Securing Operations with JD Cloud’s Bastion Host: Design, Challenges & Deployment

Overview

At the 2020 Global New‑Generation Software Engineering Online Summit, JD Cloud product architect Ren Longtao shared the topic “Efficient and Secure Operations Design and Practice of Bastion Host.” This article revisits that presentation, analyzing the security problems in operations and JD Cloud’s practical solutions.

Why Bastion Hosts Matter

A programmer once deleted his company’s database, causing a loss of nearly 24 billion yuan, illustrating severe gaps in operation‑permission control such as single‑person deletion without secondary confirmation. Common challenges include unverifiable user identities, shared system accounts, difficult audit trails, and uncontrolled access.

Chinese regulations—Cybersecurity Law, “Multi‑Level Protection” 2.0, industry‑specific rules—demand log retention, identity authentication, minimal‑privilege authorization, full audit, regular backups, and compliance with telecom, financial, and corporate governance standards.

Bastion Host Core Functions

The bastion host provides two main capabilities: operation management and audit. It offers unified identity authentication, asset management, access authorization, and end‑to‑end operation audit.

Applicable Scenarios

The solution fits internet, finance, government, and virtually any organization requiring secure operations, especially for remote work during the COVID‑19 pandemic where VPN + bastion host becomes the optimal choice.

Evolution of Bastion Hosts

Initially hardware‑based, bastion hosts were rigid and hard to upgrade. In 2000, software bastion hosts emerged, solving hardware limitations, but the cloud era introduced new challenges:

Multi‑cloud environments with dispersed assets require unified management and audit.

Asset management must adapt to dynamic VPCs, subnets, and hybrid clouds.

High‑availability and disaster‑recovery architectures are essential for continuous service.

Horizontal scalability is needed to handle rapidly growing asset inventories.

Design Principles

JD Cloud follows the principle: “The bastion host we need is the bastion host we build.” Requirements include:

Support for major public‑cloud providers and private‑cloud frameworks.

Robust security guarantees as a core element.

Exceptional user experience—operations should feel seamless.

One‑click deployment enabling minute‑level provisioning of assets, users, and accounts.

Cloud‑Native Layered Architecture

The system adopts a low‑coupling, layered, distributed design:

Storage layer: cloud disks, etcd, Elasticsearch, OSS.

Data‑control layer: Kubernetes API server.

Core layer: JD Cloud‑developed API service “Bastion” handling authentication, asset, and user management.

Access layer: custom SSH relay, web terminal (Web Terminal), and browser‑based UI.

Each layer is independently deployable and horizontally scalable. JD Cloud packages all modules into a single container image for containerized deployment, with options for multi‑instance high‑availability clusters across regions.

Four‑A Security Model

The bastion host implements the “4A” principles:

Unified Identity Authentication : role‑based access, multi‑factor (SMS, Google Auth, LDAP, AD), batch user import via IAM or files.

Unified Asset Management : centralized account handling, password/key rotation, SSO, batch asset import, grouping, automatic credential updates.

Unified Access Authorization : precise logging of who accessed which machine, when, from where, and what actions were performed.

Permission Management : IP restrictions, time windows, command whitelists, secondary approvals, preventing privilege abuse.

Full‑Lifecycle Audit

Comprehensive audit includes video recording, command‑level logging, and searchable command archives. Recordings are downloadable, backup‑able, and playable; command logs support full‑text search for rapid incident investigation.

Internal Deployment at JD Cloud

JD Cloud uses a service‑tree‑based machine authentication scheme, simplifying role‑based permissions and isolating bastion from other systems. Unified entry points synchronize user, decision, and asset data, with end‑to‑end recording that meets the 4A standards.

Infrastructure Backbone

JD Cloud leverages the second‑generation Intel® Xeon® Scalable platform, delivering strong performance, simplified cloud infrastructure, and support for data platforms, AI acceleration, and automated management, enabling elastic scaling, reliability, and cost efficiency.

Banking Industry Adoption

JD Cloud offers both public‑cloud and private‑cloud bastion solutions. A Hong Kong bank deployed a distributed bastion architecture across on‑premise IDC and multiple clouds, achieving unified management, authorization, and zero‑plugin access via standard browsers.

The bank benefits from continuous software updates, rapid patch delivery, and OEM support, ensuring system stability and security.

Beyond Operations: Risk Control and AI

Leveraging JD’s big‑data and AI capabilities, JD Cloud provides end‑to‑end risk‑control solutions for consumer finance, banking, and credit services, covering the full lifecycle of retail loan risk management.