Components Settings

1 Function Description

• Click on the Component Settings button in the left-hand menu and switch to the component settings page.
• You can config various functionalities related to JumpServer terminal components at components setting page, such as enabling SSH Client connections, commands storage, recording storage and other related configurations.

2 Basic Settings

• The basic settings primarily focus on three compnents : the KoKo component, the Razor component and the Magnus component.

• KoKo component is designed to server for assets of Unix platform，the functionality of this component mainly involves managing assets such as Linux systems, databases, and K8S through command-line interfaces.
• For SSH access, it also allows for SSH or SFTP operations on assets via port 2222.

• Razor component is designed to server for assets of Windows platform，the functionality of this component mainly is accessing the windows assets via JumpServer Client.
• The Magnus component is for Database assets and support direct operation on databases using native database clinets (such as Navicat, SQLyog,etc.) through database proxying.

• Detailed Parameter Description:

Parameter	Description
Component Registration	Is it permissible for other external components to register with the local Core component
Enable SSH Client	When enabled, it is possible to connect to Linux assets using the SSH Client option, which launches the built-in Putty within the JumpServer Client to establish the connection
Password Authentication	The option pertains to access JumpServer with commamd-line and disable password authentication meaning it does not support password authentication
Key Authentication	The option pertains to access the JumpServer with command-line and disables key authentication, meaning it does not support key authentication
Asset List Sorting	The sorting rule for the asset list is based on either the "hostname" or "IP" address
The quantity of asset per page	The quantity of assets displayed per page in the asset list
Endable Razor	Is the Razor service enable for connecting Windows asset with RDP Client
Enable component of Database	Is the Magnus service enabled for connecting external clients to database assets

3 Components Management

• The component management page primarily serves to monitor the status of all JumpServer components. The page displays following：

• The component management page primarily displays the following information:
• The component name is derived from a combination of the component's hostname and a random string when naming it. This naming convention is particularly useful in multi-node clusters or distributed deployments as it helps identify the host where the component resides, facilitating troubleshooting；
• Monitoring the CPU load and memory usage of all JumpServer components provides performance insights. High usage triggers monitoring alerts, with alert notifications configured in the message subscription settings；
• You can monitor all real-time sessions of each component through view of seesions function;

• Clicking the Update button for a specific component or selecting multiple components and then clicking More Actions allows for updates.
• The command storage and video storage for components are initially set to be stored locally on the server; video recordings are stored by default on the server. Command recordings are stored in the database by default, but this setting allows for the option to change video and command recordings to external storage.

4 Components Monitor

• The component monitoring page enables users to view the status of each component, including detailed information such as the component's load status and the current number of online sessions for that component.

5 Service Endpoint

• The Service endpoint page primarily deals with settings related to access points. Service endpoints are addresses (ports) through which users access services. When connecting to assets, users select service endpoints based on endpoint rules and asset labels, establishing connections as access points to enable distributed asset connectivity.
• The following are the default ports that JumpServer needs to have open: 2222, 3389, and database mapping ports.

5.1 Applicable Scenarios

Applicable Scenario，for example：

• A company has assets in two regions on Huawei Cloud, namely BeiJing and ShangHai, and needs to manage them using the same PAM host. However, they face significant difficulties due to network latency and bandwidth performance issues.
• In such a scenario, service endpoints can provide a solution. For example, deploying one instance of the JumpServer for BeiJing assets and another for ShangHai assets can solve these challenges.
• Both JumpServers can share with the same database. When accessing assets, users from BeiJing use the entrance provided by the BeiJing JumpServer, while users from ShangHai use the entrance provided by the ShangHai JumpServer. Cloud instances in each region are directed to the corresponding node for access.

• Create a JumpServer Endpoint for ShangHai region.

• Create a JumpServer Endpoint for BeiJing region.

• After creation, the screenshot of the service endpoint page is as follows：

• The image you described shows the use of endpoint rules to allocate traffic from specified IP ranges to designated service endpoints for connection.

6 Endpoint rule

Attention

• Currently, there are two supported strategies for service endpoints：
• 1、By specifying endpoints based on endpoint rules (current page).
• 2、By selecting endpoints based on asset tags, where the tag name is fixed as "endpoint" and the value is the name of the endpoint.
• Both methods prioritize tag matching because IP ranges may conflict. The tag method serves as a complementary rule.

• In endpoint rules, the IP ranges set will determine which service endpoint the assets correspondingly access.