1. Bastion machine function
The bastion host is used to control who can log in to which assets (prevention and control in the event), and to record what is done after logging in to the asset (post traceability).
The bastion host, also known as the operation and maintenance security audit system, its core function is "4A":
- Authentication: Authentication;
- Account management: Account;
- Authorization control: Authorization;
- Security audit: Audit;
The following figure shows the deployment architecture of the bastion host:
2. Introduction to jumpserver bastion host
JumpServer is an open source bastion host system and a professional operation and maintenance security audit system that complies with 4A specifications. It is developed using Python, equipped with an industry-leading Web Terminal solution, with beautiful interactive interface and good user experience.
JumpServer adopts a distributed architecture, supports cross-regional deployment of multiple computer rooms, supports horizontal expansion, and has no asset quantity and concurrency restrictions.
JumpServer composition architecture diagram: