Bastionhost:Add and configure an application

Prerequisites

• An application server is added. For more information, see Add and deploy an application server.

• A remote client is added. For more information, see Add a remote client.

Add an application

1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

2. In the bastion host list, find the bastion host that you want to manage and click Manage.

3. In the left-side navigation pane, choose Assets > Applications.

4. On the Applications tab, click Create Application. In the panel that appears, configure the parameters and click OK. The following table describes the parameters.

   Parameter	Description
   Application Name	The name of the application. You can specify a name based on your business requirements. The name must meet the following requirements: It must be 1 to 128 characters in length. It cannot start with a special character. It can contain periods (.), underscores (_), hyphens (-), backslashes (\), and spaces.
   Application Server	The application server used to access the application. For more information about how to add an application server, see Add and deploy an application server.
   Associate Remote Client	The remote client used to access the application. For more information about how to add a remote client, see Add a remote client.
   Application Type	The type of the remote client with which the application is associated. This parameter is automatically configured by the system.
   Destination URL	The application URL that is automatically opened during O&M. You can configure this parameter only if the type of the selected remote client is Google Chrome.
   O&M Access Rules	You can configure this parameter only if the type of the selected remote client is Google Chrome. Only Same URLs as Destination IP Addresses/Domain Names Are Allowed: If you turn on this switch, URLs are checked during O&M operations on the web application. Only URLs that are the same as the destination IP addresses or domain names and URLs that are allowed in O&M Access Rules can be opened. Blacklist/Whitelist: You can configure a blacklist or a whitelist for access control. Example: If you specify https://example.com as Destination URL, turn on the Only Same URLs as Destination IP Addresses/Domain Names Are Allowed switch, and configure a blacklist that contains https://example.com/help, the O&M engineers who are authorized to manage the application can access only resources that are not in the /help resource directory of the application.

Enable automatic logon to an web application

If the remote client associated with an application is Google Chrome or Mozilla Firefox, you can configure an autofill script in the corresponding browser and create an application account to host the username and password of an account used to log on to the web application. This way, O&M engineers can use the account to log on to the web application for O&M, without entering the username and password.

Generate and configure an autofill script

The plug-in used to generate autofill scripts can run only in Google Chrome, but the generated autofill scripts can be used for applications in both Google Chrome and Mozilla Firefox.

1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

2. In the bastion host list, find the bastion host that you want to manage and click Manage.

3. In the left-side navigation pane, choose Assets > Applications.

4. On the Applications tab, find the web application that you want to manage and click Edit in the Actions column.

5. On the Application Configurations tab of the panel that appears, click Download the browser plug-in. Download the package to your on-premises machine and decompress it.

   

6. Add the plug-in to your Google Chrome extensions by uploading the extension file extracted from the package and then run the plug-in.

   

7. Open the logon page of the web application in Google Chrome, click the plug-in, and then click Start.

   The following figure shows the logon page for Resource Access Management (RAM) users:

   

8. Right-click the username input box, password input box, and logon button as prompted to obtain the information required for generating an autofill script.

   • Right-click the username input box, as shown in the following figure.

     

   • Right-click the password input box, as shown in the following figure.

     

   • Right-click the logon button, as shown in the following figure.

     

9. An autofill script is automatically generated in the clipboard. Go back to the Application Configurations tab in the console of your bastion host, paste the autofill script in the Autofill Script section, and then click Update.

   

Create an application account

1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

2. In the bastion host list, find the bastion host that you want to manage and click Manage.

3. In the left-side navigation pane, choose Assets > Applications.

4. On the Applications tab, find the application that you want to manage and click Edit in the Actions column.

5. On the Application Account tab of the panel that appears, click Create Application Account. In the Create Application Account panel, specify the logon name and password and then click OK.

Related operations

• To change the information about an application, such as the application name and associated application server, find the application on the Applications tab and click Edit in the Actions column.

• To delete an application that no longer requires O&M, find the application on the Applications tab and click Delete in the Actions column.