FeaturesMain SiteSign In / Try Now
Search…
Home
What Is BastionZero?
Server Access
Database Access
Kubernetes Access
Webserver Access
Product Security
Architecture
Taxonomy
Deployment
Getting Started
Installing the ZLI
Installing the Agent
Automation & Integrations
Third-Party Clients
Admin Guide
Authentication
Authorization
Auditing
Target and Connection Management
User Guide
Installing the ZLI
ZLI Cheat Sheet
Connecting To Your Targets
Troubleshooting Guide
ZLI Reference Manual
API Specification
Getting Help
Product Changes
Service Status
Github
Powered By GitBook
Database Access
Native database support brings MrZAP technology, policy-based access control, and user visibility for databases directly into the BastionZero SaaS
BastionZero provides zero-trust remote access to your database without creating a single point of compromise. With BastionZero, you can also:
  • Put access to your database behind SSO and MFA.
  • Close all ports to your database and access to your database through VPNs or bastion hosts.
  • Utilize our multi-root zero-trust security model to protect your infrastructure even if your SSO provider is compromised.
  • Use fine-grained access controls defined by SSO users and groups to manage access to and privileges on your database, without requiring any IAM roles.
The BastionZero agent can be quickly and easily deployed to your database. It is designed to minimize the impact to your established workflows and is fully compatible with use with third party tools such as DBeaver.
See the Database Deployment guide for instructions on securing your database with BastionZero.
BastionZero's native database support utilizes the bzero agent as a transparent proxy to facilitate secure access to your databases. This proxy must be able to resolve a DNS hostname or reach an IP address as specified in the database target configuration. This setup does not require any open ports or publicly available IP addresses.
Users will first establish a secure connection to their databases using our command-line interface, the zli and can then access their database through their chosen database client.
When connecting to a database target, traffic destined for the database will use local port forwarding through the zli and the proxy target to make a secure MrZAP connection to the database. If allowed access by policy, the user is returned a local port number, which is used in the database client configuration. The database username, password, and role continue to be managed independent of BastionZero.
Previous
Server Access
Next
Kubernetes Access
Last modified 4mo ago
Copy link