OpenSource PAM JumpServer. Can it be usefull in production and real tasks?
Updated: Jun 19
When I found out about OpenSource PAM, I discovered JumpServer. I was curious about what it could do and the tasks it could handle.
The official website has a detailed list of JumpServer's features. Some features are only available in the paid version, labeled as "x-pack." However, I found it hard to tell which features were in the free Community Edition.
To understand better, I installed JumpServer in a test environment and explored its features. This hands-on approach helped me create a clear and simple list of what the Community Edition offers:
Capabilities of the Open Source JumpServer
✅ Licensing
No restrictions at all.
✅ Architecture and Scalability
High Availability (HA) Cluster Support, Active-Active
Geo-distributed installation and cloud deployment support
Use of external local or external databases for data storage
Storage of video recordings locally or on a remote server with S3, Ceph, Swift, OSS, Azure, OBS, COS support.
✅ PAM Authentication
ActiveDirectory, CAS
Two-Factor Authentication (2FA) using TOTP (Google Authenticator, etc.)
Role-based access model for users and groups
Creation of custom roles (X-PACK)
✅ Connection to Target Systems
SSH (web or local client)
Screen recording
Session monitoring
Keyboard input recording
Command blocking
SFTP (web or WinSCP, FileZilla)
Audit and copies of transferred files
Prohibition of file transfer in/out
RDP (web client)
Screen and file transfer recording
Session monitoring
Keyboard input recording
Clipboard and file transfer direction configuration
HTTP (browser in RemoteApp)
Authorization on websites
MySQL (web and local client)
Recording and auditing of SQL commands
Monitoring SQL queries
MySQL (DBeaver in RemoteApp)
Screen recording (without command auditing)
Monitoring SQL queries
Kubernetes
Action auditing
✅ Access Policy Configuration
Asset access policy (who can connect where and permissions for file and clipboard transfer)
User login control (tracking users, their IP addresses, and the times they can access PAM)
This list aims to provide a clearer picture of the Open Source JumpServer’s capabilities, especially for those considering its implementation in their IT infrastructure.
Conclusion:
In summary, JumpServer Community Edition has many useful features for real-world tasks. It might not have all the advanced role settings and access policies of the paid versions, but it's a practical choice for many companies. It handles essential tasks well, like monitoring "remote contractors" or managing "remote employees." JumpServer Community Edition is easy to use and helps ensure secure access, especially for remote work. It's a reliable and effective tool that keeps things simple.