Docs
uhas
Product Introduction
Flagship Edition Bastion Host Product Functions

Flagship Product Features

Deployment Method

  • Physical bypass, logical series mode, does not affect normal business flow
  • HA dual-machine hot backup
  • Supports the architecture design and deployment of horizontally scalable clustering, supports cross-region, cross-data center, multi-level deployment
  • Supports NAT address mapping deployment, access to the fortress machine via the mapped IP address

Resource Management

  • Supports SSH, RDP, VNC, Telnet, FTP, SFTP, and other protocols
  • ★ Supports FTP protocol and can use popular FTP tools such as FlashFXP, FileZilla
  • ★ Supports SFTP protocol and can use common tools such as WinSCP, FlashFXP, xftp
  • Supports batch import, export, delete, add to resource group, and other operations on hosts (including hosts, applications, application servers, and resource accounts) and accounts
  • Supports batch addition of cloud host resources, including Aliyun, Baidu Cloud, Huawei Cloud, Tencent Cloud, and UCloud Global cloud platform resources
  • ★ Can extend support for applications/clients such as MySQL, SQL Server, Oracle, IE, Firefox, Chrome, VNC Client, SecBrowser, VSphere Client through application release
  • Supports different resources using the same IP or domain name
  • Supports built-in common system types, including Linux, Windows, H3C, Huawei, Cisco
  • Supports resource management by tags, each user can tag each resource with 10 tags, supports batch addition and deletion of tags
  • Supports TELNET, SSH protocol resources using regular accounts to automatically switch to root (or enable) accounts
  • ★ Supports SSH, RDP protocol file management control functions
  • ★ Supports RDP protocol RDP clipboard control function
  • Supports setting resource account to automatic login (including privileged login) and manual login mode, where manual login mode is further divided into full manual (manual input of account and password) and semi-automatic mode (manual input of password)
  • No need to install any client, can log in to the fortress machine on Windows, Linux, MAC OS, and other operating systems, and access and manage resources
  • Supports mainstream browsers such as IE, Edge, Chrome, FireFox, Safari
  • ★ Supports clients such as Xshell, putty, MAC terminal and Remote Broswer (HTML5) to access target resources. It supports double-person authorization and multi-factor authentication. Operational resources can be displayed in pages, and can be searched according to multiple conditions such as name, IP, tag.
  • Supports accessing multiple devices via the fortress machine at the same time
  • ★ Supports executing the same command on multiple virtual machines/servers via the fortress machine at the same time
  • Provides file storage similar to cloud disk, supports file upload and download of RDP, SSH, VNC protocol type hosts, and audits

Resource Operation

  • Supports batch login function of SSH, RDP, TELNET, VNC protocol resources
  • Supports the access of SSH client, FTP client, SFTP client to the target resource
  • ★ Supports accessing the target support via Web page, including SSH, RDP, TELNET, VNC, and application publishing resources
  • Supports the login of SSH resources in the way of SSH key
  • Supports batch execution of operation instructions for multiple SSH, TELNET protocol resources
  • Supports exporting the resource list to xshell and SecureCRT format configurations
  • Supports filtering resources by tags
  • ★ Supports session collaboration during operation and maintenance, and can invite other users to participate and assist in operation
  • ★ During the session collaboration process, supports participants to control the session, and the creator supports forcibly obtaining control
  • ★ Supports multiple participants entering the session using the same session invitation link
  • Supports preset command function of character protocol, can add 15 frequently used commands in the system

User Management

  • Supports local, RADIUS, and AD domain authentication types
  • Supports multi-factor authentication such as mobile SMS and dynamic tokens
  • Supports limiting user access to the fortress machine by setting the source IP control and access time control
  • ★ Supports user IP address (blacklist or whitelist) and MAC address restriction (blacklist or whitelist), illegal addresses can not login
  • Supports batch modification of users, including password reset, mobile department, role change, multiple factor configuration modification, valid period modification, IP restriction modification, MAC restriction modification
  • ★ Supports when creating new users, random generation of strong passwords
  • Supports user filtering by user status, role, department
  • Supports custom roles, which meets the diverse business scene needs of customers
  • ★ Supports the setting of the effective and failure time of the main account
  • Supports the division of rights of user account and target device by department, different users and devices can belong to different departments (sub-departments)
  • Supports the division of access control policies by departments, the configuration administrators of different departments can only set access permissions for their own departments and their own directly subordinate departments
  • ★ Supports the division of password change plans by department, so that password keepers of different departments can only change/keep the account passwords on their own department’s equipment
  • Supports the division of audit functions by departments, so that audit administrators of different departments can only audit operation logs on their own departments, their own directly subordinate departments
  • Supports batch import, export, deletion, and password reset of the main account, department movement, and other operations

Department Management

  • Supports managers belonging to different business departments to manage only users, resources, policies, and audit management within their authority
  • Supports settings for the scope of users and resources that administrators can manage.
  • Supports unlimited level grouping management of the department
  • Supports quick creation and modification of departments
  • Supports batch creation of departments
  • Supports quick location of users and hosts in the department, and displays the number of users and hosts

Access Policy and Dynamic Authorization

  • No need to install any client, can single sign-on to RDP, VNC, Telnet, SSH and other protocol and application publishing remote resources
  • Supports simultaneous access authorization settings with users, user groups, resources, resource groups, accounts, and account groups as the core elements
  • Can be based on users, user groups, departments, roles, resources, IP segments, command sets, effective time as the core elements, to set detailed command access control policies
  • Command control actions include deny execution, allow execution, alarm, dynamic authorization, and disconnect
  • The fortress machine itself presets the basic commands of hosts and network devices, users can customize commands according to specific scenarios
  • Can set alarm, disconnection, refuse execution, secondary authorization, and other access policies for the operation behavior of character protocol devices
  • Can limit user access time in fine-grained manner
  • Supports users actively applying for resource operation and maintenance permissions to administrators
  • Supports automatic inheritance of access control and command control relationships under the mode based on user groups and account groups, and new members in user groups and account groups
  • Supports dragging to change the policy priority order
  • Supports batch enable and disable policies
  • ★ Access control policies are set based on users, user groups, resource accounts, account groups, validity period, file management control, file transfer control (upload, download), RDP clipboard control, time limit, IP restriction
  • ★Access control policy supports configuring double-person authorization candidates. For core devices, it is required to be approved by the administrator on site to operate
  • Supports setting matching rules for operation commands in command control policies using regular expressions and wildcard methods

User and Group Management Features

  • Supports the division of rights of user accounts and target devices by department, different users and devices can belong to different departments (sub-departments)
  • Supports the division of rights of access control policies by department, different department configuration administrators can only set access permissions for their own departments and their direct subordinate departments
  • Supports division of rights for password change schedules by department, so that password custodians of different departments can only change/keep account passwords on devices within their own department
  • Supports division of rights for auditing features by department, so that audit administrators of different departments can only inspect operation logs on devices within their own department, or their directly subordinate departments

Resource and Resource Group Management Features

Supports batch management of resources in a group format

Work Order Management

  • Supports users to proactively apply for resource operation and maintenance permissions
  • ★ Supports the application of file management permissions, RDP clipboard permissions, upload, and download permissions

Operation Records

  • Accurate recognition of operation commands, with an accuracy rate of 100%
  • Supports auditing of character protocols SSH, TELNET and file transfer protocols FTP, SFTP, recording detailed operation instructions and execution results
  • Supports Web page anti-jump function of secure browser
  • Supports export of historical sessions and system logs
  • Supports audit of session end status
  • ★ Supports recording of clipboard copy file behavior and textual information content, and supports locating audit playback by searching for textual content keywords
  • ★ Supports double-person authorization auditing and collaborative user auditing
  • Supports built-in multiple system reports and operation and maintenance report templates in the system, supports daily, weekly, monthly cycles, and automatically generates reports
  • Report formats support Word, Excel, PDF, and HTML formats
  • Supports association between resource login session and system login session
  • Supports downloading command operations to local PC in text format
  • ★ Performs text auditing on four major types of information in the operation process of graphics, namely keyboard and mouse operations, clipboard operations, title bar operations, and blurred recognition of text in the graphical interface
  • Can not only audit FTP protocol, but also the execution of the fortress machine’s own file upload and download function can be audited

Session Replay

  • Supports locating from one command to the user’s operation process replay process supports pause and speedup playback operations
  • The input and output actions of user command operation are displayed on the same interface
  • Supports online playback process which supports playback speed adjustment, drag, pause, stop, replay, and other playback control operations
  • Supports online video replay on Web to reproduce all operations of operation and maintenance personnel on resources
  • ★ Supports offline replay to reproduce all operation processes of operation and maintenance personnel on resources, and supports the download of replay files to local playback
  • Can search for graphics based on the content of text audit as a keyword, the search results can directly locate to the related graphical screen for playback
  • Supports auditing of any switch on the same virtual machine

Password Change Plan

  • ★ Detailed password change plan can be generated based on account, time, password change cycle, password change method, and automatically executed when due
  • The password change method can support random generation of different passwords, random generation of the same passwords, manually specified same passwords
  • Supports automatic sending of password change results to the specified password change plan administrator’s mailbox
  • Password change policy supports setting based on resource account, account group, password change method, execution method
  • ★ Supports viewing password change logs, understanding the total number of password change accounts, the number of successful password changes, the number of password changes failed, and the number of unmodified
  • Password change logs support downloading, viewing password change before and after password changes
  • Password change policy supports whether to use privileged account password change and whether to modify privileged account password settings

Real-time Monitoring

Supports real-time monitoring and real-time cutting of any type of active session without delay

System Maintenance

  • Supports system backup in full or incremental mode
  • Supports system restore through upload restore file method
  • Supports one-key upgrade through upload upgrade package method
  • Supports desktop display according to different roles and permissions
  • Supports statistics of user count, host count, application count, application server count, alarm count
  • Supports statistics of host and application types
  • Supports statistics of current active sessions and newly added sessions today
  • Supports trend display of system login times and resource operation times on a weekly or monthly basis
  • Supports Top5 display of operation and maintenance users and resources
  • Supports display of recently logged in hosts and applications, and provides resource login function directly from the desktop
  • Supports display of system status and system information
  • Supports personal information modification
  • ★ Supports automatic account or IP lock in case of multiple login failures, configurable unlock duration, automatic unlock upon expiry, or manual unlock
  • Supports built-in OpenVPN client
  • Supports RADIUS, AD domain external authentication methods, and supports configuration of multiple AD domains
  • Supports automatic or manual deletion of storage data
  • Supports factory reset in web interface
  • Supports system configuration backup and restore
  • ★ Supports dual-machine hot backup
  • Supports self-managed space function, able to automatically clean up historical data, and overwrite data automatically when there is not enough space
  • Supports automatic backup of log data to remote Syslog server
  • Supports notifications, including emails, customizable SMS gateways
  • ★ Supports customization of system language (Chinese and English) and system icons
  • Supports asynchronization of operation tasks, real-time task progress viewing, task termination support
  • Supports setting whether to alarm and alarm mode based on message level and message type
  • ★ Supports WeChat mini-program mobile token
  • ★ Supports binding SSH public key, implementing password-free login
  • Supports users to view their own role permissions, and understand the range of permissions
  • Supports user to view their own system login logs, system operation logs, and resource login logs
  • Supports web certificate replacement
  • Supports web and ssh login timeout settings
  • Supports SNMP, versions include v2c and v3
  • Supports network multi-interface, static routing, DNS settings
  • Supports customizing the alarm mode and alarm level of system events
  • Supports customization of work order application range
  • ★ Supports modification of default port for system’s own external service provision
  • Supports auto backup of configurations and data to remote FTP, SFTP server storage
  • Supports network diagnostics such as ping, traceroute, telnet
  • ★ Supports collection of system running status information such as system load, kernel information, memory information, NIC information, disk utilization information, routing table information, ARP table information
  • ★ Supports downloading backups to local storage
Use CasesIntroduction to Architecture and Principles