Security Control Overview
The automated operation and maintenance management platform provides comprehensive security control mechanisms to ensure all automated tasks are initiated and executed under secure and controlled conditions.
The platform's security control mechanisms are primarily reflected in the following aspects:
1. Multi-layered User Authentication and Permission Controls: The system supports LDAP/AD/MFA multi-factor authentication and client IP allowlist/denylist configurations, restricting user access from specified network segments or IP addresses to enhance system security.
2. Robust Host Account Management: The platform integrates with mainstream bastion host products for account management, eliminating the need to maintain sensitive login credentials.
Security Control Capabilities
Multi-layered User Authentication and Permission Controls
Beyond standard LDAP/AD authentication, the platform implements stricter identity verification through:
MFA Multi-Factor Authentication: Integrated with enterprise MFA AAD services, the platform enforces multi-factor authentication during user logins for enhanced access control.
Client IP Allowlist/Denylist: Users can restrict platform access to specific IPs or network ranges. IP addresses can be further bound to specific accounts, minimizing unauthorized login risks.
Task-level Permissions: Granular permissions are assignable per task scenario. Users can be restricted to view-only access without execution/enable/disable privileges.
Robust Host Account Management
The platform executes tasks via an agentless approach requiring host account access. Its account management framework supports:
Direct Account Configuration: For single-host/test scenarios, manually configured accounts are encrypted for host access.
Predefined Account References: For multi-host/production environments, centrally managed encrypted accounts are referenced during tasks.
Bastion Host Integration: For high-security multi-host scenarios, tasks leverage bastion host authentication for secure host access.