DAIFUKU Corporation of Japan, established in 1937, is a global leader in material handling system integration and one of the world's TOP 20 semiconductor manufacturers. The group has consistently focused on enhancing its expertise in material handling, serving numerous customers in manufacturing, logistics, and service industries. Currently, the group has established offices and production bases in 25 countries and regions, with overseas sales accounting for 67% of total sales.

DAIFUKU Group fully entered the Chinese market in 2002, establishing DAIFUKU (China) Co., Ltd. (hereinafter referred to as DAIFUKU China). DAIFUKU China has established 5 wholly-owned subsidiaries and 13 service points focusing on logistics systems for automotive manufacturing, distribution and basic manufacturing, semiconductor, and LCD manufacturing sectors.

Current State of IT Operations Management at DAIFUKU China

DAIFUKU China currently includes the Shanghai headquarters, branch offices, and third-party service companies, with interconnected networks established through VPN, allowing users to directly access server resources through shared privileged accounts on their desktops.

▲ DAIFUKU China Operations Management Architecture Diagram

As an enterprise user with relatively dispersed IT assets, DAIFUKU China faces the following pain points in IT system operations:

■ The desktop shared account system cannot identify actual users, making it impossible to audit user login behavior, difficult to effectively prevent user identity impersonation and reuse, creating potential security risks for asset information;

■ The company lacks effective log auditing capabilities, including user login logs, operation logs, and command execution logs, making it impossible to effectively trace security incidents and lacking analysis basis for post-incident auditing;

■ Host and user credentials cannot be managed uniformly, and user logins lack authentication verification measures, resulting in inability to manage personnel and assets uniformly and difficulties in fine-grained permission allocation;

■ Client networks can directly access server subnets, including remote console services, while lacking a unified user login portal. This makes it difficult to prevent internal user misoperations and may lead to permission abuse.

In addition to these pain points, achieving compliance certification is also within DAIFUKU China's IT system construction plan. Beyond meeting compliance requirements, DAIFUKU China hopes the newly constructed operations security audit system will have the following management and audit capabilities:

1. Ability to implement management and auditing of SAP production systems and related systems;

2. Unified management of nationwide branch offices and third-party service accounts from Shanghai headquarters, including asset addition and authorization operations;

3. Real-time monitoring of nationwide branch asset information through dashboards, including online users, asset quantities, asset users, and other information.

Value Delivered by JumpServer

DAIFUKU China has been using JumpServer for two years, with operations staff frequently using it in their daily work as deep users.

During the initial selection of a bastion host, DAIFUKU China's operations management team compared various bastion host brands in the market and ultimately chose JumpServer. The reasons were twofold: the company's recent plans for compliance certification, and JumpServer's ability to solve practical operational issues faced by the company.

Leveraging JumpServer, from both product functionality and after-sales service perspectives, DAIFUKU China has gained significant value benefits, effectively solving the company's operational management pain points, meeting expectations for bastion host capabilities, and making IT operations more efficient and secure. JumpServer has brought the following secure operations capabilities and management conveniences to DAIFUKU China:

1. Account Information Management

■ Before using JumpServer, administrators couldn't uniformly manage device usernames and passwords, nor effectively implement the company's regular password change policy. After deploying JumpServer, administrators can regularly modify asset passwords through the "Password Change Plan" feature, meeting the company's asset security management requirements;

■ JumpServer's "User Collection" feature allows DAIFUKU China to promptly manage accounts of departing or transferred employees, preventing account leaks and eliminating security risks;

■ Through the "Password Vault" feature, asset/application passwords can be exported and backed up, meeting enterprise password management requirements. Additionally, regular password backups are sent to administrators' emails through the account backup feature, preventing password record loss;

■ Password security is ensured through multi-factor authentication and login verification features, enhancing password storage security.

2. Organization Management

DAIFUKU China has multiple branch offices nationwide and many third-party service providers, with numerous maintenance personnel, and some equipment maintenance is handled by third-party service providers. This has led to relatively dispersed system maintenance operations and complex permission changes. Third-party service provider maintenance personnel having direct access to systems and servers posed significant security risks.

After deploying JumpServer, DAIFUKU China utilized JumpServer's multi-organization management feature to divide the current environment into multiple independent organizations, each with its own organization administrator and independent configuration permissions. Headquarters administrators can maintain a "god's eye view" of the overall operations environment through the root organization, achieving the effect of "using one bastion host as multiple systems."

3. Regular Inspections and After-sales Support

JumpServer Enterprise Edition's after-sales support service provides regular bastion host inspections and inspection reports, effectively ensuring the stability of DAIFUKU China's daily operations and timely problem identification and resolution.

During major JumpServer version updates, JumpServer's after-sales team provides professional assessment and upgrade recommendations, jointly developing upgrade plans and providing professional technical support during the upgrade process.

Overall, DAIFUKU China finds JumpServer to be a very simple-to-operate bastion host with a low user threshold and relatively low learning curve for administrators. Additionally, JumpServer provides good user experience for both client-side and Web terminal maintenance, allowing even newcomers to quickly become proficient in its use.