Help Center/ Cloud Transformation/ Building a Remote O&M Environment with JumpServer/ Solution Overview
Updated on 2024-04-22 GMT+08:00
View PDF
Share

Solution Overview

Scenarios

This solution helps you quickly set up a remote secure O&M environment with JumpServer on Huawei Cloud Elastic Cloud Servers (ECSs). It provides an efficient, reliable, and secure way for enterprises to manage infrastructure and applications. This solution can be used in sectors such as finance, manufacturing, service, and Internet. It is suitable for a range of scenarios that require server security control.

Solution Architecture

You can use this solution to deploy a remote secure O&M environment with JumpServer on Huawei Cloud ECSs, in just a few clicks. The following figure shows the solution architecture.
Figure 1 Architecture

This solution will:

  • Create a Linux ECS for installing JumpServer to set up a secure remote O&M environment.
  • Create an EIP and bind it to an ECS for Internet access.
  • Create security groups with specified rules to control traffic to and from ECSs.

In addition, you can use Cloud Eye to monitor the ECS status and purchase Cloud Backup and Recovery (CBR) to back up ECS data.

Advantages

  • High security

    This solution adopts a multi-layer security protection system with security measures such as role-based access control, audit logs, and multi-factor authentication to prevent malicious attacks and improper operations from internal personnel.

  • Effective management

    This solution provides comprehensive management functions, covering user management, asset management, account management, and permissions management. These functions facilitate user management and monitoring, ensuring system stability and reliability.

  • Easy deployment

    In just a few clicks, you can easily create ECSs and EIPs and install the JumpServer bastion host system.

Constraints

  • Before deploying this solution, register a HUAWEI ID, enable Huawei Cloud services, and complete real-name authentication. If you select the yearly/monthly billing mode, ensure that your account has sufficient balance. If you do not have sufficient balance, you can go to the Billing Center to manually pay for the order.
  • If you want to use IAM agencies to deploy resources, ensure that your HUAWEI ID has sufficient IAM permissions. For details, see (Optional) Creating the rf_admin_trust Agency. If you use an account (HUAWEI ID) or you use an IAM user in the admin user group, you do not need to select an agency, and the solution will be deployed based on the permissions of the login user.