Editor's Note: The following content is based on the community sharing of Jonny J, a JumpServer community user in Qingdao, Shandong.
"After I came into contact with JumpServer, I gradually grew from an open source beneficiary to an open source contributor. In fact, each of us can become an open source contributor, not limited to software products, even if it is just a piece of your shared code."
—— Jonny J, senior user of JumpServer open source bastion machine
My name is Jonny J. I live in Qingdao, Shandong Province. I have been engaged in system operation and maintenance for 10 years. I have worked in different industries such as state-owned enterprises, foreign companies, and Internet companies. I have rich experience in IT operation and maintenance. . At present, I work in a system integration company, mainly responsible for providing enterprise information solutions for customers.
Talk about the pain points of operation and maintenance
I first learned about the JumpServer open source project in 2016. At that time, many people learned about the springboard machine before they learned about the fortress machine. The two seem to be the same but have essential differences.
At that time, the Internet company I worked for was in a period of rapid business growth. The demand for servers doubled, and the cost and difficulty of system maintenance increased significantly. This was not a small test for the operation and maintenance personnel. At the same time, issues such as enterprise security compliance requirements and fault retrospective evidence collection are also very difficult. With the accumulation of years of experience in operation and maintenance, I have summarized some pain points that operation and maintenance personnel often face:
■ Rapid expansion of IT assets
With the expansion of enterprise scale, the number of enterprise IT assets also increases, which brings great challenges to the operation and maintenance work. Managing thousands of devices consumes a lot of manpower and financial resources, and it will become very difficult to monitor, maintain and manage services. At the same time, it may lead to a rapid increase in the capacity of enterprise data centers, and there is a risk of encountering capacity bottlenecks ;
■ Requirements for problem tracing
When a problem occurs in the system, it is difficult for operation and maintenance personnel to determine the root cause of the problem. Usually, the problem may not only come from a system failure, but may also involve complex factors such as external networks and third-party vendors. Therefore, when a problem occurs in the system, quickly and accurately locating the cause of the problem is a key problem that operation and maintenance personnel need to solve;
■ Requirements for standardized operation and maintenance
The standardization of operation and maintenance management can help enterprises realize automated and standardized operation and maintenance, and improve service reliability and efficiency. However, in practice, many enterprises have not yet established a complete operation and maintenance standardization mechanism, and lack of unified management norms and processes, which has also led to many inappropriate operational behaviors, which are very easy to cause system failures;
■ Island effect among operation and maintenance systems
There is often an island effect between the operation and maintenance systems, that is, the systems cannot work together seamlessly, and it is difficult to use an integrated approach to solve problems or perform data transmission. This island effect may lead to the loss of information and disturb the normal operation of services, thereby further increasing the workload of operation and maintenance personnel;
■ Automated operation and maintenance and linkage
Automated operation and maintenance can shorten fault recovery time, reduce operation and maintenance costs, reduce human errors and improve system reliability, greatly improve operation and maintenance efficiency and system stability, and help the operation and maintenance team manage and maintain the system more efficiently.
However, many enterprises simply automate certain operations when implementing automated operation and maintenance, lacking an effective linkage mechanism, and different systems cannot perform automated collaboration well. In the operation and maintenance system, between different systems, and in collaboration with other departments, the lack of effective automatic linkage mechanism will lead to many problems;
■ Requirements for the technical ability of operation and maintenance personnel
In recent years, with the continuous advancement of IT technology, operation and maintenance personnel have become more and more dependent on various software, hardware and system technology applications, and they usually need to master rich technical knowledge and professional skills. Operation and maintenance personnel must remain vigilant at all times and continue to learn to continuously enhance their technical level. As a result, higher requirements are placed on the technical capabilities of operation and maintenance personnel.
Talk about the selection of the bastion machine
During the selection process of the bastion host, we compared many products on the market, including open source and commercial products. In addition to JumpServer, we also compared some other open source bastion host brands.
■ Teleport
Teleport is a small, easy-to-use, and easy-to-integrate bastion host system that supports remote connection and audit management of RDP, SSH, SFTP, and Telnet protocols. It has multiple authentication methods and powerful audit functions, which can help enterprises ensure information security and Improve operation and maintenance efficiency.
■ Guacamole
Guacamole is a web-based open source client-side remote desktop gateway, which allows users to connect to remote servers or desktops through web browsers using remote protocols such as RDP, VNC, or SSH.
There are still many manufacturers on the market that provide commercial bastion machine products. Whether it is open source or commercial products, you can make comprehensive considerations based on your own needs. I have summarized the following selection ideas, hoping to help you better select the bastion host:
1. Towards the actual demand comparison function
The security requirements and IT environment of different enterprises are different, and the functions of different brands of bastion hosts are also different. Enterprises should choose appropriate bastion machine products according to their own business needs, operating scenarios, security strategies and other factors, and avoid blindly pursuing the diversity of bastion machine functions but failing to meet their actual needs;
2. Terminal tool security issues
When choosing a bastion host, many enterprises will seek to support the access of multiple terminal tools. Enterprises need to consider maintaining the security of terminal tools to prevent the entire system from being hacked due to terminal tools being compromised;
3. Streamlined functions
Some bastion machine products are excessively piled up in pursuit of more and richer functions. The accumulation of functions will inevitably lead to bloated systems, increase the burden on the system, and eventually lead to cumbersome operations and low efficiency. Therefore, when choosing a bastion host, enterprises should choose a system with satisfactory functions and easy operation according to actual needs, so as to avoid excessive accumulation of idle functions;
4. Cost controllable
Enterprises also need to consider budgetary factors when choosing a bastion host. Different bastion host products have differences in price and performance. Enterprises need to conduct a comprehensive evaluation and choose relatively economical and cost-effective products on the premise of meeting actual needs.
To sum up, enterprises should consider multiple aspects such as security, ease of use, performance, price, etc., make evaluation decisions based on their own actual conditions, and make comprehensive comparisons to determine the winner.
Talk about the advantages of JumpServer
After undergoing multiple version iterations, JumpServer has successfully stood out among many bastion host brands. After many rounds of comparison and testing, we finally chose the JumpServer open source bastion host. Here are the advantages we think JumpServer has:
1. Asset management and control
JumpServer supports asset management of multiple protocols, and also supports a wide range of asset types such as Kubernetes, databases, and remote applications, and can realize effective authority management and account management. At the same time, JumpServer also supports session sharing, supports multi-person collaborative operation for unified operation and management, and effectively improves operation and maintenance efficiency;
2. Multi-cloud synchronization
JumpServer supports the automatic synchronization of assets from multiple public clouds and private cloud vendors to the bastion machine, such as VMWare, Huawei Cloud, Tencent Cloud, Alibaba Cloud, etc. Through JumpServer, IT assets on multiple clouds can be managed in a unified manner to meet the needs of enterprises in multi-cloud environments. Asset management needs;
3. Flexible deployment
JumpServer supports multiple deployment methods, and can implement one-click deployment, which simplifies the process of software deployment. In addition to conventional stand-alone deployment, active-standby deployment, etc., JumpServer also supports distributed cluster deployment, which can meet the needs of enterprises with a large number of assets and high concurrency scenarios;
4. Open source and open
Since the establishment of the JumpServer open source project, it has been deeply involved in the open source community, actively responding to user needs and dealing with user problems. Based on feedback from community users, the JumpServer project continues to iterate products, add new features, optimize usage scenarios, and maintain an iterative rhythm of releasing a version every month. The participation of community users is high and the project maturity is high.
What does JumpServer bring me?
■ Broaden technical horizons and enhance one's own capabilities
The experience of using JumpServer broadened my technical horizons, led me to understand various methods and techniques of enterprise-level operation and maintenance management, learned about the security and stability management solutions of IT assets, and improved my operation and maintenance level and management ability . At the same time, JumpServer also provides rich documentation and community support to help me better understand and use its various functions and features.
An active open source community operation can not only help me quickly solve the problems I encounter, but also exchange experience and skills with other users, expand my social and communication skills, and lay a solid foundation for my career development;
■ Improve work efficiency and improve operation and maintenance survival time
JumpServer can be managed across platforms in a unified manner and has a powerful audit function, which can help enterprise operation and maintenance personnel to better manage and protect various types of IT assets, improve operation and maintenance work efficiency, quickly restore business and reduce downtime. In the event of an emergency failure, JumpServer can quickly and accurately locate the failure, and the cooperative administrator can quickly restore the business and reduce downtime, minimize the loss of business, and improve the survival time of operation and maintenance;
■ Reduce costs
The introduction of open source products shows the price advantage to a large extent. JumpServer Community Edition is open source and free for users, which greatly reduces the operating costs of enterprises. The use of JumpServer can also enhance the management capabilities of the enterprise and bring high value benefits to the enterprise;
■ Standardized operation and maintenance
Through JumpServer, enterprises can achieve a high degree of standardization at the level of operation and maintenance management. Through a unified access portal to help enterprises centrally manage various types of IT assets, administrators can clearly record the status, configuration and other basic information of each device. In this way, not only can administrators effectively grasp the operation status of online assets, but also allow enterprises to be more orderly when dealing with various emergencies and product upgrades;
■ Brings a sense of honor and accomplishment
Using JumpServer can help administrators efficiently manage and maintain various IT assets. With its rich functions and features, administrators can deal with various problems more professionally and ensure the stable operation of business systems. This will allow administrators to gain more praise and recognition for their work, and thus have higher prestige and honor in the workplace.