Case studies | Yuhu cold chain is based on JumpServer to achieve management and security integration

Yuhu Cold Chain (China) Co., Ltd. (hereinafter referred to as Yuhu Cold Chain) is a cold chain food supply chain enterprise under Yuhu Group. Relying on its own international high-standard digital intelligent cold chain park industrial cluster, Yuhu Cold Chain provides one-stop domestic and foreign procurement, warehouse and dry distribution logistics solutions, full-link innovative financial support, high-quality life and office services, creates offline circulation standards, empowers online digital intelligent trade, and builds a dual-cycle industrial ecology.

Yuhu Group is a multinational industrial investment group headquartered in Hong Kong. After more than 20 years of steady development, it has formed a full-chain enabling industrial portfolio with international food supply chain and industrial comprehensive development and operation as the dual core, cold chain assets and smart technology, fishery and agricultural investment and supply chain management, and complex development and operation as three strategic business sectors.

JumpServer's core capabilities

To meet the O&M requirements of Yuhu Cold Chain, the core security O&M management capabilities provided by JumpServer include:

1. Unified management of assets

By using the JumpServer O&M security management platform, Yuhu Cold Chain unifies the entrance of asset access, realizes unified management and control of all IT assets, and easily realizes secure access to various assets.

2. Remote application management

Through the remote application function of JumpServer, users can perform secure remote access without password, which greatly simplifies the workflow, improves work efficiency and system security;

3. Excellent operation experience

The web interface and workbench design of JumpServer are simple and intuitive, which is very convenient to operate and has excellent user experience;

4. Asset authorization control

The asset authorization control function of JumpServer can ensure that each user can only access his authorized assets through fine-grained permission division, which increases the security and control of the system.

5. Ticket review function

Through JumpServer's work order application system, the IT team of Yuhu Cold Chain has achieved strict control of high-risk operation instructions, avoiding the occurrence of human operation errors to the greatest extent and effectively reducing security risks.

At present, Yuhu Cold Chain's JumpServer adopts a single-machine deployment architecture, using single-node servers and using virtual machines for backup and snapshots. Considering that it may be extended to campuses in many parts of the country in the future, distributed deployment will be considered in the later stage to improve the high reliability and fault tolerance of the system.

Value gains from JumpServer

After a period of practical use, Yuhu Cold Chain has gained some value benefits through the adoption of JumpServer. These include:

1. Permission governance

Through authentication capabilities and authorization mechanisms, JumpServer implements access control to servers and devices. Through the permission management function of JumpServer, administrators can fine-grained permission allocation to users, ensuring that only authorized personnel can access specific servers or devices, thereby improving the security of system access;

2. Audit trail

JumpServer provides comprehensive audit functions to monitor and track user operation records in real time, effectively ensuring the security of the company's key systems and data. At the same time, the IT operation and maintenance team can quickly identify and respond to potential security issues, improving the risk prevention and response capabilities of the system.

3. Unified control

With JumpServer, all of the company's disparate servers and network equipment are unified into a centralized management and control platform. In this way, administrators can manage and configure these assets in a unified manner, reducing the complexity and workload of O&M.

4. Risk control

In terms of login access, JumpServer adopts Django's default encryption PBKDF2 algorithm to encrypt users, set strong password rules, and combine multi-factor security authentication login mechanism to protect users' sensitive data, improve personal privacy security, and avoid security problems caused by password leakage.

In addition, JumpServer can also restrict the source IP login to the JumpServer bastion host, thereby reducing the access of unknown or unauthorized sources, and the administrator can configure the specific user usage time for login restrictions, which improves the security of bastion host login access;

In terms of session management, through JumpServer, administrators can set the session expiration time, and users will automatically log out after no operation for a period of time, avoiding the risk of unauthorized access or information leakage, and improving system security.

In terms of configuration management, JumpServer supports setting firewall rules and opening specific ports to block unauthorized access and protect the security of servers and assets.

5. Improve work efficiency

Through JumpServer, Yuhu Cold Chain automates O&M management. Administrators can execute commands, deploy software, upgrade patches, and other operations in batches, reducing the time and effort of manual operations. In addition, JumpServer also provides asset management and permission control functions, administrators can flexibly assign user permissions according to needs, improve work efficiency and security;

6. Improve compliance

JumpServer meets multiple compliance standards and security requirements, including the 4A specification. By using JumpServer, companies can better meet the needs of compliance audits, protect the security of critical systems and data, improve system security, and reduce the risk of non-compliance;

7. Cloud synchronization function

JumpServer supports cloud-native architecture and provides development integration with cloud service providers (such as Amazon AWS, Alibaba Cloud, Tencent Cloud, etc.), so that users can more easily manage and protect assets on the cloud and host them in JumpServer bastion host. In addition, administrators can customize the assets that need to be synchronized to be placed under the target organization or node, realizing detailed management of resources.

Outlook for the future

By using JumpServer open source bastion host, Yuhu Cold Chain realizes digital management, data monitoring and analysis, and security and compliance management of the supply chain. JumpServer's O&M security audit capability has helped Yuhu Cold Chain optimize the supply chain management system, improve the work efficiency of the IT O&M team, strengthen security management, and improve the O&M audit capability and unified control capability of the IT system.

At the same time, Yuhu Cold Chain also put forward some suggestions and functional expectations for JumpServer, hoping to better meet their actual business needs in the future. For example, in the cloud synchronization function, JumpServer currently only synchronizes servers that are opened after a certain point in time, hoping to put cloud-synchronized assets under different organizations in the future to achieve the need to group assets according to different environments, rather than placing all assets under the current organization performing cloud synchronization.

It is hoped that JumpServer will provide more granular matching rules in the future, such as regular matching based on ECS name and rules based on ECS creation time. In addition, it is hoped that JumpServer can support data transmission between two Linux assets to provide more convenient management methods for ordinary users.

In the future, Yuhu Cold Chain will continue to deeply understand and use the new features of JumpServer, including but not limited to more flexible permission control, more powerful audit and log functions, and more comprehensive asset management. Leverage these rich features of JumpServer to enhance the security and automation capabilities of corporate O&M management to meet its growing needs in security management and O&M efficiency.