Editor's Note: In January 2022, the JumpServer open source community interviewed Liu Zhe, a senior user of the open source community from Guangzhou. The following content is based on the content of this interview.
"As a veteran user of the JumpServer open source bastion machine, I have been following the technical evolution of the JumpServer project. In the past few years, JumpServer has shown an almost 'crazy' iteration speed."
——Liu Zhe, senior user of JumpServer open source project
As an open source technology enthusiast, I have been engaged in IT operation and maintenance for many years. I have done operation and maintenance work in companies in different industries, and I am also very interested in new technologies, especially open source technologies. Currently I am mainly responsible for DevOps operation and maintenance.
The earliest exposure to the JumpServer open source project was in 2017. From the v0.4.0 version at that time to the current version v2.17.0, I have always been a loyal fan of JumpServer. I have studied JumpServer in depth, and continue to follow the footsteps of JumpServer to continuously upgrade new versions, use new functions, and use JumpServer. The bastion machine has successfully established a standardized operation and maintenance security audit system for the companies it serves.
Why choose JumpServer?
In the earliest days, the company I was working for used a traditional springboard, which was operated by building a service on Windows and users opening the remote desktop service. There are some obvious shortcomings in this application mode, which are embodied in the following aspects:
1. Lack of video audits
Since the springboard does not have an audit function, the environment we deliver to development and testing colleagues has no record of the operation process, and there are loopholes in the control of high-risk commands and upload/download, which leads to a lot of time spent in the event of an error. to troubleshoot. We have encountered similar problems many times in the process of use. At that time, we also encountered accidents such as code leakage and server downtime. The occurrence of these unexpected events triggered the company's need to find alternatives to the springboard;
2. Inefficient operation and maintenance
With the continuous expansion of enterprise IT scale, the volume of IT assets also expands rapidly, coupled with the continuous investment and development of future infrastructure, the number of equipment will continue to grow. Therefore, how to achieve efficient management of large-scale assets has become one of the key tasks of operation and maintenance management;
3. The need for security audits
In the past, we stored a large number of user passwords on one asset, which caused great security risks, and the company's demand for security audits gradually increased. At the same time, with the increasing dependence of IT system operation and maintenance on the bastion machine, the importance of stable operation of the system is also increasing.
There is no doubt that the bastion machine is a very critical tool for the operation and maintenance personnel. The operation and maintenance personnel of most enterprises will prefer the bastion machine for asset management and access.
Based on the above pain points and actual needs, we urgently need to find a bastion machine to replace the springboard for daily operation and maintenance security management.
As an open source enthusiast, I found the JumpServer open source project on GitHub by chance, and found that it can meet our main needs at the functional level, such as video auditing, asset entry, password filling and other functions, and it can fully cover our commonly used functions. some usage scenarios.
The following four points I think are the more attractive places for JumpServer:
■ Easy to use : JumpServer is easy to use, has no technical threshold, is very easy to use, and is very friendly to those users who have no technical foundation. At the same time, this ease of use also allows technicians to spend less time learning the skills of using the bastion machine;
■ Open source : JumpServer provides an open and compatible platform with a large user base, allowing more open source users like me to communicate and progress with each other and participate in the ecology of security management;
■ Security : JumpServer complies with 4A specifications and can meet the actual requirements of enterprise operation and maintenance security audit;
■ Excellent user experience : When users access JumpServer, they can enjoy a simple user interface without plug-ins, which greatly improves the user experience.
Experience with JumpServer
I have personally used the JumpServer open source bastion machine for nearly five years, and I have accumulated relatively rich experience in using it. Summarizing the experience in the past few years, the following core functions of JumpServer can effectively improve the operation and maintenance management capabilities of enterprises:
■ Operation audit function
When we carry out system delivery, troubleshooting, and daily inspections, we often need some back-end colleagues, partners, or outsourced operation and maintenance personnel to log in to the assets to operate. In this way, there may be situations where personnel are unfamiliar with operations or misoperations, resulting in some system failures. We often find various problems caused by temporary changes in the environment. When this happens, the operation and maintenance team needs to trace the entire operation process and locate the specific cause.
Through JumpServer, we can record all operations, record operation commands, and save them as audit basis. At the same time, the administrator or the person in charge of operation and maintenance can also monitor the operation in real time. Once any illegal operation is found, the operation will be interrupted immediately. Even if a system failure occurs, the cause of the failure can be quickly located based on the audit video without spending too much time to verify. This is also the core function of JumpServer in our opinion.
Figure 1 Operational Audit Scenario
■ User management and authorization control functions
Usually, an enterprise conducts authorization control based on two dimensions, namely, users and user groups as the core dimension and assets as the core dimension. It is believed that most companies will use user groups to distinguish authorizations for easier management.
Since our company has different project groups and needs to authorize different assets, we choose "asset as the core dimension" for authorization control, and add different user accounts to user groups with different permissions to authorize access to a single device.
In this case, one of our databases needs three permissions: the first permission is read and write permissions for back-end colleagues; the second is read-only permissions for test colleagues; the third is for operation and maintenance personnel , that is, administrative privileges. After the permissions are granted through the account permissions of the database itself, it is distributed through JumpServer with different accounts, which realizes more fine-grained asset authorization management.
Figure 2 Comparison of authorization methods in different dimensions
■ Password filling function
Password filling is also a function that we use a lot. At present, all our assets have realized asset password filling.
In the past, all our staff used the same account and password to log in to the asset for operation and maintenance management and operations. Therefore, whenever there are accidents such as high-risk commands and accidental deletion of data, it is difficult to locate the specific operator, and it is impossible to identify the responsibility and analyze the corresponding failure. After JumpServer is deployed, each user is assigned an account, and each account authorizes different asset login permissions.
At the same time, JumpServer hosts all asset passwords. Through the password filling function, we do not need to give the password to the user, and the user can directly log in to the asset to operate. Anyone who logs into an asset through JumpServer can easily find out who, when, and with what account logged into which asset? What kind of operation was performed? In this way, the security of the system and assets is greatly improved.
Figure 3 Password escrow through JumpServer
■ Kubernetes operation and maintenance management
The operation and maintenance management of Kubernetes is one of the functions of JumpServer that I am most surprised by, which is also a highlight function of JumpServer that is different from other bastion machines. I have come into contact with many other brands of bastion machines before, and none of them have access or management for Kubernetes. Generally, it is implemented by installing a kubectl tool on everyone's local client through RemoteApp, which is very troublesome.
It is very convenient to deal with daily Kubernetes operation and maintenance management tasks through the JumpServer bastion machine. After configuring RBAC (Role-Based Access Control, role-based access control permissions) on Kubernetes and authorizing it, you can directly connect to the cluster, which is very convenient in one step.
At present, we have 4 clusters using this function. For example, the daily ledger is accessed through Kubernetes, so that operations can be performed anytime, anywhere, and more quickly, which facilitates operation and maintenance operations and improves overall security. sex.
Our company's production environment, including the microservice framework, is deployed on Kubernetes, which has become our mainstream deployment method. Therefore, we attach great importance to JumpServer's support for Kubernetes deployment scenarios, which is also conducive to our full implementation of containerized deployment and horizontal expansion.
JumpServer Highlights Features
In addition to the above core functions, there are some highlights of JumpServer that I appreciate and want to share with you:
■ Easy installation and deployment, one-click deployment and upgrade, simple operation;
■ Supports multiple authentication methods such as MFA secondary authentication, supports watermarks, multiple password policies, and improves security;
■ Support functions such as uploading video files to public cloud object storage, which is practical and safe;
■ Web interface realizes file upload/download function;
■ From the user's point of view, it supports the custom design of the terminal, allowing users to set according to their own preferences, which is very considerate.
Expectations and Recommendations for JumpServer
In recent years, the JumpServer open source project has shown an almost "crazy" iteration speed, which users like to see. I have carefully read the monthly update log of the JumpServer project. Every new version will add a lot of new functions. The functions are getting more and more perfect, and they are more suitable for the needs of users, which brings me a lot of surprises.
I have been engaged in operation and maintenance related work for a long time. I also have some understanding of traditional bastion machines and have practical experience. Some brands of bastion machines are very easy to use, and they are also in line with the usage habits of users at that time. For example, you can directly call the local terminal, similar to XShell, etc. For example, some bastion machines have provided functions similar to RemoteApp in the early days, and the supported application types are also relatively rich.
From my point of view, the advantage of JumpServer is that it has always maintained a high-speed iteration. The activity of the entire open source community is very high, and the response speed to the needs of community users is also very fast. All these make JumpServer "surpassed" possible. Like the function of session sharing, some bastion machines released this function in 2018, and JumpServer also implemented this function in version v2.14.0.
To a certain extent, it is not a question of which product is better than which, but who is closer to the user and who is more able to adapt to changes in user needs. The usage scenarios of each user are different. The company I worked for before had no requirement for containerized deployment, and they have been using traditional bastion machines. And the company I work for now has a lot of Kubernetes clusters, and JumpServer has naturally become the first choice for bastion machines.
Finally, I would like to talk about some of my personal expectations for JumpServer. I hope to see the optimization of JumpServer in the following three aspects in the future:
■ Database scenario
The database scenario is a scenario that is heavily used by our company at present. The database used by each company is different. Our main database scenarios are MySQL and Microsoft SQL Server, and we are still using PostgreSQL to synchronize the data of the head office.
At present, JumpServer already supports a variety of database types, including MySQL, Redis, as well as Oracle, PostgreSQL, MariaDB, SQL Server database application authorization supported by the Enterprise Edition. In the future, we also expect JumpServer to support more database types;
■ Optimize RemoteApp function
Some users find it inconvenient to use the publishing tools on JumpServer's RemoteApp. Because all operations such as filling and accessing need to be connected through the RemoteApp platform. If you close the window and open a new window by connecting to the database through RemoteApp again, the previously operated statement cannot be found, and there is no way to block commands through RemoteApp. Hope that there will be more optimizations about RemoteApp functions in the future;
■ Optimization of permission control
At present, JumpServer needs to give users relatively large sudo permissions when it needs to obtain the status of asset devices. From a security point of view, we do not want to give users such a large authority to obtain device information, so we hope that JumpServer can provide a more optimized solution in this regard in the future.