Case Study | Rainbow Department Store Builds a Reliable Operations Audit Platform with JumpServer

Rainbow Department Store Co., Ltd., founded in 1984, is a state-controlled listed company. Through people-oriented, scientific management and professional, efficient operations, Rainbow has ranked among China's top chain retailers for years and possesses leading retail technology R&D and operations capabilities. Rainbow builds an online-offline integrated, experiential new retail model across department stores, shopping centers, and supermarkets, with brands including "Rainbow," "Junshang," and "sp@ce."

In recent years, Rainbow has actively transformed toward smart retail with integrated online-offline operations. Digitalization now covers all stores, formats, and processes, forming an "in-store + home delivery" integrated retail model. Rainbow continues exporting technology services and has become a leader in tech-driven retail. Each store flexibly combines department store, supermarket, and experience formats with themed designs and evolving themed districts.

To deliver quality products, Rainbow continuously integrates its supply chain, establishing fresh-food bases nationwide, direct sourcing channels in more than 30 countries, and importing quality goods globally.

Why JumpServer?

As the business expanded and IT assets grew rapidly, Rainbow's operations team demanded better user experience, openness, and scalability from its operations audit system compared with the previous solution:

High availability and horizontal scaling. Rainbow operates two data centers in Shenzhen's Nanshan and Longgang districts. The legacy single-node bastion architecture risked single points of failure. The team needed continuous availability and fast failover. JumpServer's modular, decoupled architecture supports HA deployment and flexible horizontal scaling for future growth.

Network domain gateways. To support information systems and online malls, Rainbow's R&D teams maintain separate dev, test, and production environments across different networks. A unified operations audit entry is needed for assets in different network domains. JumpServer's domain gateway forwards traffic to isolated assets, enabling unified access through one portal.

Broad cloud platform integration. Running on hybrid cloud with VMware private cloud and Tencent Cloud public cloud—and planning more heterogeneous environments—Rainbow needs a bastion that integrates widely with cloud platforms. JumpServer supports multiple clouds and auto-syncs assets via "cloud sync" for efficient multi-cloud management.

Deployment Architecture

Rainbow chose a high-availability deployment. JumpServer nodes run in both Nanshan and Longgang data centers with active-active database replication. Session recordings are stored on NFS. Keepalived provides VIP failover as a unified access entry. If one data center fails, VIP drifts to the surviving node to maintain service.

Application Scenarios

LDAP authentication. JumpServer supports LDAP authentication and auto-syncs LDAP users. With the "same-name account" option in authorization rules, users log into Windows assets with domain accounts for fast user sync and permission management.

Access control. Beyond internal users, the bastion must support temporary vendor access. JumpServer controls this through:

• Login review — Vendors trigger approval workflows before connecting.
• Core asset authorization requests — Vendors submit tickets for temporary core asset access.
• High-risk command review — Dangerous commands go through ticket-based approval.

With Enterprise WeChat integration, approvals can be completed on mobile. Rainbow efficiently manages vendor access while maintaining security and compliance.

Excellent user experience. Plugin-free Web Terminal lets users connect via browser. RDP file download enables local RDP client connections with high-quality sessions for frequent Windows operators.

Value and Benefits

• Better user experience — Separate console, audit, and workspace panels for admins, auditors, and users with intuitive asset trees and terminals; strong internal adoption.
• Higher operations efficiency — Cloud sync manages heterogeneous infrastructure; automated credential rotation, collection, and backup reduce cost while meeting compliance; ecosystem integrations like Enterprise WeChat improve convenience.
• Stronger access policies — RBAC with scenario-specific policies plus a three-layer ticket review mechanism.
• Improved audit capability — Comprehensive login, command, and session recording for compliance and forensics.
• Future-ready architecture — API integration with internal OA workflows; HA and horizontal scaling for continued growth.