# What Is BastionZero?

{% hint style="danger" %}

### <mark style="color:red;">**The BastionZero product is maintained for existing BastionZero customers only.**</mark>&#x20;

Moving forward, we are natively rebuilding BastionZero’s technology as Cloudflare’s [Access for Infrastructure](https://developers.cloudflare.com/cloudflare-one/applications/non-http/infrastructure-apps/) service.
{% endhint %}

BastionZero is a cloud service that allows you to remotely access infrastructure targets in any cloud or data center. Cloud-agnostic remote access is provided according to a [zero trust security model](https://docs.bastionzero.com/docs/home/security) to ensure:

* [No long-lived credentials](https://docs.bastionzero.com/docs/security#the-basics-of-zero-trust-security) are held by users or clients.
* Every human access to an infrastructure target is behind single sign-on (SSO) authentication and multi-factor authentication (MFA).
* The BastionZero cloud service [does not have privileged access to targets](https://docs.bastionzero.com/docs/security#the-problem-with-traditional-zero-trust) and does not create a point of compromise for your infrastructure.
* Access to targets is controlled via a [policy](https://docs.bastionzero.com/docs/admin-guide/authorization#policy-management).
* Every access and action to a target is logged, which includes access logs, session recordings and [individual commands that a user ran on a target](https://docs.bastionzero.com/docs/admin-guide/auditing#logs).

With BastionZero, you can simplify and secure your infrastructure by eliminating VPNs, bastion hosts, and SSH and Kubernetes key management. There is no need to set up IAM roles across different clouds and accounts, and it simplifies the process to on- and off-board users.

BastionZero can also help bring your infrastructure into SOC2 compliance because it is built on top of the open-source cryptographic [MrZAP protocol](https://docs.bastionzero.com/docs/security#bastionzero’s-mrzap-protocol).

To get started, you can read our [deployment guides](https://docs.bastionzero.com/docs/deployment/getting-started), learn more about our [architecture](https://docs.bastionzero.com/docs/home/architecture) or [security model](https://docs.bastionzero.com/docs/home/security), or see how to integrate BastionZero into your existing [SSH workflows](https://docs.bastionzero.com/docs/home/readme/server-access), [DB workflows](https://docs.bastionzero.com/docs/home/readme/database-access), [Kubernetes clusters](https://docs.bastionzero.com/docs/home/readme/kubernetes-access), or [web servers](https://docs.bastionzero.com/docs/home/readme/database-access).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bastionzero.com/docs/home/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.