Perform O&M operations on assets by connecting to a bastion host from a client tool on a Windows server - Bastionhost

To perform O&M operations on hosts from a Windows server, you can use a client tool for remote connection to log on to a bastion host. Then, you can use the bastion host to select the hosts for O&M. This topic describes how to perform Remote Desktop Protocol (RDP)-based O&M by connecting to a bastion host from MSTSC, a remote desktop connection tool provided by Windows.

Prerequisites

The assets that you want to manage and a user are imported to the bastion host. The user is authorized to manage the assets. For more information, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.
Note
- To enable the bastion host to access the hosts in password-free mode, authorize the user to use the accounts of the hosts. For more information, see Authorize a user to manage assets and asset accounts.
- If you do not manage specific accounts in the bastion host, you can select Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section. This way, the user can manually enter the username and password of the host to access and perform O&M operations on the host. For more information about how to enable a special asset account, see Configure O&M settings.
The O&M address of a bastion host is obtained. You can obtain the O&M addresses in the Bastion Host Information section on the Overview page in the console of the bastion host. For more information, see Log on to the console of a bastion host.
Note
Bastionhost provides fixed O&M addresses and supports dynamic O&M IP addresses to ensure security. The IP address to which the private O&M address of a bastion host is resolved may change. We recommend that you perform O&M operations by using an O&M address. This helps prevent unavailable O&M due to the IP address change.

Password authentication

Start MSTSC on your Windows server.
Enter the O&M address of the bastion host in the following format and click Connect:
<O&M address of the bastion host>:63389. For example, enter kagp******-public.bastionhost.aliyuncs.com:63389.
The default RDP port is 63389. For information about how to change the O&M port of a bastion host, see Configure a bastion host.
In the Remote Desktop Connection dialog box, click Yes.
In the login dialog box, enter the username and password of the account that is used to log on to the bastion host and click Login.
If two-factor authentication is enabled for bastion host users, enter the verification code.
For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.
On the asset management page, double-click the host on which you want to perform O&M operations. This way, you can access the host for O&M.

Token authentication

Start MSTSC on your Windows server.
On the General tab, enter the O&M address of the bastion host and the username of the account that is used to log on to the bastion host, select Allow me to save credentials, and then click Connect.
Specify the O&M address in the following format: <O&M address of the bastion host>:63389. For example, enter kagp******-public.bastionhost.aliyuncs.com:63389.
The default RDP port is 63389. For information about how to change the O&M port of a bastion host, see Configure a bastion host.
In the dialog box that appears, enter the O&M token of the bastion host and click OK.
For information about how to obtain an O&M token, see Manage an O&M token.
In the Remote Desktop Connection dialog box, click Yes to access the host for O&M.

References

For information about the names and versions of remote connection tools that are compatible with Bastionhost, see Database O&M tools and versions.