Case Study | Tencent Music Entertainment Group Explores Security Operations Audit with JumpServer

Driven by rising living standards and stronger copyright awareness, China’s online music market has grown steadily. Tencent Music’s IPO in December 2018 further accelerated market development.

Tencent Music Entertainment Group (TME) is a pioneer in online music entertainment in China, offering online music and music-centric social entertainment. TME serves more than 800 million monthly active users and uses technology to expand how users create, enjoy, share, and interact with music.

To support continued innovation with controllable data security and efficient operations, TME needed a more flexible, secure, and self-controlled operations audit system to manage expanding infrastructure and solve unified access authentication and security auditing challenges.

Expectations: Controllable Data Security and Efficient Asset Operations

As assets grew, TME’s security operations team required better experience, openness, and scalability than the legacy audit platform, driving demand for a next-generation bastion host.

After rigorous long-term evaluation, TME selected JumpServer for these reasons:

Friendlier operations experience. The legacy platform offered only CLI management interfaces. JumpServer provides native client connections plus a browser-based management UI with clear layouts and rich data visualization.

Broader asset types. Beyond Linux servers, JumpServer manages databases, container clouds, and application systems with SQL-level auditing and application activity logging for DBAs and broader IT teams.

Open integration. Security products must balance manageability and usability. Hardware-software bundles limit integration flexibility. JumpServer’s open-source product plus professional support gives TME a foundation for a self-controlled solution.

Implementation: Segregated Accounts and Collaborative Operations

Accounts are the credentials for asset access. Absolute data security depends not only on bastion prevention, monitoring, and auditing, but also on account permission design at the asset layer.

TME classifies server accounts as privileged, read-only, application, and elevated users, and database accounts as program vs. personal accounts. Predefined authorization rules plus ticket-based elevation handle emergencies. Account collection, rotation, and backup continuously protect credentials.

In the collaborative operations system, TME continues deepening JumpServer integration for authentication, personnel and asset synchronization, standardized workflows, and auditing across servers, databases, cloud services, and critical applications.

Solution characteristics

1. Centralized authentication 鈥?OAuth 2.0 integration with TME’s unified identity platform.
2. CMDB-driven asset sync 鈥?API integration synchronizes hosts, network devices, databases, cloud services, and applications.
3. Efficient ticket workflows 鈥?Internal process system automates asset authorization while preserving employee habits.
4. Dual connection modes 鈥?Web access for administrators; native clients for operators with custom Pin+Token authentication.

Roadmap: Architecture Upgrade

TME is planning to migrate from VM clusters to Kubernetes deployment to prepare for rapid future asset growth with a more stable, efficient runtime environment.

Benefits: Experience and Professional Support

1. New interaction experience 鈥?JumpServer emphasizes access experience with modes aligned to real user habits, reducing admin workload.
2. Comprehensive asset custody 鈥?Broad asset support plus application virtualization delivers centralized audit coverage for critical business operations.
3. Vendor partnership 鈥?Monthly product iterations and responsive customer success support help TME explore integration solutions tailored to real business scenarios.