Editor's note: This article was contributed by James Wei, a user of the JumpServer open source bastion host community.
"The first bastion host I came into contact with was JumpServer, and the one I know best is JumpServer. I am completely used to the usage habits of JumpServer. This is also an important reason why I have always chosen JumpServer."
——James Wei, a senior user of JumpServer open source bastion machine
I have been engaged in the operation and maintenance industry for more than ten years, and I am currently mainly in the logistics industry. I personally came into contact with JumpServer in 2016. At that time, the development of domestic public cloud was very hot, and the public cloud environment was gradually widely used in enterprises.
Before 2016, most industries used traditional IDC hosts to build private computer rooms. Not many companies used bastion hosts. The concept of bastion hosts has not been popularized. Only a few large enterprises or banks will choose to buy expensive springboard hosts. to connect to the server. The company I am currently working for used JumpServer relatively early. Before I entered the company, the company had already installed and deployed the JumpServer bastion host.
As operation and maintenance managers, we rely heavily on JumpServer, which has become an indispensable part of IT support. I think that the JumpServer open source bastion machine may always accompany me in my career.
Pain points of enterprise operation and maintenance management
Before using bastion hosts, enterprises usually face many management problems in operation and maintenance, which can be summarized in the following three aspects:
1. Irregularity
Nowadays, the country has higher and higher requirements for network security and information system security. Before the use of bastion hosts, the company lacked effective operation audit and control methods, and most of the operations and audits were performed manually. There is no unified normative standard for security management, and the system cannot meet the relevant requirements of laws and regulations such as information security level protection.
2. Inconvenient
■ Poor user experience
The company's system access entrance is not uniform, and it needs to log in through plug-ins and clients. The diversity of entry types makes it difficult for users to find the accurate login entry when logging in to assets, and it is also very difficult to find the corresponding plug-ins and clients. It is difficult to remember the corresponding operation and maintenance objects and IP addresses;
■ It is troublesome to change permissions
When faced with personnel changes of operation and maintenance personnel, authority transfer and changes are required. Permission changes may involve multiple systems, applications, and assets, and require comprehensive investigations and audits under strict controls and regulations to ensure system and data security. The lack of a unified operation and maintenance management platform makes permission changes very troublesome, error-prone, and security risks.
3. Not safe
■ Asset account management is chaotic
An e-commerce company I worked for before has more than 400 servers, all of which are deployed on the public cloud. Before using the bastion host, the administrator directly sent the account password to the user, and opened all permissions to the user, which caused confusion in account management, security incidents often occurred, and the operation and maintenance personnel could easily "take the blame". At the same time, if the password is not changed for a long time, it will cause security problems such as password leakage;
■ Asset management permissions are not clear
Without the intervention of operation and maintenance tools, it is difficult for the system itself to minimize the authority, and manual authority authorization can easily lead to a series of security risks such as over-authorization, operational errors, and data leakage;
■ Misoperation occurs frequently
It has become the norm for enterprises to use third-party agents to operate and maintain IT services. Misoperations and malicious operations by third-party personnel occur from time to time, which often lead to serious system problems, and it is difficult to trace and determine responsibility for them;
■ Inability to guarantee the security of public cloud assets
After the assets are migrated to the cloud, the cloud assets and the original assets are not in the same effective management system, and it is difficult to carry out unified management. However, cloud vendors themselves do not provide fine-grained management of assets, and the security of public cloud assets cannot be guaranteed. Companies need a unified operation and maintenance management platform to manage IT assets in a multi-cloud environment.
Why do you need JumpServer?
Faced with the pain points faced by the above-mentioned operation and maintenance personnel in the daily work process, most enterprises hope to have an operation and maintenance security audit management platform to manage servers more conveniently and safely, and to authorize them more easily. The JumpServer open source bastion machine can well meet the following requirements and solve the difficulties of enterprise operation and maintenance.
1. Unified entrance, standardized management and control
All traditional entrances are cancelled, and access operations are performed through JumpServer. Whether it is remote access at home or access through a fixed IP in the company, users can access assets through JumpServer, which unifies the access to assets and regulates asset management and control.
▲Figure 1 Unified login through JumpServer
As shown in Figure 1, users in the intranet environment can directly access JumpServer through the company's fixed IP. Employees or third-party users can also log in and access remotely in the public network environment to strictly manage and control remote access behaviors.
A typical approach is to connect through an SSL-VPN tunnel, enable daily snapshots for the cloud server, and enable MFA multi-factor authentication to ensure the security of system login;
2. Security operation and maintenance audit
JumpServer can audit the user's login behavior and operation behavior through login logs, operation logs, and password change logs. It can also centrally manage and store all audit videos, and realize effective authority control through authorization.
The JumpServer open source bastion machine monitors and protects the system in real time, and reviews and traces the behavior of operation and maintenance personnel to ensure the reliability and stability of the system and meet the requirements of security operation and maintenance audit;
3. Cost controllable
The price of the traditional toll bastion machine is very expensive, and cost control is very important for small and medium-sized enterprises. In addition, the number of assets and users of small and medium-sized enterprises is not very large, so open source products have become the first choice for small and medium-sized enterprises. As an open source bastion server, JumpServer is free to community users. Users can download and install it freely on GitHub without any additional fees, which greatly saves the company's operating costs;
4. Easy to use and support cloud native
JumpServer supports one-click deployment, is easy to install and deploy, and lowers the threshold for using bastion hosts. Its pure Web access method without plug-ins, as well as the simple and direct UI interface design improve the user experience and allow new users to get started quickly. At the same time, JumpServer is deeply adapted to the multi-cloud network environment and supports the operation and maintenance audit of assets on the cloud.
The deployment architecture of JumpServer
Enterprises can choose an appropriate solution to deploy the JumpServer open source bastion machine according to their own assets and business requirements. The following is the JumpServer deployment plan for enterprises of different sizes based on my existing experience, which can be used for your reference.
Small Scale Enterprise Deployment Architecture
The number of assets of a small-scale enterprise is generally 30-500, and the number of real-time sessions is 10-50. The main purpose of the enterprise is to meet the audit requirements. In a general development and testing environment, it can adopt a typical stand-alone deployment method to connect to the MySQL database service through the Redis service.
Our company initially adopted a stand-alone deployment method, and enabled daily snapshots of the server. In this way, if there is a problem, it can be quickly upgraded in 2 seconds.
▲Figure 2 Small scale enterprise JumpServer deployment architecture
Medium-sized enterprise deployment architecture
The number of assets of medium-sized enterprises is generally 500-2000, and the number of real-time sessions is 50-200. When the number of assets that an enterprise needs to manage increases to more than 500, and the production environment requires high availability, it can choose to adopt the dual-machine active-standby deployment method.
Deploy two sets of JumpServer, once the system fails, seamless switching can be realized to ensure the normal operation of the business. At present, our company adopts the active-standby architecture to deploy JumpServer, and the audit video is stored through the object storage service.
▲Figure 3 JumpServer deployment architecture for medium-sized enterprises
Large scale enterprise deployment architecture
For large-scale enterprises, the number of assets is generally more than 2,000, and the number of real-time sessions exceeds 200. Many large enterprises have operation and maintenance management requirements for hybrid cloud environments, multi-data centers, and multi-branch offices, especially ultra-large-scale enterprises with more than 10,000 assets. In the face of such large-scale assets, high concurrency and high performance scenarios, a distributed cluster deployment solution can be adopted.
▲Figure 4 Distributed deployment architecture of JumpServer for ultra-large-scale enterprises
Take the deployment architecture of a large Internet company as an example (as shown in Figure 5). The company deploys a set of JumpServers on Alibaba Cloud and Huawei Cloud respectively. Alibaba Cloud is the main environment, Huawei Cloud is the backup environment, and cross-cloud backup ensures high availability. At the same time, multiple dedicated lines have been established between Alibaba Cloud and Huawei Cloud.
In this way, daily use is carried out in the Alibaba Cloud environment, and Huawei Cloud is used as the backup environment. Once the leased line is interrupted, it can be directly switched to the Huawei cloud environment, and data synchronization can be realized to ensure the normal and stable operation of the system.
▲Figure 5 JumpServer deployment architecture of a large Internet company
Practical application of JumpServer
1. Asset empowerment and efficient management
For most users, the main usage scenario of JumpServer is asset management. The JumpServer open source bastion machine can realize efficient management of assets through functions such as batch import of assets, batch authorization, automated tasks, and log auditing, and can realize unified management of all assets. Operation and maintenance personnel do not need to log in to each server to manage separately, which reduces the workload of system operation and maintenance to a certain extent and improves management efficiency;
▲Figure 6 Asset management function
2. Multiple certifications, multiple guarantees
MFA multi-factor secondary authentication is also a function frequently used by many users. By enabling MFA authentication to perform dual identity authentication for users, especially in remote office scenarios, it effectively guarantees the security control of the system;
▲Figure 7 MFA multi-factor authentication function
3. Precise early warning of risk behavior
I personally think that the command filtering function is the most core function of JumpServer and also a function that best meets the needs of community users. The command filtering function can effectively control the commands executed by users, prevent some wrong commands and dangerous commands caused by incorrect input, and effectively improve the security of the system. At the same time, the dangerous command warning function of JumpServer can also accurately warn possible risky behaviors;
▲Figure 8 command filtering function
4. Unlimited expansion of diversified assets
The JumpServer open source bastion host supports a variety of asset types and has unlimited scalability. The types of assets that JumpServer can manage include hosts, network devices, databases, cloud services, Kubernetes, web applications, etc. In addition, JumpServer also supports custom asset types, which can be expanded according to the actual needs of enterprises to meet complex business scenarios and security requirements;
▲Figure 9 supports the management of multiple assets
5. Unified asset account system
JumpServer released version v3.0 this year. The new version unifies the asset account system. I think this is a very practical function.
When the number of users reaches a certain scale, the enterprise needs to carry out effective account management. Through the docking module of JumpServer, multiple systems such as Feishu, OA (office automation), and CMDB (configuration management database) are connected to break the isolation between systems. , to achieve information synchronization between different systems.
For example, by connecting to CMDB, you can obtain organizational structure and device information, which can be used to create assets, user groups, asset nodes, and authorization rules in JumpServer. Obtain the information of resigned users by connecting to LDAP. In this way, the administrator can automatically cancel the accounts of resigned users in JumpServer. It is not necessary to delete accounts in multiple systems repeatedly, which improves the efficiency of operation and maintenance management and saves system storage space;
▲Figure 10 JumpServer supports docking with external systems
6. Online self-service application permission
Before using JumpServer, users often need to apply for permissions through manual operations. The applicant initiates an application to the administrator, and the administrator performs manual operations after approval, and manually notifies the approval result, which is very inefficient.
For some relatively simple authorizations, JumpServer can be used for automatic approval and notification. JumpServer will automatically complete the authorization without manual intervention, improving work efficiency, and can also carry out secondary development for this function to meet the actual needs of enterprises.
▲Figure 11 JumpServer automatic authorization function
Experience and experience of using JumpServer
Based on more than 7 years of actual use experience, I have summarized some JumpServer experience, hoping to be helpful to everyone:
1. Enterprises of different sizes need to choose specific deployment solutions according to the magnitude of business scenarios, and they must consider the aspects of security, stability, cost, and applicability;
2. The operation and maintenance work of the enterprise needs to formulate an internal operation specification manual. The operation manual should be concise, efficient, standardized, and easy to understand, so that the operation and maintenance personnel can unify the operation standard, and it will not cause confusion even in the scenario of multi-person collaboration.
For example: user establishment rules need to specify the standard method of name and user name; asset naming rules need to specify the name/domain and other specifications; asset authorization rules specify the name of the authorization rule and the authorization rules. Small and medium-sized companies are recommended to use "user "Empower the main body, not the user group; for large-scale companies, there should be a multi-level management structure management system, the role authority relationship should be clear, and unified management standards are required for layer-by-layer management;
3. In terms of security, it is recommended that all employees try to enable MFA multi-factor authentication, especially for users in public cloud scenarios, which can effectively ensure the security of access. At the same time, it integrates Feishu, DingTalk, Enterprise WeChat and single sign-on services to reduce the frequency of password usage and access directly through the user center without the need to create additional accounts and passwords, which is convenient and fast;
4. The review of the use of high-risk commands needs to be strictly reviewed, which is not only responsible for the business, but also responsible for yourself. In addition, the machines in the public network environment need to pay attention to the risk of single point of failure and the risk of security attacks. At the same time, do a good job in server monitoring, pay attention to version upgrades and vulnerabilities in real time, and update and iterate in a timely manner;
5. In actual use, we found that using VNC through the JumpServer bastion machine is smoother than directly connecting to RDP. Therefore, it is recommended to disable RDP for Windows assets and use VNC remote access instead, modify the default VNC port, and limit the connection to JumpServer only through IP. Use The experience is smoother and smoother;
6. JumpServer currently does not have the function of vulnerability detection, nor can it scan and kill files for viruses. It can only record the file name in the log. Especially in the production environment, uploading files may cause certain security risks, and it is recommended to use the file upload function with caution;
7. The JumpServer bastion machine is very convenient to use. Unknowingly, several asset connection windows may be opened, which will result in more useless videos and take up a lot of disk space. Therefore, when using a bastion host, it is recommended to shorten the maximum idle time to reduce the size of the video file and save system storage space;
8. Safety management must pay attention to the "people-oriented view". "People" are the biggest safety factor. Today, when people's behavior and types of things are becoming more and more complex and changeable, it is difficult to achieve the goal of safety management by relying on the traditional management mode of supervision and being supervised.
Therefore, we should start from the basic point of "people-oriented, caring, loving and respecting people", establish a "human-oriented view" in safety management work, respect personnel in various positions, and form good communication. When the system fails, the corresponding person can be found. Be in awe of enterprise data and enterprise security, and avoid the occurrence of security problems.
In addition, in order to ensure the safety of system operation and maintenance, operation and maintenance personnel need to carry out the whole process management work in three directions: before, during and after the event. The JumpServer open source bastion host supports pre-authorization, in-process monitoring, and post-event auditing to ensure compliance with security regulations in terms of security compliance.
Pre-management: unified entrance, regular password change
■ Backup mechanism: regular backup, server snapshot, database, program files and configuration files, etc.;
■ Monitoring and alarm: abnormal login alarm, SSH login record, process status, etc.;
■ Periodic server security scan, code detection and vulnerability scan;
■ Data encryption processing mechanism: some important data needs to be encrypted, and an encryption algorithm is used for it;
■ Contingency plans: backup hardware & ECS, recovery drills, etc.
In-process management: preventing illegal operations
■ Access to WAF, security center, and network firewall;
■ Control of risk commands, for example: rm/restart/reboot/shutdown;
■ To deal with security incidents, think twice, make a fallback and recovery mechanism, and consider whether it will cause cascading failures.
Post-event management: log analysis, tracing the entire operation and maintenance process
■ Unified log collection and analysis mechanism;
■ Operation and maintenance management visualization;
■ Backup and restore function;
■ Locate the cause of the accident, formulate improvement measures, automation measures and follow-up avoidance measures.
Prospects and expectations for JumpServer
The JumpServer project has maintained an open source operating model since its inception. It is hoped that JumpServer will continue to maintain a high degree of openness and autonomy in the future, and compete freely in the market.
I have been fully accustomed to the use of JumpServer since I came into contact with JumpServer in 2016, which is also an important reason why I have always chosen JumpServer. At the same time, the brand value and vision of JumpServer are more in line with the needs of the public, and the power accumulated by users under the open source model is very powerful.
For the vast number of open source users, the bastion host is JumpServer. There are a large number of community users empowering JumpServer, which wins its reputation.
Security is the foundation for an enterprise to live and work, so it is hoped that JumpServer can adhere to the bottom line of technical security and continue to learn and improve. I hope that JumpServer can keep an open mind, learn from competitors, learn from successes and failures, learn from users, learn more about the needs of users, and constantly refine the granularity of functional details.
In addition, the operation and maintenance personnel should learn to use JumpServer, the free and best "weapon" to protect themselves, and also expect that JumpServer will be famous all over the world like Nginx and Apache. It will not only become a "weapon" for domestic operation and maintenance personnel, but also To go abroad, to the world.