tencent cloud

Bastion Host

Tencent Cloud Bastion Host (BH) provides proxy access and audit services for operations performed on your IT assets, enabling you to establish a comprehensive security management system covering pre-event prevention, mid-event monitoring, and post-event auditing.

Comprehensive Asset Management

BH unifies the management of both offline and cross-cloud assets on mainstream Linux, Windows, and MySQL versions so admins can carry out security operations more effectively.

Granular Permission Control

You can set highly granular permission controls based on user, asset, account, and operation to ensure that users have only the least privileges to access assets and complete tasks on an as-needed basis.

Excellent Ops Experience

BH supports various mainstream Ops client tools and is perfectly compatible with Windows and macOS terminals. This means Ops engineers don't need to change their operating habits to provide better security.

Operation Auditing

BH audits server operation commands, transferred files, and Ops processes to implement better traceability of security incidents.

Unified Ops Portal

BH acts as a unified portal for accessing and managing internal assets. This eliminates the need to remember multiple addresses, accounts, and passwords.

Exception and Risk Alarms

BH analyzes events by time, command statement, upload/download operation, access IP, server, and username to identify abnormal behaviors and trigger alarms accordingly. This effectively prevents internal malicious activities.


BH hides real operation ports and admin accounts to make remote Ops more secure.

BH lets you specify highly granular permissions for accounts and users to prevent Ops personnel from performing unauthorized operations.

It analyzes Ops behaviors to identify abnormal operations and prevent data leakage.

Fine-grained account and user permissions ensure that Ops engineers work in strict accordance with their job descriptions and cannot perform unauthorized operations.

BH analyzes Ops behaviors to identify abnormal operations and protect financial data from unauthorized access and use.

BH helps you clearly define the permissions and responsibilities of Ops and administrative personnel and backtrack their behaviors with operation auditing. This ensures effective accountability if a security event occurs.

It analyzes Ops behaviors to identify internal abnormal operations and trigger alarms for the leakage of government and public service data, such as healthcare, education, social security, tax-related, and corporate data.


BH comes in various specifications for you to choose. The prices of BH instances vary by the number of managed CVMs.