All Products
Search
Document Center

Bastionhost:Release notes

Last Updated:Nov 20, 2024

This topic describes the release notes for Bastionhost and provides links to the relevant references.

2024

Version

Feature

Type

Description

Involved edition

Release date

References

V3.2.43

Application O&M

New feature

You can manage and perform O&M operations on client applications and web applications.

Enterprise Edition

2024-09-23

Single sign-on (SSO)

New feature

You can use the SSO tool Bastionhost Assistant to call an on-premises O&M client to access assets.

Basic Edition and Enterprise Edition

SSO-based O&M

Password change tasks

New feature

You can create automatic password change tasks for Windows server accounts whose passwords are managed by Bastionhost.

Enterprise Edition

Use the automatic password change feature

Identity as a Service (IDaaS) authentication

Optimized feature

You can configure the user synchronization scope and the SSO initiator.

Enterprise Edition

Manage IDaaS authentication

Operation logs

Optimized feature

Refines part of the audit content.

Basic Edition and Enterprise Edition

Archive audit logs in Simple Log Service

Network domain

Optimized feature

Key authentication is added as an authentication method of the SSH proxy server configured for a network domain.

Enterprise Edition

Use the network domain feature

Web-based O&M

Optimized feature

You can save the theme settings of the web page for O&M.

Enterprise Edition

Web-based O&M

User management

Optimized feature

The Expiration date, Status, and LastActivityAt fields are added to the exported table of users.

Basic Edition and Enterprise Edition

Export users

Host O&M

Optimized feature

  • Administrators can specify remarks when they review O&M tasks.

  • The interaction of O&M pop-up windows is optimized.

Basic Edition and Enterprise Edition

Review an O&M application

Portal-based O&M

Basic Edition and Enterprise Edition

O&M overview

Overview page

Optimized feature

You can view the usage of the resource connection pool. Overload protection is triggered if the connections consume a large number of resources.

Basic Edition and Enterprise Edition

Log on to the console of a bastion host

V3.2.42

User settings

New feature

You can change the configuration of password reset requirement upon the next logon for multiple users at a time.

Basic Edition and Enterprise Edition

2024-06-26

Manage users

V3.2.41

Automatic O&M

New feature

O&M tasks can be created to deliver scripts. Automatic O&M can be performed by running multiple scripts for host accounts at a time.

Enterprise Edition

2024-06-05

Automatic O&M

Multi-account management

New feature

Bastionhost can be connected to Resource Directory. After you connect Bastionhost to Resource Directory, the Elastic Compute Service (ECS) and ApsaraDB RDS instances within multiple Alibaba Cloud accounts can be automatically imported to a bastion host.

Enterprise Edition

Use the multi-account management feature

Private O&M

New feature

  • The O&M portal can be accessed over an internal network.

  • Web-based O&M operations can be performed over an internal network.

Enterprise Edition

Enable private O&M

Connection to Key Management Service (KMS)

New feature

The ECS secrets that are managed in KMS instances within the same Alibaba Cloud account can be imported as logon information of host accounts.

Enterprise Edition

Import ECS secrets from KMS

Active Directory (AD) authentication

Optimized feature

  • Multiple AD authentication servers can be configured for a bastion host.

  • The organizations on AD authentication servers can be synchronized to bastion hosts as user groups.

Basic Edition and Enterprise Edition

Configure AD authentication or LDAP authentication

Authorization data dashboard

New feature

The assets that a user is authorized to manage on the User Groups or Authorization Rules page can be viewed on the details page of the user.

Basic Edition and Enterprise Edition

N/A

V3.2.40

User logon limits

New feature

Approved time ranges and source IP addresses for logon can be specified to control user access to bastion hosts.

Basic Edition and Enterprise Edition

2024-03-27

Configure the parameters on the User Settings tab

API operations

New feature

  • API operations are released to manage network domains, control policies, authorization rules, and databases.

  • An API operation is released to configure the natural language used to send notifications to users.

Basic Edition and Enterprise Edition

N/A

Password change tasks

Optimized feature

The password complexity requirements for password change tasks are optimized. The number of characters can be customized.

Enterprise Edition

Use the automatic password change feature

Notification

Optimized feature

The natural language used to send notifications to users can be specified.

Basic Edition and Enterprise Edition

Use the notification feature

V3.2.39

IDaaS authentication

New feature

IDaaS-authenticated users can log on to the O&M portal.

Note

Alibaba Finance Cloud and Alibaba Gov Cloud are not supported.

Enterprise Edition

2024-02-26

Manage IDaaS authentication

Third-party assets

New feature

Microsoft Azure assets can be imported.

Basic Edition and Enterprise Edition

N/A

Control policies

New feature

A switch is supported. If you turn on the switch, keyboard operations that are performed during Remote Desktop Protocol (RDP)-based O&M can be audited on the Graphic Text tab.

Basic Edition and Enterprise Edition

Search for sessions and view session details

API

New feature

The API operations that are related to O&M tokens are supported.

Basic Edition and Enterprise Edition

N/A

User password security settings

Optimized feature

The historical password check policy can be configured. The policy specifies the number of previous passwords that cannot be used by a user when the user resets a password.

Basic Edition and Enterprise Edition

Configure the parameters on the User Settings tab

User management

Optimized feature

  • Mobile phone numbers and email addresses of Resource Access Management (RAM) users can be synchronized.

  • The validity period of multiple users can be modified at a time.

  • Policies are provided when you import users to Bastionhost from a file and users that have the same names exist.

Basic Edition and Enterprise Edition

N/A

Asset management

Optimized feature

Manual check for the status of ECS and ApsaraDB RDS instances is supported.

Basic Edition and Enterprise Edition

Manage hosts

V3.2.38.3

Control policies

New feature

Fine-grained control policies can be associated with asset accounts.

Basic Edition and Enterprise Edition

2024-01-25

Configure a control policy

User management

New feature

Users who have not logged on to bastion hosts for a long period of time can be automatically locked.

Asset management

New feature

Passwords and keys of asset accounts can be exported and imported.

Client-based O&M

Optimized feature

The search feature of SSH-based O&M clients is optimized. You can filter search results and sort the results by specified parameters.

N/A

Management of AD-authenticated users and Lightweight Directory Access Protocol (LDAP)-authenticated users

Optimized feature

The synchronization logic of the mobile phone numbers of AD-authenticated users and LDAP-authenticated users is optimized. You can configure whether to synchronize the mobile phone numbers of AD-authenticated users and LDAP-authenticated users.

Configure AD authentication or LDAP authentication

Authorization

Optimized feature

The process of authorizing users to manage the accounts of assets in asset groups is optimized. Existing accounts are automatically displayed for you to select.

Authorize a user to manage asset groups and the accounts of assets in the asset groups

Session audit

Optimized feature

The search feature on the Session Audit page is optimized to support fuzzy match.

N/A

2023

Version

Feature

Type

Description

Involved edition

Release date

References

Basic Edition

Switch to a different zone

New feature

A vSwitch can be switched to a different zone. This prevents the bastion host from being inaccessible if the current zone becomes unavailable.

Basic Edition

2023-09-18

Switch to a different zone

V3.2.37.1

O&M on PolarDB clusters

New feature

O&M on PolarDB clusters is supported.

Enterprise Edition

2023-08-30

User list export

New feature

The user list can be exported. The user list contains usernames, email addresses, mobile phone numbers, user groups, and creation time of users.

Basic Edition and Enterprise Edition

Manage users

O&M token

Optimized feature

The management and control mechanism of O&M tokens is optimized. You can configure the validity period and number of usage times of O&M tokens. O&M engineers can renew O&M tokens.

Basic Edition and Enterprise Edition

Update of API operations

Optimized feature

The API operations for O&M review and command review are available.

Basic Edition and Enterprise Edition

N/A

Asset network check

Optimized feature

  • The asset network check feature can be manually enabled and disabled.

  • The check interval and time can be configured for the asset network check feature.

Basic Edition and Enterprise Edition

Diagnose network issues

O&M duration limit

Optimized feature

The maximum duration of a single O&M session can be configured. The maximum duration of a single O&M session is seven days.

Basic Edition and Enterprise Edition

Configure O&M settings

Real-time database O&M connections

Optimized feature

When O&M engineers use O&M tokens to access databases, the computing of real-time database O&M connections is optimized. This improves audit accuracy.

Enterprise Edition

N/A

V3.2.36

Optimized stability

Optimized feature

Overload protection is optimized and component stability is improved.

Basic Edition and Enterprise Edition

2023-07-18

N/A

V3.2.35

Multi-zone configuration

New feature

Zones can be configured for vSwitches.

Enterprise Edition

2023-05-30

Configure a bastion host

Notification

New feature

The following notifications are supported:

  • Notifications for user password expiration.

  • Notifications for the end of user validity periods.

Basic Edition and Enterprise Edition

Use the notification feature

Two-factor authentication

New feature

The mobile phone numbers in Thailand (+66), Vietnam (+84), and Cambodia (+855) are supported by the two-factor authentication feature.

Basic Edition and Enterprise Edition

Enable two-factor authentication

Asset authorization process

Optimized feature

After you grant permissions on assets to users, you are redirected to the page on which you can grant permissions on asset accounts to the users.

Basic Edition and Enterprise Edition

N/A

Snapshot synchronization of AD- and LDAP-authenticated users

Optimized feature

AD-authenticated users and LDAP-authenticated users can be synchronized on a regular basis.

Basic Edition and Enterprise Edition

Configure AD authentication or LDAP authentication

V3.2.33

Connectivity test

New feature

The connectivity diagnostics feature is provided. You can use the feature to troubleshoot issues that are related to O&M connections between a client and a bastion host and between a bastion and an asset.

Basic Edition and Enterprise Edition

2023-02-21

N/A

Asset risk monitoring

New feature

The asset risk monitoring feature is provided. The feature displays information about asset risks that are detected by Security Center. The information includes the alerts, vulnerabilities, and baseline risks that are detected on assets and the numbers of the alerts, vulnerabilities, and baseline risks. You can go to the Security Center console to handle the asset risks in a convenient manner.

Basic Edition and Enterprise Edition

N/A

2022

Version

Feature

Type

Description

Involved edition

Release date

References

V3.2.31

Oracle database O&M

New feature

O&M operations can be performed on Oracle databases.

Enterprise Edition

2022-12-22

O&M overview

Management of third-party asset sources

Optimized feature

Third-party asset sources, such as Amazon Web Services (AWS) and Tencent Cloud, can be imported and managed.

Basic Edition and Enterprise Edition

Manage third-party asset sources

Optimization of the O&M portal

Optimized feature

The O&M portal can be used by local users, AD-authenticated users, and LDAP-authenticated users to modify keys and user information.

Basic Edition and Enterprise Edition

Security policies for O&M administrators

Asset connectivity check

New feature

The asset connectivity is automatically checked. The status of the asset connectivity is updated every 4 hours.

Basic Edition and Enterprise Edition

Manage hosts

Management of AD and LDAP settings

Optimized feature

AD and LDAP settings can be cleared.

Basic Edition and Enterprise Edition

Configure AD authentication or LDAP authentication

Update of API operations

Optimized feature

An API operation is released to manage the public key of a user. When a user is created or edited, the following settings can be configured: user's validity period, two-factor authentication, and whether the user must reset the password upon the next logon.

Basic Edition and Enterprise Edition

N/A

Host key

New feature

ED25519 keys can be used as host keys.

Basic Edition and Enterprise Edition

N/A

V3.2.30

O&M applicant review

New feature

The O&M application review feature is supported. After the feature is enabled, an O&M engineer can log on to the required assets and perform O&M operations only after the Bastionhost administrator approves the O&M application submitted by the O&M engineer.

Basic Edition and Enterprise Edition

2022-11-21

Configure a control policy

Host O&M token

New feature

O&M tokens can be obtained on the Host O&M page. You can use an O&M token to perform client-based O&M.

Basic Edition and Enterprise Edition

N/A

Notification

New feature

Text messages and emails are supported as notification methods. In addition to internal messages, you can receive text messages and emails that notify you of O&M address changes and alerts that are triggered by command execution and storage usage.

Basic Edition and Enterprise Edition

Use the notification feature

Asset monitoring

New feature

Assets on which no O&M operations are performed for the last 7 or 30 days can be filtered.

Basic Edition and Enterprise Edition

N/A

User logon settings

New feature

Users can be configured to use only key pairs for authentication when they log on to a bastion host.

Basic Edition and Enterprise Edition

Configure the parameters on the User Settings tab

Two-factor authentication

New feature

The mobile phone numbers in Saudi Arabia (+966) are supported by the two-factor authentication feature.

Basic Edition and Enterprise Edition

Enable two-factor authentication

Settings for two-factor authentication

Optimized feature

Two-factor authentication settings for multiple users can be modified at a time on the Users page.

Basic Edition and Enterprise Edition

Enable two-factor authentication

Control policies

Optimized feature

The logic for creating control policies is optimized.

Basic Edition and Enterprise Edition

Configure a control policy

User status monitoring

Optimized feature

Tags are added for deleted RAM users.

Basic Edition and Enterprise Edition

Manage users

Optimized stability

Optimized feature

The overload protection mechanism is supported to improve the stability of O&M sessions.

Basic Edition and Enterprise Edition

N/A

V3.2.28

Database O&M and audit

New feature

Database O&M and audit are supported. You can perform O&M and audit operations on ApsaraDB RDS for MySQL instances, ApsaraDB RDS for SQL Server instances, ApsaraDB RDS for PostgreSQL instances, and self-managed databases.

Enterprise Edition

2022-07-27

Use the database management feature

O&M portal

New feature

The O&M portal is added. You can log on to the O&M portal to maintain assets on which you have permissions on a web page. You can also use a one-time password (OTP) token to log on to the O&M portal as local user.

Basic Edition and Enterprise Edition

O&M overview

OTP tokens for local users to implement two-factor authentication

New feature

OTP tokens are provided for local users to implement two-factor authentication. Local users can scan the quick response (QR) code that is displayed in the O&M portal to implement two-factor authentication.

Basic Edition and Enterprise Edition

Enable two-factor authentication

Custom ports for hosts

New feature

Custom ports are supported for hosts. If you import multiple hosts by using an Excel file, you can specify custom ports for the hosts.

Basic Edition and Enterprise Edition

Change the service port of a host

V3.2.26

Management of third-party asset sources

New feature

Third-party asset sources can be managed. You can import assets from third-party asset sources.

Basic Edition and Enterprise Edition

2022-04-06

Add hosts

Verification codes of two-factor authentication

New feature

Verification codes can be sent by using notifications in DingTalk during two-factor authentication. Chinese or English can be selected as the language to send a verification code.

Basic Edition and Enterprise Edition

Enable two-factor authentication

User settings for two-factor authentication

New feature

Two-factor authentication can be configured for a single user.

Basic Edition and Enterprise Edition

Manage users

API operations

New feature

API operations are released to configure AD authentication, two-factor authentication, and shared keys.

Basic Edition and Enterprise Edition

Search conditions for password change tasks

Optimized feature

Host IP addresses and host names can be used to search for password change tasks.

Enterprise Edition

N/A

Text messages for two-factor authentication

New feature

The mobile phone numbers in Poland (+48) and Spain (+34) are supported by the two-factor authentication feature.

Basic Edition and Enterprise Edition

Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost?

Regular updates of the configurations and status of AD-authenticated and LDAP-authenticated users

Iterated feature

The configurations and status of AD-authenticated and LDAP-authenticated users can be regularly updated.

Basic Edition and Enterprise Edition

Configure the parameters on the User Settings tab

2021

Version

Feature

Type

Description

Involved edition

Release date

References

V3.2.22

Authorization rules

New feature

Authorization rules can be created. You can create authorization rules to authorize multiple users to manage assets. You can also specify a validity period for an authorization rule.

Basic Edition and Enterprise Edition

2021-11-22

Create an authorization rule and Manage an authorization rule

Import and export of bastion host configurations

New feature

The import and export of bastion host configurations are supported. You can export the configurations of a bastion host and import the exported configurations for use on other bastion hosts.

Basic Edition and Enterprise Edition

Use the configuration backup feature

Proxy mode of the network domain feature

New feature

The proxy mode of the network domain feature is supported by Bastionhost Enterprise Edition. This allows you to configure a secondary proxy server in a network domain. If an error occurs on the primary proxy server, the secondary proxy server is automatically connected to your bastion host.

Enterprise Edition

Use the network domain feature

Network domains

New feature

Internal messages are supported to notify you of network domain errors.

Enterprise Edition

Use the notification feature

Personalized desktops

New feature

Personalized desktops can be enabled when you configure O&M settings. Users can use Windows personalized desktops.

Basic Edition and Enterprise Edition

Configure O&M settings

Password reset upon next logon

New feature

When you create a local user, you are allowed to specify whether the user must reset the password upon the next logon.

Basic Edition and Enterprise Edition

Manage users

V3.2.20

Asset access by using proxies

New feature

Proxies can be used to access assets. SSH, SOCKS5, and HTTP proxies are supported.

Enterprise Edition

2021-07-22

Use the network domain feature

Global configuration item for host fingerprint verification

New feature

A global configuration item is added to verify host fingerprints.

Basic Edition and Enterprise Edition

Configure O&M settings

Access control on logon accounts

Optimized feature

Access control on logon accounts is optimized. A switch is added to control whether empty accounts are visible.

Basic Edition and Enterprise Edition

Configure O&M settings

Backup and export of O&M logs

New feature

O&M logs can be backed up and exported.

Basic Edition and Enterprise Edition

Use the log backup feature

Internal messages

New feature

Internal messages are supported in the following scenarios:

  • Command approval and rejection

  • Password change tasks

  • Storage alerts

  • Weekly O&M reports

  • Expired shared keys

Basic Edition and Enterprise Edition

Use the notification feature

Text messages for two-factor authentication

New feature

The mobile phone numbers in France (+33), Israel (+972), and Italy (+39) are supported by the two-factor authentication feature.

Basic Edition and Enterprise Edition

Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost?

V3.2.18

Export of the host list

New feature

The host list can be exported.

Basic Edition and Enterprise Edition

2021-04-21

Export the host list with a few clicks

Use the key management feature

New feature

The key management feature is released. This feature allows you to bind a key to multiple host accounts at a time.

Basic Edition and Enterprise Edition

Use the shared key feature

Marking of users

Optimized feature

Users can be marked as inactive based on the time range you specify.

Basic Edition and Enterprise Edition

N/A

Import of AD-authenticated or LDAP-authenticated users

Optimized feature

Keywords of usernames can be used to search for the AD-authenticated or LDAP-authenticated users that you want to import.

Basic Edition and Enterprise Edition

Manage users

Control policies

New feature

The access control feature is updated. You can specify time ranges to allow user access to a host.

Basic Edition and Enterprise Edition

Configure a control policy

Two-factor authentication

New feature

Emails can be used to receive verification codes during two-factor authentication. You can specify the number of days a user can skip the two-factor authentication after the user enters the correct verification code.

Basic Edition and Enterprise Edition

Enable two-factor authentication

Password validity period for local users

New feature

The password validity period of a local user can be configured.

Basic Edition and Enterprise Edition

Configure the parameters on the User Settings tab

V3.2.17

Password change tasks

New feature

A task can be created to change the passwords of different Linux host accounts at a time.

Enterprise Edition

2021-03-15

Use the automatic password change feature

Clearance of the fingerprints on multiple hosts at a time

New feature

Fingerprints on multiple hosts can be cleared at a time.

Basic Edition and Enterprise Edition

Clear host fingerprints

Searching for hosts, host groups, users, and user groups

Optimized feature

  • Names can be used to search for hosts or host groups.

  • Names can be used to search for users or user groups.

Basic Edition and Enterprise Edition

N/A

Text messages for two-factor authentication

New feature

The mobile phone numbers in the Republic of Korea (+82), the Philippines (+63), Taiwan (China) (+886), Switzerland (+41), and Sweden (+46) are supported by the two-factor authentication feature.

Basic Edition and Enterprise Edition

Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost?

User logon prohibition

Iterated feature

The session interruption feature is released to prohibit users from accessing hosts.

Basic Edition and Enterprise Edition

Block sessions

Adding users

New feature

A user validity period can be configured when you create a local user or import an AD-authenticated or LDAP-authenticated user.

Basic Edition and Enterprise Edition

Manage users

O&M reports

New feature

The O&M report feature is released. This feature allows you to export reports to Word, PDF, or HTML files.

Basic Edition and Enterprise Edition

View the O&M information on the O&M Reports page and export an O&M report

Extended storage plans for audit videos

Iterated feature

Extended storage plans can be purchased to store audit videos.

Basic Edition and Enterprise Edition

Purchase a bastion host

Host O&M by using a web terminal

New feature

O&M operations can be performed on hosts in the console of a bastion host by using a web terminal.

Enterprise Edition

Use the host O&M feature

Idle duration for O&M and total O&M duration

Iterated feature

Idle duration for O&M and total O&M duration can be configured.

Basic Edition and Enterprise Edition

Configure O&M settings

API operations

New feature

API operations are released to manage users, user groups, hosts, host groups, host accounts, and host authorization.

Basic Edition and Enterprise Edition

Hosts (available only for bastion hosts that run V3.2.17 and later versions)

2020

Version

Feature

Type

Description

Involved edition

Release date

References

V3.2.13

Release of Bastionhost Enterprise Edition

New feature

Bastionhost Enterprise Edition is released.

Basic Edition and Enterprise Edition

2020-11-16

Billing

Wizard

New feature

A wizard is provided to walk you through how to use Bastionhost. To use the wizard, you can click Wizard in the upper-right corner in the Bastionhost console.

Basic Edition and Enterprise Edition

N/A

Marking of released ECS instances

Optimized feature

Released ECS instances can be marked.

Basic Edition and Enterprise Edition

N/A

User settings

New feature

User groups can be selected when you create a user.

Basic Edition and Enterprise Edition

Manage users

Text messages for two-factor authentication

New feature

The mobile phone numbers in Germany (+49), Australia (+61), the United States (+1), Dubai (+971), Japan (+81), the United Kingdom (+44), India (+91), and Macao (China) (+853) are supported by the two-factor authentication feature.

Basic Edition and Enterprise Edition

Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost?

Network diagnostics

New feature

The network diagnostics feature is released.

Basic Edition and Enterprise Edition

Diagnose network issues