Jump Server

In working with the OPNFV project, I kept encountering the term “jump server” without much context. I assumed that it was a convenience *until* I attempted to install OPNFV’s Arno release. Suddenly, the usefulness of the jump server became readily apparent.

In the simplest terms, a jump server is a node that provides a way to jump from one network to another, from one security domain to another. Some jump servers are rather complex, providing forwarding functions that are beyond the scope of this post. For my purposes, a jump server is a multi-homed desktop that allows me to access a private network from the comfort of my office.

Here’s the general idea:

jump_server

Let’s say the Development Sandbox on the right side of the figure contains devices that have certain requirements that make connection to the Public LAN undesirable or even dangerous. For example, the Sandbox may generate a ton of network traffic that would interfere with my coworkers’ network traffic. Or, in the case of OPNFV, the Fuel server that sets up the Arno cluster’s “public” network assumes that it has complete control over the IP addresses for the entire subnet. If it detects another DHCP server on the network it will refuse to deploy. Arrgh.

With the jump server in place, however, the Fuel server does not detect any DHCP servers because the jump server effectively isolates it. Once the cluster is installed and deployed, I can use Remote Desktop or VNC to take over the jump servers desktop to open a browser and manage the cluster. Problem solved!

Advertisements