Jumpbox Request

What is it?

What Is a Jumpbox?

A jumpbox, is a secure intermediary virtual machine used to access and manage other servers or systems within a network. It serves as a controlled entry point to facilitate administrative tasks and access to sensitive environments.

Key Functions of a Jumpbox:

  • Access Control: A jumpbox provides a secure gateway to internal systems, reducing direct access to critical resources and minimizing potential security risks.
  • Administrative Tasks: It is commonly used by IT administrators to perform system maintenance, updates, and configurations without exposing core systems directly to the internet.
  • Monitoring and Logging: Activities conducted through a jumpbox are often monitored and logged, ensuring that any administrative actions can be audited for security and compliance purposes.

Why Use a Jumpbox?

  • Enhanced Security: By centralizing access through a single, controlled entry point, organizations can better manage and secure access to sensitive systems.
  • Risk Mitigation: Reducing direct access to internal systems helps prevent unauthorized access and limits exposure to potential threats.
  • Using a jumpbox can help meet regulatory requirements and internal policies by providing a secure and auditable means of accessing critical systems.

For more information on acceptable use and to determine if you need a jumpbox, please refer to the approved use cases and our Acceptable Use Policy.

Approved Use Cases

Jumpboxes are designated for specific purposes. Please ensure your request aligns with the following approved use cases:

  • IT Administration Work:
    Intended for IT staff to perform administrative tasks, including but not limited to system updates, network configuration, and server maintenance.
  • Third-Party Contractor Access:
    For external vendors or contractors who need temporary access to perform specific tasks related to their projects. This may include support, maintenance, or collaboration efforts.
  • Other Use Cases:
    If your need does not fall into the categories above, please contact IT support to discuss your specific requirements.

Please know that this request is not guaranteed for approval and will be reviewed by multiple teams within ITS prior to a decision being made. If approval is granted, we will be reaching out to confirm details and discuss next steps.

A request for a jumpbox will be denied if the requestor’s use case falls into one or more of the following categories:

  • No administrative access is permitted/required
  • It is determined that the use case does not need a jumpbox
  • The risk is inherently too large to accept
  • We reserve the right to deny jumpbox creation requests for any other reason not listed above

All approved Jumpbox requests will be reviewed annually to assess the ongoing business need, use case, and resource allocation. If it is determined that the Jumpbox is no longer required or that the allocated resources exceed the necessary amount, the request may be denied or reassessed, and the Jumpbox may be decommissioned or scaled back.

Jumpbox Specifications

1. Open ports by default

  • DNS
    • TCP 53
  • Updates for third party
    • TCP 8538
    • TCP 8531
  • External TCP 80, 443, and 49152-65535 outbound to contact Windows Update:
    • http://windowsupdate.microsoft.com
    • http://.windowsupdate.microsoft.com
    • https://.windowsupdate.microsoft.com
    • http://.update.microsoft.com
    • https://.update.microsoft.com
    • http://.windowsupdate.com
    • http://download.windowsupdate.com
    • http://download.microsoft.com
    • http://.download.windowsupdate.com
    • http://wustat.windows.com
    • http://ntservicepack.microsoft.com
    • http://stats.microsoft.com
    • https://stats.microsoft.com
  • Open to RDP
    • TCP 3389
  • DC Connectivity
  • IPHelper
  • *Temp Internet Access to set up Duo*
    • PXE Boot
    • DHCP 67/68
    • TFTP 69
    • BINL 4011
    • TCP 135

2. Applications

  • VLC
  • Web Browser
  • Adobe Acrobat

3. Specs (RAM/CPU/Disk Space)

  • 6 GB RAM
  • 2 CPU's
  • 100 GB Disk Space

Who can request this?

Current MSU Denver ITS Staff may request this service. To ensure requests are handled promptly, please provide as much detail as possible on the business case for the request. In addition to this please note that these requests will require supervisor approval.

Acceptable Use Policy (AUP)

Before requesting access, it is important to familiarize yourself with the Acceptable Use Policy (AUP). The AUP outlines the guidelines and responsibilities associated with the use of computing systems.

  • Review the AUP:
    You can view the Acceptable Use Policy here.
  • Acknowledge the Policy:
    By proceeding with your request, you acknowledge that you have read and understand the AUP and agree to comply with its terms.

What to expect

If approval is granted, we will follow up with further instructions and next steps.