Case Study | Tianyan Weizhen's Bastion Host Selection and Deployment Practice

Zhejiang Tianyan Weizhen Network Technology Co., Ltd., founded in 2004, is a leading provider of rural revitalization digital service solutions in China. As a pioneer in branded agricultural informatization and digital identity technology for agricultural products, Tianyan Weizhen has supported industry revitalization in 27 provinces and 300+ counties, empowering 20,000+ leading agricultural brands, serving 60+ certification bodies, and covering more than 1 billion coded products.

The legacy operations audit platform was outdated with slow feature updates and could not meet current IT operations needs. After comparison, Tianyan Weizhen selected JumpServer.

Selection Criteria

Security came first: strong protective measures and clear visibility into risks. Performance had to support rapidly growing assets. Ease of management and maintenance were also mandatory.

Security — Agriculture demands high protection of customer sensitive data.

Flexibility — Different roles need different controls: upload/download limits, high-risk command policies, inactive-user statistics, and per-user asset scope.

Scalability — HA and load balancing to support more users, systems, and network devices as the business grows.

Distributed Deployment Architecture

With dispersed assets across branches, JumpServer’s distributed model fit well. A full core node and database run in the headquarters data center; branch sites deploy edge nodes registered to the core. Branch session recordings upload to centralized storage while users connect through the nearest entry point, saving bandwidth.

Implementation Practices

1. Permission management

JumpServer manages Windows, Linux, network devices, and protocols including SSH, RDP, and VNC. Access rights change with projects, roles, and transfers—requiring requests via email, ITSM, or OA.

The legacy platform required manual admin provisioning. JumpServer Enterprise Edition’s built-in ticketing automates approval and permission creation, with APIs for external system integration.

2. Security management

MFA, login restrictions, and black/white lists enable fine-grained policies by user, host, and access method—including command, time, and IP lists. Centralized access control and command-level authorization enforce least privilege.

3. Operations audit

Session recording, live monitoring, command review, audit dashboards, and alerting detect unauthorized or policy-violating operations with automated alert or block actions.

4. Multi-tenant organization management

In multi-data-center scenarios, multi-tenant capabilities delegate management so branch admins control local assets, users, and permissions independently under unified governance.

Value and Benefits

JumpServer is now essential for distributed operations auditing at Tianyan Weizhen, providing a unified entry for heterogeneous assets and controlling operational risk.

As a 4A-compliant audit system, JumpServer supports graded protection assessments and delivers:

• Security management — Password custody and automated rotation reduce leakage during staff turnover.
• Reliable auditing — Session replay accelerates fault diagnosis and accountability.
• Cost efficiency — One platform manages multiple data centers without purchasing multiple appliances.