Kingsoft Office (KINGSOFT OFFICE) is a leader in Chinese office software. Its product system centers around the flagship product WPS Office, complemented by Kingsoft Docs, Kingsoft Collaboration, and Kingsoft Dictionary, forming a comprehensive and highly efficient office ecosystem with a massive user base in China and globally.
As an office software and service provider, Kingsoft Office strictly controls data security and privacy protection. While ensuring improved work efficiency, it actively builds data security barriers. Its internal cloud collaboration platform, KSOP (Kingsoft Operations), and other departments have proactively introduced the JumpServer open-source fortress machine community edition, a leading operation and maintenance security audit solution, as the cornerstone of the company's operation and maintenance security architecture, building a comprehensive, multi-layered security protection system. This initiative has not only greatly enhanced the security of the company's internal office environment but also won widespread acclaim for the company in terms of ensuring customer data security.
New Goal: Building a Stable and Secure Development and Operations Environment
In building the company's development security control system, Kingsoft Office strives to find the perfect balance between strengthening security protection and improving work efficiency to ensure smooth operation and maintenance processes. Kingsoft Office's IT operations team adheres to the core concept of "development data security as the foundation, efficiency improvement in parallel," innovatively proposing and following the advanced strategy of "scenario customization, data-driven, and process standardization."
Against this background, as the company's development and operations security architecture continues to deepen and improve, Kingsoft Office's operations team has raised higher requirements for the fortress machine system's performance, execution efficiency, and practical application convenience, hoping to build an efficient and secure development security management framework based on JumpServer fortress machine.
1. Connect to Windows cloud desktop through RDP client for better user experience
The JumpServer community edition greatly simplifies the asset connection process through its innovative pure browser Web Terminal access method, making user operations more convenient while significantly reducing system maintenance costs. However, when facing specific requirement scenarios—such as when Kingsoft Office's development team uses remote Windows development cloud desktop for efficient collaboration and in-depth development, the development team has raised higher requirements for visual clarity and operational experience.
The current Web Terminal technology provided by JumpServer community edition, while having basic connection capabilities when connecting to Windows development cloud desktop, is still insufficient in meeting these advanced requirements and cannot fully support the remote development work of Kingsoft Office developers.
2. Interface with internal CMDB system to improve asset management efficiency
Kingsoft Office, relying on its advanced hybrid cloud technology architecture, has deployed a massive asset system on cloud platforms such as Kingsoft Cloud, Alibaba Cloud, and Huawei Cloud. While this hybrid cloud architecture provides the company with high flexibility and scalability, it also brings relatively frequent asset online/offline management operation needs.
To ensure accurate and real-time synchronization of asset data, Kingsoft Office's current measure is to regularly arrange personnel to log into the internal CMDB (Configuration Management Database) control system, manually count the details of new and retired machines, and update them one by one in the JumpServer community version's asset management list. This highly manual-dependent asset management mode is not only time-consuming and labor-intensive but also difficult to ensure timeliness and accuracy while reducing overall operational efficiency. Therefore, Kingsoft Office's operations team needs to find a more efficient asset management method.
3. Interface with internal work order system to enhance collaboration capability
Kingsoft Office has established a mature and complete internal work order management system aimed at efficiently responding to users' server resource application and configuration needs. However, in the current operation process, when users submit server resource usage applications through the internal work order system, these requests often require manual intervention from the fortress machine administrator to complete the authorization allocation work. While this mode ensures process rigor to some extent, it inevitably has issues such as insufficient real-time response, authorization accuracy limited by human factors, and high labor costs.
With the continuous expansion of the company's business scale and growing asset usage demands, this traditional manual authorization mode can no longer meet the company's daily needs, requiring a more efficient, accurate, and automated asset management solution.
Implementation: Practice Based on JumpServer Enterprise Edition
Facing these new requirements, Kingsoft Office chose to upgrade JumpServer fortress machine from community edition to enterprise edition. Meanwhile, through deep integration of JumpServer enterprise edition's comprehensive functions, it laid the foundation for building a development security management system.
The X-Pack enhancement package included in JumpServer enterprise edition not only provides powerful security access control, fine-grained permission management, and detailed audit tracking functions but also incorporates intelligent operation tools and automated processes, greatly enhancing the flexibility, security, and standardization of Kingsoft Office's IT operations team management. This integration solution enables operations personnel to quickly respond to various security threats and operational needs, handle operations-related matters more efficiently and accurately, while ensuring all operations comply with established security specifications and process standards.
With JumpServer enterprise edition, Kingsoft Office's IT operations team significantly improved operational management efficiency, providing strong support for the company's development innovation and secure operations. Key improvements implemented by Kingsoft Office based on JumpServer enterprise edition include:
■ Building a unified operations development entry point
JumpServer enterprise edition supports direct calling of local RDP client (MSTSC, Microsoft Remote Desktop Connection), which is specifically designed for efficient connection and management of Windows-type assets. This feature ensures that developers can seamlessly utilize the powerful capabilities of local RDP clients when accessing Windows development cloud desktop, not only achieving near-local operation clarity for remote desktop sessions but also avoiding shortcut key conflicts that traditional Web Terminal might encounter, effectively improving remote operation smoothness and user experience.
Kingsoft Office has fully incorporated the indispensable development cloud desktop in daily development work into JumpServer's unified management system, and fully utilizes the connection advantages of RDP client, allowing developers to directly access cloud desktop through familiar RDP interface for various development activities. Compared to Web Terminal method, RDP client connection method not only provides clearer, smoother visual and operational experience, matching developers' original operating habits, but also ensures that the development team's remote operations are under strict security audit and monitoring.
■ Multi-cloud asset automatic synchronization
JumpServer enterprise edition has a complete API interface system with high integration and automation capabilities. Through carefully designed API interfaces, JumpServer fortress machine can achieve seamless linkage with CMDB system, greatly simplifying asset management process. Specifically, JumpServer can automatically detect and identify new or changed asset information in CMDB, achieving automatic asset discovery and entry, improving asset management timeliness and accuracy.
Once asset information is successfully synchronized to the JumpServer platform, operations personnel can flexibly set detailed authorization rules on the platform to ensure each user can only access assets within their authorized scope. After users obtain corresponding authorization, they can perform efficient operations maintenance on synchronized assets through JumpServer, with the entire operation process being smooth, secure, and easy to manage, bringing sufficient convenience to enterprise IT operations work. This fine-grained permission control mechanism not only ensures enterprise resource security but also greatly improves team collaboration efficiency.
■ Unified work order system, standardizing asset application process
Kingsoft Office has already built an efficient and mature internal work order management system. Given its completeness and applicability, the company decided to close JumpServer's original work order management module and instead deeply integrate with JumpServer's API interface to seamlessly integrate the internal process work order system. This initiative not only achieved full-chain automation process from asset application, approval to authorization, significantly improving internal work efficiency, but also cleverly retained employees' long-formed usage habits, effectively reducing communication costs and time loss in cross-department collaboration processes.
Meanwhile, this strategy also deeply integrates the fortress machine system into the company's overall operations management system, not only enhancing system security and compliance but also significantly improving the overall coordination efficiency and management level of the operations team. When users encounter situations where they don't have asset usage permissions, they can conveniently submit asset usage applications through the internal work order system, with transparent and efficient processes. After receiving applications, administrators can directly review and modify application details on the unified work order management interface to ensure information accuracy.
Once the application is approved, the system will immediately automatically grant users corresponding asset usage permissions, achieving immediacy and accuracy of permission allocation. Meanwhile, the system also has an automatic permission expiration recovery mechanism, completely eliminating administrators' tedious manual permission recovery operations, ensuring efficient circulation utilization and management standardization of system resources.
Benefits: Business Value Brought by JumpServer
JumpServer fortress machine enterprise edition has brought multiple aspects of business value to Kingsoft Office:
■ Improve operations efficiency and user experience
JumpServer has achieved centralized management of diverse host assets including Windows assets, Linux servers, and network security devices, while also efficiently interfacing with Kingsoft Office's internal CMDB system, achieving automated synchronization and real-time updates of asset information, greatly simplifying operations management processes, reducing manual intervention, and significantly improving the work efficiency and business response speed of the operations team.
In development and operations scenarios, JumpServer supports operations through cloud desktop environment, especially when users adopt RDP client connection method, user experience has achieved a qualitative leap. RDP client connection method ensures smoothness and clarity of remote operation process with its low latency and high image quality features, whether it's complex system configuration adjustments or detailed code writing, achieving smooth experience like local operations. This feature not only greatly improves the fault investigation and resolution efficiency of operations personnel but also creates an efficient and stable development environment for developers, effectively helping product iteration and technological innovation.
■ Optimize collaboration process, achieve efficient work order flow
JumpServer's extensibility is reflected in its flexible API interface system. Through deep integration of JumpServer's API interfaces, Kingsoft Office can seamlessly connect asset application and authorization processes with internal work order management system, building an efficient, automated workflow. This initiative not only retains employees' original habits in work order application and processing but also greatly simplifies the complex process of asset authorization, achieving full-chain automation from work order submission to asset authorization.
Specifically, when employees submit asset access requests through the internal work order system, the system can automatically trigger JumpServer's API interface, transmitting request information to JumpServer for automated processing. JumpServer matches preset authorization strategies with work order content, quickly completes automated asset authorization, and feeds back authorization results to the work order system, forming closed-loop management. This process requires no manual intervention, greatly improving authorization efficiency, reducing human errors, and ensuring asset access security and compliance.
Furthermore, JumpServer also allows Kingsoft Office to customize work order authorization strategies according to actual needs, flexibly adapting to different business scenarios and management requirements.
■ Meet future development plans
JumpServer is being integrated into Kingsoft Office's digital transformation process. In the process of deeply using JumpServer, from community edition to enterprise edition, to continuously iterating and updating new versions, JumpServer continues to bring more convenient, secure, and efficient operation experience to Kingsoft Office. Continuous version iteration not only enriches the functionality of the fortress machine but also effectively improves the overall security and stability of the system, ensuring worry-free operation of Kingsoft Office's asset management.