Editor's note: At the "2021 JumpServer Open Source Bastion Host City Meet · Hangzhou Station" event held on September 11, 2021, Zhang Yuanqiang, Operation and Maintenance Engineer at Weipaitang, delivered a speech titled "JumpServer Implementation Practice at Weipaitang." The following content is compiled from this speech.
Founded in 2014, Weipaitang is a leading e-commerce platform for art and collectibles in China. Currently, the platform has accumulated over 70 million users and more than 300,000 registered merchants. As an innovative enterprise, Weipaitang pioneered live auction of art and collectibles, achieving online transformation of the collectibles auction industry.
Weipaitang Operation and Maintenance Engineer Zhang Yuanqiang
Weipaitang's IT infrastructure is entirely built on public cloud. To manage cloud servers, Weipaitang built a management platform based on JumpServer, developing its own access control system using JumpServer's open API interfaces, with all operation recordings stored in the cloud. Since all compute nodes are in the cloud, we heavily rely on this control platform to manage these nodes.
Before using JumpServer, we used hardware bastion hosts from traditional vendors like Qizhi and Paladi. These bastion hosts mainly focused on managing local assets and weren't particularly suitable for our public cloud architecture. We also evaluated cloud bastion hosts provided by public cloud vendors, which primarily focused on cloud services. For Weipaitang, with rapid business growth and quickly expanding cloud infrastructure scale, we might introduce multi-cloud architecture in the future.
Therefore, we needed a high-performance bastion host that supports horizontal scaling and multi-cloud environments. Considering these aspects, we found JumpServer more aligned with our actual business needs, so we ultimately chose to build our control platform based on JumpServer.
So what advantages does JumpServer offer us?
First, it can be managed through software deployment;
Second, when using traditional bastion hosts, we encountered security operation issues such as accidental data deletion, shared account usage, inconsistent access, lack of operation trails, uncontrolled permissions, and inability to trace after failures. These issues made it necessary to choose a unified control bastion host system.
JumpServer bastion host supports software deployment, enabling preventive measures, centralized control, and post-event tracing, effectively meeting Weipaitang's actual needs for operation security auditing.
Weipaitang's cloud infrastructure is built on Tencent Cloud, so we also deployed JumpServer bastion host on Tencent Cloud. As a long-term user of JumpServer bastion host, Weipaitang has accumulated rich experience. Below, we'll share Weipaitang's specific practices in bastion host deployment, access control, and log management for reference and discussion.
JumpServer Deployment
JumpServer offers three deployment architectures: single-point deployment, master-slave deployment, and distributed deployment. Currently, Weipaitang has about 2000 cloud nodes. Considering security, operations, costs, and especially capacity planning, we ultimately chose the master-slave deployment solution.
Users can access JumpServer through web pages and SSH clients, adopting MFA multi-factor authentication, with video auditing and SSH protocol support. The database uses master-master synchronization.
For object storage, Weipaitang uses Tencent Cloud's COS (Cloud Object Storage), where account data can be permanently stored. Since its launch, the JumpServer bastion host has maintained efficient and stable operation. In terms of login frequency, Weipaitang's daily user login peak to JumpServer bastion host now exceeds 700 times.
Access Control Based on JumpServer
Weipaitang built an access control mechanism based on JumpServer, developing a CMDB (Configuration Management Database) control platform that authorizes user node login behavior through JumpServer's API interfaces.
Users are theoretically not allowed to log into online nodes and can only access authorized nodes. Only after management approval can users have permission to log into specified nodes and perform operations, with all operations recorded on JumpServer. These records are collected in Elastic Search and monitored through Elastic Search for alerts.
When high-risk operations are detected, we forward alerts to administrators through the JumpServer control platform. For file editing operations, we save the initial file immediately. After user operations, if rollback is needed, it can be done based on file timestamps. Additionally, we divide user access permissions into permanent and temporary permissions, with node authorization defaulting to 24-hour recovery, while operations management personnel have access to all nodes.
Log Management Based on JumpServer
We store JumpServer's account information, video audits, and operation logs uniformly in Tencent Cloud's COS, collecting logs through Elastic Search for cluster control and setting corresponding alert rules. This allows us to control all login operations and achieve real-time anomaly alerts. Operation recordings are regularly backed up and exported. According to security requirements, operation logs must be retained for at least six months, which can be set in the JumpServer console.