you can configure Account.
    • If you select CSMS Credentials Login, you can configure CSMS Credentials and Remarks.
    • If you select Sudo Login, a password is mandatory.
    • Sudo Login is valid only for SSH hosts. If Sudo Login is selected, Switch From and Switch Command are mandatory.

    Accounts

    Account name of the managed resource. The value of Account must be unique in a CBH system and cannot be changed after it is created.

    If you select IS sudo, the account is identified as a sudo account for managing resources and has the password change permission.

    Password

    Password of the account being added

    By default, Verify is selected. After the account is added, the system automatically verifies the status of the account.
    • After the account is verified, the resource information is saved.
    • If the verification fails, modify the configuration as prompted.

      If the system prompts that the account verification times out, modify the resource configuration.

      If the system prompts that the account password is incorrect, return to the configuration window and change the account password.

    SSH Key

    Authentication method that can be configured for host resources using the SSH protocol.

    After the configuration, an SSH key is preferentially used to log in to a related host resource.

    Passphrase

    Private key corresponding to the SSH key configured for an SSH host.

    CSMS Credentials

    (This parameter is available only when login mode is CSMS credential login.) Select the CSMS credential to be managed.

    Switch From

    For an SSH host, select a configured account and set it to a sudo account.

    Switch command

    Switchover command for an SSH host, for example, su root.

    Description

    Brief description of the account.

  4. Click OK. The newly created account will be displayed in the account list.

Batch Importing Accounts of Managed Resources into CBH

To import application server from a file, the file must be in .csv, .xls, or .xlsx format.

  1. Log in to the CBH system.
  2. Choose Resource > Account in the navigation pane.
  3. Click Import in the upper right corner of the page.
  4. Click Download to download the template if no template is available locally.
  5. Enter the information of accounts according to the configuration requirements in the template file.

    Table 2 Template parameters

    Parameter

    Description

    Account

    (Mandatory) Enter the username of the managed resource account.

    Logon Type

    Method to log in to the resource.

    • This parameter can be set to Auto Login, Manual Login, or Sudo Login.

    IS Sudo

    Whether to set the account as a sudo account.

    • This parameter can be set to Yes or No.

    Password

    Password of the account for logging in to the resource.

    SSH Key

    Authentication method that can be configured for SSH hosts.

    After the configuration, an SSH key is preferentially used to log in to a related host resource.

    Passphrase

    Private key sequence mapped to the SSH key.

    Oracle Param

    This parameter is mandatory for Oracle hosts.

    • This parameter can be set to SERVICE_NAME or SID.
    • Separate multiple parameter values with commas (,).

    SERVICE_NAME or SID

    This parameter is mandatory for Oracle hosts.

    • Separate multiple parameter values with commas (,).

    Login Role

    This parameter is mandatory for Oracle hosts.

    • This parameter can be set to normal, sysdba, or sysoper.
    • Separate multiple parameter values with commas (,).

    Database Name

    This parameter is mandatory for the DB2 databases.

    • Select the database name or instance name.
    • Separate multiple parameter values with commas (,).

    Instance Name

    This parameter is mandatory for the DB2 databases.

    • Select the database name or instance name.
    • Separate multiple parameter values with commas (,).

    Switch From

    Sudo account of the host resource.

    Switch command

    The command to switch over between accounts.

    AD Domain

    For Radmin application resources, enter the AD domain address.

    Description

    Brief description of the managed resource account.

    Resource

    Enter the name of the resource that has been added to the host list or application list.

    IP address/domain name

    For associated host resources, enter the IP address or domain name of the host resource.

    Type

    (Mandatory) Enter the protocol type of the host resource or the application type of the application resource.

    • Supported host protocols: SSH, RDP, VNC, Telnet, FTP, SFTP, DB2, MySQL, SQL Server, Oracle, SCP, PostgreSQL, GaussDB, and Rlogin.
    • Supported application types: Microsoft Internet Explore, Mozilla Firefox for Windows, Google Chrome, VNC Client, SecBrowser, vSphere Client, Radmin, dbisql, Mysql Tool, SQLServer Tool, Oracle Tool, Rlogin, Mozilla Firefox for Linux, DM Tool, KingbaseES Tool, GBaseDataStudio for GBase8a, X11, and Other.

    Port

    This parameter is mandatory for host resources. Enter the IP address or domain name of the host resource.

    Account Group

    The account group to which the managed resource account belongs.

    • A managed resource account can belong to multiple account groups in the same department. Use a comma (,) to separate every two account groups.
    • Only the account group that has been created in the CBH system can be entered.

  6. Click Upload and select the completed template.
  7. (Optional) Configure Override existing accounts, which is deselected by default.

    • Selected: A managed resource account will be overwritten by the one being imported if both accounts have the same name.
    • Deselected: A managed resource account will be skipped when the one being imported and the managed resource account have the same name.

  8. (Optional) Configure Verify Account, which is selected by default.

    • Selected: The account status is verified when it is imported.
    • Deselected, the account status will not be verified when it is imported.

  9. Click OK.

Batch Creating Resource Accounts

You can create resource accounts for multiple hosts at the same time.

  1. Log in to a CBH system.
  2. Choose Resource > Host in the navigation pane on the left.
  3. Select the hosts for which you want to create accounts and choose More > Add Account.

    Only hosts with the same protocol type are supported.

  4. Enter the account information to be added, as shown in Table 3.

    Table 3 Parameters for creating resource accounts in batches

    Parameter

    Description

    Login Type

    Select the login mode of the created accounts.

    • Auto Login
    • Manual Login
    • CSMS Credentials Login
    • Sudo Login

    Account

    Name of the account. You can specify one.

    If the login mode is set to automatic login, this parameter is mandatory.

    Password

    Password of the account.

    SSH Key

    This parameter is mandatory if the current account needs to log in to the system using an SSH key.

    The RSA private key in PEM or RFC4716 format is supported. After the RSA private key is entered, the SSH key is preferentially used for login.

    passphrase

    Password of the SSH key. You need to enter the SSH key first. If the SSH key is password-free, you do not need to set this parameter.

    CSMS Credentials

    This parameter is mandatory only when Login Mode is set to CSMS Credentials Login.

    Description

    Description of the current account.

    A maximum of 128 characters can be entered.

    Options

    Select an option.

    • Overwrite existing account: You can select this to overwrite the existing accounts that have the same usernames as that of accounts your are creating.
    • Verify Account: Check whether the added account can be used to log in to the system. This option can be selected only when the automatic login mode is used.

  5. Confirm the information and click OK.