You can use Bastionhost to obtain O&M tokens for hosts and databases and use the O&M tokens to perform O&M operations on the hosts and databases. This topic describes how to obtain and renew an O&M token.
Obtain an O&M token
An O&M token can be repeatedly used within its validity period. The Bastionhost administrator can configure a validity period for O&M tokens on the O&M Configuration tab of the console of a bastion host. If O&M review is enabled, the validity period and available O&M sessions of an O&M token that are approved by the Bastionhost administrator take effect.
If the Bastionhost administrator allows O&M engineers to renew O&M tokens, the O&M engineers can renew O&M tokens before the O&M tokens expire. After the O&M tokens expire, the O&M engineers must apply for new O&M tokens. If O&M review is enabled, the O&M engineers cannot renew O&M tokens. After the settings of O&M tokens are modified, an O&M engineer must apply for a new O&M token or update the existing O&M token for the change to take effect.
If an O&M token is valid but the O&M connection fails, the number of concurrent O&M connections may have reached the upper limit or the Bastionhost administrator blocked the O&M requests that are sent during the period of time and from the source IP address. In the first case, contact the Bastionhost administrator to upgrade your bastion host or release idle connections. In the second case, contact the Bastionhost administrator to remove the restrictions.
Prerequisites
Obtain an O&M token for a host: A host account is hosted in the console of a bastion host. The host account is configured for a host. An O&M engineer is granted the permissions on the host account. For more information, see Configure account settings for a host.
Obtain an O&M token for a database: A database account is hosted in the console of a bastion host. The database account is configured for a database. An O&M engineer is granted the permissions on the database account. For more information, see Use the database management feature.
Obtain an O&M token for a host
If you use a RAM user, perform the following steps:
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Host O&M page, find the host on which you want to perform O&M operations and click the Log On icon.
In the Remote Connection dialog box, configure the Host Account parameter. Then, click Obtain O&M Token.
If you do not use a RAM user, perform the following steps:
Log on to the O&M portal. For more information, see Log on to the O&M portal.
In the left-side navigation pane, click Hosts.
On the Hosts page, find the host that you want to manage and click Remote Connection.
In the Remote Connection dialog box, configure the Host Account parameter. Then, click Obtain O&M Token.
Obtain an O&M token for a database
If you use a RAM user, perform the following steps:
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Database O&M page, find the database that you want to manage and click O&M Token in the Log On column.
In the O&M Token dialog box, configure the Database Account parameter. Then, click Obtain O&M Token.
If you do not use a RAM user, perform the following steps:
Log on to the O&M portal. For more information, see Log on to the O&M portal.
In the left-side navigation pane, choose Databases.
On the Databases page, find the database that you want to manage and click O&M Token in the O&M Token column.
In the O&M Token dialog box, configure the Database Account parameter. Then, click Obtain O&M Token.
Renew an O&M token
Prerequisites
Allow O&M Engineer to Renew an O&M is enabled by the Bastionhost administrator. For more information, see the "Configure O&M settings" topic.
O&M review is disabled.
Description
If Allow O&M Engineer to Renew an O&M Token is enabled, an O&M engineer can renew an O&M token by 1 hour for each renewal. The number of times to renew an O&M token is configured by the Bastionhost administrator.
If O&M review is enabled, the O&M engineer cannot renew an O&M token. The validity period of the O&M token that is approved by the Bastionhost administrator takes effect.
If the Bastionhost administrator modifies the settings of O&M tokens, an O&M engineer must apply for a new O&M token for the change to take effect.
Renew an O&M token for a host
If you use a RAM user, perform the following steps:
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Host O&M page, find the host on which you want to perform O&M operations and click the Log On icon.
In the Remote Connection dialog box, configure the Host Account parameter. Then, click View O&M Token.
On the O&M Token page, click Renew Token.
If you do not use a RAM user, perform the following steps:
Log on to the O&M portal. For more information, see Log on to the O&M portal.
In the left-side navigation pane, click Hosts.
On the Hosts page, find the host that you want to manage and click Remote Connection.
In the Remote Connection dialog box, configure the Host Account parameter. Then, click View O&M Token.
On the O&M Token page, click Renew Token.
Renew an O&M token for a database
If you use a RAM user, perform the following steps:
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Database O&M page, find the database that you want to manage and click View O&M Token in the Log On column.
On the O&M Token page, click Renew Token.
If you do not use a RAM user, perform the following steps:
Log on to the O&M portal. For more information, see Log on to the O&M portal.
In the left-side navigation pane, choose Databases.
On the Databases page, find the database that you want to manage and click O&M Token in the O&M Token column.
In the O&M Token dialog box, select a value from the Database Account drop-down list and click View O&M Token.
On the O&M Token page, click Renew Token.