Case Study | Cummins China Builds a Unified Operations Security Audit Platform

Cummins (China) Investment Co., Ltd. designs, manufactures, and distributes diverse power solutions worldwide. Products include diesel and natural gas engines, generator sets, alternators, emissions systems, turbochargers, fuel systems, controls, transmissions, braking and axle technologies, filtration systems, and hydrogen production, storage, and fuel cell solutions.

Founded in 1919 and headquartered in Columbus, Indiana, Cummins employs approximately 59,900 people globally and is the world’s largest independent engine manufacturer, with 10,600+ authorized dealer locations and 500+ distributor service points in 190+ countries. In 2022, Cummins reported $28.1 billion in sales and $2.2 billion in net income.

Operations Security Audit Requirements

As an engine manufacturer, Cummins China’s key requirements include:

1. Graded protection compliance — A bastion platform for centralized user and resource management, permission assignment, and auditing aligned with China’s Cybersecurity Law and graded protection standards.
2. Unified asset access — Assets on AWS, Azure, and other clouds accessed via dedicated lines with fragmented departmental entry points; a single operations channel is needed.
3. SSO integration — Business systems use OpenID SSO; the bastion must integrate with the identity system for unified authentication.
4. Department autonomy with enterprise oversight — Independent management and audit per department while headquarters maintains unified governance.

Selection Process

After comparison and testing, Cummins China chose JumpServer for:

1. Rich 4A capabilities — Authentication, account management, authorization, and auditing for compliance-ready operations security.
2. Easy installation and maintenance — Online/offline deployment, smooth upgrades, and one-click scripted upgrades.
3. Excellent user experience — Browser-based, plugin-free access plus support for developers, operators, and DBAs with a clear, easy-to-learn interface.
4. Flexible, scalable architecture — Decoupled core and nodes, container deployment, and multiple patterns including standalone, active-passive, active-active, and distributed.

Deployment Architecture

Cummins China adopted high availability for business continuity and future growth. A unified domain name fronts load balancers that distribute requests and health-check backend nodes. MySQL and Redis are also deployed in HA mode to prevent downtime and data loss. Additional application nodes can be added as assets and concurrency grow.

Practice Scenarios

Multi-tenant management — Organizations isolate resources and permissions for independent departmental management and audit under enterprise-wide oversight.

Database asset management — Direct management of MySQL, PostgreSQL, Oracle, SQL Server via Web CLI, Web GUI, or database proxy connections.

Cross-VPC asset management — Domain gateways connect VPC-isolated assets on AWS and Azure that cannot communicate directly with JumpServer.

Service endpoint routing — Endpoint rules and asset tags route users to designated access nodes for distributed connections, including cases where asset IPs conflict across endpoints.

Value and Benefits

• Compliance readiness — Supports incident response, investigation, and remediation workflows.
• Unified asset governance — Single secure channel for cloud servers, Linux, Windows, and databases without direct user access to targets.
• Improved operations efficiency — Multi-tenant model balances departmental autonomy with headquarters governance.