What Is a Bastion Host and Why It’s Essential for Secure Operations

What Is a Bastion Host

A bastion host is a security appliance deployed in a specific network environment to monitor and record the actions of operations personnel on servers, network devices, security devices, databases, and other assets, enabling centralized alerts, timely handling, and audit accountability.

Why a Bastion Host Is Needed

Originally evolving from jump servers used around 2000 for centralized remote login, jump servers lacked control and audit capabilities, leading to operational errors, security risks, and difficulty tracing incidents. Recognizing these shortcomings, organizations sought a solution that provides role‑based access, authorization, operation recording, system change control, and compliance reporting, leading to the widespread adoption of bastion hosts around 2005.

Design Philosophy (4A)

The core design follows the 4A model: Authentication, Authorization, Account, and Audit.

Goals (5W)

Audit: What actions were performed?

Authorization: Which actions are permitted?

Account: Where did the user go?

Authentication: Who is the user?

Source: When did the access occur?

Value

Centralized management

Centralized permission allocation

Unified authentication

Centralized audit

Data security

Operational efficiency

Operational compliance

Risk control

Principle Architecture

Typical bastion host functionality is divided into five modules:

1. Operations Platform

RDP/VNC, SSH/Telnet, SFTP/FTP, database, web system, remote application operations

2. Management Platform

Three‑power separation, identity verification, host management, password vault, operation monitoring, electronic tickets

3. Automation Platform

Automatic password change, automated operations, data collection, automatic authorization, backup, alerting

4. Control Platform

IP firewall, command firewall, access control, transmission control, session interruption, operation approval

5. Audit Platform

Command, text, SQL records, file storage, full‑text search, audit reports

Authentication Methods

Bastion hosts support flexible authentication, including:

Local authentication with strong password policies

Remote authentication via AD/LDAP/Radius

Two‑factor authentication (USB key, dynamic token, SMS gateway, mobile app token)

Third‑party systems such as OAuth2.0 and CAS

Common Operation Modes

B/S: Browser‑based operations

C/S: Client‑software operations (e.g., Xshell, CRT)

H5: Web‑based remote desktop supporting SSH, Telnet, Rlogin, RDP, VNC

Gateway: SSH gateway for proxy login, suitable for automation scenarios

Other Common Functions

File transfer via RDP/SFTP/FTP/SCP/RZ/SZ

Fine‑grained control over users, commands, and transfers

Open API support

Deployment Options

1. Single‑node deployment – passive (bypass) deployment beside switches, requiring only network access to assets.

2. HA high‑availability deployment – two nodes with heartbeat and a virtual IP; the standby takes over if the primary fails.

3. Remote‑sync deployment – multiple data‑center instances with automatic configuration synchronization.

4. Cluster (distributed) deployment – many nodes with one master‑slave pair and additional cluster nodes, providing a single virtual IP for external access.

Open‑Source Products

Commercial bastion hosts include 行云管家 and 纽盾堡垒机, while the popular open‑source solution is JumpServer.