Perform O&M operations on assets by connecting to a bastion host from a client tool on a macOS server - Bastionhost

To perform O&M operations on Windows hosts from a macOS server, you can use a client tool for remote connection to log on to a bastion host. Then, you can use the bastion host to select the hosts for O&M. This topic describes how to perform Remote Desktop Protocol (RDP)-based O&M by connecting to a bastion host from the Microsoft Remote Desktop client.

Prerequisites

The assets that you want to manage and a user are imported to the bastion host. The user is authorized to manage the assets. For more information, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.
Note
- To enable the bastion host to access the hosts in password-free mode, authorize the user to use the accounts of the hosts. For more information, see Authorize a user to manage assets and asset accounts.
- If you do not manage specific accounts in the bastion host, you can select Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section. This way, the user can manually enter the username and password of the host to access and perform O&M operations on the host. For more information about how to enable a special asset account, see Configure O&M settings.
The O&M addresses of the bastion host are obtained. You can obtain the O&M addresses in the Bastion Host Information section on the Overview page of the console of the bastion host. For more information, see Log on to the console of a bastion host.
Note
Bastionhost provides fixed O&M addresses and supports dynamic O&M IP addresses to ensure security. The IP address to which the private O&M address of a bastion host is resolved may change. We recommend that you perform O&M operations by using an O&M address. This helps prevent unavailable O&M due to the IP address change.
An RDP client, such as Microsoft Remote Desktop, is installed on your macOS server.

Password authentication

Start Microsoft Remote Desktop.
Enter the O&M address of the bastion host in the following format and click Add:
<O&M address of the bastion host>:63389. For example, enter kagp******-public.bastionhost.aliyuncs.com:63389.
The default RDP port is 63389. For information about how to change the O&M port of a bastion host, see Configure a bastion host.
Enter the username and password of the account that is used to log on to the bastion host and click Continue.
If two-factor authentication is enabled for bastion host users, enter the verification code.
For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.
On the asset management page, double-click the host on which you want to perform O&M operations. This way, you can access the host for O&M.

Token authentication

Start Microsoft Remote Desktop.
Enter the O&M address of the bastion host in the following format and click Add:
<O&M address of the bastion host>:63389. For example, enter kagp******-public.bastionhost.aliyuncs.com:63389.
The default RDP port is 63389. For information about how to change the O&M port of a bastion host, see Configure a bastion host.
Enter the username of the account that is used to log on to the bastion host and the O&M token and click Continue.
For information about how to obtain an O&M token, see Manage an O&M token.
Perform O&M operations on the host.

References

For information about the names and versions of remote connection tools that are compatible with Bastionhost, see Database O&M tools and versions.