Operation Guide
Procedure
|
No. |
Step |
Description |
|---|---|---|
|
1 |
Preparations |
Before making a purchase, you need to sign up for a HUAWEI ID, enable Huawei Cloud services, complete real-name authentication, and top up your account. Ensure that your account has sufficient balance or has a valid payment method configured. For details, see Preparations.
NOTE:
Real-name authentication is required only when you buy or use cloud services provisioned in the Chinese mainland. |
|
2 |
Buying a CBH Instance |
Log in to the management console and buy a CBH instance. For details, see Buying a CBH Instance. |
|
3 |
Configuring Your CBH Instance |
Administrators log in to the CBH system and configure departments, users, policies, and resources. For details about common management operations, see Operation Guide for Administrators. |
|
4 |
Performing Resource Operations |
Users log in to a CBH system to perform operations on hosts, databases, applications, and containers. For details about common O&M operations, see Operation Guide for Users. |
|
5 |
Auditing Operations |
Auditors log in to the CBH system to view and manage audit data, including sessions, logs, and reports. For details about common audit operations, see Operation Guide for Auditors. |
Operation Guide for Administrators
System administrator admin or other users who have obtained the administrator permissions can manage and configure CBH on the console. This section describes the common operations of an administrator.
|
Function Module |
Procedure |
Description |
|---|---|---|
|
Department |
(Optional) Step 1: Create a Department |
The Department module works as an organization that is used to group organization structure and identify users and resources. Administrators can create and manage departments. For more details, see Creating a Department. |
|
User |
Step 2: Create a User |
Administrators create users and assign departments and roles to them. The users are accounts for logging in to the corresponding CBH system. For more details, see Creating a User. |
|
Resource |
Step 3: Manage Resources |
|
|
Administrators can manually add, batch import, or automatically discover databases that can be managed by the CBH system. To do this, make sure the CBH instance is reachable over the Internet. For more details, see Managing Host or Database Resources with a Bastion Host. |
||
|
Administrators can manually add, batch import, or automatically discover client and web applications that can be managed by the CBH system. To do this, make sure the CBH instance is reachable over the Internet. For more details, see Application Resources. |
||
|
Administrators can manage Kubernetes containers, including Huawei Cloud Container Engine (CCE) and other third-party containers. To do this, make sure the CBH instance is reachable over the Internet. Only the professional edition supports this function. For details, see Managing Container Resources. |
||
|
Policy |
Step 4: Create an Access Control Policy |
ACL Rules are used to control users' permissions for accessing resources. Administrators can configure access control policies and associate the policies with users and resource accounts to control O&M personnel, O&M resources, and O&M operations. For more details, see Creating an ACL Rule and Associating It with Users and Resource Accounts. |
|
(Optional) Creating a Command Rule |
Command rules are used to control permissions for command operations on managed resources, implementing fine-grained control over the execution of commands on Linux hosts. For more details, see Creating a Command Rule. |
|
|
(Optional) Creating a Database Rule |
Database rules are used to intercept sensitive database session operations, implementing fine-grained control over database operations. Only the professional edition supports this function. For details, see Creating a Database Rule. |
|
|
(Optional) Creating a Password Rule |
Administrators can use password rules to let the bastion host periodically change the passwords of multiple managed host resources at a time, improving the managed resource account security. For more details, see Creating a Password Rule. |
|
|
Ticket |
(Optional) Reviewing a Ticket |
Administrators can approve or reject tickets submitted by users or generated by the system. For more details, see Viewing and Approving Tickets. |
|
System Mgmt |
(Optional) System Configuration |
CBH provides multiple system configurations, such as login security configuration, multi-factor authentication, remote authentication, and alarm configuration, to ensure system security. For more details, see System Configuration. |
|
(Optional) Maintenance Management |
CBH provides system data backup and restoration, system diagnosis, and network diagnosis to ensure data security. For more details, see Maintenance Management. |
Operation Guide for Users
Users with resource operation permissions can use a web browser, SSH client tool, FTP/SFTP client tool, or other local client tools to log in to managed resources for O&M. This section describes the common operations of a user.
|
Function Module |
Task Type |
Description |
|---|---|---|
|
Ticket |
Submitting a Service Ticket |
If a user has no permissions to access some resources, they can submit a ticket to apply for the required permissions. For details, see: |
|
Resource |
Host Operations |
Users can log in to a host through a web browser, SSH client tool, or FTP/SFTP client tool for O&M. The client tool is determined by the host type. For details, see: |
|
Database Operations |
Users can call the local client tool through the SSO tool or directly log in to a database for O&M. For details, see: |
|
|
Application Operations |
Users use a web browser to log in to applications for O&M. For more details, see Using a Web Browser to Log In to Application Resources for O&M. |
|
|
Container Operations |
Users use a web browser to log in to containers for O&M. Only the professional edition supports this function. For details, see Logging In to Managed Resources Using a Web Browser for O&M Container. |
Operation Guide for Auditors
Users who have obtained the operation audit permission can view and manage audit sessions, logs, and reports on the console. This section describes the common operations of an auditor.
|
Function Module |
Audit Method |
Description |
|---|---|---|
|
Audit |
Live Session |
An auditor can view real-time sessions on the console. If the auditor found that a user performs unauthorized or high-risk O&M operations, the auditor can immediately interrupt the operations. For more details, see Live Session. |
|
History Session |
An auditor can view, manage, and export historical session records from the console, and replay historical sessions online. For more details, see History Session. |
|
|
System Log |
An auditor can view and export system login logs and system operation logs from the console. For more details, see System Log. |
|
|
Operation Report |
Auditors can view and export operation reports on the console. Operation reports display data in dimensions such as operation time distribution, number of resource access times, session duration, number of access times from source IP addresses, and command interception. Operation report data can be automatically sent to a specified email address at a specified time. For more details, see Operation Report. |
|
|
System Report |
Administrators can view and export system reports on the console. System reports display data in dimensions such as user control, user and resource operations, number of user source IP addresses, and abnormal login. System report data can be automatically sent to a specified email address at a specified time. For more details, see System Report. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
