top of page

Menu

Writer's pictureSergey Poptsov

OpenSource PAM JumpServer. Can it be usefull in production and real tasks?

Updated: Jun 19


When I found out about OpenSource PAM, I discovered JumpServer. I was curious about what it could do and the tasks it could handle.


The official website has a detailed list of JumpServer's features. Some features are only available in the paid version, labeled as "x-pack." However, I found it hard to tell which features were in the free Community Edition.

JumpServer customers

To understand better, I installed JumpServer in a test environment and explored its features. This hands-on approach helped me create a clear and simple list of what the Community Edition offers:


Capabilities of the Open Source JumpServer


✅ Licensing

No restrictions at all.


✅ Architecture and Scalability

  • High Availability (HA) Cluster Support, Active-Active

  • Geo-distributed installation and cloud deployment support

  • Use of external local or external databases for data storage

  • Storage of video recordings locally or on a remote server with S3, Ceph, Swift, OSS, Azure, OBS, COS support.

✅ PAM Authentication

  • ActiveDirectory, CAS

  • Two-Factor Authentication (2FA) using TOTP (Google Authenticator, etc.)

  • Role-based access model for users and groups

  • Creation of custom roles (X-PACK)

✅ Connection to Target Systems

SSH (web or local client)

  • Screen recording

  • Session monitoring

  • Keyboard input recording

  • Command blocking

SFTP (web or WinSCP, FileZilla)

  • Audit and copies of transferred files

  • Prohibition of file transfer in/out

RDP (web client)

  • Screen and file transfer recording

  • Session monitoring

  • Keyboard input recording

  • Clipboard and file transfer direction configuration

HTTP (browser in RemoteApp)

  • Authorization on websites

MySQL (web and local client)

  • Recording and auditing of SQL commands

  • Monitoring SQL queries

MySQL (DBeaver in RemoteApp)

  • Screen recording (without command auditing)

  • Monitoring SQL queries

Kubernetes

  • Action auditing

✅ Access Policy Configuration

  • Asset access policy (who can connect where and permissions for file and clipboard transfer)

  • User login control (tracking users, their IP addresses, and the times they can access PAM)

This list aims to provide a clearer picture of the Open Source JumpServer’s capabilities, especially for those considering its implementation in their IT infrastructure.

 

Conclusion:

In summary, JumpServer Community Edition has many useful features for real-world tasks. It might not have all the advanced role settings and access policies of the paid versions, but it's a practical choice for many companies. It handles essential tasks well, like monitoring "remote contractors" or managing "remote employees." JumpServer Community Edition is easy to use and helps ensure secure access, especially for remote work. It's a reliable and effective tool that keeps things simple.



142 views0 comments
bottom of page